Creating a career roadmap for the cybersecurity beginner
Summary
TLDRIn this episode of CyberWork Hacks, Professor Robert McMillan offers valuable advice for those beginning a career in cybersecurity. He discusses the importance of creating a career roadmap, bundling certifications, and the different paths in cybersecurity depending on the size of the company. He emphasizes the importance of starting with foundational certifications like Security Plus and suggests strategies for maintaining focus and motivation. Additionally, McMillan highlights the benefits of community involvement and vendor groups for hands-on experience. The episode aims to help novices navigate their career paths effectively and sustainably.
Takeaways
- 😀 Professor Robert McMillan provides advice for security novices on how to start their cybersecurity career.
- 🛣️ The script emphasizes the importance of creating a career roadmap early on in one's cybersecurity career.
- 📚 There is no universal roadmap for cybersecurity, unlike those available for certifications from companies like Microsoft or AWS.
- 📝 McMillan suggests bundling certifications such as A+, Net+, and Security+ from CompTIA for those interested in becoming a CIS admin.
- 🌐 For those starting in cybersecurity, he recommends beginning with the CompTIA Security Plus, Azure SC-100, and Offensive Security Pro (OSP) certifications.
- 🏢 It's noted that in smaller companies, one might have to be a 'jack of all trades', while larger companies may require more specialization.
- 🎓 A degree is suggested but not strictly necessary to start in cybersecurity; community college can be a good starting point.
- 🔍 The speaker highlights the value of joining computer clubs or vendor groups to gain experience and network with others in the field.
- 🎮 McMillan suggests a work-reward system, such as playing video games after completing study or work tasks, to maintain motivation and discipline.
- 📈 He also mentions the importance of specialization and continuous learning to grow within one's cybersecurity career.
- 📘 The transcript mentions resources like Certification Magazine (ctm mag.com) for insights into what employers are looking for in IT and cybersecurity roles.
Q & A
What is the purpose of the 'cyberwork hacks' podcast?
-The 'cyberwork hacks' podcast aims to provide a quick, clear, and actionable solution or new insight on how to utilize infosec products and training to achieve work and career goals, specifically focusing on questions asked by cybersecurity novices.
What does Professor Robert McMillan suggest as a starting point for someone new to cybersecurity?
-Professor Robert McMillan suggests starting with the CompTIA Security Plus certification, as it is a good foundation for those new to cybersecurity, and then considering additional certifications like Azure SC-100 and Offensive Security Pro (OSP).
Why does Professor McMillan recommend not focusing solely on certifications at the beginning of a cybersecurity career?
-He advises against focusing solely on certifications because they can limit one's options and pigeonhole individuals into a specific area. It's better to have a broader understanding and then decide on a specialization.
What is the significance of a career roadmap in cybersecurity according to the podcast?
-A career roadmap in cybersecurity is important for helping individuals understand the various paths and certifications that can lead to their desired career goals, and it helps in planning their education and professional development.
How does Professor McMillan describe the difference between the roles of a CIS admin in a small company versus a large organization?
-In a small company, a CIS admin might be responsible for a wide range of tasks, including security, whereas in a large organization, the role is more specialized, and there might be separate cybersecurity teams that do not even interact with the CIS admin team to avoid conflicts.
What advice does Professor McMillan give for high school students or those opting to skip college and enter the workforce faster?
-He suggests starting at a community college or a four-year college if possible, taking generic IT and non-IT classes initially, and then focusing on a specific area of interest after gaining some understanding of the field and what they enjoy.
What is the role of vendor groups in helping someone start their cybersecurity career?
-Vendor groups can provide access to free demo equipment and software, offer networking opportunities, and give insights into the latest technologies and industry practices, which can be valuable for starting and advancing a cybersecurity career.
What method does Professor McMillan propose to help stay focused on career development while managing a full-time job?
-He suggests a work-reward system where one sets goals for studying or working on career development tasks and then rewards themselves with something they enjoy, like playing video games, after completing the tasks.
Why is it important to choose a cybersecurity career path that excites you, according to Professor McMillan?
-Choosing a career path that excites you is crucial because it leads to greater job satisfaction and motivation. A high-paying career that isn't interesting can feel like a prison, making it difficult to stay motivated and engaged.
What resources does Professor McMillan recommend for individuals looking to enhance their cybersecurity skills?
-He recommends using resources like infosec skills, where he has created learning paths for securing operating systems like Windows Server 2019 and Windows 10, and also suggests joining computer clubs and vendor groups for hands-on experience and networking.
Outlines
🎓 Introduction to Cybersecurity for Novices
Professor Robert McMillan offers advice for those starting their cybersecurity careers, emphasizing the importance of initial decisions in shaping one's career path. Viewers are encouraged to check out the episode for more insights.
📚 Purpose of Cyberwork Hacks
The Cyberwork Hacks series, a spin-off of the Cyberwork podcast, aims to provide clear and actionable solutions to fundamental cybersecurity questions. Professor Robert McMillan, a seasoned instructor, returns to discuss creating a career roadmap for cybersecurity novices.
🗺️ Understanding Career Roadmaps
Robert McMillan explains what a career roadmap is and what it isn't. He highlights the lack of a definitive cybersecurity career roadmap and suggests bundling certifications, starting with CompTIA’s A+, Network+, and Security+ for aspiring system administrators.
🔒 Certification Bundling Tips
McMillan advises starting with the Security+ certification from CompTIA and then pursuing Microsoft's Azure SC-100 and Offensive Security Pro (OSP). He underscores the importance of aligning certifications with career goals and organizational needs.
🎓 Navigating Education Choices
McMillan discusses the importance of starting with a broad IT degree and taking foundational courses early. He suggests community colleges for cost-effective education and emphasizes the value of gaining certifications alongside formal education.
🖥️ Finding Your Passion in Cybersecurity
Sharing his personal experience, McMillan encourages newcomers to explore and find their passion in cybersecurity. He recommends joining computer clubs, participating in vendor groups, and gaining hands-on experience with equipment to discover what excites them.
💡 Using Work-Reward Systems
McMillan suggests using a work-reward system to stay motivated, especially for young professionals. He shares his method of balancing work and play to maintain focus and continue progressing in learning and career development.
📜 Available Infosec Skills Paths
McMillan highlights the skills paths he has created on Infosec Skills, including courses on securing Windows Server 2019, Windows 10, Windows 11, and Windows Server 2022. He advises choosing paths that align with personal interests and career goals.
🎤 Conclusion and Viewer Engagement
The video concludes with a call to action for viewers to share the content, subscribe to the podcast, and suggest topics for future episodes. It promotes the 12 most in-demand cybersecurity roles video as a resource for choosing the right career path.
Mindmap
Keywords
💡Cybersecurity
💡Career Roadmap
💡Certification
💡CompTIA Security Plus
💡Azure SC-100
💡Offensive Security Pro (OSP)
💡CIS Admin
💡Infosec Skills
💡Vendor Groups
💡Work-Reward System
💡Community College
Highlights
Cyberwork Hacks is aimed at security novices and provides advice for career path decisions in cybersecurity.
Professor Robert McMillan shares advice for creating a career roadmap in cybersecurity.
Career roadmaps are essential but non-existent for cybersecurity students, prompting the need for guidance.
Bundling certifications like A+, Net+, and Security Plus from CompTIA is suggested for aspiring CIS admins.
In larger organizations, cybersecurity teams may not interact with CIS admin teams to avoid conflicts.
For beginners, starting with Security Plus, Azure SC-100, and Offensive Security Pro certifications is recommended.
The importance of understanding the difference between working in small versus large companies in cybersecurity is discussed.
Certification Magazine (cermag.com) is highlighted as a resource for understanding employer needs in IT and cybersecurity.
The challenge of deciding a career path at a young age and the importance of starting with a broad educational foundation.
Community college is suggested as a starting point for those without the funds for a four-year college.
The value of starting with non-IT classes to build a foundational understanding of the world is emphasized.
Joining computer clubs and vendor groups can provide hands-on experience and networking opportunities.
The excitement of setting up a server at home can indicate a passion for a career in cybersecurity.
Free Geek and similar initiatives can offer hands-on experience and equipment for learning.
The work-reward system is introduced as a method to stay disciplined and motivated in learning and career development.
Robert McMillan's learning paths on InfoSec Skills for securing Windows Server 2019, Windows 10, and other systems.
The importance of pursuing a career that aligns with personal interests to avoid job dissatisfaction.
Invitation for listeners to share the episode, like, subscribe, and comment with topics they want covered in future episodes.
Transcripts
okay today's cyberwork hack is for
security novices people who are just
getting started in learning cyber
security and looking for their career
path Professor Robert McMillan is an
infos seex skills path author and he
gives you some fantastic advice for
making the decisions at the very
beginning to help you steer your career
to all the places you want to go get
your cyber security career started make
sure you check out today's episode of
cyberwork
[Applause]
hacks hello and welcome to a new episode
of cyberwork hacks the purpose of this
spin-off of our popular cyberwork
podcast is to take a single fundamental
question and give you a quick clear and
actionable solution or a new insight on
how to utilize infosec products and
training to achieve your work and career
goals um my guest today is Professor
Robert McMillan now Robert's been the
instructor and creator of our skills
modules for a long time and he was a
guest on an early episode of cyber
workor and I'm really glad to have him
back uh for a series of cyberwork hacks
aimed squarely at the questions asked by
cyber security novices and we hear from
you all a lot and we hear what you're
asking and we're hoping to answer some
of it so today's hack specifically is
about creating a career roadmap for
yourself before you even step foot out
of your fir out step foot out on your
first interview so uhh welcome back to
the show Robert it's always great to
talk to you thanks Chris it's good to be
back uh I really enjoyed our last get
together and I hopefully I can help out
some some people that are new to the
industry absolutely so um uh yeah
Roberts let's start at the beginning and
explain what a career road map is and
also I guess what it isn't like what
should you be trying to understand or
clarify for yourself before you know by
creating a career road map for a career
in cyber security and you know also the
the what it's not like it's it's not
going to solve certain problems I
imagine but yeah yeah you're right about
that uh you know career road maps are
interesting if you go to say Microsoft
to look at what their their
certification road map is you know AWS
has the same thing but there's really no
road map out there just for security
cyber security students and so I'm
hopefully going to you know clear up a
little bit of that for you because I I
do see uh education from multiple
different angles you know I started out
as an employee I you know went on to
become a consultant and then a business
owner and now an educator and so I kind
of see it you know all these these uh
the big picture you know basically and
so one of the things you could do is you
could bundle certification together if
we step away just from the whole degree
plan and things like that temporarily
let's look at bundling
certifications um so you know a lot of
people that want to go into CIS admin
work will bundle the A+ the net plus and
the Security Plus from CompTIA and those
that's a good you know uh three
certifications to start with one of the
things is if you're going to be a CIS
admin which is typically not a security
role it doesn't mean you don't do
security you're still going to be doing
a lot of security it's just it may not
be your focus now in a smaller company
you are the main security person as well
as the CIS admin as as well you might
also be doing Voiceover IP and webcams
and things like that but in a larger
organization you're going to have a
cyber security team which what I have
found is really interesting they are not
even allowed to talk to the CIS admin
team because there could be a conflict
there there could be some collusion
there so you know larger companies don't
even allow them to talk so let's talk
about certification bundling besides
just for assis admin um what I suggest
for those of you who are just getting
started start with the Security Plus now
uh the Security Plus does have some
requirements from from CompTIA but
they're not really enforced I mean they
say oh you've got to be a security
professional for a couple of years and
you know things like that they're not
really enforced it does it's not going
to stop you from taking the security
plus uh then the Azure sc100 is a good
one for from Microsoft Microsoft has
moved away from on premises types of
certifications uh you know much to my
pain because I have a lot of them sure
and yeah and has moved to uh you know
mostly Cloud I mean there are a couple
of hybrid ones out there the 800 the 801
but the sc100 is a great intro cyber
security
certification and then the last one I
suggest is the OSP the offensive
security pro uh very good certification
all these are available uh at The infc
Institute as you know uh you know videos
and uh you know uh you know labs and
quizzes and you know a great way to get
started go ahead go ahead I'm sorry no
I'm sorry I just k then you can take the
certifications from there yeah yeah
absolutely well yeah I think that's
that's a an important distinction to
make and that'll sort of come into our
next question but like you said if
you're going to work for a small company
you're going to have to be uh a jack of
all trades and master of none and if
you're going to come work for a large
company you're going to need to
specialize a bit more and sort of drill
down on what your specialty is going to
be and what's going to set you apart
from people on your team I imagine
exactly oh you know there's there's a
MAG there's some magazines out there but
I really like um the certification
magazine I don't know if you've seen
this one before but um it's put out by
test out uh it's it's at cerm mag.com
and they every month they have a lot of
great uh articles about what employers
are looking for for various different
types of IT jobs and of course security
is a big one among them yeah wow what a
what a cool what a cool resource i' I've
that's literally first time I'm hearing
of it so I'm glad you mentioned that so
yeah yeah C mag ctm mag.com check it out
love it so Robert whether you're a high
school student who's studying getting
ready to go off to college or or you
know someone who's opting to skip
college and pursue your skills on your
own to enter the workforce faster you
know I think we can agree it could be a
bit overwhelming to look up at your
imaginary career ladder and imagine what
path you're going to take to climb it
and so I I wonder if you have any advice
we making Career Road mapping into kind
of a manageable and useful process for
yourself rather than the you know the
big scary open-ended question what do I
want to be when I grow up yeah isn't it
crazy and a little bit ridiculous to go
I you were 17 once right and and I was
17 months and I I just find it
ridiculous that you you you go up to a
17-year-old and you say it's time now to
decide what you're going to do for the
rest of your life yeah yeah yeah yeah
you you and your non-developed
prefrontal cortex I'm I'm sure this is
going to go great
yeah so uh here's here's my advice on
that um certifications are not
everything uh a degree is a great idea
um now can you can you get started
without a degree yes you can but let's
let's take the mind of a 17-year-old
right now who who by the way knows
everything you know in their mind they
believe they know everything uh but you
really don't uh so here's what I suggest
is that you start out um if you don't
have the money start out at a community
college you there are loans available
for that if you do have the money and
and the uh ability to get into a
four-year college or university also a
great way to go when you pick your uh
your degree that you're going to go for
uh what I suggest is you go for a fairly
generic um you know it degree if if
that's where you're headed and start out
with the real basic classes the math the
English you're going to remember it
better anyway because you just finished
high school right you you don't want to
finish with math because that's four
years later or two years later uh you
want to start out with some of these
non-it classes as many as you can take
ahead of time let yourself start
understanding the world a little better
around you start networking with people
and getting their opinions on things uh
get you know professors opinions on
things and then go ahead and start
focusing on exactly what you want to do
knowing what you want to do at 17 it's
it's just almost impossible
so after that then you can say okay I
really like cyber secur I've been this
for in for a couple of years I really
like cyber security I'm going to finish
my degree in cyber secure or or you know
uh CIS admin work or programmer devops
whatever it is that that you want to do
um so can you just start out with
certifications right out the door you
can uh but you're going to find that
your your options are limited you're
going to get kind of pigeon hold into a
specific area and if you don't like that
area you might be in too deep to get out
of it at that point might start getting
bills you know things like that like oh
I can't afford to quit my job now so uh
uh yes you can absolutely get
certifications to start with another
interesting thing is getting
certifications or taking classes uh that
also offer certifications there's for
instance a lot of CCNA uh certification
classes A+ certification classes you
know and other things like that not a
lot of cyber security ones yet I have
seen some cissp ones but that's a little
bit tough to start out with that's
that's sort of like the PHD of security
I don't know if you want to start out
with that ISC squared one quite yet but
um if you can find some uh classes that
also teach to the certificate or
certification then then it's two for one
yeah no totally now uh to that end I
guess um I'm thinking here in terms of
uh you know people who are just starting
to sort of feel that out and they're
like oh you know they they Tak a few
computer science classes oh this is
interesting and then they start
realizing there's certain things I
really like oh I like capturing the flag
or you know I like securing Network or I
like actually just watching my computer
processes running to see how information
is transported but like do you have any
advice for taking the things you're
interested specifically and and sort of
moving them into kind of a a a path of
of learning and action and and sort of
career mapping yeah yeah you know this
this is kind of how I started out so uh
at the office where I was working they
had a a Windows server that was being
retired now this goes back a few years
this is nt4 this wasn't even pre Windows
2000 yeah well I Windows 2000 had been
out but they were just retiring the nt4
and uh so I said can I have this this is
okay and uh they said sure So I I took
it home and this thing was a beast it
probably weighed 100 pounds back then
you know it was it was it was a big old
HP no compact it was a compact server
and uh so I got this thing running and I
set up my first DHCP server and I
connected uh a computer to it and it got
an IP address addess automatically my
wife thought I was nuts but I
practically jumped up and down I was so
excited when you have that kind of
excitement you know you're in the right
place you're you're headed towards the
right kind of career and those are the
kinds of things that uh you know can get
you started there's a lot of great great
places I know that in the Portland area
in Portland Oregon where I am uh they
have a a free geek place and I'm sure
other cities have similar things where
you can go and you can work there for
equipment so uh like you they teach you
how to to repair computers they teach
you how to do all different kinds of
things on computers um and then you go
to work for them as a volunteer and then
you get equipment uh for your
compensation you take that home you
start playing with it you know and and
get really excited about all the things
you can do and I I love that kind of
stuff um so the other thing you can do
join computer clubs either in high
school or college whichever you're in
and if you're not in high school College
vendor groups are a great idea uh vendor
groups will get you into places where
the vendors you know there like you know
there's firewall vendor you know Palo
Alto and Cisco and all these different
places they have vendor groups in all
the major cities if if you're fortunate
enough to to be you know near them they
will provide you with uh you know some a
lot of times some free demo equipment
some free software uh things like that
and you can take that home and you can
start your own projects as well um so
you know lots of lots of really good you
know uh ways that you can do that I I
remember doing that uh you know early on
with um you know one of the the firewall
companies um you know that's uh not not
a lot of people have are using anymore
but um and and it was it was so great I
got to talk to other people having the
same problems that I was were was having
you know in getting started in a career
and uh you know those those folks really
helped me out that's cool uh I've never
heard that before either so yeah we're
learn all kinds of stuff together now
you had mentioned before you almost uh
quoted one of my lines in here talking
about getting your first job but uh you
know so you know as speaking for
listeners who are maybe ramping up their
training now they're getting some
experience they might have even landed a
first job do you have any advice for
helping them stay focused on their
career road map and and pushing
themselves into new learning new
opportunities to keep growing so like
you said it's really going to be easy
you get your first job you start to have
to pay bills work starts piling up your
your day-to-day seems like it takes
your entire day to get all your work
done and then you're coming home and
you're like I don't want to like study
tonight like what how do you sort of
keep how do you sort of keep yourself
going so that you don't just sort of
like drift into that same spot forever
well you know that's this is a tough one
for young people um it's it gets a
little bit easier as you get older
because you know you kind of settle down
and your brain isn't quite as wired uh
you know uh for the next uh quick thing
but especially with people with
disabilities like ADHD that's especially
tough for those folks and I there's
medications that can help and not
everybody you know wants to do that
because it makes them feel strange and
stuff um so being a disciplined person
is not easy it's not necessarily natural
you know for us um it it takes a certain
amount of security uh when I was earning
my degrees um I had a business I had a
wife and three kids and a lot of bills
um so one of the things that I and
there's there's a lot of different uh
you know ways you can do this but let me
just give you one way that I think works
out great a lot of us play video games
do you play video games Chris um in the
arcade in the retro arcade now again I
don't have oh you love the Retro I love
that too yeah we got this place for 20
bucks you go there and you play as long
as you want same here yeah Galloping
ghost out in Bowling yeah yeah in
Brookfield oh that's so cool yeah so um
what I use is is this risk or not risk
but work reward system the work reward
system basically goes like this is that
you know you have your favorite video
game in front of you right you may maybe
play Playstation or Xbox or your know PC
gaming that kind of thing and uh what I
do is I say okay I'm going to read x
amount of pages of my book or I'm going
to do my lab I'm going to take this quiz
and I'm going to reward myself you know
by being able to play 30 minutes of of
video games or or whatever it is that
excites me what you know what I like to
do and um then you go on to the next
thing and so over the course of you know
two or three hours you might find that
you get all of the rewards that you need
and at the same time you get um a lot of
the work done as well it's like I said I
understand it's not easy and it does
take you know some maturity but this is
this is a way that worked for me and
maybe it'll work for you as well yeah no
if we're talking about reward systems
yeah for for mine the equivalent is get
20 minutes of reading done and you can
listen to an LP or you know an album or
you know or whatever so yeah but um yeah
and yeah I think the thing that I've
notied too is when you when you get on a
good role you're like well I freed 45
minutes and I get 20 minutes for reward
and 45 minutes and then at a certain
point like you start skipping the
rewards at a certain point you get so
locked in that you're like let's just
keep going you yeah which is good that's
exactly where you want to get to you
know you get into flow so um so yeah so
one last question here uh Robert um if
if um people want to you know if if
listeners are are are logging into
infosec skills today like what are some
of the the skills paths that you've
created that they can they can check out
that are uh Robert McAn certified yeah
there you go well if you haven't done so
make sure you create your account in
infos SEC and get your account started
there is a free trial when you sign up
and then you can start watching videos
and taking Labs on various different
subjects now here's what I suggest is do
what excites you you're going to hate a
career that pays you a lot of money that
isn't interesting uh because as we
mentioned before it it feels a little
bit like you're in prison where you just
you can't you can't get back out of it
however um I have created some learning
paths and um I started out with the uh
Windows uh uh server 2019 and Windows 10
I have since upgraded for Windows 11 and
Windows Server 2022 um and it's all
about securing those operating systems
securing those operating systems uh not
necessarily for homes you know it's not
going to be the home version of Windows
you know 10 or 11 it's going to be you
know the professional the Enterprise
versions you know how to secure them
using group policy with active directory
uh you know with all the built-in
utilities as well as many third party
utilities uh determine whether or not
you've been comp rised your your servers
have been compromised you know all those
different things um are uh you know very
important to you know most offices and
and businesses and uh I think that
people will get a lot out of them that's
great uh well uh Professor Robert
McMillan thank you for helping our loyal
listeners on their path to their
preferred type of security career so
glad to be here Chris look forward to
the next one all right and uh thank you
all for watching this episode if you
enjoyed this video and felt that it
helped you uh please do share it out
with your colleagues and on any forum
that you're on and on your social media
accounts the more people that know about
us the more of this that we can do and
of course please like this video And
subscribe to our podcast you can just
type in cyberwork infos SEC into YouTube
uh and you will find all of our past
episodes just like magic there so
there's plenty more to come uh for
Learners of all levels including more
with Professor Robert McMillan so if you
have any topics that you want us to
cover just drop them in the comments
below we're reading them all until then
we will see you next time and Happy
learning hey if you're worried about
choosing the right cyber security career
click here to see the 12 most in demand
cyber security roles I ask experts
working in the field how to get hired
and how to do the work of these security
roles so you can choose your study with
confidence I'll see you there
浏览更多相关视频
How I Would Start Learning Cyber Security in 2024 (If I Had To Start Over, Again)
GRC Certification Roadmap v1.0: Recommended Training and Certs #cybersecurity #grc
Cyber Security Certificate Tier List – UPDATED (2023)
How to Get into CyberSecurity | Step by Step Roadmap (2024)
Careers in Cybersecurity
Underrated Cyber Security Certs that WILL get you HIRED
5.0 / 5 (0 votes)