Getting Into Cybersecurity: Why It’s Great to Start at the Help Desk

A common misconception is that cybersecurity is an entry-level job. While that can be true to a certain extent, when working on a first-level support team, landing a cybersecurity job comes down to how mature the company’s processes and procedures are.

In general, the smaller the company, the more talent they’ll try to squeeze out of each individual. Some security operation centers (SOCs) are extensions of the help desk, or in some security-based companies, the SOC is the help desk. Either way, time spent providing technical support to end users is a valuable experience for getting into cybersecurity.

The ever-so-glamorous hacking jobs are no walk in the park. A good penetration tester is technical but, more importantly, he also knows how humans work.

I’ve talked to many people trying to break into cybersecurity. Some have college degrees, and some have certifications, but many people I’ve encountered have no experience in information technology at all, and I think this is a huge step that people try to skip.

Communication skills and cybersecurity

Let’s face it: Most people don’t want to work a help desk job, and I don’t blame them. The hours can be grueling, end users can be rude or frustrating, and the need to keep the call and ticket queues clear adds to the many other factors that contribute to stress.

But to many, the help desk is a stepping stone to a different path. I learned more in my year working the help desk than I did the rest of my 12-year career.

Why?

Because, at the end of the day, the goal is to protect end users, and having an open line of communication with the people most impacted by cybercriminals is crucial. All of the tech know-how in the world doesn’t matter if you can’t effectively communicate the hows and whys of cybersecurity to the true first line of defense—the person sitting at a keyboard with something to lose, a telephone, and an ever-flowing email stream.

Learning how to effectively communicate with others is a life skill. No amount of college courses or IT certifications can substitute for real-life experience. Even though many may have poured tons of money into a bachelor’s or master’s degree in cyber defense, that’s not a ticket to skip crucial steps in the world of IT.

Balancing security procedures and efficiency

Security can surely get in the way of productivity, and it’s up to the individuals on these teams to consider this. At the end of the day, it’s the job of the cybersecurity team to keep IT operations working effectively.

Just as a cybersecurity incident will slow down a company’s momentum, so can careless security procedures—and communication to the end user is key. One seemingly simple change in policy may increase a company’s security posture, but it can just as easily kill productivity.

If a change means making a login procedure more convoluted than it should be, it will take up more of the end user’s time, resulting in lost productivity. The bigger the company, the more impactful a change can be since a loss in productivity can be multiplied for each employee.

Worse yet, if an end user finds a way around the security control to get their job done more quickly, the simple change will invoke a whole new set of problems. Having an open line of communication with the people who matter is key, but trust is the utmost important factor. If someone finds a way to circumvent security control, they should trust that they won’t be punished and that another solution will be considered.

Making cybersecurity decisions that support the business

So, what does all of this mean when getting into cybersecurity? It is extremely important to understand how a company runs from a different viewpoint. Knowing what is valuable to the end user should shape how security procedures are formed and security incidents are handled.

For instance, say that a server has been compromised, and a decision was made to shut it down immediately and analyze it offline. After all, this server is only used to control printers.

Unbeknownst to the cybersecurity professional, a production line is now backing up because server-controlled printers print serial number labels for the parts being manufactured. The company loses tens of thousands of dollars every minute these printers are offline.

If this security professional had worked on the help desk, they may have known the importance of the printing process, because every time it broke before, they would get a phone call from a frantic worker. I’ve seen similar situations before, where someone in cybersecurity who has worked in a bubble for all of their career has no clue how their actions impact the business. Working in other departments improves an individual's job because they can put context around scenarios.

Don’t discount working your way into the position you want. Just as a surgeon doesn’t start performing open-heart surgery right out of college, one doesn’t simply begin as a cybersecurity engineer as their first IT job. Education is a stepping stone, but every day of experience is another step toward a successful career.

Explore CompTIA A+ and Network+ certifications.