Zero To Cyber Hero: A Non-Techie's Guide To Breaking Into Cybersecurity

you so much hello everyone and welcome to my talk from zero cyber hero a non teist guide to breing cyber security a little background once started this journey before I said in cyber security I was that person that will be scrolling online and I'll see a post with a catchy phrase like you've won a free iPhone or click here to win a free iPhone and I'll click on it enter my personal details because who doesn't like fre stuff until I got that one scam call I used also be that person that had the same password for almost all my accounts but don't worry I've learned a or two since then so you can imagine how

surreal it feels for me to be standing here a lawyer or a former lawyer depending on how you look at it talking about cyber security threat intelligence competitions but that's exactly why I'm here to show you that your path into cyber security might be more possible than you think so a quick first a quick raise of hand if you're looking to go into cyber or you're already on that path like me yeah look around you that's exactly why this conversation matters

sorry will okay okay a quick run through of what my talk will be about I'll be sharing key things that has helped me on this journey and I've also compiled a few resources that I feel will be useful for you on your journey as well that I'll would share at the end of my talk now the big question is why is cyber security looking for you and me CU I'm still on that Journey the 2024 isc2 cyber security Workforce study shows that there has been a 19% Global cyber security Workforce Gap and about 4.8 million cyber security positions to fill now here's the exciting part non-technical backgrounds has a role to play in that as well as another

study shows that despite a majority of cyber Security Professionals having it backgrounds about 23% of those cber Security Professionals started their career originally from a non it field I'm aona Bristol and about 18 months ago I was a lawyer thinking about about where to even begin with cyber security I had about 6 years in my legal experience and here I was thinking about how to begin today I've won cyber security competition I've completed my masters in cyber crime and cyber security I've conducted primary research on AI driven deep fakes I've gotten some work experience in trat intelligence and I started a women cyber security chapter at the University of Sor now the journey between those two

points that's what we're here to talk about I'll say my Turning Point started with that scam call when someone pretending to be my account officer tried to access my account and it was actually quite embarassing and coincidentally I was dealing with a client Bridge issue at work that was really eye openening and that really picked my interest in cyber security Now the first few months of learning cyber security were honestly very overwhelming I remember researching widely on how to to start and I had spoken to a few people some didn't take me seriously obviously but some others actually took me seriously like my sister bless her she one day just sent me a link about an

academy program where they wanted to get people who wanted to study career in cyber security and I applied for it without having any expectations and I was pleasantly surprised when I was among the few select said for that program but here's the challenge I was still working as a lawyer full-time and that program required completing six courses in about two and a half months with project labs and deadlines for the exams you literally had to finish one course before you went on to the next course and those courses ranged from intro cyber security to cyber threat management to Cloud security but that's the thing what I realized was that my legal background wasn't a challenge that analytical

thinking that ability to spot patterns that investigative skills the obligation as a lawyer to protect sensitive information and clients data that is exactly what cyber needs so now think about your current skills the skills that I used daily they translate literally I'll say my experience in analyzing legal cases precedent can easily translate into secret investigations how about writing Court briefs and drafting policies that easily risk and intelligent reports how about client communication we all communicate with clients that's easily security awareness training so if you want to start one key thing I can say is that you need to have a curious mindset that Curiosity alone will lead you and make you want to learn the

fundamentals and that would also take you further to want to gain hands-on experience in cyber security for getting experience there are a few things that I that helped me on my journey that I can share with you one was a competition the other was gaining work experience doing project labs and attending security conferences just like this one the workshops they are really important and they can really help you let me tell you about my first social engineering competition I was terrified here I was a lawyer doing her MC competing against people who have been coding for years and definitely more technical than I was talk about imposter syndrome but something unexpected happened that competition involved

analyzing a a simulated fishing attack conducting investigations using ENT and the Met attack framework um conducting interviews as well with parties and writing client com recommendations at the end of the 3-day competition and my team won not because of technical expertise because we didn't have any but because of something different understanding human behavior and communicating confidently that's literally what social engineering is about this experience made me more confident EV and I started to attend more industry conferences security events networking and it was through one of those conferences that I actually landed a role in threat intelligence a work experience during my MSA through networking and following up actively I remember someone at the conference that I met actually told me

you're putting in the work and that shows a lot and in my mind I was like okay give me an opportunity but he didn't give me an opportunity but those words actually stuck with me and they made me go further to volunteer for more projects I earned my Security Plus certification while doing my dissertation I continueed to apply for internships even though they wouldn't take me but I applied and because one thing I realized that with cyber it's a learning process you have to keep learning and doing things to learn but that's not the only thing that cyber Security offers the beautiful thing about cyber security is that there are so many paths that you can

follow there so many paths that you can go with based on your strengths while I have some experience in threat intelligence and risk compliance based on my past role there are different career paths that you can go with security operations governance and risk management if you've been doing policies and regulations you can easily fall into that part threat intelligence data protection and privacy incident response and the host of all others the UK cyber security Council with website has about 15 cyber paths that you can look out which is a resource that I'm going to share at the end of my talk as well I'll say the key is finding your strength and fitting into one of these

parts but here's the thing I wish someone had told me from the start you don't have to do everything at once you literally need to focus on some key areas for example Core Business knowledge you probably already do that with your current role communication skills we communicate I'm sure you're communica with somebody next to you right now which can is just have to have an analytical mind and you'll be okay security tools Basics you can start small and build up project management you're probably doing that your daily activities as well certification that could be your technical Milestone if you wanted to regulations you can just have a foundation knowledge of IT gdpr professional portfolio I'll say you

really need to document your journey because that would help you when the J when the jobs are not coming along now let me share something else that has also helped me on this journey you see the power of community it's been gamechanging for me it was women in cyber security with this they're a global organization and they promote diversity and inclusivity when I joined them I realized that there were about only six you universities affiliated with them and I decided to start one at the University of Sor and that experience has been really gamechanging for me one of the things I would say that Community does for you mentorship PE learning networking professionals they are very important on

your journey let me share what the power Community has done for me when we had our first event on campus it was the wh UK and Ireland Community that supported us with industry speakers how about the competition I participated in I met my teammates online she's based in the United States and she's been my friend since then how about the conf the conference I attended that I got the TR intelligence work experience it was through my committee I found out about the conference and registered because they were exhibiting at that event there's so many other things that the community can do for you but one other thing is very important every person in cyber remembers what it's like to start

so they're always willing to guide to mentor to help out wherever they can and that's what community can do for you this is why I'm passionate about building these spaces because you know just about knowledge sharing it's about finding your people those who can help you through the tough times those who can share job opportunities for you remember those hands that I raised earlier that's your community right here you can start to build on that literally you might be thinking now what's your next step I'll say just start just start network network network research on different specialization areas and that's how you find where you actually want to be tell all your resume and apply

ambitiously even though you don't take all the boxes put yourself out there because it definitely takes a different kind of skill for nontechnical backgrounds how land the RO in cyber that's the honest truth but it's possible I've gathered a few resources that you can access through this QR code and it can help you in your journey as well I really want to thank the organizers of this event because they've been really helpful and my mentor Ian Davis for guiding me through this presentation what I want to leave with you is the most important part is that your non-technical background is not a barrier it's your unique Advantage so you should always remember that let's connect and conect and

continue this conversation thank you so

much do you have any questions oh hands going up right okay I'll take the mic over to you hi thank you for the talk um I just wanted to ask if your degree is that something that you wanted to do your Master's or is do you feel like that's kind of a stepping stone to learn the job okay for my masters I really wanted to do cyber crime and cyber security I want to do something related cyber crime and cyber security I didn't see any any University that had that except University of sory so that's why it was like my first choice when I researched on what I wanted to do I was quite terrified because I didn't want to do

something just security alone and then C crime kind of like is related to law in in a similar way so it's something I could easily just transfer into that was why I decided to take cyber CRI security yeah you um okay so background uh is 20 years in construction management project management sales uh covid made a shift for me and I've been in cyber security for the last 3 years when I moved into it it was so daunting of how vast the landscape was but then when you find your Niche then the depth at which it goes is like absolutely insane have you decided on your path yet or are you still even now trying to figure it out

and for everyone else in the room as well in terms of the resources that are out out there YouTube and udy in terms of online courses are phenomenal just to get you you know even noticed but like you say community is everything but have you decided on a niche yet or are you still exploring yeah that's actually a good question I remember when I was starting out I had spoken to a couple of people and one of the key things that someone told me who I see as a mentor actually as well she told me that try not to put yourself in a box when you're starting out it's always just good to like explore everything so just start from be

open to any cyber path it's very challenging where you IMM put yourself in a box when you can actually be in another area so it's good to just start from like just open open yourself to any opportunity as well and just get in and when you get in and you try your hands on a few things you able to figure out which path you want to go into but as we are currently just transitioning into cyber security is more advisable to not put yourself in a box just have an open mind that's the best I can give

here hello um I just want to ask which certificates helped you the most on your journey to the cyber security field okay I've currently just done one certification which is the Security Plus certification that has really helped me because that gave me a very wide idea about the entire cyber security framework that has been very helpful and then I had the previous course I did um it was the Neta card Academy with ingressive for good is it I attach it in those um resources as well in case you want to just look through it there's some certifications there that you can look through and just figure out which one you want to do but it really depends

on you and what you want to do honestly sometimes they say Security Plus is not compulsory but if you're like me looking at Job R right now everyone says have CIA M have C Security Plus have something there's always the roles require certification so I think you just want to have an edge you just go for it yeah right I think that's all we've got time for if you're staying in for the next talk then stick around if you're not if you could make your way out thank you so much thank you very much for com