A common misconception is that cybersecurity is an entry-level job. While that can be true to a certain extent, when it comes to working on a first-level support team, landing a cybersecurity job comes down to how mature the company’s processes and procedures are.
In general, the smaller the company, the more talent they’ll be trying to squeeze out of each individual. Some security operation centers (SOCs) are an extension of the help desk, or in some security-based companies, the SOC is the help desk. Either way, time spent providing technical support to end users is valuable experience for getting into cybersecurity.
The ever-so glamorous hacking jobs are no walk in the park. A good penetration tester is technical, but more importantly, also knows how humans work.
I’ve talked to many people trying to break into cybersecurity. Some have college degrees, some have certifications, but a lot of people I’ve encountered have no experience in information technology at all, and I think this is a huge step that people try to skip.
Communication Skills and Cybersecurity
Let’s face it: Most people don’t want to work a help desk job, and I don’t blame them. The hours can be grueling, end users can be rude or frustrating and the need to keep the call and ticket queues clear adds to the many other factors that contribute to stress.
But the help desk, to many, is a steppingstone to a different path. I learned more in my year working the help desk than I did the rest of my 12-year career.
Why?
Because at the end of the day, the goal is to protect end users, and having an open line of communication with the people who are most impacted by cybercriminals is crucial. All of the tech know-how in the world doesn’t matter if you can’t effectively communicate the hows and whys of cybersecurity to the true first line of defense – the person sitting at a keyboard with something to lose, a telephone and an ever-flowing stream of email.
Learning how to effectively communicate with others is a life skill. No amount of college courses or IT certifications can substitute for real-life experience. Even though many may have poured tons of money into a bachelor’s or master’s degree in cyber-defense, that’s not a ticket to skip crucial steps in the world of IT.
Balancing Security Procedures and Efficiency
Security can surely get in the way of productivity, and it’s up to the individuals on these teams to take this into consideration. At the end of the day, it’s the job of the cybersecurity team to keep IT operations working effectively.
Just as a cybersecurity incident will slow down a company’s momentum, so can careless security procedures - and communication to the end user is key. One seemingly simple change in policy may increase a company’s security posture, but it can just as easily kill productivity.
If a change means making a login procedure more convoluted than it should be, it will take up more of the end user’s time, resulting in lost productivity. The bigger the company, the more impactful a change can be, since a loss in productivity can be multiplied for each employee.
Worse yet, if an end user finds a way around the security control just to get their job done more quickly, then the simple change will invoke a whole new set of problems. Having an open line of communication to the people who matter is key, but trust is the utmost important factor. If someone finds a way to circumvent a security control, they should have trust that they won’t be punished and that another solution will be considered.
Making Cybersecurity Decisions That Support the Business
So, what does all of this mean for getting into cybersecurity? Knowing how a company runs from a different viewpoint is extremely important. Knowing what is valuable to the end user should shape how security procedures are formed and how security incidents are handled.
For instance, say that a server has been compromised, and a decision was made to shut the server down immediately and analyze it offline. After all, this server is only used to control printers.
Unbeknownst to the cybersecurity professional, a production line is now backing up because that server controlled printers that print serial number labels for the parts that are being manufactured. Every minute these printers are offline, the company is losing tens of thousands of dollars.
If this security professional had worked on the help desk, then they may have known the importance of the printing process, because every time it broke before, they would get a phone call from a frantic worker. I’ve seen similar situations before, where someone in cybersecurity, who has worked in a bubble for all of their career, has no clue how their actions impact the business. Working in other departments makes an individual better at their job because they can put context around scenarios.
Don’t discount working your way into the position you want. Just as a surgeon doesn’t start performing open-heart surgery right out of college, one doesn’t simply start as a cybersecurity engineer as their first IT job. Education is a steppingstone, but every day of experience is another step toward a successful career.
Read more about how cybersecurity and the help desk are closely related.