Daute Delgado is a Lead Instructor at Ironhack and security engineer with a background focused on large infrastructures, in charge of deployments and team management for success with different clients. With a considerable number of graduates, his all-star instruction leads to a high percentage of employability in the sector during the first months after graduation.
Cybersecurity Myths and Misconceptions
Only big companies need cybersecurity: hackers don’t go for small/medium sized companies
When we think of cybersecurity, we typically relate it to large companies. But medium and small companies are the most frequently attacked for a simple reason: crackers know that they lack cybersecurity in a high percentage of cases. That is why attacks on this type of company are common, on the rise, and have been increasing after the pandemic. On the other hand, more and more companies are betting on cybersecurity; different companies in the sector have focused on this kind of companies through shared services (SOC - Security Operations Center) and adjusted their budget to their infrastructure.
Cybersecurity is really complicated: you need to be a tech genius!
No one can really know everything in any industry. It is true that in cybersecurity, we choose different paths to specialize in and this is where the role we want to play in our career comes into play: pentester, security analyst, engineer, infrastructure specialist. We certainly don't have to be geniuses, but we do have to study during our day to day in this field: keep gaining certifications, stay up to date with different actors, use different security tools and quickly get used to a sector where changes are common and every day is different.
There aren’t a lot of jobs in cybersecurity
There are no secrets here and we have data: too many professionals are lacking and, as we mentioned earlier, there is also a lack of qualified professionals for different actions within the different teams. Although the numbers keep growing, employees are specialized in these different branches. If I hire a member for the incident response team, he is not an expert in architecture and is dedicated to incident response; if I hire an expert in architecture, he is not a specialist in SIEM (Security information and event management). This is why there is such a lack of talent, because the different specialties make up a wide range of our work; as we said before, we can't know everything. In cybersecurity, we multitask!
It’s hard to grow in a cybersecurity career
This is a simple equation to solve: work + study + keep up to date is the key point to be able to advance in cybersecurity from my point of view. In addition to this, if you want to be successful, you must have the necessary soft skills such as communication with customers and your own team, knowing how to deal with different situations that you probably don't like. But it's the key to success. Adapt and advance without rushing; let's remember that the first cybersecurity vacancy was offered in the 90s. In addition, we have other departments where we are needed beyond technical cybersecurity: sales, management, strategy and more. How can it be difficult to grow in today's market?
Cybersecurity jobs are really boring, they’re only exciting when there’s a big attack you have to deal with
It is easy to make the assumption that cybersecurity equals incident; however, this is the part we probably deal with the least in the industry. Yes, we get a lot of alerts every day, but alerts do not equal incidents. And during all those hours that we analyze alerts, improve infrastructures, train teams, and investigate potential threats to the industry, among many other actions, we dedicate many hours to passive security. Passive security tries to try to minimize risks, while active security is the response to an incident, broadly speaking.
You have to be young to work in cybersecurity. If you’re older than 30, you’ll stick out like a sore thumb!
In our bootcamps and in mine especially, I have had students ranging from 18 to much older: it's never too late for a career change. Cybersecurity is about a passion for knowledge of the internet and everything around it; we all speak the same language here. I think age is just a number and remote work has opened doors for that: professionals from all over the world can join different companies and teams without having to move, relocate, or adapt to new cities. This has opened up a whole world for us today and everyone can join this movement.
You have to go back to college if you want to get started in cybersecurity
Everyone can decide how to train to enter the world of cybersecurity; there is no discussion there. There is also no doubt about the job opportunities that Ironhack alumni have during the first months following the bootcamp, nor that our work model is one of the most demanding and that is one of the added values we have. Simply put, investing in education (and travel!) is the best investment you can make in your life. I'm not going to tell you how we do it inside Ironhack because I invite you to experience it first hand. Once you've done that, come back to this article and underline everything I've told you.
Ready to check it out? In just 12 or 26 weeks, your career as a cybersecurity professional could be taking off. Check out our bootcamp here and get started on your cybersecurity career.