Why I Chose Cybersecurity vs Networking
Exclaimer - the following are just my opinions/experiences and how I saw the two fields at the time I made my decisions.
How I got into networking
Right after high school, same as a lot of other people my age I imagine, I didn’t really know what to do with my life. Going to university didn’t really seem like a viable option, as getting a bachelor’s degree (even though it was probably going to be in a technical specialty) looked to me like a great way to waste 4 years of my life. The way I see it, even now after 6+ years of being in the work force, a degree doesn’t appear to have a huge effect on the average salary (keep in mind this is in an Easter European country where salaries are amongst the lowest in the EU).
Luckily I had a friend who’d started working for a company that provided voice technical support for ISP customers. He offered to refer me for the project he was working at and after some fiddling around with the EuropassCV template, and two in-person interviews I was hired for my first ever role in tech (IT?). After a few months of troubleshooting wifi issues, re-learning the billing system multiple times, and witnessing the most bizarre home setups, a spot opened on the highly-coveted “engineer support” team. In order to prepare for the upcoming interview I received a lot of help and resources from my back-then team lead. The resources included the OSI (Open Systems Interconnection) model, TCP/IP protocol suite information, DNS and subnetting. I must’ve done good, or at least better than other candidates, as in one or two weeks I got the “tap on the shoulder” and an invitation to discuss “an offer I can’t refuse” :D.
Over the next 2+ years I would dive into the networking “rabbit hole” and gain a lot more experience and better understanding of the core concepts. It also helped that most of my colleagues, in the relatively small team of no more than 10 people, had been working there for 5+ years and were willing to answer the multitude of questions I’ve had during my time there. I also had the pleasure of meeting people from other teams that shared the same passion for networking and technology I was starting to develop. At the end of my tenure I knew that I wanted to work in the networking field, so I brushed up my CV and started looking at job websites. My next roles were as Network Security Engineer tiers 1 and 2, which was probably the time I learned the most about network devices (routers, switches, firewalls, web application firewalls, VPN concentrators, proxies, etc.), UNIX/Windows servers, ITSM processes and network connectivity troubleshooting.
How I got into cybersecurity
During the years I had to watch tech content creators on YouTube, some of which were also uploading videos of something I’d never heard of before - Capture The Flag (CTF) challenges. A huge shout out to Gynvael for his videos. Him being able to explain how things work, what his thought process is while solving a challenge, really gave me something to aspire to - “I want to be like this guy”, if not better xd.
From my research into what was required to get an entry-level jobs in security there seemed to be an overwhelming majority of opinions that knowledge of networking was very valuable. And I think it really is - understanding how computers communicate, has probably helped me the most through my studies. It’s been very helpful to be able to build off of that base knowledge I already had.
After coming to the realization that cybersecurity is the field I really want to work in, I started looking for entry(ish)-level jobs. Fortunately, at the same time as I was looking for a job, the job market in my country had started feeling the need for security people, thus there were options.
I was invited for an interview at two companies, one had a very boilerplate “get to know you”, followed by a “technical” type of multi-stage interview process.
The other company had a single interview in which I met the SOC manager, we went over some technical questions, after which he explained the next part of the interview - a hands-on task to find the answer to questions, split into Windows and Linux questions. The questions themselves were basic “when did X event happen” or “can you find the Y file name” for a period of 1 hour (I think). You had the choice of picking your SIEM - Elastic or Splunk. I had some experience with the ELK stack due to a Linux course I’d attended some time ago, but I decided to go with Splunk. I remember thinking to myself, “I’ll probably not get another chance to use it again, so why not” (little did I know I’ll be living inside of it ever since :D). I think I managed to provide an answer to almost all the questions.
Eventually I received an offer from both places. The way I decided which one to join, in my eyes, was very simple - the company with the practical task had absolutely grabbed my attention. I don’t think I’ve had another interview as enjoyable as that one until this point.
Conclusion
Fast forward to nowadays - it’s been around 2 years and going into security was probably the best choice I could’ve made career-wise (obligatory your mileage may vary). The field is extremely diverse in the areas of knowledge you can deep dive in, it’s very dynamic/fast-paced (just look at infosec twitter) and it’s full of ways you can set goals to improve upon yourself.
I’m looking forward to focusing on programming, reverse engineering and malware analysis, as those topics seem the most interesting to me.
P.S.
To my manager at my first SOC team, which had the practical task in a SIEM, who also told me and my teammates that he would make us world-class security professionals - I didn’t believe you back then, but man was I wrong :)