Getting Started in Cybersecurity: A College Student’s Guide

Estimated Read Time: 4 - 6 minutes

Introduction

I see many college students who want to get started in Cybersecurity but don’t know where to start. Being a college student myself, I think it would be useful to share my experience navigating this field and what I’ve learned so far to give a unique perspective. To preface, I am a Junior in college majoring in Management Information Systems with a concentration in Cybersecurity, and I am in no way an expert in this subject matter.

Education

A big misconception I’ve seen is that you need to major in Cybersecurity to be able to get a job in this field. This isn’t necessarily true. Cybersecurity is a huge field that includes a variety of different jobs such as Technical Writing (English), Secure DevOps (Computer Science), and Cryptography (Math), to name a few. Another important thing to consider is what type of certification you may want to get. You will find varying answers when you ask professionals whether or not certifications are important. Indeed, you don’t need one to get into the field, but trying to get a Cybersecurity role right out of college may be a bit difficult without one. Certification will set you apart from other job applicants and show that you have the drive to pursue additional knowledge. If you’re planning on working in the public sector, for a three-letter agency, or go into government contracting, then you want to base your decision on the DoD 8570 document. Depending on what job you get, you will need to be certified to a certain level. Regardless of whether you’re planning on working in the public or private sector, assuming you follow the rest of this guide, you will want to look into getting a beginner-level security certification such as CompTIA Security+, CISCO CCNA, or (ISC)2 SSCP. These will give a foundational knowledge of security.

Technical Skills

Before pursuing one of the above certifications, it’s important to build a foundational knowledge of technology. It would help if you got comfortable using both Windows and Linux not only as a regular user but also as an administrator. For Windows, get familiar with the control panel applets, explore the file system and figure out where to find important locations such as where drivers are saved, and get comfortable using the command prompt and/or PowerShell. For Linux, you should strive for a similar understanding of the operating system. Another key skill to learn is networking. How do routers and switches work? What are IP addresses and domain names? And what happens in a network when you type an address in the search bar and press enter? While learning these skills, you should be using YouTube and Google (or DuckDuckGo) to help with anything you’re having trouble figuring out. This will help you get better at learning and teaching yourself, which is essential in cybersecurity. If you’re more of a structured learner, you may want to look into CompTIA’s A+, Network+, and Linux+ certifications to learn these skills before getting a security certification. Without building good foundational skills, you will run into lots of trouble down the line.

Programming

Programming is not an essential skill for all Cybersecurity roles, but it is a good skill to have regardless. Most people tend to suggest that beginners start with learning Python as it is a high-level programming language with little syntax. I agree with this, but if you think you are interested in digital forensics and incident response, then C would be a good place to start also. The learning curve is steeper, but once you learn a lower-level language like C, it will be a lot easier to learn other languages like Python. C is the first language I learned, and I can attest to that.

Some great places to learn to program are YouTube and CodeAcademy. After learning the basics of Python or C, another important skill to learn is scripting with Bash for Linux and PowerShell for Windows. These are used a lot in automation and are a bit more difficult to learn than a conventional programming language. I would suggest getting familiar with Linux and PowerShell terminal commands before starting to write scripts.

Experience

One of the best ways to learn while also applying the knowledge is through projects. For example, I was able to get familiar with Linux while also learning how to program in Python at the same time by doing different projects on a Raspberry Pi. Creating a home lab is another great way to gain experience. Set up a Windows server with Active Directory, create virtual machines, get old networking equipment, set it up from scratch, and secure it. If you’re interested in penetration testing or defending networks, then participate in capture the flag events. Some great CTF websites are TryHackMe, HackTheBox, and Hack.me. Want to learn about the latest tools and threats? Check if there are any conferences or hackathons in your area; participate in as many as you can. You will meet many like-minded students and professionals at these events. And of course, the best way to gain experience is by actually working.

Apply for internships as soon as you can, and don’t wait until your senior year, even if your Internship isn’t necessarily a Cybersecurity internship. Any experience working in a professional environment is a good experience. Also, don’t limit your experience to just internships or part-time jobs. If you have extra time, volunteer your time for a good cause. IT skills are needed in many places that you don’t have, and giving back to your community is a good way to gain experience while also helping others.

Soft Skill

How far you will be able to go in the Cybersecurity industry is not just limited to the technical knowledge you have. Soft skills are essential to be successful. Who you know plays a big role in getting jobs and internships. Take advantage of your time in college. Join organizations aligned with your career path and network with those people. If there aren’t any, then make your own! I’ve recently joined a Cybersecurity group with students and professionals, and everyday people are sharing amazing opportunities, advice, and free resources. Another great place to network is LinkedIn.

Thinking about getting into Penetration Testing? Search people with that job title and send them a connection request along with a message saying that you’re a student looking to get into the field and want to know how they got to the position they’re in. This may seem straightforward, especially if you’re an introvert. Still, Cybersecurity is a very collaborative and new field, so many people are very eager to help students who are looking for a foot in.

Conclusion

No shortcut or secret will guarantee you will be successful. You need to be willing to put in the work and become your greatest teacher. You won’t learn everything you need to know through just your classes alone. Everyone has their own journey but most start with developing a passion for technology, and if you don’t have that, you will have difficulty in this field and quickly burn out. Technology is always changing, and working in Cybersecurity, and you will need to change with it constantly learning new skills and strategies. At some points in your learning journey, you may feel overwhelmed by all of the knowledge out there; I know I do, and that’s normal.

Learning everything shouldn’t be your end goal because that’s just not practical. After gaining foundational knowledge in all the areas of Cybersecurity, choose a path that interests you the most and then specialize. While I listed several things to learn in this article, don’t try and learn them all simultaneously. Choose one thing, get comfortable with it, then move on.

I hope I could provide some insight and motivation in this article, and feel free to comment or contact me with questions. Also, feel free to pass this on to someone who could benefit from this information.