I’ve had an interesting career path - I started as a systems administrator, moved into software development, then into architecture as an Enterprise Architect, and today I work as a cybersecurity research scientist. Today, with cyber security as the focus of my career, I can honestly say that I use everything that I’ve learned over the past twenty years. And I love it.
If you’re interested in pursuing cybersecurity as a career, well, I personally think it’s a pretty astute career move. Looking around today, it sure seems that it’ll be an in-demand career for as long as I’ll be working at least. And the field is immense. There are so many different aspects to cybersecurity work, you can really get into the field with almost any background. So how can you get into the field if you’re interested?
Well, there’s a few common threads that I see when I look at my cybersecurity colleagues career paths. In general, I see people with technical backgrounds moving into the field from either network or systems administration or software engineering. Here, I’ll focus on my path as a software engineer as that’s hopefully more interesting to most DZone readers. That said, you can flip the order of a few of the things I’ll outline to get into the field from a systems or network engineering background.
Well, cybersecurity can be roughly divided into network and host-based expertise. With Charelle’s experience, her shortest path to get into the field is to leverage her host-based experience, specifically, with mobile systems. Mobile systems are similar to more traditional host-based cyber, though they do have some significant differences. Mobile operating systems differ from desktop systems in how they handle applications and on-device debugging, but other than that, they are really very similar. Furthermore, the operating system landscape isn’t as fragmented as the desktop market, so Charelle’ll have an easier time developing a technical understanding of the other platforms in the market.
So, leveraging her experience, Charelle begins to really study the iPhone in depth. She had a pretty strong understanding of the software development process and the tools available, and this is a great help, especially for creating proof-of-concept code. Anyway, she really dives into the operating system architecture, reading and studying everything she can get her hands on with respect to how the iPhone’s really work. While she’s reading, she’s actively coding against the phone as well, exploring various attack surfaces and how the operating system designers attempted to implement controls to mitigate risks and protect those surfaces.
She’s focusing on host-based mobile computing, but she knows that she really needs to understand the network protocols the phones use too. After she’s made significant headway into studying the iPhone operating system and the various forensic and attack tools out there, she starts to look into networking protocols. She realizes that the intercepting proxy is your friend.
While she’s been expanding her technical expertise, she’s also been following various blogs out there that cover cybersecurity issues, exploits, security research, and forensics to expand her understanding of how the bad guys exploit systems, handle data exfiltration and command and control, and spread through compromised infrastructure. She’s also started networking in her local cybersecurity circles, and is beginning to conduct her own research against apps that she feels may benefit from a closer look.
At this point, Charelle has transitioned from being a solid app developer into a qualified, if inexperienced, cybersecurity researcher. She’s also in a position due to her networking to make a shift to a cybersecurity focused company as well.
Trust me, if Charelle can do it, so can you! We all start somewhere. Whether it be desktop development, network engineering or administration, mobile development, or embedded work, you can tweak Charelle’s path to fit.