This article was originally published in the (ISC)² blog and cross-posted on not your CISO on Medium. Read the full post →
I found my first position at a college placement fair. I began working as a software engineer building a digital security platform at HSBC — designing the backend for secure authentication and authorisation for mobile banking apps. It was more of a software development job, but I had to learn a lot about security concepts to actually do it well.
While working as a software engineer, I cleared GSEC and became an Associate of (ISC)². My first real security role came after that — Senior Cyber Security Specialist at Cyble.
Here’s what I’d tell someone starting out: begin as a generalist, don’t start with a trending niche. Learn the basics of everything under the cybersecurity umbrella, find what genuinely interests you, then go deep. Certifications get you an interview. A deep understanding of fundamentals, genuine curiosity, and a willingness to keep learning get you the job.
And don’t be afraid of reaching out to people above your level. If you want to talk to a CISO, just reach out. If you want to talk to a VP, just reach out. Most people in security are willing to help — they just need to be asked.