Ready to have your own cyber security roadmap (aka IT security roadmap) and wondering how to get started? Cyber security professionals face a wide range of challenges when it comes to career planning.
To get you on track for a successful career as a cyber security expert, we created this quick guide. I’m going to discuss what a security roadmap is and why it’s important.
Once you’ve got that down, then we’ll dive right into creating your own personalized road map for cyber security!
What Is a Cyber Security Roadmap?
You need to know where you want your career to go and how best to get there. Your career goals will be different from those of an expert in the field.
However, as a beginner you’re mainly interested in learning more about cyber security and figuring out how to make it a career. That’s where an cyber security career roadmap comes in.
It’s a career plan that helps you get from point A (where you are now) to point B (where you want to be) as a cyber security expert.
Why Is a Cyber Security Roadmap Important?
Cyber security for beginners is an increasingly complex industry. This makes it difficult to stay on top of everything that’s going on in the field.
An IT security roadmap helps by providing a visual representation of how your goals fit into the larger organization’s goals. You’re giving yourself milestones on how and when to achieve them.
By developing a roadmap early on in your professional life, you build a solid foundation for future success – both at work and beyond! Let’s look at some of the ways a cybersecurity roadmap helps:
It helps you decide your education
Some cyber security jobs require a bachelor’s degree, while others will accept those with an associate’s or no degree at all. If you already have experience in IT or cyber security, then a college degree isn’t required.
However, if you don’t have experience, attending college or grad school is a favorable alternative. Whatever your interests and needs, a roadmap helps to lay out a plan to determine if a cyber security degree or certification is right for you.
It helps to keep you relevant
By revisiting your cyber security career roadmap every so often, you’re able to identify the specific skills you need to develop. It also lets you know what skills and experience are needed for each position along the way.
When it comes time for advancement, there will be no doubt about whether it’s right for you. By continuously improving your security roadmap, you can use it to help build a customized skill set that fits your career goals.
After that, you’ll be able to see where you’ve been, where you’d like to head, and the professional development opportunities needed to help you advance.
It helps to prevent cyber burnout
Professionals that’ve worked in cybersecurity know that cyber burnout is real. It’s not unusual to put career planning off to the side to deal with work-related issues.
But that’s what makes the roadmap even more important! The last thing you want is to be overworked to the point of no return.
By then it’s almost too late. You’re more heavily focused on performing your job responsibilities and not spending enough time growing.
By reviewing your cyber security roadmap every six months, you can keep focused on your career goals, the skills you want to learn, and maintain the timetables you’ve set for yourself.
Which Degree Is Best for Cyber Security?
Of course, you can get a job in cyber security without a degree. But, if you’re still concerned about getting the right degree for a cyber security job, it depends on what you want to do with your career and your experience level.
Do you already have some technical knowledge and just need formal training to make yourself more employable? Then taking classes online will fill in some of the gaps in your education and build up your resume.
But if your goal is to become an expert who leading large teams of people in industry or go into research for major corporations or government agencies, then earning one of the coveted master’s or doctoral degrees is best for building up the skills needed for such high-level positions.
What type of degree is needed to be successful? Any Cybersecurity or IT degree will get you started on the right track for learning about cyber.
To put it another way, there’s no such thing as the “best” degree for cyber security!
Cyber Security Roadmap for Beginners
There’s really a lot that goes into planning for the next five years of your life. So, it’s important that you create a cybersecurity roadmap with a mentor to help guide your career.
Step 1: Assess
You first need to assess what skills, knowledge and experience you currently possess, and identify your interests. There’s no sense in creating a plan for something in which you have no passion for.
List all the areas where your skills, if any, exist within cyber security (e.g. incident response, forensic analysis cryptography; etc.). If there’s an area that isn’t listed here but still interests you, add it!
Step 2: Understand
You need to gain an understanding of the industry. Be realistic in aligning your skills, knowledge, experience, and interests listed in Step 1 with where you’re headed.
Don’t suddenly expect to become a cyber security consultant straight out of school.
Step 3: Decide
Decide where you want to work. Do you wish to stay at your current company, or have you thought about venturing elsewhere?
There are many companies that specialize in different areas of cyber and have unique professional cultures. Decide on the specialization as well as the work environment in which you feel comfortable.
Step 4: Research
Once you’ve identified some potential employers, make sure to research their requirements for the types of positions they offer. This doesn’t mean you’ll be applying for those positions.
You just need an understanding of the general experience and jobs requirements for those types of roles.
Step 5: Determine
After identifying the preferred qualifications for the roles you’ve researched, determine what skills you’re lacking, or need to improve upon. Then decide the level of knowledge you want to obtain in each area (basic, intermediate, or advanced).
You should include items such as certifications, degrees, workshops, tools, languages, etc.
Step 6: Associate
Associate tasks with each item listed in Step 5. For example, if the item you listed is Security+ certification, then your associated task would be to study for the Security+ exam or take a Security+ bootcamp.
If it seems overwhelming at first glance, consider breaking down the tasks into smaller chunks.
Divide each section (e.g., “Planning”) into subsections (“Strategic” vs “Tactical”). This will help you take things one step at a time without losing sight of your long-term goal(s).
Step 7: Prioritize
Then prioritize those tasks based on how much time, money, and effort they require. It’s important to include a timeline. You want to track your progress and ensure that you’re meeting the goals stated on your security roadmap.
Once you’ve completed the first task, move onto the next task, and so on.
Step 8: Accomplish
The final point is often the hardest. Will you complete what you set out to accomplish? You’ve got to revisit your roadmap every few months.
Cyber Security Roadmap Example
Let’s say you want to start your career in cyber security by learning about governance, risk, and compliance (GRC). Let’s also start by assuming you have no knowledge of cyber security.
Identify where your interests lay and research the GRC field to ensure your interests match your expectations. Think about where you want to work.
Then figure out the culture that fits your personality and the types of GRC roles that would suit you. For GRC, examples of job titles include: GRC Analyst, Compliance Analyst, Security Risk Specialist, Governance and Risk Manager, etc.
Additionally, companies will quite often include a snippet of their company mission and values. You’ll find this in the job description to give you a basic sense of the corporate culture.
Next, try to figure out what all these roles have in common. You should make note of those skills you share and those that you’re lacking.
Using Indeed, I did some research of five companies in a particular region and found the following common requirements:
•All requested soft skills such as communication, interpersonal, and problem-solving/analytical skills.
•The ability to work multiple projects either independently or collaborate as part of a team was a common factor across all jobs.
•Be expected to manage the client expectations.
•Some projects required travel.
•Most required obtaining security certifications such as CISA, CISSP, CISM, or CRISC.
•Almost all requested a Bachelor’s Degree in Management Information Systems, Computer Science, IT or another Cybersecurity-related field. Very few stated they would exchange a college education for equivalent experience. Read here if you want to know about getting a job in cyber security without a degree!
•Most required knowledge or experience with security frameworks, security controls, and audit/risk/compliance concepts & methodologies.
•Some desired knowledge or experience with GRC tools such as RSA Archer or ServiceNow.
Then ask yourself how learn those skills and then prioritize the ones that are the easiest to complete:
1) Toastmasters Club (ongoing)
2) Take CISSP Certification Bootcamp from ISC2 (2-weeks)
3) Self-Study CISA (1-month)
4) ServiceNow Governance Risk and Compliance Live 1-on-1 Training (3-months)
5) Obtain Bachelor’s Degree of Cybersecurity Management & Policy from UMGC (4-years)
Don’t be discouraged just because some tasks take longer than others. Just stick to the cyber security roadmap you’ve made for yourself, and slowly make your way to the end of each of your tasks.