Let’s Talk About Certs, Baby
There’s more than one path into the high-demand, high-reward career field of cybersecurity. Not everyone can afford the time and cost of a traditional college education and it is not always necessary to get your foot in the door.
An alternative is to use low-cost resources to make a plan for self-study, get certifications, and create a portfolio to showcase to potential employers.
Start With the ABCs
CompTIA A+ (parts 1 and 2), Network+, and Security+. Go ahead and get yourself some basic training in Linux too.
Let’s clear something up. IT is not Cybersecurity, BUT basic knowledge about how computers work, how to use the command line, differences between Windows and Linux operating systems, and how computers communicate over the network is necessary in order to understand cybersecurity concepts like security controls, application security, vulnerability management, configuration controls, network access controls, identity and access management, and more.
With these basics under your belt you could easily qualify for a job in an entry-level IT help desk position. You don’t have to work in IT to work in cybersecurity, but it certainly doesn’t hurt. If you are ready to get your hands dirty, go for it! You will gain experience and make contacts that will help you as you continue your journey into cybersecurity.
Network, Network, Network!
Make new friends, but keep the old. Start connecting with people who work in the field and do what you aspire to do. LinkedIn is your best asset when it comes to networking and showcasing your new skills and certifications. Pro tip: Try searching for groups that align with your interests, and then interact with the folks in those groups.
Join professional associations if you can afford the membership fees, and attend conferences when you are able. Some are virtual, and some are free or low cost. Immerse yourself in the infosec culture, soak up the news, get advice, and find new resources for learning. You have to be active. Commenting, posting, and engaging will get you noticed. And don’t be afraid to connect with people!
Research & Consider Various Roles in the Field
The cybersecurity field is vast and varied. No one person working in cybersecurity knows everything. Once you’ve achieved the ABCs, it's time to figure out what role you want to play in this new world.
A great place to start learning about cybersecurity roles is the NICE Framework.
Align Career Goals With Additional Certifications to Focus Your Path
Now that you know where you want to end up, what is the best path to get there?
CompTIA offers affordable, well-respected certifications in IT and cybersecurity and it is a great place to start. Their training programs are also affordable and you can find alternative training elsewhere, like LinkedIn Learning, YouTube, and Udemy. Start with the basics and progress to more advanced certifications. Check out the CompTIA Cybersecurity Career Pathway.
IBM offers a comprehensive training program for the IBM Cybersecurity Analyst Professional Certificate that is also affordable and valued by employers. The courses can also transfer for college credit, if you choose. There are 8 courses in the program, taught by IBM Security Learning Services on Coursera. You get a 7-day free trial and then it’s $49 a month.
Create a Portfolio
Find ways to showcase your new skills to potential employers: Badges/certificates earned from CTF games, course completion certificates, a home lab project, a cloud lab project, endorsements from contacts. LinkedIn is a great place to share your accomplishments. You can also set up a personal website to showcase labs and other projects you’ve done.
- Professor Messer on YouTube and www.professormesser.com (CompTIA A+, Network+, Security+): Provides free training videos and study materials for CompTIA certification exams, including A+, Network+, and Security+. https://www.professormesser.com/
- MIT Open Courses: Offers free online courses on computer science and cybersecurity topics from the Massachusetts Institute of Technology. https://ocw.mit.edu/
- LinkedIn Learning (unlimited courses, monthly subscription): Provides access to a wide range of cybersecurity courses for a monthly fee, with a free trial available. https://www.linkedin.com/learning
- AWS Skill Builder (free and paid cloud courses): Provides a mix of free and paid cloud computing courses from Amazon Web Services, covering topics such as security, networking, and machine learning. https://explore.skillbuilder.aws/learn
- A Cloud Guru (tons of cloud courses): Offers a wide range of cloud computing courses, including security and compliance topics, for a monthly or yearly subscription fee. https://acloudguru.com/
- MITRE ATT&CK® Defender: A free gamified training platform designed to help cybersecurity professionals learn how to defend against real-world attacks using the MITRE ATT&CK® framework. https://mitre-engenuity.org/cybersecurity/mad/
- TryHackMe (short, gamified real-world labs): Provides short, gamified cybersecurity labs that cover a wide range of topics, including penetration testing, network security, and cryptography. Offers a free version and paid subscription with additional features. https://tryhackme.com/
- Cybrary - Free online cybersecurity courses and career development resources: https://www.cybrary.it/
- Open Security Training - Free cybersecurity training and educational resources: https://opensecuritytraining.info/
- Coursera - Online courses in cybersecurity from top universities and organizations: https://www.coursera.org/courses?query=cybersecurity
- Udemy - Inexpensive online courses on cybersecurity for beginners and advanced learners: https://www.udemy.com/courses/search/?src=ukw&q=Cybersecurity
- edX - Free and low-cost online courses in cybersecurity from top universities: https://www.edx.org/learn/cybersecurity
- SANS Cyber Aces - Free online cybersecurity training courses and resources: https://www.cyberaces.org/
- National Initiative for Cybersecurity Education (NICE) - Free cybersecurity resources for educators and students: https://www.nist.gov/itl/applied-cybersecurity/nice
- Codecademy - Online courses in computer programming and cybersecurity: https://www.codecademy.com/catalog/subject/computer-science
- Hackers Academy - Online courses in ethical hacking, cybersecurity, and penetration testing: https://hackersacademy.com/
- Cisco Networking Academy - Free online courses in networking and cybersecurity: https://www.netacad.com/courses/cybersecurity
- OWASP - Free cybersecurity resources and training on web application security: https://owasp.org/
- Offensive Security - Inexpensive online courses on ethical hacking and cybersecurity: https://www.offensive-security.com/courses-and-certifications/
- The Hacker News - Free cybersecurity news and analysis: https://thehackernews.com/
- Pluralsight - Inexpensive online courses on cybersecurity for beginners and advanced learners: https://www.pluralsight.com/browse/information-cyber-security
- CompTIA - Free and low-cost cybersecurity resources and training: https://www.comptia.org/resources/cybersecurity
- FutureLearn - Online courses in cybersecurity from top universities and organization: https://www.futurelearn.com/courses/categories/it-and-computer-science/cyber-security
- Google Cloud Courses and Training - Affordable cloud security training: https://cloud.google.com/training
- Microsoft Training - Free Microsoft training resources and best practices: https://learn.microsoft.com/en-us/training/
- Linux Academy - Inexpensive online courses on cybersecurity for Linux systems: https://training.linuxfoundation.org/cybersecurity/
- YouTube - Free cybersecurity training videos and tutorials: https://www.youtube.com/results?search_query=cybersecurity+training
- Cyber Security Challenge UK - Free cybersecurity training resources and challenges: https://www.cybersecuritychallenge.org.uk/
- OWASP Top Ten Project - Free resources and training on web application security: https://owasp.org/Top10/
- Hacker101 - Free online courses in ethical hacking and cybersecurity: https://www.hacker101.com/
- Offensive Cyber Security - Free and inexpensive courses on offensive cybersecurity: https://www.offsec.com/fundamentals/
- European Union Agency for Cybersecurity (ENISA) - Free cybersecurity resources and best practices: https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists
- Cybersecurity Ventures - Free cybersecurity news and analysis: https://cybersecurityventures.com/category/cybersecurity-market-report/
- WiCyS Women in Cybersecurity: A non-profit organization that seeks to increase the representation of women in the cybersecurity field through mentorship, education, and networking opportunities. https://www.wicys.org/
- Black Cybersecurity Association: A community-led organization that aims to provide support and resources to Black cybersecurity professionals and increase diversity in the cybersecurity field. https://blackcybersecurityassociation.org/
- Cloud Security Alliance: An organization that focuses on promoting best practices for cloud security and providing education and training resources for professionals in the field. https://cloudsecurityalliance.org/
- Women + Cybersecurity = Women’s Society of Cyberjutsu: A non-profit organization that provides education, training, and mentorship opportunities for women in the cybersecurity field. https://womenscyberjutsu.org/
- Women in Tech Global Community Group by WomenTech Network: A community of women in technology who collaborate to create opportunities for diversity and inclusion in tech. https://www.womenintechnology.org/
- Information Systems Security Association (ISSA): Provides access to training, networking, and professional development opportunities for cybersecurity professionals of all levels, including entry-level. https://www.issa.org/
- CompTIA: Offers certification and training programs for cybersecurity professionals, including those who are just starting out in the field. https://www.comptia.org/certifications/security
- Women's Society of Cyberjutsu: Offers mentorship, training, and networking opportunities for women who are interested in pursuing careers in cybersecurity. https://womenscyberjutsu.org/
- International Association of Privacy Professionals (IAPP): Provides resources and training for professionals who are interested in cybersecurity and data privacy. https://iapp.org/
- Association of Information Technology Professionals (AITP): Provides networking opportunities and professional development resources for IT professionals, including those in the cybersecurity field. https://www.aitp.org/
- National Cybersecurity Student Association (NCSA): Provides resources and support for students who are interested in pursuing careers in cybersecurity. https://www.cyberstudents.org/
- Cybersecurity Association of Maryland, Inc. (CAMI): Offers training and networking opportunities for cybersecurity professionals in Maryland, including entry-level professionals. https://www.mdcyber.com/
- International Consortium of Minority Cybersecurity Professionals (ICMCP): Provides resources and support for underrepresented minorities who are interested in pursuing careers in cybersecurity. https://www.icmcp.org/
- National Initiative for Cybersecurity Education (NICE): This program provides resources for students, educators, and employers to improve cybersecurity education and training. https://www.nist.gov/itl/applied-cybersecurity/nice
- Cybersecurity and Infrastructure Security Agency (CISA): This agency is responsible for protecting the nation's critical infrastructure from cyber threats and provides training and certification programs for cybersecurity professionals. https://www.cisa.gov/cybersecurity
- National Security Agency (NSA): This agency is responsible for protecting national security information and provides cybersecurity resources and training for professionals in the field. https://www.nsa.gov/About/Cybersecurity-Collaboration-Center/
- Department of Homeland Security (DHS): This department is responsible for protecting the nation from threats, including cybersecurity threats, and provides training and resources for cybersecurity professionals. https://www.dhs.gov/topic/cybersecurity
- Federal Bureau of Investigation (FBI): The FBI is responsible for investigating cyber crimes and provides training and resources for cybersecurity professionals in both the public and private sectors. https://www.fbi.gov/investigate/cyber
- Department of Defense (DoD) Cybersecurity Education and Training: The DoD offers a range of cybersecurity education and training programs for military personnel, contractors, and civilian employees. https://www.defense.gov/Explore/Spotlight/Cybersecurity/
- National Institute of Standards and Technology (NIST) Cybersecurity Framework: The NIST Cybersecurity Framework provides guidelines and resources for organizations to improve their cybersecurity posture. https://www.nist.gov/cyberframework
- Office of Personnel Management (OPM) Cybersecurity Resource Center: The OPM provides resources and training for federal employees and contractors to improve their cybersecurity skills. https://www.opm.gov/cybersecurity/
- United States Cyber Command (USCYBERCOM): USCYBERCOM is responsible for protecting the military's networks and provides training and resources for military and civilian personnel. https://www.cybercom.mil/
- National Cyber-Forensics and Training Alliance (NCFTA): The NCFTA is a non-profit organization that provides cybersecurity training and resources for law enforcement, government, and industry professionals. https://www.ncfta.net/