Can Cybersecurity be self-taught

Author: Gary Hibberd

Date: 11 June 2020

Almost daily, I meet people who tell me that their child is looking for a career in Cybersecurity, or they’re interested in the topic. Invariably they ask, “How should they go about starting? Can this be self-taught?” This led me to consider how I began and how we should nurture the next generation of Cybersecurity professionals.

Can Cybersecurity be self-taught, or is there a formal process that should be followed? The short answer is; It requires both.

My early career

When I began in Cybersecurity, there was no profession to speak of. Certainly nothing like the levels of professionalism there is now, or the number of materials and courses available. Of course, this was 35 years ago, so things were very different. 

I discovered my passion for computers entirely by chance after watching the film ‘War Games’. A movie about a young hacker who almost starts world war three by ‘playing a game’ (no spoilers). The film ignited an interest in a world few understood, about a technology that was clearly going to be impactful. It was geeky, different and slightly mysterious. From the age of 15, I was hooked.

At the time there were no courses on Cybersecurity, and the best I could hope for was to pour myself into the books the local library had to offer. So I sat quietly with a pen, a note pad and books on programming languages COBOL, FORTRAN and PASCAL. I wrote code that I had no idea would work or not, into notebooks. But I loved it.

It was from this platform that I began to teach myself all aspects of computing. I understood one fundamental thing; I had to start with the basics and build my knowledge.

From learning these languages, I then moved on to building my own PCs at home. First offering to try and fix broken computers at the company I worked for and then building PCs from scratch. In the early days, I broke more than I fixed! But I kept on learning.

Cybersecurity as a Profession

Fast forward to today, and the Cybersecurity industry has become a profession. There are countless books, courses and university courses you can attend. The route into this profession is as broad and varied, as the profession itself. 

But I firmly believe that while there are formal courses and university degrees for people to attend, the best Cybersecurity professionals I know are committed to a life of self-discovery and continual learning. Self-taught by definition, means having acquired knowledge or skill on one’s own initiative rather than through formal instruction or training. 

When starting out in this career, I began by reading all I could find in the library, on the topic. Today the library has turned into Google, and I’m building my own personal library of reference material as I consume at least two books per month on a broad range of Cyber related material.

Can Cybersecurity be self-taught?

The simple answer is yes. Some of the best Pen Testers I know have formalised their knowledge by attending formal classes and courses, but they fundamentally were self-taught. They found something they loved doing, and kept learning about it. That’s how I started, some 35 years ago and I see no difference in the professionals I speak to, today.

Where should someone start in Cybersecurity?

Start with why. Why do you want to go into this career? What is it that you’re most interested in?

– Is analysing and finding flaws in systems your thing?

– Do you enjoy breaking codes?

– Do you enjoy creating or designing secure networks?

– Do you enjoy security frameworks and governance?

– Do you enjoy writing code?

The answers to some of these questions will tell you if you’re interested in a career in digital, or in Cybersecurity (they are two different things).

But if you’re interested in Cybersecurity, then you should start with the basics, and be willing to put some effort into self-development. This can mean buying books on the topic or putting yourself through some online courses, of which there are plenty to choose from (some free, and some at a small cost).

Conclusion

I believe the best Penetration Testers, the best Consultants, the best Cybersecurity Professionals all have a passion for learning and self-development. Formal education and classrooms can only take you so far in this profession, but what really matters is that the person has a drive for self-development and learning.

Our digital universe is continually changing and developing, in new, exciting and slightly terrifying ways! Only through continuous learning and improving our knowledge through self-development will we be able to call ourselves Cybersecurity professionals.

If I had stopped reading, or learning about programming languages with COBOL, FORTRAN and PASCAL, then I would be as obsolete as them, by now. I understood pretty quickly that ‘self-taught’ meant developing myself constantly.

I believe Cybersecurity can be self-taught. In fact, I believe it’s mandatory.