Now more than ever, cybersecurity and infosec careers are in great demand; and this industry is broad with a variety of skills needed. In addition, cybercrime never stops, technology changes rapidly, and this industry is never boring.
This also means practically every industry out there needs professionals like you. Not only will you have plenty of work but also a sense of accomplishment to know you are part of a greater good.
We asked several cyber professionals, including some of our SANS Instructors to give us the most important steps to get into cyber. From an extensive list, we are providing the top five. And side-note, there’s a lot of information here, so take your time to read and start one step at a time.
Take the time to watch webcasts and YouTube videos, read blogs, and start googling when something piques your interest.
- sans.org/webcasts, In particular, The 14 Absolute Truths of Security & Security Essentials Core Concepts
- Your 5-year path – John Strand from Black Hills InfoSec
- CAREERS IN CYBERSECURITY - ADVICE FROM DEFCON 24
- SANS – Also numerous sub-channels DFIR | Pen Testing | ICS | Blue Team | Cloud Security
- IT Career Questions
- sans.org/blog In particular, So You Wanna Be a Pen Tester? 3 Paths To Consider
- Reading Room – The SANS Reading Room features over 3,010 original computer security white papers.
- This Week in 4n6: A weekly blog all DFIR
- Newsbites - SANS NewsBites is a semiweekly high-level summary of the most important news articles on computer security during the last week.
- Brian Krebs – His website will expose you to a whole new world.
- HECFBlog – David Cowen dives deep into Digital Forensics
- Trust Me. I’m Certified – brought to you by GIAC Certifications, a podcast exploring how to conquer imposter syndrome.
- Blueprint Podcast - Build the Best in Cyber Defense, A Podcast by John Hubbard
- Security Weekly – Connecting the Security Industry with the Security Community
SANS instructors produce thousands of free content-rich resources for the information security community annually. Find them at sans.org/free
It’s important to learn the core concepts and get hands-on. Familiarize yourself with Windows, Linux, Coding Languages, and Networking. How?
- Build a Home Lab – Jeff McJunkin walks you through it here
Webcasts on Topic:
- Learn Coding & Networking - So many free resources, just start googling
- Learn Linux Basics – Watch Intro to Linux and other free resources
- Holiday Hack Challenge – You can go through the past 5 years challenges, just be careful of spoilers online
- Participate in Cyber Ranges - NetWars and Security Innovations are both great.
- Download Free Tools – Play around with open source tools like SIFT Workstation. SANS Faculty has created over 150 free tools. Find them here.
- Check out Aman Hardikar’s Mind Map to practice InfoSec skills online
- CyberStart – Geared toward finding the next leaders in cybersecurity
Industry Experts and mentors can open a world of tools, topics, and events that you wouldn’t otherwise be aware of.
SANS Instructors are very active on Twitter and a great place to start. Here are some of our most active:
James Lyne | Eric Zimmerman | Lenny Zeltser | Katie Nickels | Josh Wright | Larry Pesce | Chad Tilbury | Ed Skoudis | Rob Lee | Tim Medin | Heather Mahalik | Stephen Sims | Chris Crowley | Mark Baggett | Eric Conrad | Robert M Lee | Jeff McJunkin | Micah Hoffman | Lance Spitzner | Johannes Ullrich | Sarah Edwards
And some other favorites:
Keith Palmgren | Lesley Carhart | Brian Krebs | Doc Blackburn | Rachel Tobac | Ian Reynolds | John Strand | Bruce Schneier | Nick Mitropoulos | Rob Fuller | Bryan Simon
And don’t forget SANS Twitter accounts:
SANS | SANSNew2Cyber | SANSCloud | SANSDefense | SANSDFIR | SANSICS | SANSLeadership | SANSPenTest | SANSEMEA | SANSAPAC
There are so many great IT Security conferences, and many of them post their content online afterward.
SANS is pleased to offer a variety of virtual training events for the global cybersecurity community. Explore upcoming Summits, Forums, and Solutions Tracks, and start making plans to level up your knowledge, hands-on skills, and industry connections. View the current listing here.
BSides – Countless dates and locations
Wild West Hackin’ Fest – Welcome to both seasoned experts and those new to the industry
Get involved with groups, MeetUps, Lists, Forums, and LinkedIn Communities:
- SANS DFIR LinkedIn Community: Keep up with the latest of Digital Forensics & Incident Response, look for jobs, training and more
- SANS DFIR Discussion list - This list is intended to provide SANS Alumni with access to a forum to ask questions related to Digital Forensics, Incident Response, and Reverse Engineering Malware. SANS is dedicated to helping build communities. The digital forensics community is a growing field and it is useful to help grow your knowledge that you invested so much of your time into.
- SANS Industrial Control Systems Community Forum: Participate in the SANS ICS Community Forum where ICS professionals discuss current security events, share tips, ask questions, and connect with others passionate about securing the critical infrastructure
- AFCEA Chapters - AFCEA provides a forum for military, government, and industry communities to collaborate so that technology and strategy align with the needs of those who serve.
- InfraGard Local Chapters - The InfraGard program provides a vehicle for seamless public-private collaboration with the government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure.
- ISACA Local Chapters - ISACA offers access to resources and a community of experts committed to lifetime learning and career progression to help you stay up to date.
- ISSA Chapter Directory - ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure.
- OWASP Chapters Program- The OWASP Foundation works to improve the security of software through its community-led open-source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.
Ok – there’s a #6 as a bonus
Get Training and Certification
SANS offers an accredited college certificate – the Undergraduate Certificate in Applied Cybersecurity from the SANS Technology Institute – that guides you through a sequence of four courses. The program includes an introductory course plus three SANS courses leading to GIAC certifications that provide the foundational knowledge and hands-on skills needed to launch a cybersecurity career. The program also serves as a pathway to the SANS.edu master’s degree program and job-specific graduate certificate programs. A 100% online option is available. Applications are accepted monthly.
“I was having a hard time getting a job in information security due to my lack of hands-on experience. SANS gave me extraordinary training and the opportunity to rise to the top of the résumé pile.” – AJ Langlois, BB&T
SANS Security Essentials courses are designed to provide a range of topics to help you grasp foundations quickly and fill critical knowledge gaps. The certifications associated with the courses provide assurance to employers that their prospective hires can actually do the job. Below is a list of SANS foundational courses and certifications, with supporting resources that can help you get started, and that might give you an idea of the path that interests you the most:
SANS Foundations is the best single course available to learn the core knowledge and develop practical skills in computers, technology, and security fundamentals that are needed to kickstart a career in cybersecurity. The course features a comprehensive variety of innovative, hands-on labs and practical exercises that go far beyond what is offered in any other foundational course in cybersecurity. These labs are developed by leading subject-matter experts, drawing on the latest technology, techniques, and concepts in cybersecurity.
The course provides students with the practical learning and key skills to empower future cybersecurity learning and professional development.
“I think the biggest value add for SANS Foundations was simply how comprehensive it was. It covered a lot of topics, but each was covered in enough depth for a better handle on the basics without being overwhelming.” - U.S. government federal law enforcement professional
SEC301: Introduction to Cyber Security will teach you real-world cybersecurity fundamentals to serve as the foundation for your career skills and knowledge for years to come.
Course Demo | GIAC Information Security Fundamentals (GISF)
“Coming from a non-cybersecurity background, this course was perfect for setting my cyber foundation.” – Marco Godinez, Discover Financial
“The best parts of this class are the real-world examples and historical events, which illustrate how these course topics are applicable and why they are important to learn/understand.” – Gia M.
SEC401: Security Essentials Bootcamp Style teaches you the essential information security skills and techniques you need to protect and secure your organization's critical information assets and business systems.
Course Demo | GIAC Security Essentials (GSEC)
"SEC401 took what I thought I knew and truly explained everything to me. Now, I also UNDERSTAND the security essentials fundamentals and how/why we apply them. Loved the training, cannot wait to come back for more." - Nicholas Blanton, ManTech International
"SEC401 provides an excellent overview of security fundamentals delivered by experienced industry professionals." - Jathan Watso, Department of Finance
Brand New Course! FOR308: Digital Forensics Essentials will teach you fundamentals of Digital Forensics & Incident Response, including what digital data is, how to find it, acquire it, preserve it, and most importantly, how to understand it and explain findings.
“FOR308 was valuable as it filled in many gaps in my experience and it set a good foundation of the basics to which I can build upon, I enjoyed the acquisition, and validation section.” - Carla Dawn, FOR308 student
“FOR308 is packed with technical information and covers aspects necessary for those taking their first steps in the digital forensics as well as those who think about leading teams in the field. An overall good balance of theory to practice, delivered in a very professional manner.” -Wiktor Kardacki, 6point5
Hope this information and resources help you in your quest to become the next cybersecurity professional!