I Am Not a Cyber Expert - Odds Are, You Aren’t Either.
Three years ago, I thought I had everything figured out. Finish up school, land a job doing something in the field I studied in, raise a family, etc. Little did I know my path was going to change. Just a few months later, I ended up not only working but teaching in a field I knew little to nothing about: cybersecurity. Now, you might be thinking, ‘wow, this guy lucked into the right field at the right time,’ and I would say you are absolutely correct. Most of my friends thought I was a little bit crazy for taking the position and I’ll have to admit, I was feeling the same until I got started. Once I started learning some of the basics and getting into the cybersecurity mindset, things just kind of clicked (pun intended). With a bit of help, most people could make the transition into the field while keeping just a few things in mind.
The first thing to be aware of is that as a field of study or practice, cyber is like a vast ocean. Second, there is always someone who knows more than you. Next, knowing there is always someone who knows more than you also implies there is always more to learn from somewhere or someone; unfortunately, we don’t know if those people that know more are on the light side or the dark side of cyber. Finally, being in cyber isn’t for everyone; it takes a particular mindset and comes with a certain amount of paranoia so you need to decide for yourself as to whether or not you want to take the plunge.
If you’ve decided to jump in, you should begin by taking a long shallow dive into the ocean of cyber to get to know what some of your options might be. Beyond the standard offensive and defensive roles in cybersecurity, there are other areas: networking and infrastructure, risk management, engineering (software and hardware), general information or security technology, or even digital forensics. That is just a sample of the various realms of cyber. Within each of those realms, there’s a myriad of options from which to pick a focus. I recommend learning a little bit about what is offered in each specialty before choosing a path. This is where I lucked out when it comes to learning cyber. Fortunately, the teaching position I took involved helping people learn about a broad spectrum of cyber as it relates to cybersecurity. Sure, I was playing catch up and just trying to stay ahead of the class, but I was also learning about all the different areas of cyber that I would be able to put my focus on. One of my biggest takeaways from doing that, was going through the fundamentals of cyber. I was learning about the aspects of cyber that would hold true and be built upon no matter which area I opted to make my personal focus.
By now, you’ve decided to go beyond putting your toes in the water and like me, you’re trying to figure out exactly where you want to put the most effort learning. Unfortunately, the more I started to get to know the field, the more I found myself wanting to change directions. Luckily, I have a great team of mentors guiding me through the sea of cyber and I count on them if and when I have questions. One of those mentors, in particular the one who likely happens to be what I would consider the most knowledgeable people on our team once said something that I will never forget. He commented that that one of the things he loves about teaching is that he learns something new every time he is in class. Now, I heard him say this very early on while we were co-teaching a class, and it wasn’t anything all that new to me, but this was the first time it had truly resonated with me. I decided from that point forward that I was going to guarantee I learn something new in every class I taught as well. This is also how I like to start my classes when teaching any group about cyber or any other topic for that matter. Whether it is teaching the fundamentals from our Core offering or the advanced skills of a class held on our cyber range; my first words to my students emphasize that we are all here to learn not only from me but from each other.
The third main point above had to do with knowing or not knowing if a person falls on the light or dark side of cyber. If you’re reading this article, I hope you fall on the light side 😊. That said, it is difficult to discern other people's intentions no matter how well you know them. For this reason, I’d stress that if you are learning or planning to learn more about cyber, make sure you first do a little research on where that material is coming from. Is it a random website you found from a google search titled “Learn to Hack” or from a prestigious Midwest university like Purdue? Perhaps your employer has an agreement with LinkedIn Learning or Udemy. No matter which of the sources you decide to use, keep in mind that any reputable source is going to be teaching the various aspects of cyber in an ethical way. As you learn new and improved cyber skills, you might also notice some changes in the behavior of some of your friends; I’d compare it to being the person in the neighborhood that puts a nice big new pool in their yard. Suddenly, your list of friends might grow a little along with the list of favors. This newfound glory may end up coming with temptations of its own to dabble on the dark side. Using myself as an example again, I’ve had two neighbors that have asked me to see if I could break into their home networks and what I could tell them about it. Now I’m not suggesting you should jump right into breaking into someone’s network or that you’ll even be ready to do so, but I am suggesting you should prepare yourself for the next time you’re at your Aunt Jane’s house for Thanksgiving dinner and someone asks you to troubleshoot their computer problems.
Lastly, cyber isn’t for everyone and I didn’t believe it until I started learning about cyber myself; however, there is an aspect of paranoia that comes along with moving into cyber, especially if you choose to take the path of cybersecurity. I’ll touch on the cyber not being for everyone before I expand on the paranoia factor. Cyber, in general, involves all of those various parts and segments mentioned above working together in some kind of logical harmony. Unfortunately, the keywords there of logic and harmony are foreign concepts to some individuals. The mindset one has to adopt on the road to becoming a cyber professional almost mimics that of someone entering an ever-changing labyrinth. Yes, there is a starting point and a presumed end game; however, the journey involves making decisions that can forever alter the future state of the maze of cyber. These minor alterations to what is becoming the new norm will work as intended… sometimes. On those (hopefully rare) sometimes when things don’t quite go as expected, you might start to feel some of the paranoia settling in. Did you miss something? Did someone or something make a change you were unaware of? Are we under attack? And so on.
The intention of this article was not to frighten you but to help you become more aware of the possibilities. The world of cyber is a big and sometimes scary place that is booming in today’s world. Getting in and started is relatively easy given the number of resources out there. Talk to your friends in the field; they’ll likely tell you much of the same. If and when you think you’re ready, go for it. And like I said in the title, neither of us are cyber experts but that shouldn’t stop us from trying.
About the author