Becoming a Self-Taught Cybersecurity Pro - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Team Building & Staffing
News
6/9/2021
08:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Becoming a Self-Taught Cybersecurity Pro

Cybersecurity pros are in high demand. Here's how one system administrator developed his own personal online night school curriculum to gain the expertise for a successful security career.

Olivier Le Moal via Adobe Stock
Olivier Le Moal via Adobe Stock

If you are looking to take your IT career in a new direction where there's loads of demand, there are several interesting subspecialities, and the pay continues to increase, a career in cybersecurity can't be beat right now.

It's impossible to ignore all the high-profile attacks -- from the SolarWinds supply chain attack impacting multiple government agencies, to the more recent spate ransomware attacks against gas pipeline company Colonial Pipeline and meat producer JBS, to name a few. The move to work from home and to accelerate digital transformations has only increased the alert level and the demand for cybersecurity pros.

"In cybersecurity right now there's a significant shortage of candidates," said Ariel Weintrab, chief information security officer at Mass Mutual. Her cybersecurity team is hiring from general IT pros and also "recruiting from a wide variety of educational backgrounds," not just technology. Her organization is looking for problem solvers with intellectual creativity.

But if you just show up at the hiring office with your liberal arts degree or your cybersecurity certification, how do you stand out from the crowd of other applicants interested in cybersecurity? And if you are already a seasoned pro in IT, how do you establish your expertise in cybersecurity so that you can make that career change?

Do you need to go back to school? Is a bootcamp-type of course right for you? Or can you learn what you need to learn on a shoestring budget via online courses and books?

InformationWeek recently spoke to an enterprising young cybersecurity pro who took the latter path, and he shared some details about his less-than-traditional entry into the field and the lessons that other aspiring cybersecurity pros can learn from his journey.

Logan Flook has just accepted and is starting a new job as a Security Analyst ll specializing in Threat and Vulnerability Management with SMC Corp. The new position for him is the culmination of several years of work by the Air Force veteran.

Logan Flook
Logan Flook

Flook served as a system administrator in the Air Force for nearly 3 years but was discharged after an injury. Cybersecurity had been his career goal from the start of his military career, and during his separation from the Air Force in 2019 he launched a search for a job in that field. But employers didn't want to hire someone who didn't already have cybersecurity experience and training. Flook parlayed his sysadmin skills, which included some VMware work, into a VMware admin job with Booz Allen Hamilton.

Meanwhile, at home, Flook was coming up with his own self-driven education plan to get the skills for a cybersecurity career. He analyzed all his notes from his unsuccessful cybersecurity job applications to determine which skills employers wanted. He decided to dedicate every evening from 7 pm to 10 pm to an independent study of cybersecurity that included books, online courses, and guidance from other cybersecurity pros he met on cybersecurity-focused Discord servers.

"I was the most annoying person on those servers," he said. "I'd ask people how did you learn what you know? How could a person do that on a low budget? The community was very supportive." Flook connected with a few individuals who became friends and provided him with ongoing guidance.

One of them "has turned into my toughest mentor. He is my compass on cybersecurity. He's the most supportive person I know," Flook said.

He would spend 3 hours a night on those courses and books, after he and his wife put the kids to bed. He has posted many of his training recommendations on his LinkedIn profile posts.

For offensive cybersecurity his top three training recommendations are eLearnSecurity Junior Penetration Tester (eJPT) certification ("very entry level but so good at teaching what you need to know. I failed it the first time I tried."), the book Hacking: The Art of Exploitation, and SANS Network Penetration Testing and Ethical Hacking.

In October 2020, Flook was promoted into his first cybersecurity job -- another position at Booz Allen. After participating in an incident response at Booz Allen (that turned out to be a false alarm), Flook decided to pursue more training in that area, which he found fascinating.

"We spent 9 hours one night doing incident response on what we thought was a breach," he said. "Those 9 hours completely changed what I wanted to do."

For incident response, Flook recommends eLearnSecurity's offerings for the blue side of the house. He also recommends RangeForce's offerings, which incorporate training and exercises. For a book he recommends the Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.

Flook said he likes to alternate his training from books to courses to labs/hands-on experiences.

"When my mental hard drive is full from labs, I can relax and read a bit. It's helpful to break up the training," he said.

For those who want to start in cybersecurity -- and many people message him on LinkedIn looking for advice about where to start -- he advises to start with what is free. RangeForce has 20 completely free labs, he said, and they are coming out with a knowledge base with free material, too.

"Once you are finished with what is free, move on to what your wallet can handle," he said. Here's another pro tip from Flook: You can look at the curriculum of expensive online courses, and then look for the same curriculum offered in inexpensive or free courses.

Flook's experience shows that not everyone needs to get a degree in computer science to pursue a career in it. He originally gave up on the idea of college when he was halfway through his sophomore year and felt like he was spinning his wheels in required courses that did nothing to teach him what he actually wanted to learn. That's when he enlisted.

But Flook is certainly not a quitter. He says he's always been a self-starter, having been raised in a house where his father always pushed him to earn what he wanted in life. There's a quote, whose origin he doesn't remember, but he uses it to guide him though.

"You need to stop asking yourself what you need to do to become successful and start asking yourself how much you can endure to be successful," he said. 

Related Content:

Investing in the Cybersecurity Workforce of Tomorrow

10 Hot IT Job Titles for 2021

IT Skills: Top 10 Programming Languages for 2021

 

Jessica Davis is a Senior Editor at InformationWeek. She covers enterprise IT leadership, careers, artificial intelligence, data and analytics, and enterprise software. She has spent a career covering the intersection of business and technology. Follow her on twitter: ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll