5 paths to a career in cybersecurity

October is National Cybersecurity Awareness Month (NCSAM) and this week’s theme is The Internet Wants You: Consider a Career in Cybersecurity.

We’ve already given you tips on how to get a job in cybersecurity, but we also wanted to prove that it is possible and demonstrate some of the routes in, and highlight the myriad roles in this industry.

We asked a number of people working in different roles at Sophos how they made their way into cybersecurity.

1. Breaking the enigma of cryptography

Threat Researcher 2, Dorka Palotay

I did my Bachelor degree in Mathematics, Algebra and Number Theory were my favourite classes. But, we had one particular lecture on the breaking of Enigma in World War II and from that point on I knew I wanted to study Cryptopgraphy. So I gained my Master’s degree in Security and Privacy, specialising in Advanced Cryptography.

In the last semester I had to do an internship. I was looking for a place where I could deepen my knowledge of computer security and use my experience in cryptography. This is how I found Sophos and started working with ransomware. It was here I realised that I really enjoy reverse engineering and fighting against malware, so after my studies I stayed at Sophos and continued my work here.

2. The hacking bug

Senior Information Security Engineer, Luke Groves

I first became interested in Cybersecurity in my teens, if I remember correctly right around the time I first watched the movie ‘Hackers’ (it’s still a great film!). I soon learnt that Cybersecurity wasn’t quite as flashy as Hollywood portrayed it, but I had the bug. I went on to study Computing at university and afterwards found a job in technical support at a security company I had never heard of called Sophos. That was nearly 14 years ago.

After a number of positions in support I landed a role in the security team, protecting Sophos. My current job as a Penetration Tester involves offensive security, where I ‘attack’ Sophos to try and improve our defenses. It really is great fun and one of the best things about Cybersecurity is that it is always changing – there is always more to learn.

3. Building a service desk from scratch

Senior Manager of IT Support, Nikki Cook

I didn’t take the college or university route but instead joined the Royal Air Force. My trade was Telecommunications, which later evolved into IT and Communications.

I served for just over 4 years in the RAF before becoming an IT Administrator, but it wasn’t what I expected so I began looking for something that would really interest me. My search lead me to the position of IT Service Desk analyst. It was in this role that I started to notice I was a natural leader. I got itchy feet, wanting to progress and get stuck in where there were gaps in managing the team around me. I signed up with a recruitment agency who put me forward for a Team Leader position, which offered me the exciting opportunity of building a Service Desk team from scratch.

The service desk proved to be a success and I was promoted to Service Delivery Manager. My role evolved to managing SLA’s, project rollout, managing 3rd party provider relationships and budget but I felt my career here had reached its peak. Then came a call about a Service Desk Manager role at Sophos. Prior to this I’d heard of Sophos as an Anti-Virus software provider but I have to say I wasn’t fully aware of the scale of what the company provided. I am so glad I took that call.

Now I manage the UK Service Desk, which supports internal colleagues with their IT issues. My team are great example setters and regularly run training sessions for the Global Team, I’m really proud of them.

4. Statistics meets computer power

Data Scientist, Hillary Sanders

When I was in college, I had a very nebulous vision of what I wanted to do with my life, despite my much clearer world views. Then I took a statistics class, and it was beautiful. I listened to lectures with a sense of rapture: finally, someone was describing the world in such a way that was elegant, true, and just made sense.

After that class, I tacked on a second major of Statistics and got involved in undergraduate research.  I worked with a graduate student to programmatically track changes between different versions of legislation, and in doing so learned how to program. That was when it really hit: statistics combined with the power of computers is just – well – ridiculously amazing. After college, I spent a few years as a data scientist in San Francisco, and eventually left to take some time off. For fun, I taught myself web development, built a recipe website, and in doing so learned about web security. That got me interested in software security in general, which helped me luck into my current job!

Now I work on the research data science team at Sophos, where we build deep learning models to detect never-before-seen malware, and it’s my favorite job so far. It’s incredibly interesting, the people I work with are fantastic and blocking malware is decidedly non-evil – a big plus for me.

5. Drawing success in IT

Acting Naked Security Editor, Mark Stockley

It’s been a long journey so I’ll focus on the hardest part – getting a foot in the door, any door, of a computer security company.

At school I was training for the rowing team two or three times a day and spent lessons trying to stay awake or looking for something to eat. I drew cartoons obsessively (apart from in art lessons, where displays of artistic talent or enthusiasm were strongly discouraged).

I spent three years at college, specialising in cartoon, comic strip and caricature so that I could get a job as a gym instructor.

After a year of pretending to know more than I did about pecs I did something radical: I had literally nothing that would interest an employer on my CV, so I made the CV itself interesting by turning it into a great big, hand-painted cartoon Ork.

It worked. I got an interview for a job illustrating textbooks and lied through my teeth about being able to use Corel Draw.

A few years before, I’d attended a college lecture by an incredibly grumpy man from a swanky design agency in London. He mentioned he built websites for people. At the time I’d thought, “I didn’t know you could get paid to do that. If somebody this unimpressive can do it, how hard can it be?

Now I had a job, a desk… and a computer! This was my chance. I’d stay at the office until the cleaners kicked me out, teaching myself MacroMedia Director and HTML on the company computers.

By the time I’d been made redundant for the second time, at twenty six, I’d taught myself HTML and JavaScript, how to program in Perl, and completed an Open University course in interface design and evaluation.

I decided not to be cowed by redundancy and made a list of everything I wanted from my next job. Top of the list was a job working for a computer security company.

I found a job advert for one on a recruitment site but by this time I’d been burned hard by box-ticking recruiters so I figured out who the company was and applied directly.

You’ve heard from us but now we’d love to read your cybersecurity journeys in the comments below. And if you’ve had any funny BIT (before IT) roles tell us on Twitter: