Skip to content
11:11 Systems
Rethink Connected
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • Cloud Console
          Cloud Console
          Compliance
          Compliance

      • Column 2
        • Global Regions
          Cloud Regions
          Catalyst
          Planning and Assessment

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      •  
      • Careers
      • Technology Partners
      • Customer Stories
  • Products & Services
    • Products & Services
      • CLOUD
      • Cloud Overview
      • Public Cloud
      • Private Cloud
      • Object Storage
      • Cloud Labs
      • Colocation/Bare-Metal
      • BACKUP
      • Backup Overview
      • Backup
      • Microsoft 365 Backup
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS for Veeam
      • DRaaS for Zerto
      • Autopilot
      • SECURITY
      • Security Overview
      • Continuous Risk Scanning
      • Managed SIEM
      • Managed EDR
      • Managed Firewall
      • CONNECTIVITY
      • Connectivity Overview
      • SD-WAN
      • Multi-Cloud Connect
      • Managed IP
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Console Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Cloud Console
    • Compliance
    • Cloud Regions
    • Planning and Assessment
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Colocation/Bare-Metal
    • BACKUP
    • Backup Overview
    • Backup
    • Microsoft 365 Backup
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • Autopilot
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • CLOUD CONNECTIVITY
    • Connectivity Overview
    • SD-WAN
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Success Center
    • API Documentation
  • Contact
  • Console Login
  • Free Trial
Tags: NIST CyberSecurity FrameworksecurityRansomware
Author: 11:11 Systems
Date: October 10, 2021

A Career in Cybersecurity? Advice from a CISO.

This blog post originally appeared on the Green Cloud Defense blog. Green Cloud Defense was acquired by 11:11 Systems in November 2021.

One of the great things about the way the cybersecurity community has matured in recent years is the openness and willingness to provide mentorship and assistance to newcomers to the field. The number of offers for advice, resume reviews, study guides and other assistance that I see in various social media and other forums is incredible! But why the change? Because we, as security professionals, know firsthand that if we want to get ahead of the curve, we need all the help we can get. The timing could not be better to dive headfirst into the rewarding career of cybersecurity. What I hope to do in this quick blog post is to give a bit of knowledge on the career of cybersecurity for both the career seeker and the hiring manager!

Degree versus Certs versus Real-World Experience.

The most common question that I get when I am asked about a career in cybersecurity is the best path to choose… degree, certifications, or real-world experience. I think this is one of the hardest things about choosing to transition into this field. The answer is not a simple one and it is not “one size fits all”. What I typically say is that there is absolutely no replacement for real-world experience. Dealing with normal, everyday user issues or complex and imperfect scenarios that exist outside of a lab environment – and in some cases failing miserably and then finding the right solution to bring it all back together after grueling time spent troubleshooting – prepares you for the worst that the world of cybersecurity can throw at you. Also, having the empathy that a security control that should be put in place could cause undue stress in an already stressful environment and may be the perfect scenario for some other, less restrictive controls but still meet the goal. These types of scenarios can only be found by having real-world experience. Experiencing this gives us thoughtful, knowledgeable, and engaged cybersecurity professionals. Depending on the organization that an entry level person can discover a role within, you can find yourself getting tunnel vision. This limits your growth by solely focusing on the daily tasks at hand rather than getting a wide breadth of knowledge of all topics within a subject.

With that in mind a great place to get the additional information that real-world experience may prevent is by studying on a degree path or within certification programs such as ISC2, CompTIA, EC Council, SANS, and others. These methods, while typically only providing cursory amounts knowledge about a given subject, allow you to explore different ideas, best practices, and new technologies that may sit outside of the typical workday. So, my answer to this question becomes a very drawn-out discussion about how a person learns, how they like to spend their time, and what the timeline for transition may look like for each individual person exploring this career.

Now I feel that I must mention another excellent resource at your disposal. The internet has a vast plethora of free and or very cheap resources that allow you to gain the knowledge that a traditional certification path or degree program may provide but allow you to apply the techniques learned in an active learning environment. Websites such as hackthebox.com or tryhackme.com are some examples of some relatively cheap resources that give training and hands-on experience.

Another great resource for those with some technical experience in IT and looking to transition into cybersecurity is testout.com. For job seekers and hiring managers alike, this can be a great tool. For the job seeker, you can show that your knowledge in a particular capability is up to par with industry certifications without requiring expensive exams and boot camps. For hiring teams, you can know that the candidate has a validated baseline of knowledge that can be used to fit them into a new role that may not be something they have done in the past.

Choose your own Adventure.

So, you’ve chosen a path and have decided how you’re going to explore the world of cybersecurity but you don’t know where you want to go. The best part about cybersecurity is the extreme number of things that you can learn and do within this field. If you love the idea of an endless supply of exactly the same task, working with structured data, and piecing 100 data points together to come to a conclusion, there is a place for you. If you need a very dynamic workday where you’re moving from topic to topic and providing feedback on how to accomplish very different goals, there is a spot for you. If you’re the kind of person that just loves to write documentation and match a specific requirement to its technical control… yep… there is a spot for you. And last, if you just want to see how quickly and effectively you can break (or break into) systems then provide options to solve the problems you exploited, there is a special place for you.

My point is that everyone is different and there is no single way to get into cybersecurity. Blue team, red team, purple team, white team are all options to take, and we need members of every sort of team to make security work effectively. So, find that niche that you like. Find that role that makes you want to get up early in the morning and late into the evening to satiate that passion and make a career out of it! There is space for everyone to choose their own adventure and make the journey their own!

Variety is the spice of security life!

Finally, after saying all of that, it is important to understand how we can improve this career field and reset our own expectations of what makes a great security professional. Because there are multitudes of different paths to follow to achieve an “education” in cybersecurity and there are unlimited types of roles to fill within this field, we can safely assume that it takes all kinds of people to make it happen. The only way to solve the reported cyber skills shortage is to take a step back and understand that there is no one way to do so. We need a large array of experiences and skillsets outside of the traditional IT and cybersecurity skillsets to bring cybersecurity programs to the masses and to make our information security programs something that can be adopted by everyone from the bookkeeper to the salesperson to the most technical network engineers. So, take a second when navigating careers in cybersecurity, whether seeking or hiring and find those skills that can bring a benefit to the team in a new, fresh way.

Steve Sim
VP, Security & CISO
Green Cloud Defense

Categories: Cybercrime, SecurityBy 11:11 SystemsOctober 10, 2021
Tags: NIST CyberSecurity FrameworksecurityRansomware
11:11 Systems

Author: 11:11 Systems

Post navigation

PreviousPrevious post:How secure are you?NextNext post:A Tale of Two Phish: How Phishing Leads to Ransomware

Related Posts

Preparing for 2023 with 11:11 Systems: IT Trends in Security, Cloud, and More
February 1, 2023
What is 11:11 Systems?
What is 11:11 Systems? A company built on cloud, connectivity, and security
January 30, 2023
11:11 Systems Wins 2022 Backup and Disaster Recovery Award from Cloud Computing Magazine
January 25, 2023
Why Staying Connected to the Cloud Can Be Simple, Secure, and Seamless
Why Staying Connected to the Cloud Can Be Simple, Secure, and Seamless
January 24, 2023
11:11 Managed Connectivity Solutions
11:11 Managed Connectivity Solutions
January 23, 2023
Risky Business
Risky Business: Managing Vulnerabilities by Prioritizing Risk
January 11, 2023
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Connectivity Solutions
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • Twitter
  • Facebook
  • Youtube

© 2023 11:11 Systems Inc., All Rights Reserved | Privacy Notice

Go to Top
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information that allows us to process data such as browsing behavior. Not consenting or withdrawing consent, may adversely affect certain features and functions. By clicking Accept, closing this message, or continuing to browse, you consent to these technologies and accept our Privacy Notice.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}