Something I've been asked a lot recently and in the past is how I got into this industry and what my tips are for new prospects?
Well here is my story:
I got into industry via a sort of standard and non-standard path, at school I fucked up all of my exams in my last year, ended up winging it and going to college(in Scotland it's an option after 6 years of school, or if you leave school at 16 you can go to College). Anyway, I went to college to study computer networking on a two year course, however, along the way managed to land myself an internship at a bank working with their technology and information risk team where I quickly found that TIR was not for me and I much more enjoyed the red/blue team side of things.
This led me to apply for university to study Digital Security, Forensics and Ethical Hacking at Glasgow Caledonian University. The course led me to get involved with the cybersecurity challenge as there was a cyber camp event held at the Uni over a weekend which I was lucky enough to take part in. The camp composed of three days of different challenges, a business day, digital forensics and finally a CTF style day surrounding a hacking pretence idea.
Following this camp, I managed to land a place at the prestigious masterclass which saw 42(?) of the best delegates at the time take part in a team challenge over a few days in a bid to save the UK from a fictional cyber attack(funnily similar enough to wanna cry(!) ). This allowed me to network with lots of people in Industry and also happened to be the year in which Whitehatters Academy was born(several former finalists all band together and we started it!). As a result of being at the masterclass, I managed to get my CV to several companies and landed myself another internship, this time in London to work with Context Information Security as a penetration tester intern, which is mostly where I found my taste for hacking and learning the ropes(insert book plug).
Over the three months, I spent in London I attended the first BSides Manchester where I met lots of like-minded folks and made friends with lots of the girls and guys I know in the industry today! At the event, I ended up grabbing a lot of business cards and talking to lots of people and by chance ended up meeting my current and previous employers!
At the end of my internship I was faced with the ultimatum, go back to Uni for two more years and get a masters or with my new found taste for working(find a job), so I took a punt and put a tweet out:
"any #infosec companies in #Scotland fancy taking me on for a 1 Year internship? Or Anyone anywhere want to hire me. "
At the same time, I also started a blog and started publishing some of my notes on projects I'd started including building a MacBook and converting the CD drive at the time to an additional drive bay! Following the combo of the tweet, blog and some miracle the stars aligned and I got a few folks to get in touch wanting to talk to me fast forward six months I started my first full-time job in Industry as a penetration tester(still makes me laugh that that's my title!).
So that's my story, but regarding tips to break in here are my top tips:
- Get Social, get on twitter and get involved in discussions, ask questions and be active.
- Start a blog and write up about different bits and pieces, have a look at my early posts GHOST_URL/.
- Go to conferences; they're fun, reasonably cheap and an excellent opportunity to meet folks and learn, but not only that interact with people, speak to the sponsors(they could end up becoming employers! My past two jobs have been landed from going to cons!)
What are three of the top traits you should have to work in cybersecurity?
Regarding traits, I'd say be hungry and willing to learn, make sure you can communicate too, we're all introverts at one point or another but grab life by the horns and dive in at the deep end!
I believe that anyone can become technical if they are willing to learn. Likewise with personal skills, practice and give it a go, really what is the worst that could happen?