Entry-Level Positions for Aspiring Cybersecurity Professionals

"And that seems like a trick question, a very simple question. Can you describe to me how the signal flows from the internet service provider throughout the network? How does it get to your laptop? Because that's how an attacker is going to get in.

So, do you understand the different roadblocks you can put along the pathway in order to protect your own laptop? Understanding network infrastructure at a basic level, or firewalls, or basic computers is a requirement. You don't necessarily have to be a developer, or know how to code for every single role.

It can be helpful, but having at least a basic level of knowledge of computers and a moderate understanding of how they work and how you can edit things, that's really required. So, that is where you would have what's called a SOC analyst: a Security Operations Center analyst. There are a lot of entry-level roles there.

That's where you're going to do incident response. You might review a phishing email, or respond to a suspicion like, 'I think my computer's acting funny.' You might work closely with IT support. When IT feels something is more like a security concern, they can advise and see what's going on, do research and threat analysis to figure out what's happening.

Is it the bad guy? Is it just a user who doesn't know what they're doing? Is it a computer messing up? That can be you. That can lead to incident response, vulnerability management, patch management, secure architecture, DevSecOps, application security, Cloud SecOps, all that sort of stuff.

So, all the engineering track. There's also GRC: Governance, Risk, and Compliance. I talked about that a little bit earlier. I wish I had learned a lot of the different regulations. We need a lot of help in the industry with the ton of different privacy laws and regulations popping up all the time.

I had to quickly learn the new SEC security regulations a couple of years ago. I built an entire program around that when I was at a major consulting firm to help prep companies for their SEC filing. Understanding how to dig into these regulations can be learned in an entry-level role.

You don't have to be as technical. You still have to understand the words and terminology, like what is encryption, but you don't have to be as technical. That can be a way I've seen a lot of folks gain entry into this field: through Governance, Risk, and Compliance.

Once you're in, I found that once you have about a year's worth of experience in cybersecurity, that's the magical number. You can kind of go wherever you want and move around within the field. So, don't feel like you're stuck; you can always shift and go to different roles even within the industry.

The biggest pain point is just getting that first step in the door. That's the hardest part of this industry. And the one thing that frustrates me most about this industry is the pathway for an entry-level person can be really challenging. Hopefully, that helps."