Part I: Breaking into Cyber Security. Hard but Possible.
Updated: Apr 19, 2021
CISSP, certified information systems security professional. What a mouth full, try saying that three times fast…I dare you…really, send me a recording of you saying it!
Anyway I first heard about this certificate while I was pursuing my undergraduate degree during the 2005-2006 timeframe (the exact data escapes me). I went to information security conference hosted OWASP event. There I heard a man by the name of xx Brennan talk about his profession, and it was pretty interesting stuff. The things he was able to do and discover with a computer. I wanted to have those skills, but how? I looked at his name on the flyer and saw that he was a CISSP. Later on, I researched what it was and how one would go about getting it. When I researched I saw that there was a minimum experience requirement that was needed. Five years of experience to be exact. Man…I was an undergrad, I was not going to study my way into getting this certification. So, this certification stayed in the back of my mind as I finished school and started my first fulltime work. Fast forward to 2014, I worked at PwC, and started my career at another smaller IT risk consulting firm. It was time for me to pursue my goal. In 2015, I passed and received my CISSP certification designation. IT took a long time, but I don't regret the move and timing. Five years later, the certification is still one of the most hotly pursued certifications now (put a link). There is so much out there about cyber security it can easily get overwhelming. So, I have broken this discussion into four parts (blogs). They will discuss the following topics: What is Cyber security? Why should I even get into this field? Where and How does one get into this field? What do I need to be successful in this field?
My job in this post is to answer these questions and help you build a mental model of how to think about cyber security. I hope you find this information helpful. Please note, all information contained is my opinion based on 11+years of professional experience, education, and interacting with other colleagues. Any information you used here is totally at your discretion. I am not being remunerated or receiving any value from any party(ies) named in my post. A lot of this information is based on a similar presentation I presented earlier this year - updated as appropriate.
The views and opinions expressed on this presentation are my own (those of the author) and do not represent the opinions of any entity whatsoever with which I have been, am now, or will be affiliated with
WHAT IS CYBER SECURITY. First let's clarify the spelling. Cyber security with a space between "cyber" and "security". There are different kinds of security, like physical security, equity security, debt security, social security, etc. So we want to be specific and describe (yes, we need an adjective) the type of security we are talking about. First of all this term has many aliases and has evolved over the years. It can also be called computer security, information security, or IT security.
Figure 1: Trends of cyber security terms via Google Trends.
(source: https://trends.google.com/trends/explore?date=all&geo=US&q=cybersecurity,cyber%20security,computer%20security,information%20security,IT%20security). Note cyber security with a space has more hits than cyber security without a space.
The word cyber security hit a significant peak in October of 2009 went down significantly shortly after, and went up again during the 2012 time frame. After 2012, the trend for the term cyber security has steadily increased. The common theme between 2009 and 2012 is that Former President Barack Obama made this a central issue in 2009, and the senate was on the verge of signing a new Cyber security Act law in 2012 (this law was rejected, but President Barack signed an executive order in October of 2012.
https://en.wikipedia.org/wiki/Presidential_Policy_Directive_20)
Figure 2: Trend of Cyber security peaked in 2009, then went on an upward trend starting at 2012 after security became a national issue made public by President Obama and after Eric Snowden released thousands of government documents in June of 2013.
So to define cyber security. An article in the The Journal of Digital Forensics, Security and Law came up with the following empirical definition:
“The approach and actions associated with security risk management processes followed by organizations and states to protect confidentiality, integrity and availability of data and assets used in cyber space. The concept includes guidelines, policies and collections of safeguards, technologies, tools and training to provide the best protection for the state of the cyber environment and its users.”
(source: https://commons.erau.edu/cgi/viewcontent.cgi?article=1476&context=jdfsl)
Huh…let's try that again. Let's choose a definition that's more everyday usable. As such I will leverage the wikipedia's definition of Cyber Security:
The protection of computer systems and networks from the theft of or damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. (source: https://en.wikipedia.org/wiki/Computer_security). The word has evolved into protecting technology hardware and data from being manipulated, misused, or go missing. In other words, from being hacked.
People who work in this field use all sorts of tools, procedures, and exercises to prevent the misuse of technology hardware, software, and other electronic data that is important to a business or individual. Hope you found this part I of this blog informational. Let's move one to part two, Why should I even get into this field?