Cybersecurity Awareness Month: Resources to Get Started in Security
This month marks CISA’s 18th Cybersecurity Awareness Month, a joint effort between the government and public to raise awareness of the importance of cybersecurity.
This week, we’re sharing the diverse paths our Ona team members took to get into the security industry and advice they have for those starting out their cybersecurity careers.
Juan Perez-Etchegoyen, Chief Technology Officer
What was the path that led you into the cybersecurity industry?
I was always interested in the inner workings of software and binary code, which led me to research computer viruses and binary file formats. That interest led me to search for IT Security related jobs, and I was lucky to land my first job doing IT security assessments, penetration tests, and vulnerability research. From there, I continued focusing on risk and vulnerability management and with Onapsis, it was all about doing what’s best to help organizations secure their most critical applications.
What advice do you have for someone looking to get started in security?
I think that persistence and curiosity are key to building a career in cybersecurity. You can do training(s) and learn a lot, but it is really up to you to build your understanding of the risks and vulnerabilities and how to prevent them (or even leverage them if you are part of a red team/pen-testing team). This is why I believe self-learning, driven by curiosity and persistence, can significantly contribute to your growth as a professional.
What resources do you recommend for someone looking to get started/early in their security career?
In today’s interconnected and information-driven world, the internet is the limit. I would definitely use (very judiciously) GitHub and content that is available from other researchers. I would take a look at security conferences — Black Hat, DEF CON, TROOPERS, Hack In The Box, and BSides — as most publicly share the presentations post-conference. Leverage the reading material in blogs and articles and dedicate time to learn. Learning is going to be a never-ending part of your cybersecurity career.
Rick Hanson, Chief Operating Officer
What was the path that led you into the cybersecurity industry?
I entered the U.S. Air Force as a communications specialist; the job required secure communications of classified documents. To do this, we had to sync our crypto devices before any messages were sent. I was mesmerized by this and became highly interested with how cryptography worked and the applications that used it. Soon after the Air Force, I joined a very small cybersecurity company (RSA) where there were less than 100 people. We helped revolutionize the internet security space in the mid-1990s. To be at the beginning of an entire industry and watch it transform is simply amazing.
What advice do you have for someone looking to get started in security?
Cybersecurity is a lifestyle. You need to appreciate that world and the threats that exist within it. This is a career where you are helping people and companies stay secure from evil entities. Make it a passion, learn something every day about the technologies that can stop attackers, and research and learn about how evil people attack. Never stop being curious, find a mentor in the industry, and ask a lot of questions.
What resources do you recommend for someone looking to get started/early in their security career?
- Understand and learn the Cyber Kill Chain
- Become certified through ISC2
- Read Hacking Exposed and the first cybersecurity book I ever read, The Cuckoo’s Egg
Debbie Back, Senior Security Consultant
What was the path that led you into the cybersecurity industry?
I have been in network and SAP security for years. I was introduced to cybersecurity when I was studying for my Masters in Security Engineering. I also became more interested in how important SAP and application-level cybersecurity was by talking to Onapsis at a tradeshow. I tried for several years to get my company at the time to purchase the Onapsis Platform because I was aware of the vulnerabilities to our critical applications. Although I was not able to accomplish that task, I was hired by another company that had just purchased Onapsis; they understood how important cybersecurity is at the application layer. Here, I performed the installation of Onapsis because I was so well-versed in its capabilities.
What advice do you have for someone looking to get started in security?
I would highly recommend getting training across all layers of security — network, infrastructure, and applications — so you can understand how they all tie together.
What resources do you recommend for someone looking to get started/early in their security career?
Look into ISC Certification and SAP Security Certifications.
Alex Horan, VP of Product Management
What was the path that led you into the cybersecurity industry?
I fell into the cybersecurity industry. While at university, I started working at a small office part time and I quickly realized that I found troubleshooting and solving computer-related problems easy and intuitive. This resulted in me changing my focus to working with computers. From there, I moved countries and got a job that I would describe as ‘security-adjacent.’ Our application was internet-facing and when we worked with prospects and customers, they had a lot of security related questions I had to help answer. This forced me to learn security concepts and approaches. That (along with a move to another company) gave me the exposure and experience to work for a company that marketed a penetration testing product… I was 100% hooked on cybersecurity at this point.
What advice do you have for someone looking to get started in security?
Security people generally like to share knowledge. I’ve seen seasoned pros happily share information and advice with someone coming into the industry. If you ask the question respectfully and show evidence you have attempted independent learning, then security folks are happy to share their points of view or how they think about certain issues or challenges in the industry.
Find ways to connect to the industry. In these times of COVID, not everyone is comfortable getting together, but in most areas, there are security meetups and other opportunities to attend talks and learn from others. Look for conferences close to you for additional exposure.
Don’t feel you have to do it yourself! There are plenty of free resources available online to help you learn and develop those initial skills.
What resources do you recommend for someone looking to get started/early in their security career?
- The Security Podcast Network – Security Weekly
- Security BSides, Security BSides – Wikipedia
- Webcasts – Black Hills Information Security (blackhillsinfosec.com)
Noelle Slaoui, Senior Product Manager
What was the path that led you into the cybersecurity industry?
I got my undergraduate at American University, with a degree in Criminal Justice and Woman and Gender Studies, and my Masters at King’s College London in Law and Global Ethics. I wanted to work at Onapsis, and to get my foot in the door, I took a Sales Development Representative (SDR) position. Through my SDR position, I was able to learn how our products work gained perspective on our customers’ needs, and got experience in delivering value. When an opportunity in Product was available, I reached out to be considered. I am now a Senior Product Manager.
What advice do you have for someone looking to get started in security?
Throughout my career, I have been fortunate enough to work with incredible people who have become teachers and mentors to me. I recommend not shying away from asking questions; learn from your peers and learn from your mistakes.
What resources do you recommend for someone looking to get started/early in their security career?
LinkedIn is an incredibly powerful tool. There are a bunch of security-focused LinkedIn groups to join, professionals to connect with, and forums to participate in. There are so many roles and cybersecurity companies out there; do your research to find opportunities and don’t be afraid to reach out to strike up a conversation.
More Resources
- Further your security career with Onapsis. Browse our open positions today.
- Stay on top of the latest news and reports in business-critical application security.
- Learn more Cybersecurity Awareness Month and how to protect your organization.