As with many fields, gaining relevant experience is critical when finding a first job in cybersecurity, or even advancing your career. Unfortunately for many people looking to break into cybersecurity, it is often expected to have some experience for even entry positions. While this may seem difficult to overcome, there are several ways to get some initial experience in cybersecurity and shine as a more appealing and attractive candidate.
Training Platforms
Cybersecurity training platforms are incredibly popular and can be an amazing way to build up skills. There are many different paid and free resources available that can act as an entry point into many different areas of cybersecurity. Some of the most popular ones include TryHackMe, Hack the Box, and Proving Grounds. Each of these has its pros and cons, but they can be used in combination with each other to provide maximum value.
TryHackMe provides a beginner-friendly format that is perfect for learning the fundamentals of cybersecurity. They feature different paths that provide exposure to many different potential job roles. Hack the Box can be utilized for more complex and unique challenges. Their platform is largely dedicated to hacking individual machines and learning about different attacks in that context. Proving Grounds is provided by OffSec, the creator of many well-respected certifications, such as the OSCP. These labs act as a great study resource for those famously difficult exams.
Certifications
Certifications act as a great way to build valuable knowledge and experience. They double as a good resume bullet that will be appealing to hiring teams on an application. Many different certifications are available that act as a resource for building general knowledge, as well as many acting as a way to carve out a more specific niche. These can be areas such as red teaming, web application testing, binary hacking, and just about any other area of cybersecurity.
While there are more limited resources for defensive security with certifications, more and more options are popping up recently. Companies such as Hack the Box and OffSec provide excellent courses that can help defenders build the skills they need to find success in cybersecurity. It is important to keep in mind just how broad of an industry cybersecurity is. There are so many different areas to explore, with each having it’s own appeal.
Capture The Flags
Capture the flags, or CTFs, are small cybersecurity competitions that have numerous small challenges in different areas. These will typically encompass web hacking, binary hacking, forensics, encryption, and more subjects depending on the specific CTF. These challenges will typically be very difficult to overcome and are meant as a way to compete against other people in cybersecurity and test your own skills.
CTFs are put on by many different organizations, with many being annual events. They can also be found in private circles, universities, and more. Typically, events are done in a team. This can be great, as team members can help each other with any weakpoints they may have and work as a more rounded group. In many events, there will even be prizes for high placing teams!
Projects
Personal projects are a great way to spread the word about your skill set while giving back to the cybersecurity community. Many of the tools used in the day-to-day life of a cybersecurity professional are open-source tools created by community members. A large portion of these these tools were created to meet a specific need or niche problem, while others are massive, generalized platforms meant to assist with a wide range of cybersecurity tasks.
Projects do not only have to be focused around creating tools. Another popular type of project is simply researching and documenting a specific subject, such as a potentially vulnerable tool. Other projects may be writing blogs or creating video content. The general idea is that cybersecurity projects are a way to showcase your skillset and knowledge without directly having to show work experience.
Internships
Internships are a great way to build up real world experience under the guidance of a more experienced team. This path provides the most realistic experience of what a career in cybersecurity looks like. While this is not the case with every internship, many pay trainees during the program. As expected, these internships are often competitive, but provide an added bonus on top of the experience.
Internships can be possible at many different companies for many different roles. It could be a security focused company providing consulting services, or a security team on a company in an unrelated industry. Each provides a different experience, so it is important to properly research the process for both. Either option will provide great experience and be a valuable way to learn.