Starting Your Cybersecurity Career

Cybersecurity as part of an overall Information Systems environment has existed for many years, but recent cyber-attacks have forced companies of all sizes to focus on cybersecurity to enhance security, protect sensitive customer and employee data, and to prevent damage to their corporate brand. Maybe you are looking to jump into a cybersecurity career? I have some basic tips to help you make the leap to a rewarding career in cybersecurity.

  1. Skills – A company only wants to hire the best employees, usually for the lowest wage possible. Your salary is usually based on your skills, experience, and the local market. If you haven’t got any relevant experience, and you can’t demonstrate relevant skills, you may never get a cybersecurity job and you’ll definitely be underpaid if you do get a job. The best way to demonstrate skills without experience is an industry recognized certification. While having a degree in cybersecurity will open some doors, an EC-Council Certified Ethical Hacker (CEH), CompTIA Security+, or many other certifications will help demonstrate you have the knowledge and skills to tackle the complexities of cybersecurity. Look at job postings to see what types of certifications are needed or common for the type of job you want to pursue. You can get a free certification called Certified in Cybersecurity from (ISC)², the same cybersecurity professional organization known for the popular CISSP certification. Just sign up as an (ISC)² Candidate. When you’re ready to sit for the exam, you can find your exam promo code on the Candidates benefits page. Please note that you may only use the exam promo code once. To register for your exam at a Pearson VUE test center, visit
  2. Experience – This can be the most difficult thing for a beginner to accomplish. How can you be expected to gain experience if you can’t get a job without experience? You can try internships, a part-time job, freelancing for a few friends or associates, volunteering at a local non-profit, or complete Capture-the-Flag (CTF) challenges. These are all great ways to gain hands-on experience in cybersecurity, maybe without giving up your normal job. These initial experiences will not only help you determine if this career is right for your personality and lifestyle, but it will also build your skills and experience to enhance your resume.
  3. Awareness – Most of what is happening in cybersecurity isn’t mainstream news. You need to follow some basic industry news sites (,,, etc.) to learn about new attack methods, attend cybersecurity conferences to listen to experts and vendors, participate in free webinars to learn new skills, and join online or local communities to meet your future coworkers. These relationships and information are usually free (or low-cost) ways to stay informed about emerging threats, hacking tools, and industry best practices in the field. Being a well-informed cybersecurity professional adds value to your portfolio and can attract interest from an organization during an interview.
  4. Relationships – By networking and building professional relationships, you can create a strong professional network that can possibly offer you mentorships, job referrals, information about recent job posting, or just someone to talk to when you need a pep talk.
  5. Attitude – You’ll probably meet a few people who still think of security professionals as teenagers living in their parent’s basement trying to hack into the Pentagon or the local video game store. You’ll need to demonstrate your professionalism in actions and appearance. Cybersecurity professionals have access to critical and sensitive business information, so you’ll need to demonstrate you can handle that responsibility with the highest standards of conduct, ethical behavior, and professional demeanor. This includes while at a job interview, attending a conference, and while talking to colleagues or friends. Don’t give anyone a reason to second-guess the opportunity to recommend you for a job.
  6. Focus – Learn everything you can and stay focused on the prize. Don’t take half steps toward getting that dream job in cybersecurity. There are entry-level jobs out there, you just need to be persistent and patient to find the hiring manager willing to give you a chance. The more you know, the more you’ll find out how much you don’t know about cybersecurity. Accept your limitations and lean into finding an entry-level position. Stay curious and accept you have a ton to learn, but demonstrate a willingness and ability to learn.

These are the basic building blocks to finding a rewarding career in cybersecurity. Some people find it easy and get an entry-level job a few weeks into their job search, while others can spend months without any luck. It doesn’t mean you are doing something wrong. Stay positive and focused and you’ll eventually find success.

Lessons Learned by CISM Exam

I decided to take the ISACA Certified Information Security Manager exam earlier this year. I joined ISACA and signed up for the exam. They offered some complimentary group study at my local chapter, and they even sell an exam guide book (“CISM Review Manual” currently priced at $105) to help you study.

What I thought going into this exercise is I have been doing this job for more than 10 years, and I should know everything on the exam without much studying. Once I started studying, I determined there was a few areas that I had an answer, but my answer didn’t always match the answer required to pass the test.

I started studying the material from ISACA to make sure I knew their answers, and after a few months I was ready to take the exam. My real concern is I didn’t want to be over-confident and sit for the exam before I was sure I could easily pass the exam based on the material in the book.

I sat for the exam and I passed! There were a few questions on the exam that I was unable to come up with a good answer for the questions asked, primarily because I just couldn’t connect the question to any one of the answers provided. I eventually decided to pick something for those 8-10 questions and finish the exam. I guess I may never know what the correct answers for those questions might be, and I don’t remember seeing those questions in the CISM manual.


  1. You are never as smart as you think you are – That is really the value of certification exams. Having a certification doesn’t mean you are smart; it just means you have studied enough to correctly answer the questions on the exam. It forces you to study material you may not have looked into before, spend time reading that material and committing it to memory, and have enough memory to correctly recall those nuggets of information several months later. I’m not too proud to admit I learned some new ideas and concepts, and I enjoy learning new things.
  2. Experience doesn’t equal expertise – Just because you have been doing something for a long time doesn’t mean you know everything there is to know about a subject. I see it all the time with technical positions were people do the same task the same way for several years and they assume they are experts, and they are unaware that their methods have been replaced with new and better practices many years ago. They have been doing it wrong for years and didn’t know any better, mostly because they have stopped learning. Don’t be that person.
  3. Align Information Security Governance with Business Objectives – I was taught to think of security requirements as something that a business must do to secure their systems, but actually it is just a business concept to help make the business more money. If a security control costs more than the worth perceived by the business, it shouldn’t be implemented. Think of all the businesses that refused to secure their networks and got ransomware. They may have perceived the increased security cost as more than it was worth to the business, or cybersecurity professionals did a poor job of explaining the risk. They probably changed their minds after the breach, but hindsight is 20/20.
  4. Measure Success – How do you know if the network, endpoints, and applications are safer after the change than before you make a security change? You have to measure the before and after security, and determine what measurements make sense to your business so you can continuously measure security. It can be different for each business, but one metric might be how long it takes between the time a vulnerability is detected and when it is remediated. Obviously, the shorter time is better, but you have to measure these relevant values and report to management if the measurements are getting better over time.
  5. Leverage Skill – Knowledge is power, and that can be translated into money. Don’t undervalue your worth and if your company doesn’t acknowledge your worth, find a new job. A CISM certification can help you get that next job at a company that values your knowledge and expertise.

I guess some of these lessons I didn’t have to take a test to learn, but we all learn in our own way.

You can find out more about certifications, including the ISACA CISM, here.


CISSP vs. CISM Certification – Which is best for me?

Now is a perfect time to be certified, and why not choose to be CISM or CISSP certified? With so many people working from home, you may have some extra time on your hands to study for a certification exam instead of being stuck in a long commute, so why not select a cybersecurity certification to study for in 2021. Recent reports indicate with a near zero unemployment rate for cybersecurity professionals there may be more open positions than qualified candidates.

CISM and CISSP are two of the most highly requested certifications for cybersecurity practitioners, but the requirements for certification aren’t insignificant. They both require a significant investment of time to learn everything covered in the exam, and over $700 just to sit for the exam. Let’s take a look at the requirements for both certifications to help you make the correct decision on which exam you should take in 2021.

Continue reading “CISSP vs. CISM Certification – Which is best for me?”

10 Certification Exam Tips and Tricks

1. Know The Exam Before The Exam

Each entity will have an official exam page for your certification that details the audience, level of expertise required, and a summary of the material you will be required to demonstrate familiarity. Make sure you read the overview of the test, meet the required prerequisites, download any available study materials, and read all available details provided to make sure you know exactly what is expected for you to prepare for the exam.

Also make sure you understand the format of the exam, which can vary from multiple choice, essay, real-world scenarios, and extensive labs. If you are expecting multiple choice and are confronted with two hours of lab work, you might find that you have not studied the correct material to pass the certification exam.

2. Single Cram Sessions Don’t Work

No matter how smart you think you are, you will probably need to study the material included on the exam. Very few people can show up on exam day and pass with little or no preparation. The idea is to know what is on the test, and study to pass the exam. Knowing the material and knowing what you need to pass the exam could be two different things.

Without actual hands-on practice, it’s very difficult for anyone to pass a certification exam on your first attempt.

3. Instructor Training is Tops

Most people still see instructor-led training courses as the very best way to learn the material required to become certified. Formal training centers will provide experts to give you the training you require to pass the exam, but that training will also be the most structured and expensive. These experts can make sure they alter their training to meet your needs as tests evolve or the training material changes. It may also be the best format for asking technical questions or to get one-on-one help.

Printed study guides or a pre-recorded video may not be as updated or dynamic as a live instructor, but they can also be a good resource if you already know most of the material or just need a refresher on the material covered in the exam. If you have questions or concerns about the printed guide or a segment of the video, there also may be no way to get your questions answered.

Another study method might be a friend or co-worked you also wants to take the exam, or maybe has already passed the exam and is willing to study with you on this journey. The both of you together may be better prepared to work though any questions and help support each other to successfully pass the exam.

4. Certification Boot Camps

If you have never worked with the technology covered by the exam, or are new to technology in general, you may want to attend a Boot Camp. These are immersive week-long training sessions intended to take you through all the required material to move you from zero to hero in one short week. Most are instructor led full day classes that often guarantee you will pass the course at the end of the long week.

Th method can be a more expensive solution to certification training, but the reward is quickly moving through the material to pass the exam in just 5 long days of intensive studying.

5. Free Can Be Good

You should seek out free resources to help you study. If you search the internet, you will find free material on just about any topic, some of it will be really good.

Watching a few free videos online or checking out a book from your local library can be a great way to get a feel for the material on the exam to help you determine if you need formal training or just a refresher. Online practice tests or sample review questions can help you determine if you have the appropriate level of experience and knowledge to pass the exam.

You also have to accept that you may also get your moneys worth. Free isn’t always great. Validate the material to make sure you have discovered a quality resource and never assume you are getting great material for free without checking how accurate and appropriate the material is for your testing needs.

Articles, blogs, white papers, and videos can also help fill in missing information and complement your training.

6. Experience Is King

The very best way to pass a certification exam is to really know the material, and the very best way to really know the material is to have some real experience using the technology covered in the exam. Training can be a great way to learn about something, but to truly become an expert you need to use the technology.

Most platforms offer free trials that allow you several hours of free access to get your hands dirty and to really use the platform or tool that you have heard about in the classroom or read about in a training guide. Take a look to see if you qualify for a free account at AWSGCP and Microsoft Azure. Other vendors also offer free access to their tools, so don’t be afraid to ask for a free account.

7. Certification Guides

A printed certification guide can provide everything you need to know about a certification, including exam requirements, course recommendations, details on how it might impact your career, next steps in your certification journey, and additional information around how other training or certifications fit into your chosen career path. These books can be considered complete guides and can be referenced throughout the entire certification process and even later as reference material months or years after you have passed the exam.

Always seek out the training material from the vendor before you assume you need to buy a third-party study guide. If you can read the vendor’s online material and learn everything you need to know, why pay for a book?

8. Know How to Take The Exam

Once you are confident you know the technical material, you must also study the exam. You need to understand how to take the exam before you take the exam. You need to understand who offers the exam, how long do they give you to complete the exam, what must you bring with you to the exam center, what items are prohibited at the testing center, how is the test structured, how is the test scored, etc.?

Don’t just schedule the exam and hope everything will be fine. Knowing everything having to do with how to take the exam is half the battle.

9. Exam Day Tips

After you have jammed all the new technical knowledge into your brain, you know exactly how to take the test, and you have the test schedule you need to prepare yourself on the day of testing to maximize your success. You need to remove all the distractions so you can focus on the exam. Clear your calendar of any meetings or other commitments a couple of hours before and a couple of hours after the scheduled exam. You don’t want to feel rushed because you have an important meeting just before or just after a very important test. Be prepared to take the full time allowed to complete the exam. You are not awarded any extra points for finishing early. Make sure you review the entire test, if possible, to make sure you doublecheck your work and to verify you have answered all the questions possible. Don’t change any answers unless you are absolutely positive your first answer is incorrect. Trust your initial instincts.

10. You Won’t Be Perfect

When taking the exam, you won’t know all the answers and you will get some answers wrong, but that is fine. As long as you know enough to pass, you are still certified. A certification is an indication to your boss, co-workers, friends, and future employers that you possess a certain valued skillset and that you were willing to put in the hours of work it takes to pass a certification exam.

Path Towards Certification

If you are an IT professional interested in network security, a certification can be helpful in demonstrating your commitment to the subject matter, regardless of your work experience. In this article by hackingloops, we get some advice on which certification you might need to look at based on the direction of your career and interests.

To succeed in any I.T. discipline, there’s three main things you need: a degree, certifications, and experience. And of those three qualifications, experience reigns king. That said, degrees and certifications certainly have their importance on a resume as well. The problem is that some young go-getters think that college degrees and certifications will propel them to the front of the job-hunting pack, and instantly gratify them with a high salary.

But that isn’t the case, because you need all three factors in order to secure a high paying job. A college degree will certainly help you qualify for better positions, whether you are studying for a Bachelors Degree or a Masters Degree. If you have the time and energy during your studies at a college or university, it would be highly advantageous for you to get a few entry level certifications under your belt (as we’ll discuss next).

If you can land an entry level job out of the gate, then the future is going to be a lot easier, because you’ll have your foot in the door and can start building up the most important qualification: experience. You don’t necessarily need certifications to land an entry level position. However, today’s job market is extremely competitive, and certifications could be the deciding factor between you and another entry level candidate.

Just remember this key distinction: certifications do not guarantee a job position or a salary. Instead, they help show employers that you’re serious enough about your career to pursue certifications on your own and they help validate your knowledge of crucial industry topics and concepts. Nevertheless, now we need to ask ourselves an important question. Where on earth should you begin your certification journey?

  • Comptia A+ – not the most impressive certification, but a great place for newbies with little to no knowledge to start building a foundation of hardware concepts

  • Comptia Security+ – an entry level certification that will help job seekers understand high level security concepts

  • Comptia Network+ – like all Comptia certifications, the Network+ is vendor neutral and serves as an introduction to networking design, operating, configuration, and more

  • Comptia Linux+ – any competent hacker or penetration tester is going to need to know their way around Linux systems, and this cert offers introductory and foundational knowledge regarding the wide world of Linux

  • Entry Level LPI Certifications – there are many various Linux Professional Institute certifications, and they’ll look good on your resume if you need to use network mapping tools, vulnerability scanners, and similar tools from a Linux command line in real world scenarios

  • Cisco CCNA – The CCNA is typically more highly regarded than the Comptia certifications, and serves as the first stepping stone to other Cisco certifications

  • CEH – the Certified Ethical Hacker certification is a great way for future penetration testers to build their skills, though it is a little more challenging than the Comptia examinations

25 Top Paying IT Certifications

If you are thinking about obtaining an IT certification, you might be interested in a recent survey conducted by Global Knowledge and Windows IT Pro in the fall of 2014. They looked at those certifications that helped the employee get the most salary possible. You can get the details of the survey by John Hales here, but the summary is:

  1. Certified in Risk and Information Systems Control (CRISC) – $119,227
  2. Certified Information Security Manager (CISM) – $118,348
  3. Certified Information Systems Security Professional (CISSP) – $110,603
  4. Project Management Professional (PMP®) – $109,405
  5. Certified Information Systems Auditor (CISA) – $106,181
  6. Certified ScrumMaster – $101,729
  7. Cisco Certified Design Associate (CCDA) – $99,701
  8. Citrix Certified Professional – Virtualization (CCP-V) – $97,998
  9. Cisco Certified Network Professional (CCNP) Routing and Switching – $97,038
  10. Juniper Networks Certified Internet Associate – Junos (JNCIA-Junos)- $96,734
  11. Microsoft Certified Systems Engineer (MCSE) – $96,198
  12. ITIL v3 Foundation – $95,434
  13. Certified Ethical Hacker (CEH) – $95,155
  14. VMware Certified Professional – Data Center Virtualization (VCP-DCV) – $94,181
  15. Certified Novell Engineer (CNE) – $93,856
  16. Citrix Certified Advanced Administrator (CCAA) for XenApp 6 – $93,831
  17. Citrix Certified Enterprise Engineer (CCEE) – $93,662
  18. Citrix Certified Associate – Virtualization (CCA-V) – $93,437
  19. Citrix Certified Administrator (CCA) for Citrix XenServer 6 – $92,695
  20. CCA for Citrix XenDesktop 6 – $92,411
  21. Microsoft Certified IT Professional (MCITP): Enterprise Administrator – $92,252
  22. CCA for Citrix XenApp 6 – $91,069
  23. Red Hat Certified System Administrator (RHCSA) – $89,427
  24. Certified Novell Administrator (CNA) – $89,018
  25. Microsoft Certified Systems Administrator (MCSA) – $87,667

SQL Server Certification Changes

Unlike the tradition where Microsoft launches a new certification to reflect a new technology launch, Microsoft had announced a few months ago that there are no plans to launch a separate MCSA for SQL Server 2014. There are no changes to the the current certification for SQL Server 2012, which is the MCSA: SQL Server 2012 certification. The curriculum and associated exams (70-461, 70-462, 70-463) remain unaffected by the launch of the new SQL Server 2014 platform last April. The credential will continue as the prerequisite to the MCSE: Data Platform and MCSE: Business Intelligence certifications.

You can find more details on Microsoft certification here.

SQL Server Training

Stay current on Microsoft SQL Server through a variety of resources, technical trainings, and Microsoft certifications. In any economy, it’s vital to make yourself more marketable by developing your skills. Add real value to your professional development at any stage of your career with Microsoft SQL Server training and certifications. Inspire customer and employer confidence by earning industry-recognized Microsoft certifications. Strengthen technical skills and knowledge, and distinguish yourself among peers.

The impact of certification in the workplace

  • 66% of managers believe that certifications improve the service and support given to IT customers
  • 75% of managers believe that certifications are important to team performance
  • 40% of workers report that Microsoft certifications helped them find a job or led to a promotion

Earn your MCSE on the Microsoft data platform to help train and qualify to become a database analyst or a database engineer. Schedule your first course today.

  • Course 20461C: Querying Microsoft SQL Server
  • Course 20462C: Administering Microsoft SQL Server Databases
  • Course 20463C: Implementing a Data Warehouse with Microsoft SQL Server
  • Course 20464C: Developing Microsoft SQL Server 2014 Databases
  • Course 20465C: Designing a Data Solution with Microsoft SQL Server 2014
  • Course 20466C: Implementing Data Models and Reports with Microsoft SQL Server
  • Course 20467C: Designing Self-Service Business Intelligence and Big Data Solutions



Implementing a Data Warehouse with SQL Server

Microsoft offers basic video-based training for SQL Server certification on their training site, Microsoft Virtual Academy. If you are a SQL Server professional looking to expand your understanding of SQL Server 2012 data warehousing concepts and implementation, or maybe you are preparing for Exam 70-463, you should watch this free video.

The 6 Modules:

  1. Design and Implement Dimensions and Fact Tables
  2. Data Flow – Extract Data
  3. Data Flow – Transform Data
  4. Control Flow
  5. Configure and Deploy SSIS
  6. Manage Enterprise Data

This level 200 course is valued at 72 Total Points.

%d bloggers like this: