How to get into the Information Security Industry?

Updated: Oct 14, 2021

The cyber security industry is growing leaps and bounds with the U.S. advertising over 465,000 job openings. In the UK almost half of cyber sector businesses (47%) have tried to recruit someone in a cyber role since the beginning of 2019. Of all the vacancies over this period, 37% were reported as being hard to fill.


The department of Digital, Media and Sport has provided many stats from 2019 to 2020. They suggest that the reasons for the difficulty in hiring cyber security professionals is due to candidates lacking technical skills or knowledge (48% of employers with hard-to-fill vacancies), but mentions of job applicants lacking work experience have increased since the previous study (from 8% to 35%).


30% cyber firms have found it hard to fill generalist roles (where employees are expected to work in a range of cyber security areas). The most common shortages in specialist roles are for senior management roles, penetration testing and security architecture.


Filling the Gap


Whilst it might be a daunting process getting your “foot in the door “, The cyber security industry has a wealth of resources that can be utalised to either improve on your current role or get your first job.


"You don't have to be a graduate of MIT to work in cybersecurity," said Tim Herbert, executive vice president for research at CompTIA. "It just requires someone who has the proper training, proper certification and is certainly committed to the work."

The remainder of this post explains some of the available resources that can be utalised to increase your knowledge and land you a new role.


Research Groups and Seminars


This might be an odd one for those reading other blogs and resources, but before getting your money out and taking a paid course, investigate some free resources. There are academic seminars and research groups around the world that share their research with completely for free.


The following list is not exhaustive but provides a good baseline to work from:

  1. https://www.lightbluetouchpaper.org

  2. https://uk-sps.org

  3. https://crypto.stanford.edu/seclab/sem.html

  4. https://www.cerias.purdue.edu/news_and_events/events/security_seminar/

  5. https://www.esat.kuleuven.be/cosic/

  6. https://sec.cs.ucl.ac.uk/seminars/


More free stuff..


As well as academic resources multiple other organisations provide free resources as a way to give back to the community.


The following are some great examples:

  1. https://academy.hackthebox.eu/

  2. https://www.hacker101.com/

  3. https://portswigger.net/web-security

  4. https://blog.intigriti.com/hackademy/

  5. https://www.bugcrowd.com/hackers/bugcrowd-university/

  6. https://hackersera.com


Well there is a couple of hundred hours of material there alone to keep you busy for a while. But once you have a handle on the language and the tools you probably want to put them into practice.


Hacking without getting arrested..


There are some great options available in this space now. However here are the top recommendations for testing your skills:


  1. https://www.hackthebox.eu/

  2. https://tryhackme.com/

  3. https://www.vulnhub.com/

  4. https://www.bugbountyhunter.com

Certifications and Qualifications


Again before going out and spending your hard earned cash you should know a couple of things. The first is that not all courses are created equally or thought of in the same light. Whist some courses are great at providing you with the necessary knowledge, others are good at getting you past the HR barrier to getting that interview.


Whilst i am not going to give you my full opinions on this matter I will recommended the some of the industry leaders.


  1. CompTIA Security+ https://www.comptia.org/certifications/security

  2. Certified Ethical Hacker https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/

  3. CISSP Associate https://www.isc2.org/Certifications/Associate

  4. OSCP https://www.offensive-security.com/pwk-oscp/

Some of these will require months of hard work and dedication, not to mention hundreds if not thousands of pounds (read local currency), So make sure you research wisely. There are hundreds of courses out there to chose from, not to mention multiple industry bodies and training providers such as SANS, ISACA, ISC2, Comptia, BCS, AXELOS, Cisco, CompTIA, Offensive Security, GIAC and many more.


So make sure you are picking your courses for the right reasons.


Get Inspired


Turn on the telly and watch some hacking movies, it is very easy to burn out whilst trying to absorb a lot of technical information. So take your time and enjoy it!


If sitting for hours watching movies isn't for you, then how about watching some industry legends do there thing:

  1. IppSec https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA

  2. Nahamsec https://m.twitch.tv/nahamsec?desktop-redirect=true

Or perhaps you want to read a good book or two:

  1. Ghosts in the wires https://www.amazon.co.uk/Kevin-Mitnick-Adventures-Worlds-Wanted/dp/B00I615S4I/ref=sr_1_2?dchild=1&keywords=ghost+in+the+wires&qid=1632178475&qsid=258-5853867-5491552&sr=8-2&sres=0316212180%2CB00I615S4I%2C1581127677%2CB09D41PMDP%2C1593271441%2C154101636X%2C0552551643%2C1980901759%2C1494295504%2CB08C3VRFJ1%2CB08W5F5WKF%2CB01KX5G01Y%2C1838988386%2C1617294357%2CB095MJK2ZN%2C0471782661&srpt=ABIS_BOOK

  2. Cult of the Dead Cow https://www.amazon.co.uk/Cult-Dead-Cow-Original-Supergroup/dp/B07RY5CPWW/ref=sr_1_1?dchild=1&keywords=Cult+of+the+dead+cow&qid=1632178577&qsid=258-5853867-5491552&s=books&sr=1-1&sres=B07RY5CPWW%2C5508938826%2C1980901759%2C1529035651%2C1706354509%2C1976395038%2C1788164997%2C0770436196%2CB081ZF89V7%2C1568588798%2CB084RWVHR2%2CB07T86WGKC%2C1501169084%2C3656267960

OR.. you do just want a litte more screen time and want to get a movie on:

  1. Matrix

  2. Sneakers

  3. Hackers

  4. Girl with the dragon Tattoo

  5. Black Hat

  6. The Fith Estate

  7. Snowden

  8. DieHard 4.0

  9. SwordFish

  10. Wargames

Summary


Once you feel you are ready for your next or first role its time to talk interviews. The first priority you need to cover is passion, this is the first thing that a hiring manager is looking for. If you don't have that life long learner mindset then this might not be the right role for you.


The second is current affairs, its all well and good telling a hiring manager that you think Cyber security is the best thing since slides bread but if you are unable to back this up with some examples that are happening in the wild, you are selling your self short.


Forget the tools and focus on transferable skills, lots of organisations are looking for experience in certain tools, but don't let that put you off. Most tools operate in similar manner so if you have experience on one then its just looking for the button in another location.


If however its your first role, then research how they work under the hood, impress the interviewer with the background knowledge, end of the day, it you have the passion and drive and not to mention the knowledge that you gained from this post, They would be lucky to have you.


References


https://www.cbsnews.com/news/cybersecurity-job-openings-united-states/

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/973802/Ipsos_MORI_Cyber_Skills_in_the_UK_2021_v1.pdf



11 views0 comments

Recent Posts

See All

This forms part of a new series of blog posts looking at client-side attacks and evasion strategies used by hackers. Running Shell Code in C# Over the last few weeks, we have been building payloads an

This forms part of a new series of blog posts looking at client-side attacks and evasion strategies used by hackers. Running Shell Code in C# Using lessons learnt from the last few weeks from both VBA

This forms part of a new series of blog posts looking at client-side attacks and evasion strategies used by hackers. When looking at exploiting operating systems and conducting client-side attacks it