We left the last blog with answering the question of 'Where and how does one get into this field?'. Now let us answer the final question of how to be successful in this field. Here's the super short version: learn, practice, and make friends.
What do I need to be successful in this field?
Cyber security as a vocational discipline is a booming, is lucrative, but often an esoteric type of work. What is success in the cyber security field. Success is defined as a person who has a continual understanding of the newest threats, and is able to mitigate the risks, or effectively remediate exploitations. Success also includes a person being able to drive change that lowers the risk profile of their organization. Success also means being able to find fulfillment in performing the duties of a cyber security professional.
As I noted early in my writing that the amount of information available on this topic is tremendous. Just doing a Google search on the words 'cyber security', 'hacking', and 'cyber security career', led to 537, 290, and 904 million results respectively. Obviously a lot of these sites may not have anything to do with cyber security, however, the point is that filtering out the noise can be very hard if you don't know where to look for staying up to date in the field. However, in this field you have to stay up to date because technical errors and hackers are always popping up in new ways. To be successful in this field there are three broad things that one has to do.
Make friends. Join industry associations.
Adapt a mode of continual learning.
Make friends. Join industry associations
Here are a few organizations that focus on everything cyber security: (ISC)2, ISACA, GIAC, OWASP.
This will help you to connect and network with individuals in the cyber security. These people will expand your knowledge of the craft by showing you different ways to view problems and solutions. These same people will also be your advocates when you are searching for a new opportunity (or when an opportunity is searching for you!).
Adapt a mode of continual learning
This means incorporating a balance between learning theory (e.g. through books, articles, and attending conferences) and executing practicums (e.g. tyring out new tools - as legally as possible, joining forums, etc.) Try out new tools, shoot to obtain additional certifications. Number three isn't too hard because in order for your certification to remain active you have to obtain a certain number of continuing professional education (CPEs) credits a year.
Here are a few other organizations that offer supplemental cyber security education. You will also notice that some of these organizations also provide certifications.
Harvard Cyber security
Columbia Cyber security track
This is self explanatory. cyber security is not like learning a bike, but more like learning a new language. Once you learn how to ride, you can go 6 months or even 1 year not riding a bike and be able to jump right back in. However, learning and getting better at a language means practicing everyday. You lose it the longer you do not practice it.
Hopefully, these series of blogs gives the encouragement to pursue this every growing need. Reach out if you have any questions.