Reality Check! Getting Started in Cybersecurity

By Paul de Souza, MCPA Advisor

February 21, 2021

Editor's Note: This article previously appeared on LinkedIn on December 30, 2020.

As the founder of a cybersecurity organization with thousands of members, I often find myself inundated with questions on how to get started in cybersecurity. I will provide some personal guidance on starting your journey toward a career in this highly competitive field. Please keep in mind that these are my personal opinions and recommendations. There are thousands of different ways to go from point A to point B. With that in mind, I developed the following mind map, which summarizes a basic flow of how to get started in cybersecurity.

The mind map focuses on three primary efforts: 1) What you know, 2) What you have, and 3) Who you know and who knows you. All these efforts must take place in parallel. They all go together! Degrees and certifications will never replace real cyber operational knowledge (experience), and experience alone will not qualify candidates to grow professionally in the long term. The human network is a must as no one in this career field can progress alone. “Purpose affirms trust, trust affirms purpose, and together they forge individuals into a working team.” ~Gen Stanley McChrystal.

At the risk of sounding like I am addressing stubborn teenagers, I have taken the liberty of developing the following Reality Checks to counter some of the misconceptions I have come across over the years when mentoring individuals of various backgrounds looking to join the field of cybersecurity.

Reality Check: You will never get a career in cybersecurity without experience. Volunteer, and then volunteer some more!

Reality Check: There are NO shortcuts. You must pay the price to learn the tradecraft. Tech support and helpdesk jobs are valuable to build experience. Be humble, no matter your level of education and cultural background.

Reality Check: Degrees alone will not get you there. Earning a degree can educate you, qualify you for specific jobs, and enhance your capabilities, but it complements experience, certifications, and networking.

Reality Check: No, you will not make loads of money after only a year of education, certs, social media networking, and experience. Cybersecurity is a journey, not a destination. If you like static careers, please do yourself a favor and become an accountant. Accountants are needed!

Reality Check: No, you are not entitled to be mentored. Mentorship is a two-way street with many levels of commitment from both parties. It is also costly. Mentors are busy cyber professionals who are worth a lot of money. Please make sure not to waste their time (if they make themselves available free of charge). Be serious, and commit bushido code style.

Reality Check: Be self-taught. Google is your best friend. Never use the phrases “I don't know” or “I guess so.” Leverage your human network, and never give up. Never count on others to hold your hand and teach you all they know. Serious cyber professionals sacrificed too much of their time to babysit you.

Reality Check: We are all replaceable. There are thousands of cyber professionals who can do what we do. Never become comfortable or complacent, believing that you are (or that I am) some extraordinary cyber rarity.

Reality Check: Competition in the cyber field is brutal. Understand your competition well, because if you snooze, they may be the ones to take advantage of opportunities that could have been yours. Find ways to stand out by being unique and by creating alliances.

Reality Check: No one can write sane cybersecurity policies without knowing the domain of cyber. When you hear that you can be a cybersecurity professional without having technical capabilities, run away; it is a trap. No matter the flavor of cybersecurity you chose in this vast field, at least some basic level of technical understanding is required.

Reality Check: Service to society never ends. If you have served America or your own country in a military capacity, I salute you! It is important to remember that the act of serving in the military enhances the responsibility to continue to serve the community after your military duty is over. Do not expect to be served, but continue to be a servant of your nation. Servants are better leaders. It is better to serve than to be served.

These reality checks may sound a bit harsh (with a bit of humor here and there), but you will succeed if you heed them. I am fulfilled when I have the honor to work with folks who are willing to pay the price to learn. While I help them thrive, I also grow because of them. We all benefit from this form of synergy. I hope this short article and mind map (simplistic visual) can help you to get started with your cyber career journey. America needs more passionate professionals like you! Remember that the wolf on the hill is not as hungry as a wolf climbing the mountain. Be that hungry wolf. Never stop climbing that mountain.

About the Author

Paul de Souza is the Cyber Security Forum Initiative (CSFI) Founder/President, Adjunct Faculty at George Washington University, member of the Military Cyber Professionals Association (MCPA) Board of Advisors, and American Public University Ambassador.