CYBERSECURITY

LEARNING
SATURDAY

What it takes to
Start a Career in Information Security
Information security career paths, foundational skills, and how to
start your career in this growing field

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

 CYBERSECURITY

Agenda
LEARNING
SATURDAY

1. Introduction
2. Why get into security career?
3. Career paths
4. Skills, Education, Certification
5. Where to start

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

Why and how to CYBERSECURITY
LEARNING

Choose information security career

SATURDAY

• Why Cybersecurity Career?

a. Skills shortage on global level
b. One of the highest paying jobs
c. Ever changing field
d. Needs continuous skills development keeping it interesting

• How and Where to Start?

a. Understand and select a career path
b. Develop essential skills
c. Get a certification
d. Build an execution plan

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

 CYBERSECURITY

InfoSec Career Stages

LEARNING
SATURDAY

Entry Level Mid Career Senior Level Executive

● Vulnerability
Management ● Security engineer ● Security architect ● Security director
● SOC Analyst 1 ● Risk analyst ● Infosec manager ● Chief Information
● Security ● Cloud security ● SOC manager Security Officer
Administrator engineer (CISO)
● Compliance ● Penetration tester, ● VP of Security or
Associate red team compliance
● Senior SOC analysts

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

Understand and select a path CYBERSECURITY
LEARNING

Information Security Career Paths

SATURDAY

1. Security administration (firewalls, IPS, other technologies, identity and

access management)
2. Risk management (governance, audit, compliance, PCI, SOX)
3. Threat management (SOC analysts, incident responder, forensic
investigations, vulnerability management, penetration testing,
assessments, application security testing)
4. Cloud security – Cloud security administrators, architects
5. Security architecture and engineering
6. Product development and sales - Working with security vendors

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

 CYBERSECURITY
LEARNING
SATURDAY

Key Advice
For early in career professionals in Cybersecurity, it is
important to be known as an expert in at least one
area of the profession.

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

Understand and select a path CYBERSECURITY
LEARNING

Information Security Leadership Paths

SATURDAY

• Leadership paths require business skills and include, but not

limited to the following:
• SOC Managers
• Compliance Managers, Directors
• Business Information Security Officers (BISO)
• Chief Information Security Officer (CISO)

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

Get ready and develop skills CYBERSECURITY
LEARNING

Essential Skills Required for InfoSec

SATURDAY

1. Foundational information security principles (e.g. CIA triad, least

privileges, need to know, defense in depth, etc.)
2. Operating Systems and Cloud - Linux/Unix and Windows
3. Networking and application protocols
• Very good knowledge of TCP/IP, DNS, HTTP, SMTP, SSH etc. Hands on
practice for routers and switches, packet capture, nmap, curl, etc.
4. Programming (at least basic level)
• Shell scripting, Python, C would be great to know, understand how web
applications are built, HTML, JavaScript, SQL/Databases
5. Encryption technologies - PKI concepts, TLS

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

 CYBERSECURITY

Bridging the “Soft Skills” Gap

LEARNING
SATURDAY

The 2022 ISACA Report on State of

Cybersecurity explored skills gaps among
Cybersecurity professionals. The biggest skill gap
identified in the report is “Soft skills”. Some
examples included “communications, flexibility,
leadership”*.
Lack of business acumen, poor
communication, low attention to user
experience are some other factors causing
brand damage of otherwise very skilled
security teams.
SISARGO Institute is starting an initiative to
“create a body of knowledge” and “business
skills development” program to bridge this gap.

Copyright © 2020-22 SISARGO INSTITUTE – Proprietary, all rights reserved

Essential Business Skills for all InfoSec CYBERSECURITY
LEARNING
SATURDAY

Career Paths
1. Human Experience - Impact of security controls on human
experience, NPI score and why it matters for security
2. Written and verbal communications - Communicating risk, solution
alternatives, business value
3. Business Terminology - Understanding of basic business terms
4. Business Acumen - creating business cases, people management,
collaboration, conflicting requirements of business and security,
connection of Cybersecurity and business outcomes, getting things
done
5. Leadership and influencing
Copyright © 2020-22 SISARGO INSTITUTE – Proprietary, all rights reserved
Get certified to build credibility CYBERSECURITY
LEARNING

Information Security Certifications

SATURDAY

• Vendor-neutral certifications
• (ISC)2 – CISSP, CCSP
• ISACA – CISM, CISA, CRISC
• Cloud Security Alliance (CCSK)
• Certified Ethical Hacker (CEH)
• CompTIA Security+
• Linux Foundation certifications
• EC-Council Computer Hacking Forensic Investigator C|HFI
• Vendor-specific certifications
• Security vendors (Cisco, Palo Alto)
• IaaS Cloud vendors (AWS, Microsoft, Google)
• CCNA Security
• Others based upon your interest and chosen area of specialization

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

Make a plan CYBERSECURITY
LEARNING

Where to Start?
SATURDAY

1. Build a plan for a particular career path

2. See what you can do in your current job, opportunity to learn and
apply skills
• Many people are able to switch to security from other career paths at their work.
3. Start building skills, pursue people network
4. Decide a certification you want to pursue
5. Use Coursera (or other similar options) and find some free courses
6. Install VirtualBox and Kali Linux. Start using Kali Linux tutorials

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

 CYBERSECURITY

Thank You!
LEARNING
SATURDAY

What can you do?

● Join Cybersecurity Learning Saturday LinkedIn Page and LinkedIn
Group at this URL
https://www.linkedin.com/company/cybersecurity-learning-saturday
● Volunteer as a Speaker for Learning Saturday Program
● Become an ambassador to help other advance in their careers

How to contact me?

● Follow me on Twitter (or DM): @rafeeq_rehman
● Subscribe to my personal blog: https://rafeeqrehman.com
● Follow me on LinkedIn: https://www.linkedin.com/in/rafeeq/

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

 CYBERSECURITY

What is Cybersecurity Learning Saturday?

LEARNING
SATURDAY

● This is a learning network supported by volunteers

● Instructor-led and live online training sessions are held on Saturdays
● Diverse topics
● Have something to offer? You can volunteer to be a trainer
● Join Cybersecurity Learning Saturday LinkedIn Group -
https://www.linkedin.com/groups/8988689/
● Follow LinkedIn Page
https://www.linkedin.com/company/cybersecurity-learning-saturday

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

 CYBERSECURITY

About the presenter

LEARNING
SATURDAY

Based in Columbus OH, Rafeeq Rehman worked in various industries including

telecom, manufacturing, retail, and insurance/financial services building information
security programs. In addition to numerous security certifications (CISSP, CISM,
CISA, CCSK), Rafeeq also holds M.Sc. degree in Electrical and Computer
Engineering and MBA in Marketing. Rafeeq is author of many books including
Linux/UNIX and Information Security. He frequently writes on his personal blog site
where he publishes CISO MindMap used by many security leaders as an awareness
tool to highlight complexities of a CISO role. As an active member of technology
community, Rafeeq also serves on boards of multiple non-profit organizations.

His latest book, Cybersecurity Arm Wrestling: Winning the perpetual fight against
crime by building a modern Security Operations Center (SOC) is available on
Amazon.

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved

 CYBERSECURITY

Published Books
LEARNING
SATURDAY

Copyright © 2016-23 SISARGO INSTITUTE – Proprietary, all rights reserved