August 30, 2021

By Jennifer Minella, CISSP, Advisory CISO, Network & Cyber Security, Carolina Advanced Digital, Inc.
"How did you get in to cyber security?", that's the question most often asked of me with great enthusiasm by people interested in the industry. The inquiry comes from both adults looking to make a career change as well as younger students yet to claim their stake in the professional world.
My situation was odd -- I was 'born' in to it in a way, and so my journey doesn't translate for these folks. But working in an industry with a self-declared talent shortage of 1-3 million means we're all rolling up our sleeves to find answers and create paths for these people looking to enter the field.
Yet with all the interest in the various practices of security, the average cyber security professional stays in a role an average of just 15 months. It's a staggering metric, and one we can use to inform our behavior of not only retaining talent, but also attracting new people.
So back to the question of "how do you get in to cyber security?" It depends on who you ask. Ask someone from academia and you'll be told about the myriad cybersecurity degrees across the top U.S. colleges. Ask a veteran and they'll probably tell you about the multiple paths in from the military. Ask an hiring screener and they'll tell you about the CISSP and other certifications they look for on resumes.
But if you ask a skilled leader in infosec, you'll get a very different answer - one I think you'll like.
The most successful leaders running the most successful teams look for something different. They don't care about your degree (or even if you have one). They don't care about how many certifications you have. Instead, they care about your potential, and they're much more interested in hiring a curious newbie and growing that person than hiring a professional with an alphabet soup trailing behind their name.
Here are some advantages new professionals have as they enter cyber security field:
- Technology is changing more rapidly than ever right now. Even long-term IT and infosec pros have to buy in to continuous learning, which levels the playing field greatly for newcomers.
- Curiosity, problem solving, and communication skills are some of the top rated traits sought by CIOs, CTOs, and CISOs. Technology can be taught, but these personality-based traits are harder to teach and nurture.
- If you are naturally curious, your learning will be self-directed and chances are you'll have taken advantage of some of the volume of free courses and learning available online.
- The industry is finally realizing the full value of diversity in all its forms - diversity of thought, experience, gender, and culture. Newcomers have the advantage of bringing fresh perspective and new problem-solving skills to teams.
- Security is as broad of a field as “technology” - from managing risk through governance and compliance to running security awareness training to infosec project managers to network security architects to pen testers - meaning there really is something for everyone, and cyber security is not all about hackers in black hoodies. Your prior skills or schooling will translate to *something* and bring value.
What does this mean for students and adults looking to enter the field? Here are a few take-aways for both incoming and established professionals.
For those interested in breaking in to cyber security:
- Join or visit local infosec community groups. Anywhere in the U.S. you can find ISSA, (ISC)2, and ISACA chapters, and especially in North Carolina, we have thriving and active chapters. Start with Raleigh ISSA Chapter and the RDU (ISC)2 Chapter. There are also chapters in the Greensboro/Winston Salem and Charlotte and other areas.
- Don't be a wall flower. Get to know people, introduce yourself, and ask questions. Even if you're a self-defined introvert, make an effort even if it's just 2-3 people per event (in-person or virtual).
- Find a professional or two you like. They don't have to be in the field of your interest. Look to them for helping you make connections and offering resources. You'll be surprised how many people are willing and ready to jump in and support you.
- If you're in school and have the time, consider joining a school-sponsored cyber security group - a club, or program like CyberPatriot. You'll not only build skills but you'll get to work with student peers collaboratively and have access to professional mentors and training.
For established professionals in infosec:
- Be a mentor, and remember that mentorships don't have to be formal or structured.
- If you aren't comfortable with being called a "mentor" at least be an advocate. Find a newbie and let that person know they can call, email, or be your buddy at events.
- Reach out to newbies at events. Initiate the conversation and make it as welcoming and supportive of an environment as you can.
- Ask your local schools and groups like CyberPatriot if they're looking for mentors or professionals to help train students.
The take-away here is that there are so many options for anyone interested in joining this crazy family we call infosec. There's a place for everyone and a community of all levels and types of skills, sizes, colors, genders, ages, and experiences -- and there's a place for you here too.