SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
Transition to Cyber Security From a Non-Cyber Role
Creative Ways to Impress to Land Your Dream Cyber Role
As I was doing a finance internship in my finance major undergrad years, I was excited to bring all of the skills I had learned in my college courses to the role. International Finance, Financial Statement Analysis, Accounting and other financial courses that I felt had prepared me for my internship. When I finally had a chance to meet the other interns in my cohort, I was surprised to find I was one of the few interns that was a finance major! Many other majors were represented in this financial internship, including language arts, business, drama and art majors. By the end of the internship, I quickly found out why my organization was right to bring non finance majors into the cohort: No matter what major, anyone can be successful in a role with their prior experience/knowledge. Coupled with a strong will to learn more, it is a wonderfully dangerous combination.
I bring up the story of my finance internship because as I converted from finance to the cyber security field, I quickly figured out one does not have just technology experience to be successful in this industry. Yet, as many of those who have tried to enter the industry with no prior cyber security experience have told me, the barriers seem higher than ever to land in the cyber security field when you are on the outside looking in.
Looking for your first initial role in the cyber security industry can be daunting sometimes. Why? One look around your favorite job board site can give you a great statistical sampling of the myriad of requirements employers (think they) want. Requests for multiple years of experience in the cyber security industry can seem like the norm. Industry certification requirements are peppered in. High level degree requirements are thrown into the job description. After taking one look at a job description, you may think it is impossible to land a role in the cyber security industry even with a array of great experience you bring to the table. It is head scratching!
Your prior skills benefit you more than you know in the cyber security industry. You deserve to not only exercise these skills in a future role, but also to showcase why they are so important to help solve today’s tough cyber security problems.
Prior Non-Technical Experience
How you search for your next cyber role can make the difference in your confidence level for your search. Instead of searching for a general role such as IT Security Specialist, try a more targeted role. Below is an example of a Vulnerability – Remediation Support Analyst role that recently came up on my favorite job search website. This role is aligned to a more specific functional area of cyber security called Vulnerability Management. Vulnerability Management helps contributes to the risk reduction in an organization by bringing identified vulnerabilities to a closed state. Much of the time, this requires keen people skills and to being able to confirm the aligned parties complete their requirements.
Basic Qualifications for “Vulnerability – Remediation Support Analyst”
Managing the end-to-end vulnerability life-cycle from discovery to closure. |
Performing vulnerability assessments to identify weaknesses and countermeasures and providing timely assessment reports to key stakeholders. |
Producing vulnerability, configuration, and coverage reporting to demonstrate assessment coverage and remediation effectiveness. |
Assisting with the design and implementing dashboards and data visualizations for various stakeholders. |
Notice how the requirements for this role are not calling for years of industry experience. Instead, it reads much more like a business analyst type role. Many of you may some of this listed experience from prior roles. Let’s take another look at the same job requirements, but this time lets parallel it to industry experience you may already have:
Parallel Basic Qualifications for “Vulnerability – Remediation Support Analyst”
Requirements | Parallels to Example Non-Industry Experience |
Managing the end-to-end vulnerability life-cycle from discovery to closure. |
|
Performing vulnerability assessments to identify weaknesses and countermeasures and providing timely assessment reports to key stakeholders. |
|
Producing vulnerability, configuration, and coverage reporting to demonstrate assessment coverage and remediation effectiveness. |
|
Assisting with the design and implementing dashboards and data visualizations for various stakeholders. |
|
As you can see, much of this role includes bringing your non cyber security skills to the table. Do not discount any of your prior experience when applying to cyber security roles. It is a great benefit to you and your team! Best of all, you would now be part of the cyber security industry!
Prior Technical Experience
You may have a copious amount of technical experience in a non cyber security function such as a help desk specialist, system administrator, network administrator, database specialist, or programmer role. Yet, when you look at cyber security jobs, you may think your experience will not translate successfully to a cyber security role. Luckily, your prior technical experience is very helpful in propelling yourself to a cyber role. Much like the Vulnerability Remediation Support Analyst above, let’s look at another specialized cyber security role called a SOC (Security Operations Center) analyst requirements based on a search in at job search website:
SOC Analyst Basic Qualifications
Highly motivated to work in information security |
Customer oriented and professional |
Ability to understand and correlate data from multiple sources, not limited to user authentication events, windows security event logs, syslog, NetFlow/PCAP data, DHCP logs, DNS logs, intrusion detections alerts, proxy logs, packet captures, and firewall events. |
Understanding of how both Windows, Linux and network platforms are compromised |
Again, much like the prior role we paralleled, notice how the requirements for this role do not require years of experience in the cyber security industry. Rather, the preferred candidate has some technical experience in a non cyber security field with a willingness to learn what it takes to be a successful cyber security practitioner. Let’s parallel how some of your prior experience may fit well into this role.
Requirements | Parallels to Example Non-Industry Experience |
Highly motivated to work in information security |
|
Customer oriented and professional |
|
Ability to understand and correlate data from multiple sources, not limited to user authentication events, windows security event logs, syslog, NetFlow/PCAP data, DHCP logs, DNS logs, intrusion detections alerts, proxy logs, packet captures, and firewall events. |
|
Understanding of how both Windows, Linux and network platforms are compromised |
|
Surprising “Other” Cyber Security Jobs
Many individuals that I talk to who have interest in joining the field do not realize that being a cyber security professional does not mean that you have to sit in front of a computer all day doing penetration tests all day. In fact, there are many other entry paths that allow you to step into the industry. A non-exhaustive list of some of those roles are below:
Job Title | Job Overview |
Cyber Security/Technical Risk Analyst | Performs security evaluations on enterprise environments, suppliers, and software to identify cybersecurity risks, provide remediation recommendations and facilitate risk treatment. |
Cyber Security Audit Analyst | Lead and execute complex IT security assurance projects in accordance with established methodologies and professional standards. |
Cyber Security Business Analyst | Participate in analyzing business requirements and production specifications for changes made to technology applications. |
Cyber Security Project Manager | Manage and lead cyber security aligned projects |
Cyber Security Governance | Apply principles for information systems security governance and making effective use of standards for security management |
Cyber Security Control Assessor | Conduct verification and validation for security information systems, products, and components |
Importantly, all of these roles are a vital component to a cyber security program. In many organizations, these roles work in tandem to reduce the cyber risk to an organization.
Many of these examples above showcase that getting your hands into the cyber security industry does not always require you to find a technical role. As I like to say to many of the students who take the MGT512: Security Essentials for Managers course at SANS, we are technical risk professionals at heart. We are aiming to reduce the cyber risk to an organization by engaging in both technical and non-technical means of achieving the goal. We have to showcase our progress and communicate our progress effectively as well. Courses such as SEC402: Cyber Security Writing help build the skills that will help you communicate effectively through writing in any cyber security role and will help your communication confidence in any cyber role you seek. Additionally, keep your cyber chops sharp and up to date even if you are not in the industry through the great free resources SANS has:
- SANS Free Cybersecurity Community Resources and Programs: resources such as webcasts, whitepapers from the SANS Reading Room, SANS Summits, podcasts and newsletters such as Ouch!
- SANS Cyber Range Capture the Flag Challenges and Cyber42 events: Great ways to test yourself in real world exercises that will challenge and prepare you for your future day to day requirements.
The Rest of the HR + Cybersecurity Series
1. Listen to the corresponding webcast here.
2. Read the rest of the Blog series here:
- Skilling the Gap: Creative Ways to Recruit Top Cyber Talent
- Knowing Your Applicants: How to Stay Current to Best Assess Your Cyber Applicants
- Not in Cyber Security? No Problem! Creative Ways to Gain Experience With No Experience
About the Author
Kevin Garvey is the US IT Security Manager for an international bank responsible for overseeing incident response, vulnerability management, cyber threat intelligence, as well as the security operations center (SOC). Previously, he worked at New York Power Authority, JP Morgan and WarnerMedia (formerly Time Warner). Kevin has always had a passion to hunt down the adversary and has loved tackling the risk and threat challenges his responsibilities have thrown at him. Kevin teaches SANS MGT512: Security Leadership Essentials for Managers. Read Kevin's full profile here.
