How to become a cyber security expert

A cyber security professional at their desk in an office
(Image credit: Shutterstock)

The demand for cyber security professionals continues to grow as organisations and individuals seek to protect themselves against ever-increasing online threats. In fact, according to research from recruitment consultancy Harvey Nash, cyber security is the most in-demand technology skill today.

A significant talent gap across the industry remains, however, with ISC2’s 2020 Cyber Security Workforce Study measuring the skills shortage at 3.1 million professionals. The study also found 64% of organisations experienced recruitment difficulties last year. Amid the ongoing demand for cyber security skills, there’s a unique opportunity for people to embark on careers in this industry. There are several key steps you must follow, however, to become a cyber security expert, from developing the right technical and soft skills to networking with other cyber security professionals.

Getting started

Before pursuing a career in cyber security, an essential first step is selecting a specialism. Immersive Labs’ application security lead, Sean Wright, points out that the sector is vast, with roles varying from penetration testers to developers who build security products. “This is the most important step, in my opinion,” he says, “since this will then guide you as to the steps which you have to take next.”

Candidates should then grow their professional networks to make valuable contacts, learn from others, identify potential opportunities and, ultimately, break into the industry. “One excellent tool for doing this is social media, especially Twitter,” Wright adds. “I have personally benefited enormously from using this tool, hence why I recommend it so highly. This is an excellent way to get help from others in your identified field of interest, as well as forge relationships which may very well help land your first role.”

Budding cyber security professionals must also think about the learning process, and how to build key skills. Wright says that while skills vary by specialism, there are plenty of free and commercial training materials available. Social media can help, too, with others normally able to point you in the right direction. Starting your own blog also lets you showcase your work and demonstrate your skills prior to landing your first role.

Finally, Wright recommends that anyone starting out in the industry should remain patient and enjoy the ride. “If you put in the effort and time, it will come,” he says. “One final comment to make is that it’s generally quite easy to switch roles or fields within cyber security. Don’t worry too much if your first choice isn’t the right one down the line; you’ll naturally gravitate to what you are interested in, and that may even change over time."

Standing out from the crowd


The new frontier of endpoint management

How analytics and security stacks are driving employee experience initiatives


Because the industry is constantly evolving, new starters must take steps to stand out from the crowd, Jake Moore, a security specialist at ESET, explains. One way to do this is by completing a cyber security course – and it doesn’t necessarily have to be a university degree. “Qualifications such as the CISSP, Sec+ and CISM are perfect for those who want to understand the detail and desire a role that requires a foundation of knowledge,” he explains. “This, coupled up with any experience, will place anyone in a better position. They might sound expensive but they’re cheaper than university – and worth every penny.”

Like Wright, he believes candidates should use social media sites like LinkedIn to network with experienced professionals and look for roles. Beyond using the platform as a digital CV, he says it can also make you known by the right people. Logging anything important on LinkedIn also helps demonstrate a long-held passion for the sector.

Andrea Babbs, UK general manager at VIPRE, however, explains that experience is just as important as professional qualifications. “Mentoring and buddying-up can provide incredible insight into the challenges you’ll face as an expert, as well as what makes up the day-to-day role,” she says. “If you’re already working, you could speak to your IT department about shadowing them, or reach out to your network or industry bodies such as CompTIA or the Information Security Forum (ISF) about the mentoring or certification services they offer.”

Future cyber security experts can also learn on the job by taking part in apprenticeship schemes. Nominet’s CISO Cath Goulding tells IT Pro, for example, that her company runs an apprenticeship scheme that seeks out people with raw analytical and communication skills necessary for the job. The most critical thing for Goulding is that they have a passion for a career in cyber security.

Soft skills are vital

To build a successful career, aspiring cyber security professionals must develop a variety of skills over time, with soft skills and personal attributes especially important, according to principal analyst at Forrester, Paul McKay.

“While you may immediately think of the technical skills, at this level, far more important are a genuine passion, enthusiasm for security and a willingness to learn new things,” he says. “It’s this attitude that will get you through the necessary period of technical knowledge acquisition which, by its nature, will require hard work and perseverance.”

McKay adds another fundamental, but often overlooked, skill is the ability to clearly present the nature of any threats an organisation faces. These presentation skills, and the ability to relay information to the business you're working in, are critical to gaining acceptance and buy-in. In more operational roles, he continues, the ability to spot patterns and calmly deal with an investigation under pressure are highly valued skills that are somewhat hard to teach or learn.

Although soft skills are important, employers will certainly look for people with a good technical skillset too, according to Drawbridge CISO, Simon Eyre, who would always expect a new starter to have solid fundamentals in IT and networking. “My favourite interview question is a simple walk-through of how e-mail works,” he says. “Then, depending on the job – red team, blue team, and so on – we pick apart the process and see how we defend/attack. It's a great model to see how well someone understands everything from application to network – and back. Classic knowledge like the open systems interconnection (OSI) model really helps your understanding as you work on something new."

With the cyber security threat landscape expanding rapidly, the need for skilled professionals will only increase over the next few years. Although there’s a huge demand for cyber security professionals, and plenty of opportunities across the industry, it’s clear that achieving success will come down to hard work, determination and perseverance.

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, the Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan. You can follow Nicholas on Twitter.