Today we can confirm that cyberspace, with the passage of time, has become a place where a lot of information, filtered or unfiltered, is the target of attacks by hackers who, of course, seek to capture and obtain as much valuable information as possible, with which they can achieve their goals or complete their plans.  

In recent decades, information has become a coveted asset for many. We know that businesses and companies use customer information to facilitate services, keep better control of payment processes, useful data when contacting the customer; as for employees, basic personal data, skills, bank accounts and sensitive information is collected. Now, technology has gone a step further to make simple what used to be complicated: Recognizing patterns of purchases on the Internet, selection of tastes such as music, videos, or preferred content according to searches or time spent browsing the Internet, among other actions. In this way, the value of information has only increased, and unfortunately customers and users are not always prepared to face cyber-attacks either by lack of knowledge about security programs, good practices to avoid unwanted visitors on laptops or desktops and not knowing the main attacks to which they are exposed. 

This is where cybersecurity professionals come in. Companies have become more aware of the importance of the area focused on Information Security to keep information systems at bay, the data circulating within the networks of the same company and the orientation of employees as to how to proceed in the face of cyber-attacks and information from unknown sources that are not safe, both emails and websites and download links.  

Now, you who are starting down the cybersecurity path, knowing the current landscape, you want to start developing your skills and gaining experience in the field, but you’ve probably done your research on the different positions out there and the question has popped into your head: which of these paths should I choose? 

It’s surprising how many people are interested in pursuing a career in the cybersecurity field, learn general concepts and can perform tasks geared toward data collection, evaluation, and capture, but can’t expressly say which cybersecurity path they identify with, or at least which position they’d like to get to. So, in the following article we’ll talk a bit about how you can start gaining knowledge to prepare yourself, the various options that exist in cybersecurity for you, and the skills you should acquire to transform and redirect your resume in the direction you want to go. 

First, you should know that you don’t need a bachelor’s degree to get started in your cybersecurity path. It’s true that certain high-level positions within the field require that degree of education, but if those positions aren’t on your radar, you can start taking your first steps in cybersecurity even without any prior knowledge of computer science or computer security per se and prepare yourself to land a job. How is that possible? Well, without further ado, let’s start with:  

Cybersecurity Bootcamps:

This is one of the best options to be able to start gaining knowledge in the area, offering intensive training and courses that a beginner in IT needs to know to develop their skills as a future cybersecurity expert. Focused on the practical part, these Bootcamps test the knowledge acquired during the indicated time, which is usually 6 months in its great majority, to check that you are really polishing your skills and demonstrating your enthusiasm in learning more about this field whose value in the market is growing steadily. Many of them also facilitate the acquisition of certifications, which can help you by leaps and bounds to corroborate your knowledge once you enter the job market.

With this starting point, let’s go now to the positions that exist and from which you can choose the one that best suits you. They are divided into Entry Level, Intermediate Level and Senior Level. Each level has a brief description so that you know a little of what it is about, in addition to the explanation of each area:

  • Entry Level: This is the beginning of your cybersecurity path in the professional field. Some of these positions require a bachelor’s degree, but to apply for jobs at this stage, you must demonstrate that your skills and knowledge are genuine, and that you can perform once you are in the field. The positions are:
    • IT Auditor: You are responsible for advising the company’s internal processes, recognizing critical points and security gaps that may be created or present within the system. May be involved in audit planning and audit reporting.
      • Skills:
        • Communication skills.
        • Constant learning of new technologies.
        • Networking, Data analysis.
        • Security auditing.
    • Incident Analyst: As its name indicates, it oversees locating incidents related to the company’s information assets. He creates diagnostics and reports from these and creates strategies to prevent them from happening again.
      • Skills
        • Networking, System administration.
        • System monitoring tools and forensic software.
        • Business continuity methodologies in case of incidents.
  • Intermediate Level: This level is available to you once you have gained experience in the first stage of your cybersecurity path after 2-3 years. By gaining more knowledge, you can develop more skills in working in teams with other technicians and handling cybersecurity issues.
    • Cybersecurity Analyst: Your job consists of monitoring systems, installing security programs for information assets, and investigating security breaches that may be found during the monitoring process.
      • Skills:
        • Experience in the cybersecurity field.
        • Knowledge of security software (Antivirus, SIEM, IDPS-IDS, Firewalls).
        • Ability to identify vulnerabilities found in the network and mitigate them.
        • Knowledge of computer network penetration techniques.
    • Cybersecurity Consultant: Consists of evaluating the company’s security systems that are already implemented to provide solutions or suggestions to consider to customers, providing information on the threats they may face in the face of certain circumstances within the company related to security measures, and how to improve them.
      • Skills:
        • Communication skills.
        • Basic programming languages (Python, Java, C++).
        • Endpoint security skills.
        • Security architecture.
    • Penetration Tester: Through hacking tools and good coding skills, a penetration tester (Pentester) performs security tests on systems, company information networks and web applications. They may get to design tools for specific purposes – mostly attacking a vulnerability found in a certain system – to find suitable solutions.
      • Skills:
        • Scripting and programming skills.
        • Problem-solving skills.
        • Solid knowledge of information security and computer security.
        • Data analysis.
  • Senior Level: Already at this stage, you have achieved the necessary knowledge to run your own business oriented in computer security solutions or even develop new security modalities through the creation of programs oriented to the identification and solution of network security problems.
    • Cybersecurity Administrator: Leads the implementation of security systems for a company, develops procedures to enforce security and implements useful policies to improve the performance of implemented methodologies, in addition to monitoring compliance.
      • Skills:
        • Security procedures for information systems.
        • Security Testing.
        • Knowledge of Security Auditing.
        • Identity management.
    • Cybersecurity Engineer: Creates security policies to be implemented for large companies and SMEs, as well as security solutions with advanced levels of programming.
      • Skills:
        • Security architecture.
        • Network security systems.
        • Security programs management.
        • Intrusion detection/prevention protocols.
    • Cybersecurity Architect: Your job is to elaborate an overall security environment for a given company, collaborating directly with the creation of fortified security systems.
      • Skills:
        • Communication skills.
        • Understanding of frameworks.
        • Network segmentation.
        • Perimeter security controls.

With these positions in mind, you can think about how far you can go, considering that none of these represent a definitive end to your learning, since the ability to continuously acquire new knowledge is also an essential part of each of these branches of cybersecurity, so start investing your time in building your skills, focused on what you want to achieve. The sky is the limit!