Imagine your adolescent son, daughter, niece or nephew coming up to you and saying: ‘I want to be like you and join the military.’ Keep me honest here, but I suspect your answer may include the following:
‘Ok, sunshine…what part of the military do you want to join? It’s a big firm you know!’
Now apply this principle to cyber-security. Saying that you want to get into cyber when you leave the military, is like saying that your favourite car, is the one with four wheels! You’ve got to narrow it down.
The Hard Facts
There are so many different cyber roles out there and not all of them may suit you. But hey, that doesn’t stop the many snake oil salesmen out there telling you that the average salary in cyber security is £75,000 per year, so come and do our course! If it was that easy, everyone would be doing it, right? I’ve heard some horror stories about one particular company offering a suite of courses that were about as relevant in the context of a cyber career as it would be to train a lawyer to work in a coffee shop!
So, let’s have a reality check for a moment. Please listen to me when I say this! “There is no such thing as an entry level role in cyber security.” There I said it! Now, let me qualify this.
Let’s say, you wanted to join the infantry for instance. And I gave you a rifle, and some ammunition, god damn it, I’ll even tell you how to fire the thing. What use would you be, if I stuck you on the front line without you having the first clue about what you are firing at or defending against? Remember your basic training. How long did you spend learning about the components of your rifle, the marksmanship principles, the muzzle velocity of an SA80, how to sling it and clean it, pull it apart and put it back together again, hundreds of times, before you had a chance to fire it down a 25m range? A long time, right?
Cyber security is no different. Before you are provided with the tools to defend against the adversary, you need to know what the adversary is going to attack, the tactics that they use, the techniques they employ and the procedures that they are likely to follow to cripple a network. This requires a working knowledge of how operating systems work and how a network operates. Unfortunately, this is not a ‘build Rome in a day’ exercise.
Now, like your basic training, this is not about, being the equivalent of a special forces ninja; but it is about knowing the fundamentals and being able to talk your way round a network and system. There are therefore companies that will be willing to put you through their own bespoke cyber academies and help you to learn on the job, but as you can imagine, these opportunities are few and far between. So, let’s be realistic.
Know the Difference
With that in mind and in my opinion (for what it’s worth) do not waste your time, knocking out cyber courses left, right and centre, before you know:
a) What you want to do and b) The fundamentals of an IT environment. Anything else, would be like trying to cook on a wooden BBQ. Again, this is my opinion!
Remember: THERE IS NO SUCH THING AS AN ENTRY LEVEL JOB IN CYBER SECURITY!
Now, like most things in life there are a few exceptions to this rule and this is the common mistake people make. Like I said, there is no such thing as an entry level job in cyber-security, this is not necessarily the case with INFORMATION SECURITY and yes – they are two different things.
These are my definitions (other definitions are available)
Cyber-Security – Is the active defence against a cyber adversary and requires the capability to contain, eradicate and recover from cyber incidents, threats and events and to strengthen the security posture of a network environment through intelligence led activity.
Information Security – Is the preservation of the confidentiality, integrity and availability of information through the effective management of risk.
Information Security roles tend to be less technical than cyber-security roles, but still require a degree of technical understanding in order to perform in the role adequately.
Now we’ve cleared that up, what are the next steps to finding a meaningful career?
Prior Preparation and Planning…
1. Do your research – Don’t just do the first course that comes your way. Find out what job you would like to do first and find out about what the job entails. For instance, some of the roles work on a shift rotation. If you are absolutely sick to the teeth of ‘stagging-on’ this may not be the right solution for you.
2. Build your network – Start speaking to people that do the job that you want to do and find out more about it. The cyber community is extremely approachable and friendly, as the whole success of cyber defence relies on intelligence sharing (which requires relationship building), so you will find most people will be more than happy to speak with you.
3. Plot your pathway to your chosen career – Know what you’re training for. If you were training to do the Marathon, you wouldn’t do an intensive 20-week upper body programme to get you in shape for it. Likewise, if you were pretty unfit, you wouldn’t go out and smash a 20 miler straight away. The same applies here. Think about your training plan and make it relevant to what you want to do. There is no point whatsoever, training to be an ethical hacker, if you want to become an ISO27001 (information security standard) auditor. And there is no point learning the art of pentesting if you don’t even know what a server is!
4. Leverage the might of the military – I kid you not, I have met more military people in the Cyber/Infosec community, than I did whilst I was serving! The community is absolutely laced with veterans. More than that, there are many veteran groups out there that can help.
5. Think about apprenticeships – Ok, this is the moment I start plugging; but, I wouldn’t mention it, if I wasn’t completely passionate about the opportunities that will be available in the future for apprentices in cyber security. Apprenticeships are no longer for 16-24-year olds. Last year 46% of apprentices were aged over 25, so the stigma is starting to fade. The best thing about it, is that you earn while you learn and the prospects for landing a role are extremely hopeful too. 9 out of 10 apprentices go on to work with the company they served their apprenticeship with.
In summary, know your onions when it comes to cyber. Read about it, speak to people and don’t jump into any old training course, until you can be sure that it will add value to your final destination. Be careful of those vulture training companies, that will promise you the world. If it sounds too good to be true, it probably is.
So, as I mentioned earlier, this is a simple guide. I could go on much more, but it would probably turn into a lullaby! Maybe there could be a sequel, because there is much more to discuss. I’ll leave it to you all to discuss below what you would like to hear about next!
In the meantime, take care and if you have managed to get to this point without me boring you. Well done and please feel free (veterans or transitioning service-leavers only) to fill your boots learning cyber skills through our Veterans Digital Cyber Academy ™ in conjunction with Immersive Labs. It’s completely free.
About the Author: Steve Maguire is the Co-Founding Director of Forces Cyber Pathways, an organisation that provides opportunities for organisations to hire veterans using apprenticeship levy funding. Prior to starting the company, Steve served in the 2nd Battalion the Parachute Regiment, before taking up a career in Law-enforcement with the British Transport Police and latterly within a ‘big six’ Chief Security Office.