Despite a lack of exposure to computer security during my undergraduate education, I now work as a senior threat researcher. Here, I track advanced persistent threats as they relate to cybercriminal organizations. I reverse-engineer mobile malware used to distribute and communicate with malicious applications. I love my job and I love having a hand in stopping the bad guys, but I took the scenic route to get here.
I started programming when I was 9. It was here that I began thinking of studying computer science while I was in high school. I was advised to avoid computer science. It was an impractical, theoretical degree that would never land me a job. As a result, I entered university as an English and political science major and planned to study international law. During my first year, I enrolled in a computer science class. In this class, we attended a lecture from a recent graduate. She spoke of how useful her degree had been in her role as a video game developer. Inspired, I transferred to the computer science department the following semester!
It wasn’t until five years after I graduated that I found my way to cybersecurity. To become a better software engineer, I enrolled in a security certification programme. I met a wonderful mentor who was working on a security engineering team at the time. He encouraged me to apply for an open position and helped kick-start my career!
All too often, the best things in life happen by accident, like my career in cybersecurity. Despite our high school interests, most people don’t land their dream job immediately after graduating. Some may not even realize their dream jobs exist!
How Do You Find Your Niche?
One of the biggest challenges in cybersecurity is figuring out the area of security you’re most interested in. Traditionally, roles are broken down into two main “teams”: red and blue. Red teams typically handle offensive security. This involves “attacking” with pen testing or social engineering to find vulnerabilities. Blue teams are responsible for defensive security. This includes incident response, digital forensics, and threat intelligence. Recently, new team names have been created to represent overlaps in roles.
One of the best ways to narrow down the exhaustive list of possibilities of a career in cyber is to explore the finer details of these roles through online job listings. Ask yourself questions such as “Does this look exciting and interesting to me?” or “Can I see myself working on this problem for a prolonged period of time?” or even “Would I enjoy the pressure or expectations set by this role?”
For example, in some roles, like incident response, you may be required to be “on call” and available to handle issues that arise — day or night — for a set time on a recurring schedule. If you’re someone who struggles in high-pressure environments and can’t see yourself performing well in that situation, then a role with those expectations may not be a great fit.
Get involved
I often advise those interested in multiple areas of cybersecurity to participate in a “capture the flag” (CTF) event. These are available online or in-person at security conferences. Participants compete in teams, or individually, to solve challenges that span multiple areas of cybersecurity. This includes network security, pen testing, reverse engineering, and social engineering, among others. This is a great way to gain exposure to other areas of cybersecurity with which you may not be familiar. Most of the challenges are real-world examples of problems you might face in a role within that area of cybersecurity. It was at a CTF event where I discovered my love for reverse engineering!
The cybersecurity industry offers so many opportunities for curious, eager problem solvers. Most importantly, it’s a career path that will only continue to become more valued in the years to come. With a little patience and research, you can find your niche in this exciting industry and discover a role you love that also protects those around you.
Written by Kristina Balaam, Senior Security Intelligence Engineer, Lookout