avatarKatlyn Gallo

Summarize

Finding Your Niche In Cybersecurity

How do you figure out where you fit in?

Photo by Dylan Gillis on Unsplash

It’s no secret that the Cybersecurity industry is booming. According to the U.S. Bureau of Labor Statistics, the growth of security jobs in the next 10 years will be 31% which is classified as “much faster than average”. To make that percentage a little clearer, that’s ~41,000 more jobs by 2029 in the U.S alone.

Throughout the world, there are an estimated 2.8 million cybersecurity professionals and according to an article published in September, the industry needs about 4 million more to effectively defend organizations. That is a HUGE gap that we need to fill!

In order to fill that gap, we need to attract individuals and help them find their way.

As a security professional, it’s important to understand the threat landscape as a whole and how to defend and protect against those threats, but it’s also important to hone in on your specialty, what interests you, and what you’re most passionate about. This can be overwhelming, especially when you simply don’t know what’s out there.

In my opinion, the below categories are the best breakdown of security roles that I’ve come across:

  • Attackers — also referred to as Red Teamers, these individuals are ethical hackers who constantly test the defenses of an organization to find vulnerabilities and opportunities for exploitation
  • Defenders — also referred to as Blue Teamers, defenders are responsible for playing defense against attackers, both real and ethical ones
  • Engineers — responsible for designing, implementing, and maintaining the security architecture of an organization by deploying various tools to detect and block advanced threats
  • Auditors — individuals that ensure a company’s operations are compliant with laws, policies, and regulations
  • Writers — the people responsible for developing and writing the policies, rules, and regulations that drive security frameworks

While there are definitely roles that are a mix of the broader categories above, finding which one you’re most passionate about is how you will excel in the field and provide the most value to your organization and the industry as a whole.

I’ve been in security for almost 2 years, have my CISSP, and have a fair amount of Blue Team experience, but over the last few months, I’ve found myself wanting more. I want to do more, learn more, and make a difference. I want to find the sector of cybersecurity that excites me the most and one where I can provide the most value through experience and passion.

I want to find my niche in cybersecurity. That’s how this blog was born!

How I’m Finding My Niche

To start, I’ve been trying to broaden my network so I can:

  • Learn from others
  • Expose myself to the jobs that exist in the industry
  • Meet people that are as passionate about security as I am

So far I’ve been successful in figuring out who I am as a security professional. As mentioned in one of my first posts, A Day in the Life of a Woman in IT, I decided to start a WoSEC chapter here in the Northeastern part of the U.S. because I want to provide a platform for women to meet, network, and maybe even build friendships.

The other day I participated in my first WoSEC event, which was a joint virtual event with WISP (Women in Security & Privacy), and wow, it was eye-opening. I met a handful of women and we discussed our backgrounds, interests, and current positions. I learned about a few certifications and security non-profits I had never heard of and left the meeting feeling energized and excited to find my niche!

One of the non-profits I heard about was Trace Labs, a unique organization designed to kill two birds with one stone:

  1. Assist in missing person cases by using OSINT (Open-Source Intelligence) to gather information about missing people and help families find closure
  2. Train members in OSINT techniques, and provide a platform for ethical hackers to use their skills to help others
tracelabs.org

I had no idea an organization like this existed and I was super excited about it because both True Crime and Fictional Crime are topics that have always interested me. I’m a huge fan of shows like Criminal Minds, 9–1–1, and SWAT and I’m an avid Crime Junkie Podcast listener. The thought that I can get involved in real investigations through OSINT is a perfect opportunity for me and something I’m definitely going to start learning more about so I can participate in the Trace Labs events.

If this interests you at all, head over to their website, which I linked above, to learn more! There is a great introductory video here as well: Hackers Find Missing People for Fun

Throughout the virtual event, different women introduced themselves and we had conversations about various topics, but mainly discussed the many challenges we all deal with from day to day. I had the opportunity to share my thoughts on challenges within my organization and role, and listen to others share the same from their perspective. By the end of the event, I had heard about roles I didn’t know existed and learned of some of the challenges people face from different security positions like pen testing, application security, and threat intelligence analysts.

Through this event, I realized how much I still don’t know about the industry as a whole, and I saw firsthand how valuable it is to connect with peers from different roles, backgrounds, organizations, and countries.

To expand on my knowledge there are a few things I’m doing. For one, cybersecurity is changing every day so it’s super important to stay current. I make it a habit of checking popular sources for security news a few times a week, for example, KrebsOnSecurity and CSO Online.

I’ve also joined various online communities/groups on Reddit and Facebook, and followed a few notable Twitter accounts, like @DarkReading. By doing this I can make security part of my daily routine. When I’m scrolling through Facebook at night after a long day of work, I now come across security-related posts and it’s one of the ways I find out about resources or topics I haven’t heard of before. These social media groups are also a great way to casually connect with other members of the cybersecurity community.

In addition to social media, I continue to leverage learning libraries, even when I’m not studying for a certification. Cybersecurity is a massive industry with so many paths to choose from, and some people even choose multiple. I met a woman this past week that is a Blue Teamer, but she’s studying and practicing Red Teaming activities because it will help her to be a better defender. A great perspective, what better way to defend than to learn how your threat actors are executing their attacks?

Because I was so inspired by the badass Red Teamers I met in WoSEC the other night, I started researching how to get started in OSINT and ethical hacking. I came across a digital scavenger hunt someone had created back in 2018 but it was no longer active. Instead of letting that be a dead-end, I decided to reach out to the author of the site on LinkedIn to ask for tips on getting started, and any resources he may be able to provide me. What’s the worst that happens? He doesn’t respond? So be it! I put myself out there and that’s what matters!

Finding YOUR Niche

I cannot stress this enough, for people starting off in the industry, don’t be shy! Attend conferences, webinars, hands-on labs, and whatever else you stumble upon that piques your interest. Join groups that align with your interests and be sure to contribute to the communities you’re a part of to make your talents known, and don’t be afraid to ask questions. No one is judging you, we all have to start somewhere and we can all learn from one another, so it’s important that we share our knowledge and ideas with our peers to start filling those skills gaps that exist.

To wrap things up for all my readers, here’s how you can start finding your niche:

Network, Network, Network — the IT industry in itself is a small world, and having connections can open up new opportunities you didn’t know existed. Stumble across an established person in the industry? Send them a LinkedIn invitation! Meet people at a conference? Connect with them on LinkedIn! Don’t be shy, strike up conversations, and make some new friends.

Break into the Cyber Community — join social media groups, but don’t just join, contribute! Post some resources you’ve used in the past that may help others wanting to break into the industry, and share or comment on posts that you found helpful.

Continuous Learning— the best way to learn is to have fun doing it. Sign up for conferences and webinars and don’t be afraid to get involved either. Many conferences offer hands-on labs and training opportunities, and sometimes you can even earn a certification at the end if you choose to do so. Research topics that interest you and don’t be afraid to ask for help!

There are a wide range of resources out there from beginner guides on security concepts to deep dives into the technical applications of security. My favorites so far are:

  1. Youtube (free)
  2. UDemy (mix of free & paid courses)
  3. O’Reilly (monthly membership fee)

YouTube and Udemy are great places to start if you’re looking for free, reliable content.

I hope this provided some insight into how you can find your way in the Cybersecurity world and inspires you to branch out of your comfort zone and try something new.

If you liked this article, be sure to subscribe to my weekly newsletter to get my latest articles straight to your inbox!

Cybersecurity
Technology
Storytelling
Women In Tech
Advice
Recommended from ReadMedium