Mapping Your Path in Cybersecurity

By /

I’ve talked to a few people lately that knew what roles they wanted in cybersecurity but didn’t know what qualifications were required for those roles. If you want to work in cybersecurity and know the type of role you want but don’t know what qualifications are needed, here’s what you can do…

Search for job titles related to that role on LinkedIn, look at the qualifications for that job, and start building those qualifications. You should look at several job postings so you know the common requirements.

Here’s an example for an Offensive Security Engineer position that was posted on LinkedIn:

Basic Qualifications

  • Bachelors Degree in Computer Science, or equivalent work experience
    ๐Ÿ‘‰ Get a degree in Computer Science and/or work in another type of tech position where you get similar knowledge.
  • Experience performing web and mobile application penetration testing
    ๐Ÿ‘‰ Build a profile on Hack The Box and list it on your resume. Start a team or join one and try to get to at least hacker rank.
  • Experience performing security reviews of existing infrastructure and demonstrating vulnerabilities
    ๐Ÿ‘‰ Study threat modeling methodologies such as STRIDE and PASTA.
  • Building, deploying, and leading Red Team operational infrastructure
    ๐Ÿ‘‰ Build out a red team lab at home and blog about your experience.
  • Knowledge of adversarial TTPs
    ๐Ÿ‘‰ Study the MITRE ATT&CK framework and Cyber Kill Chain.
  • Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
    ๐Ÿ‘‰ Practice these tools in a lab and get certifications like the Burp Suite Certified Practitioner and/or OSCP.
  • Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
    ๐Ÿ‘‰ Study these frameworks and be able to answer questions about them on an interview.
  • Strong written and verbal communication skills, specifically on security topics.
    ๐Ÿ‘‰ Blog about the things you’re learning during your studies and start networking with people.

Preferred Qualifications

  • Proficiency in one or more programming languages and can both read and understand code written by others.
    ๐Ÿ‘‰ Learn a programming language, build something with it, and post your code on GitHub to show your experience.
  • Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
    ๐Ÿ‘‰ Study a scripting language, build something with it, and post your code on GitHub to show your experience.
  • CVE/Bug Bounty/Responsible disclosures
    ๐Ÿ‘‰ Try to get some bug bounties and add them to your resume.
  • Exploit development
    ๐Ÿ‘‰ Learn basic exploit development
  • GPEN, GWAPT, OSCP, OSCE, OSWE
    ๐Ÿ‘‰ Get some Red Team/Offensive Security certifications. There are also plenty of others that aren’t as expensive and still provide good value.

All of that sounds like a lot of work and it is, but hard work is necessary if you want to get hired and work in cybersecurity.

If you’re new to tech and wanting to get started in cybersecurity, check out our Foundations series

Follow me on social media

hashtag#cybersecurity hashtag#cybersecuritycareers hashtag#careerbuilding

Related Posts

Scroll to Top