The cybersecurity talent shortage is real, and it's an all-hands-on-deck moment to overcome it. Yet many people who could be well qualified to take on the diverse roles that cyber needs are daunted at the prospect -if they don't have the deep math or science background commonly associated with this field.
In reality, there are a broad variety of job roles associated with cyber, and some common traits among people who do well at filling them: a strong interest in the subject, good problem-solving skills (doing crossword puzzles counts!), pattern recognition, critical thinking and a love of lifelong learning. Sound like you? Then you can do it.
My own career as a Cybersecurity Architect in Cisco's Trust Strategy Office was inspired by observing a hacking exercise aimed at bypassing the security controls protecting a proprietary system. One of the memorable hacking tricks used was social engineering -getting people to innocently give out personal data that is then used to attack them at work as a way into their employer's systems. I was hooked! I undertook an earnest self-study campaign that included revisiting some principles from old graduate courses I'd taken (yes, I had started as an engineer), pursuing networking and security-related certifications (CCNA, CCNP, CCIE, CISSP), reading, researching and developing "ethical hacker" skills.
In the course of doing all that, I decided to start working with students to help them learn about cyber threat. I have a natural love of teaching, and like to develop curriculums that incorporate STEM in a non-intimidating way. I started a cyber-club affiliated with a local college, North Carolina A&T State University (we're the Aggie Defenders!), and eventually enlisted students in non-technical degree programs to join a multi-school cyber-competition. An added bonus -about 30% of them took internships at Cisco, building up our talent pool!
Club members learn through reading, sharing what they learn, and using a variety of freely available online tools that hone their skills and help them understand how hackers think and work. You see, most hackers aren't deep techies either; they learn to use certain tricks and techniques, and leverage readily available online information, to catch people off guard. By understanding common methods hackers use to "get in" and learning how to investigate exploit methods, club members, or anyone committed to trying, can get started on a cyber-career path.
Hack the Box is a great online platform to help you try out your skills, conquer progressively harder hacking challenges, and exchange ideas and methods with members worldwide. Splunk (in partnership with Cisco) offers free threat hunting tools; there's plenty of free online information about how to make use of them too. YouTube offers many free videos that explain ethical hacking techniques -just search on terms "thinking like a hacker" or "easy to learn hacking tools." There are many cyber-clubs associated with local high schools and colleges. And of course, read up on the many breaches in the news; understand not just the breach, but the attacker. What was the vulnerability? How did they get in? What is the people aspect of the attack?
All of these tools will help you gain a good cyber foundation. Once you have that, there are a lot of job options to pursue. At Cisco, we've formalized our roles and requirements into a breadth of analyst and quality assurance-type positions. Some of those are definitely entry level. While the titles might seem intimidating to those from non-technical work backgrounds, don't be put off! Pursuing one of these jobs comes down to communicating what you actually do every day, so learn to explain that -and how your experience to date, from clubs, online learning, self-study and trial-and-error, are directly relevant to a position you'd like. Given the newness of the cyber field, it's very common to learn and grow on the job; teamwork and collaboration are especially important here. We don't know where threats will take us tomorrow.
I want to encourage anyone -students, Veterans, non-technical workers or those in other technical fields -who finds what I've said here intriguing, to give it a shot. If you are an undergraduate or graduate college student interested in gaining on-the-job cybersecurity training and experience over the summer, find interesting opportunities at: https://www.cisco.com/c/en/us/about/careers/working-at-cisco/students-and-new-graduate-programs.html. And those already in industry, stay open to the passion and potential of newcomers: create training and apprenticeship programs that include learning pathways for IT and non-IT individuals. Help change the perception that technical fields are difficult to master, and encourage development of thepeopleyou need to keep your business safe. With no sign of cyber threat slowing down, an inclusive, diverse and inspired workforce is critical to our economic survival.
To learn more from others in the field of security, visit www.cisco.com/go/bridgethegap