Inside a dim room with a single, bare lightbulb swinging lazily in random paths, a hooded shadowy figure is seated in front of the greenish blue glow of a laptop screen. The speedy clacking of his keyboard reverberates around the seemingly endless room with authority and conviction; there’s a power and excitement in the air. The keys suddenly stop and there is a moment of silence followed by a drawn breath and quick exhale. A smile creeps across the shadowy figure’s face. “I’m in,” they whisper, ready to report this back to their employer, eagerly awaiting news of the successful venture. They crack their fingers and resume typing, eager to find more access to more systems.
This sounds pretty cool, right? Well, think again, that’s just me signing up for the VPN my company requires for work trips.
Hey! You’re here now though, right? So, why not stick around and read about why now is a great time to get into Cybersecurity!
Wait, Why Cybersecurity?
So, you know how lately it’s really felt like there are more reports of cyber related crimes? Well, your feelings are correct. “Since 2001, the online crime victim count has increased by 16 times (from 6 to 91 victims every hour), and financial losses have grown over 570 times (from $2,000 to nearly $1.2 million losses per hour).” Wild, right? Well, it also makes sense — as technology became more mainstream, and a little more complex, the ability to take advantage of that technology has increased as well. While security has always been innovating alongside websites and phone apps and other technology, it’s often taken a backseat to other considerations like speed and release dates. However, security on the internet is finally a consideration more and more companies are taking as necessary instead of secondary. Even DevOps, the most common methodology for building modern software, has shifted to DevSecOps because people need the reminder that security starts at the beginning, not after the app has been built.
So, we need more people to understand security in general, which means more people understanding how attacks work, which means more people understanding how communications technology works, which means there are plenty of different positions that need to be filled within cybersecurity. The US White House said there are 700,000 vacant cybersecurity related positions open right now, and they aim to fill all of them in the next few years. Not every one of these positions is a pentester or an ethical hacker or even explicitly related to what everyone thinks of as cybersecurity. In fact, look at our own company, ProjectDiscovery: we have engineers, community, marketing, operations, bizops, and other positions that don’t necessarily work at hacking systems or hardening systems against hackers but are still needed to support the work we’re doing in cybersecurity.
So, why cybersecurity? Because it’s a renewed focus right now, and we need all kinds of backgrounds in security. You don’t need an (ISC)2 certificate to work in security, but having some kind of background knowledge about the type of work you’ll be helping with is very helpful.
So, we know that security is not only important, but also actively looking for people to fill its ranks! SO then we come to the next question, why you?
Y…Yeah. Why me?
Good question. Let’s start with a story.
In 2020, a friend working in a field called Developer Relations told me that he thought I could do his job. I laughed, knowing that he had a computer science degree, six years experience working for an engineering company, 3 years working for Xamarin, and then got a job at Microsoft when Xamarin was acquired. I was fresh off teaching a semester of pandemic style High School English; the kind where spring break was an extra two weeks long while teachers learned to use Google Classroom and Zoom and had a degree in reading poetry. No way could I do the same job he did.
All I could think is that I JUST got a job in tech where I had to learn new stuff every day, and now I was pivoting into a whole new world. I was nervous. I was scared. Not only that, but I was feeling very insecure.
Oh… did you see that? How the title just crept into the blog itself?
Yes, I see what you did there. Go on
I was scared, but I did it anyway! I started learning. I started reading. I started another set of courses on Codecademy! Actually, I wrote about all this in another blog. The point is, I didn’t let my current state of not knowing a lot about security hold me back. I endeavored to change that state; I did the work. It would have been way more comfortable to say “no, that sounds way beyond what I’m capable of,” but how do I know what I’m capable of if I don’t give it a shot? Security felt harder than coding, but I thought coding was hard enough that I shied away at first, right?
Here’s the thing: I’m not out here hacking into machines and playing Capture the Flag (CTF) and crafting new templates for CVEs (yet)… my job is to learn more and more as I go along and be a great community manager for a security company. So my knowledge level isn’t expected to be the same as our research team or other folks who’ve had years more experience than me. However, what is expected of me is that I will continue to learn and grow. And that’s something that I can easily bring to the table; I’m a former educator! I know all about what it takes to learn something and how to approach new material; I ALSO know how to help others understand new material! That’s part of what makes me valuable; my unique background.
Ahh, dear reader, I have a secret: you, too, have a unique background! One that is extremely beneficial to working in Security! We need all types of folks, because if the same carbon copy of a human is occupying every seat at a table, you end up missing a lot of obvious points that would have come up had you selected a diverse group of folks. Diversity ALSO means diverse backgrounds and career trajectories and ideas! We need multiple viewpoints so we can find and catch more issues before they become problems later down the line.
Learning something new takes time, and is often frustrating and full of moments of despair. I have often said to myself, and out loud to others, “I don’t think I’ll ever learn this, I’m not good enough/smart enough/capable of this.” But I continue to log in to learning websites and practice these skills. And because I do that, I will learn and get better. That’s growth, it hurts. Being confused and not understanding is an important part of the learning process. We need to accept that it is normal to be confused while learning something new. We need people in cybersecurity, people who will be ethical hackers and help design systems and tools that will keep the future of the world secure and safe from threat actors. Not only that, but we need someone like you to take the chance to start learning about security and give it a shot.
But what if I’m not going to be a Security Engineer? Should I learn more about it?
Yes, yes you should. Not only do we need more people in security itself, we could also use a lot more security minded people working in other positions! When more people are aware of how security works, the variety of exploits available to attackers, and the necessity of a strong and secure internet, we create a stronger and more secure internet. Not only does general security get better, but it’s better for the individual as well. If you’re a frontend engineer who understands how exploits work, you’re more valuable. A data analyst who knows the importance of strong security for a database? A project manager who can catch security issues before deployment? Heck, a high school teacher who knows that someone found a way to hack Google Classroom and change grades means you know how to stop students from doing exactly that. Knowing more about security makes YOU more secure in the tech saturated modern world, makes us all more secure as we use secure best practices, and makes you more marketable in your career!
I can’t tell you how quickly I got a password manager and moved to unique random passwords for all my logins once I realized how passwords get cracked. And how quickly I decided to not have my smart TV on the same network as everything else in my house. And how… I think you get it. And as we sit on the precipice of a new change in tech with the proliferation of AI, security will become even more important.
There are some reading this who think their background isn’t useful, or they can’t learn something as complicated as cybersecurity, but I’m hoping you’ll take a second and think about something very important: you're wrong. Well, you might be wrong, and if you are, what’s really holding you back from trying? If you’re considering security as a career, for whatever reason, and are feeling worried about it, this is your sign to push on and give it a shot! Enroll in a free course, take a quiz online, do some reading and learning and find out more! If the only thing holding you back is “I’m not sure I’m good enough,” then I hereby give you permission to ignore that feeling and give it a shot.