How to start a career in cybersecurity from the human side
Discover how the co-founder of an infosec consultancy and author of 'Confident Cyber Security' started her career and became a leader in the human nature side of security.
Many start their cybersecurity careers by pursuing a certification exam, such as those offered by CompTIA or (ISC)2. While these specialized exams that teach technical skills are vital components of cybersecurity, understanding the way people think and how they work is equally important.
Those getting started in cybersecurity should focus on finding their interests -- whether it's a type of attack, a specific technology or something even outside the security realm, said Jessica Barker, author of Confident Cyber Security: How to Get Started in Cyber Security & Futureproof Your Career.
For Barker, this interest was looking at the social aspect of situations. Despite her current roles as co-founder and co-CEO of IT security consulting group Cygenta, Barker never intended to have a career in cybersecurity. With a social sciences background, she was offered her first role in the industry due to her ability to view security through a human lens. This ability, which she aims to teach to others in her book, enables security teams to better understand the people they are protecting and the attackers targeting their organizations.
Here, she details how her career started and offers tips for security hopefuls on networking and building professional skills. Barker, one of the U.K.'s 20 women to watch in cybersecurity in 2017, also talks about her experience in the industry and gives advice on how to build confidence.
Editor's note: This transcript has been edited for length and clarity.
How did your career in cybersecurity begin?
Jessica Barker: I was finishing up my Ph.D. -- which was not in security -- and was headhunted for a cybersecurity job at a small consultancy firm. They had all the technical expertise they needed, but they wanted someone who could look at cybersecurity from a human angle. They heard about my research on the growth of the internet economy and its impact on society. I immediately Googled 'what is cybersecurity?' I thought it was a technical field, so it took me a while to understand why somebody with my background would have a place in it. Here I am, 10 or so years later, with a career I love.
Why did you accept the security job?
Barker: I've always been interested in people: why people do what they do, what makes them tick, how they can be positively influenced. When I got to understand cybersecurity, I realized people are as central to security as technology is.
Cybersecurity is a great field for someone like me with a background in sociology, politics and urban regeneration. I love the impact of cybersecurity because I can help people be more secure, less worried and more engaged with technology.
The field is so broad that it draws in people from all backgrounds -- people who think and approach problems differently. If you're interested in people, technology and challenges and enjoy making peoples' lives better, explore a career in cybersecurity.
How do you recommend people with degrees outside of infosec transition into the industry?
Barker: First, try to understand the field more. A great way is to attend events and conferences. There are all sorts of events happening online -- a lot of them are free and accessible.
Next, if you hear about a particular vulnerability, attack or form of defense, Google it. There's a lot of free content online. Use online platforms, like Hack The Box, for example, where you can put your skills into practice, or Cybrary, a professional development site where you can access free courses.
Get a grip of the cybersecurity landscape, and get an overview of what you find interesting. Once you know a little bit more, you can make an investment in certifications, online learning or apprenticeships.
Discover five personality traits for a successful career in cybersecurity in an excerpt from Chapter 13 of Confident Cyber Security by Jessica Barker, published by Kogan Page.
Are there specific roles best suited for individuals in the transition process?
Barker: It depends. If you're starting as a high school-leaver, look for an apprenticeship. I know lots of people who have done that successfully. If you're starting after university, then it depends on your background. Some people might come from an IT background; it's quite common for them to become sys admins.
Then, there are people like me who come in on the human side. I know people working in cyber awareness today who previously worked in marketing. They understand how to communicate and frame messages and how to teach an audience about positive security behaviors.
It really depends on your background, the stage of your career and your interests, whether it's the technical, human or physical side of security.
What soft skills are important in cybersecurity?
Barker: I generally don't refer to them as 'soft skills.' There's this idea that you have soft and hard skills, and soft implies easy. But these skills can be hard for people. I refer to them as 'professional skills.'
Professional skills in different fields can help you tremendously in cybersecurity. I learned a lot about empathy when I worked in a call center a couple decades ago. It was about building a rapport with people, getting to know them and then being able to help them with a problem. A customer service mindset is fantastic to have in cybersecurity. This skill can help you think about problems in different ways, see differing perspectives and create innovative solutions. This can come down to mindset or experience rather than something you formally learn through education.
It's important to have a learning mindset in cybersecurity, too. There are always new vulnerabilities, updated technologies and different attacker methodologies to learn. Being open to learning and not being intimated by it is important. That's something I believe people can develop. You can go from having a fixed mindset to a learning mindset -- sometimes, it just takes confidence.
How do you recommend people gain the confidence to do that?
Barker: Confidence is really important to me and in any career. It's partly why I was so pleased to publish a book called Confident Cyber Security. I believe in the importance of self-confidence and in helping others feel confident.
It comes down to time and experience. It's recognizing when it's the right time to step out of your comfort zone. You want to do this in a safe and manageable way. For example, I used to find public speaking difficult. If I had a public speaking event coming up, I would spend months being anxious about it. The more I did it, the less nerve-wracking it became. Now, I do paid speaking engagements around the world to thousands of people, and I absolutely love it. I don't get the nerves anymore, and that is purely from building up my confidence and pushing myself in a way that felt comfortable.
What has your experience as a woman in cybersecurity been like?
Barker: Cybersecurity is a primarily male-dominated discipline, but that is changing. I'm delighted to say we are seeing more and more women enter the field. This is from high school- and university-leavers through to women who already have careers in different disciplines.
In general, I've had a fantastic experience. I've learned how to make my voice heard when I'm the only woman in a meeting. At the beginning of my career, that was intimidating, particularly when most of the people in the room were more technically focused. The more I valued my contributions, the more I came to recognize the value of my voice and the more I stretched myself to speak up. It became almost like a muscle I exercised.
If you're the only woman in a room -- or the only person from an underrepresented group -- it's important to champion yourself even when it feels difficult. And it's really important that people around you support you and help you be heard.
What advice would you give those trying to build their network?
Barker: There's a great network of conferences that happen around the world. Make connections with people talking about things that interest you. For example, say 'Hey, you were talking about this really interesting vulnerability or technology. How can I learn more? Can we chat about it?'
I also encourage people to share what they're learning. Start a personal blog. Post what you're learning about, your interests, books you've been reading or resources you've found helpful. You don't need to be an expert to have a blog. It's a great way to show your skills, personality and knowledge to people who might be hiring.
About the author
Jessica Barker is an award-winning leader in the human nature side of cybersecurity. Barker is co-CEO and co-founder of Cygenta, a cybersecurity consultancy group working to raise security awareness, behavior and culture in organizations. She was named one of the top 20 most influential women in cybersecurity in the U.K. and awarded as one of the U.K.'s Tech Women 50 in 2017.