IT Instructor David Staples talks about getting into cybersecurity – by first learning the basics of IT and then gaining experience and certifications to prepare you for a specialized cybersecurity role.
Hey, YouTube. Are you wanting to know how to start a career in cybersecurity? Well, if so, you’re in luck. My name’s David Staples and that’s today’s topic coming right up.
So today we’re going to talk about how to get started with a career in cybersecurity. Before we get started, I do have to thank CompTIA for sponsoring this video. I really appreciate it. And thank you to all you guys who are watching, as well.
CompTIA and these types of sponsorships are the reason that I’m able to do things like what you see here. And I know it doesn’t look like much, but surprise, we recently bought a new house. And what you see here will turn into my office/YouTube studio.
It’s because of people just like you watching right now that have made these things possible. So really, I just want to say thank you to everyone, but especially thank you for CompTIA for sponsoring this particular video.
Now even though they’ve sponsored the video, they haven’t told me what to say, so all the opinions you see here are expressly my own. They haven’t given me any talking points or anything like that.
Start with the Basics of Computing
But on to today’s topic, how to get started with a career in cybersecurity. Well, of course one of the first and most important things with cybersecurity is that you need to understand how computers work. You can’t very well hack into something or protect something if you don’t know how it works.
This is something that I mentioned in my CompTIA Security+ and other classes, as well, in that people come in and they want to get started into cybersecurity, but they don’t have a computer background. So really, one of the best things that you can do is to actually get started with learning how the computer actually works. Because once you understand how it works, then you can discover “Here’s the vulnerabilities. Here’s the weaknesses.” And we can discover how to actually get past those types of things.
If you haven’t been working with computers long, you may want to consider looking at something like the CompTIA A+ course or the CompTIA Network+ course, build a really good understanding of how the internals of the computer work, work your way on up into the software side of things with the operating systems. Don’t just limit yourself to Windows. Windows is great to know. But you also want to learn things like Linux and Unix and any other things that you can expose yourself to as well.
Learn About Computer Networking
When it comes to networking, don’t stop at just a basic network configuration with the consumer router and maybe consumer switches or any other types of devices. Work your way on up into the Cisco world and look at all the different types of things that are involved with making networks work, making data move across these networks.
Once you have that skillset and you’ve kind of broadened your horizons there, you’ll be able to develop a much better understanding of how cybersecurity itself actually works.
Linux and Cybersecurity
Now once you’ve got that basic understanding, keep building on that. Start playing with different distributions of Linux. Start looking at things like Kali Linux. Kali Linux is a great little hacker’s toolkit.
I know some people consider people that use Kali as basically just kind of script kiddies, in other words, people that only really know how to use the pre-made tools. But there are some things that Kali does really well. And I’m not going to sit here and reinvent the wheel when I’ve already got a tool that will do part of the job for me.
What Kinds of Cybersecurity Jobs Are There?
Now keep in mind that cybersecurity is a really broad field. So there’s a bunch of different things that you can specialize in. So, one of the things that some people look at is things like physical security. In fact, I’ve actually even got a little lock-picking toolkit right here that I usually demonstrate in the security classes that I teach. With two tiny little pieces of metal, granted this one’s a see-through lock, just so students can actually see how these little padlocks work. But you stick these in here in just the right way, and without even really looking at it, it shouldn’t really take that long to actually pick a little lock like this. And this is actually taking a little bit longer than I normally take, but as you can see, I wasn’t looking at the lock. I was looking at the camera here. And getting past these types of things is something that some of the hackers and the people in cybersecurity really actually enjoy. And I can certainly see why.
But besides physical security of course there’s also things like software security and operating systems. You’ve got getting past routers, breaking into IoT devices or internet of things. So there’s a bunch of different things that you can do to get into cybersecurity.
If you’ve ever seen kind of the backend interface to Microsoft Excel or Word or PowerPoint, they have this interface that you can actually go in and write code to be able to do all sorts of different things. And that’s where things like macro viruses and those little warnings that pop up if you’ve ever opened a Excel spreadsheet that says, “Beware of a potentially malicious code.” So that’s the type of area that you can go in and actually look at that type of thing as well. Learning a programming language can certainly be very helpful.
Getting Hands-On Experience
On-the-job experience is another really good thing. Now you don’t have to start directly in cybersecurity if you’re looking at a career in cybersecurity. In fact, it’s a really good idea to kind of get some hands-on [experience], maybe at a help desk. Maybe at a local small computer shop and really spend some time getting to know the inner workings of how computers actually work. From there, you can always move up into the cybersecurity field.
If you’re perhaps young enough and you don’t necessarily feel like college is right for you, you may want to look at something like the military. The military has a lot of opportunities in cybersecurity. Whether you’re talking about the Army or the Navy or the Air Force or Coast Guard, I’ve taught people in all those branches. I haven’t really done anything with Marines yet, but hey guys, if you’re in the Marines and you’d like for me to come out to one of the bases where you’re at, I’m happy to do so. Just feel free to contact me here.
But I’ve been to a bunch of other military bases where we talk about all sorts of different types of cybersecurity topics. Now obviously I can’t talk about the details here, but there are definitely cybersecurity groups within at least the Air Force and the Navy and other branches of the U.S. military. So that might be a good option for you.
Of course, getting certified is also another very good step in starting a career in cybersecurity. You can look at things like the Security+ certification from CompTIA. They’ve also got the Cybersecurity Analyst (CySA+) certification as well as the CompTIA Advanced Security Practitioner (CASP+) certification.
So those three have been around for quite a while now. The Cybersecurity Analyst is the newest out of those three. Now there’s actually a new certification coming out July 31st. It’s the PenTest+ certification. [Editor’s Note: This video was recorded before CompTIA PenTest+ came out in July 2018. Download the exam objectives to see what’s covered.] I haven’t seen the exam yet because it’s not out. But I am definitely looking forward to seeing the exam here very, very soon.
Of course, beyond CompTIA there are other certifications out there as well. But there’s so many of them, so maybe we’ll talk about those in another video.
But the CompTIA ones are definitely a very good way to get started – starting off with maybe your CompTIA A+, CompTIA Network+, CompTIA Security+, on into your CompTIA Cybersecurity Analyst and even the CompTIA PenTest+ when it comes out and then on to your CompTIA Advanced Security Practitioner (CASP+), which is their mastery level exam. That’s the highest level of security that they offer. And each of those different exams focuses on different parts of cybersecurity.
Are Cybersecurity Certifications Worth It?
So one of the things that I have students ask a lot of times in classes, “Are the certifications really worth it?”
Well, absolutely, because when you’re looking at jobs, typically what happens is that the hiring manager sends the job requirements to the HR manager. The HR manager kind of filters through and they’re looking at stacks of resumes. And if you’ve got two comparable candidates and one has this exhaustive list of certifications and the other person has nothing, well, which one do you think they’re going to send on to the hiring manager for an interview?
As well, since the CompTIA certifications do have performance-based questions where you actually have to show that you actually know the material, it shows potential employers that you do have the skillset to do whatever the job they’re hiring you for.
And someone like CompTIA that’s been around for over 20 years is really a good place to start for getting certified in the cybersecurity field, which is one of the reasons that I teach so many CompTIA classes.
Again, I teach everywhere from the CompTIA A+ on up through the CompTIA Network+ and CompTIA Security+ and CompTIA Cybersecurity Analyst (CySA+) and the CompTIA Advanced Security Practitioner (CASP+).
I teach the CompTIA Linux+ and really pretty much almost every certification that CompTIA’s come out with. I think my current count of certifications is somewhere around 26 or 27. I guess I’ve kind of lost count. I’d have to sit here and count that over again. But CompTIA is a really good one to start with.
And if you want to specialize from there into moving on to the Cisco world or if you want to move to the Microsoft world, if you want to move specifically into different distributions of Linux, there are Red Hat exams and other exams for different distributions of Linux.
And you can show potential employers that even if you may not necessarily have on-the-job experience with some of these types of concepts, that perhaps you may still have the skillset because like a college degree, you’ve been able to show that you’re able to pull this information out of your memory and be able to demonstrate these types of concepts.
If you’re interesting in more information about CompTIA certifications, be sure to go to certification.comptia.org. I’ve got a whole bunch of links down in the description below for the video. So be sure to check all those out.
And again, I want to say thank you to everyone for watching. Be sure to show a little love and click on that like button. It helps YouTube know that you actually like the video. Leave a comment below. And of course if you haven’t subscribed already, be sure to click on that subscribe button like so many others have. But again, I do appreciate you tuning in. Be sure to stay tuned for the next video.
You guys take care. We’ll see you soon.
Ready to get started? Learn more about the CompTIA Cybersecurity Career Pathway.