10 Lessons for the Future Cybersecurity Professional

One of the best things about being a summer intern in DC is the exposure to an endless number of interesting people doing fascinating work around town. This is especially true as a New America Cybersecurity intern. Recently, we were visited by several of New America’s Cybersecurity Policy Fellows as well as undergraduate students of the University of Virginia Cyber Defense team, the most recent champions of the National Collegiate Cyber Defense Competition (NCCDC). The Fellows came to speak about their career paths, share highlights (and lowlights) of their work, and give advice for aspiring cybersecurity professionals. Here are our top ten takeaways for anyone hoping to enter the cyber workforce!

On the workforce landscape:

1. There is no one career path into cyber.

Whether you’re coming from philosophy, healthcare, international strategy, or human resources, there is no single career path into cyber. Especially considering that cybersecurity impacts every industry on the planet, there is a dire need for professionals from all backgrounds. This is reflected in the current workforce, which itself—despite homogeneity in other aspects—is nonetheless composed of people who often found their path into cyber in the strangest of ways.

2. You don’t have to be a “techie.”

It’s probably the fault of Hollywood and terrible cyber stock photos, but most people hear “hacker” and think of a hooded white guy sitting in a basement. While this is not only inaccurate (programmers work in offices, too!), you also don’t have to be a software developer or engineer to work in cybersecurity. Policymaking, education, business management, psychology, and journalism are just some of the areas of expertise that are not only useful but necessary to make the digital world a safer place. You don’t need to code to understand technology either.

3. You don’t need to follow a traditional college path to work in cybersecurity.  

If you’re a recent high school graduate unsure of whether a four-year university is right for you, don’t think this is the only option. Careers in cybersecurity don't necessarily start in university classes, which is why we’ve seen an emergence of cybersecurity apprenticeship programs throughout the United States. They aim to develop the new cybersecurity workforce by providing not only classes but also compensation, the work experience that employers seek during their hiring process, and the opportunity to build your network. You don’t need college to receive hands-on education in cybersecurity.

On good cybersecurity practices:

4. Basic cyber hygiene is important.

To prepare for a career in cybersecurity, a good “first step” is understanding and practicing safe cyber hygiene. Many people think it’s difficult and time consuming, but in reality, taking steps to inform the public on basic cybersecurity hygiene is an effective way to keep data safe and well-protected. These fundamentals can be as basic as creating a strong password, using multi-factor authentication, and updating applications. While these simple cybersecurity practices are often overlooked, these measures could stop up to 95% of targeted cyber intrusions.

5. Don’t overlook human behavior.

You’d think that people would use common sense when it comes to information security, but as we’ve learned, common sense is a subjective term. Since cyber criminals exploit our cognitive biases and irresponsible behaviors on the internet, the focus should be on changing human behavior when it comes to our interactions with technology. For a career in cybersecurity, pushing simple changes in behavior, paired with basic cyber hygiene, allows for a clearer understanding of the ways in which we can ensure safety in cyberspace.

6. Stay informed on the latest cyber news.

Data breaches are an increasingly common occurrence, but they’re just the tip of the iceberg on the breadth of cyber events taking place each day. Constantly reading up on new threats, technologies, and developments in the field is a valuable way to show you know your stuff. It’s also a fun way to learn! Subscribing to daily newsletters like POLITICO’s Morning Cybersecurity briefing and reading pages like WIRED Security is a great start.

On being an effective member of the cybersecurity workforce:

7. Know your audience.

While effective communication is undoubtedly important in any career, the way cybersecurity issues cut across sectors, from medicine to banking to government, makes it especially important for cybersecurity professionals to be attuned to whom they are talking. The way to influence decision-makers on cybersecurity issues will vary drastically by sector, but also by position: business leaders might prioritize ROI while lawyers might care more about concepts like confidentiality. As such, it’s not always enough just to get an IT department to care about securing their networks; effective cybersecurity often has to come from the top down, and engaging at the C-suite level is a much different—but equally important—conversation that requires framing cybersecurity in terms decision-makers understand.

8. Say “yes, and...”

No matter your job in cybersecurity, there will be a time when a superior wants to do something that goes against your gut. In these situations, it might be tempting to say “no” outright—and in some cases, that may be necessary. However, the most successful cybersecurity professionals are those who say “yes, and…” rather than “yes, but…” or just “no.” Businesses make decisions as part of their bottom line and broader strategies, and government agencies make decisions based on their mission objectives, which means there is likely a good reason for purchasing a technology or moving in a certain direction. Saying “yes, and…[insert security recommendation here]” allows you to integrate security while decisions are being made rather than after the fact, and it doesn’t position you as the person always resisting organizational progress.

9. What makes you different makes you stronger.

While it is easy to come across a variety of paths that lead to a career in cybersecurity, it is sometimes more challenging to find a similar diversity in the actual workforce population. Luckily, leaders in organizations across government, industry, and academia have created resources to highlight women in this male-dominated field, proving the importance of diversity and inclusion, but it doesn’t stop there. Whether you’re a woman, a person of color, just out of high school, from a small town, or from another country, the things that set you apart can be your strengths when it comes to creative problem-solving or effective communication.

And finally…

10. Don’t wait… get started now.

An internship like ours at New America’s Cybersecurity Initiative and events like the NCCDC are just two of a host of ways to get your foot in the door as a hopeful cybersecurity professional. Going beyond the borders of our college campuses has given us a taste of what’s out there and shed some light on what it means (and doesn’t mean) to be part of the cybersecurity workforce. In a time when issues of cybersecurity are becoming increasingly relevant, why wait? The workforce needs you now!