Tips for a Career in Cyber

Tips for a Career in Cyber (cybersecurity, cybercrime investigation)

by John Bandler

I often get asks for tips about a job or career in cybersecurity or cybercrime investigation, so here is a quick article to accompany the video I just made.

I teach a lot and students ask me these types of questions all the time, and I realized I can only help a small number of students, answering one-by-one? Recently I was asked a bunch of questions by a former student, who will relay my answers to his school, so it was time to build something out. I built a video and this webpage.

Disclaimers

For this article and video, I put my disclaimers first because career advice needs that disclaimer -- there is never a "perfect" or "right" answer for everyone.

These are just my opinions, I don't pretend to be a professional career counselor nor to have walked the perfect career path, nor to be at the pinnacle of the cyber profession. This is just my advice and guidance, I think the principles are sound and valid, and you need to adapt for yourself and decide for yourself what is right for you.

Others make a lot of false promises on how to have the perfect career or get rich. Unfortunately, some make a lot of money (even getting rich) from their snake-oil promises to make others rich or build the perfect career.

You are different from everyone else

You are different from everyone else, the path you have already walked is different, your knowledge, skills, personality, hopes, and dreams are different, and your future path will be different.

What is right for you will be different, don't try to replicate anyone else's path, keep your path options open. Find good advice, then adapt it for yourself.

Do research (investigate), get to know people, talk to them, assess facts, apply logic and reason. There is no magic solution.

Main takeaways part 1 (general)

These takeaways hold true for any career and life too:

• Ethics and character is first
  • No employer should hire anyone they know is dishonest or deceptive, they will be bad for the organization, no matter what field, what level of employment, from the lowest to the highest. This goes for candidates for government office too.
• Put in solid effort and keep learning and building yourself
• Research, investigate, explore
• Network, research, investigate
• Plot your own path, and walk your own path through your career and life
• Make your own decisions about what is right for you
• Make your decisions based on facts, logic, and reason
• Have a growth mindset
• Work to keep improving yourself with honest effort
• Keep building your knowledge of technology and cybersecurity and cybercrime
• Keep building your knowledge of law, writing, research, etc.

Main takeaways part 2 (cyber specific)

• “Cyber” is a diverse field (or it should be)
  • Cybercrime investigations and cyber investigations
    • Law enforcement, regulatory, private sector, national security
  • Cybersecurity
  • Privacy
  • Artificial intelligence
  • Technology
• Cyber jobs are not just for one “type” of person, with one type of expertise, it requires diversity of backgrounds, skills, and qualities
• It requires many different skills and qualities
  • Ethics and character
  • Thinking, researching, investigating, analyzing facts
  • Forming opinions and conclusions based on facts, logic, and reason
  • Writing, speaking, presenting, communicating, team work
  • Technical knowledge and skills
• My opinion of what the cyber field needs is not always the same as what the employer thinks

Research and ask and get to know

Do your research about the field, organizations, people. Try to get to know people in the field you can trust and ask for opinions.

LinkedIn can be very helpful to learn about professions, organizations, and people.

Try to provide value for others (be a giver too, not just a taker).

What certifications?

I can only speak about my personal experience with certifications, and the ones I know and have enjoyed. Here's a list and why.

Technology and security

• CompTIA, Computer Technology Industry Association
  • A non-profit organization, certs are reasonably priced to obtain and maintain, good start for technology and cybersecurity.
  • I liked to study with the books by Mike Meyers and a few of his freely available videos.
• ISC2 the International Information System Security Certification Consortium
  • A non-profit organization, a higher level, more costly, CISSP and others may require demonstrated work experience and a recommendation and higher fees.
  • CISSP = Certified Information Systems Security Professional

Law, privacy

• IAPP: International Association of Privacy Professionals
  • A non-profit organization, a leader in the areas of privacy, compliance and law.
  • CIPP/US is a great background in relevant cyber laws (CIPP/US = Certified Information Privacy Professional, United States)
  • See my CIPP/US resources
• See my law, privacy, cyber resources

I have a fuller article on certifications, see link at bottom.

Other Frequently Asked Questions (FAQ)

Which internships should I try land?

Any organization with good, quality people you want to learn from or get to know, or where you might want to work, or doing something you want to learn about.

• Government: Police, prosecutors (county, state, federal)
• Private sector

Which certifications should I get?

See above more my thoughts. Improve yourself in an area you need improvement. Gain a credential in an area where it will help you.

• Technology
• Cybersecurity
• Law
• Project management

When should I get a certifications?

There is never a perfect time to study or take the test. We are always busy with something in life, whether school or work. If you decided you want to get a certification, plan a time soon, or just do it now.

See my other article on certifications (link at bottom).

What is the right degree/major?

As before, I believe these fields need diversity of backgrounds and skills. We need some tech experts for sure, and everyone in the fields needs to know something about tech. But it cannot be solely for tech experts, we need diversity of backgrounds.

The best cybercrime investigators I ever knew did not start in tech, but areas you would never expect nothing to do with tech. They were smart and really hard working and built tech skills that were impressive too.

I have seen brilliant tech experts without the other skills or abilities needed to do important things regarding investigation or security.

Should I become a sworn law enforcement officer/agent?

(This question really got me thinking and reflecting so I went a little overboard here, maybe I will move it out someday.)

Only you can decide this or know this. First, there are many cyber jobs and careers that do not involve being sworn law enforcement.

Becoming sworn law enforcement should be a separate and major decision for you, and separate from any cyber path you want to choose. You need to be willing to stick it out for a while and realize you will not get your plum assignment immediately and maybe never. Even before that, realize that the hiring process is fickle and sporadic, and you might not even get the sworn law enforcement job in the agency you were hoping for.

Along with physical dangers, there is stress and required areas of thought in law enforcement which can be very mentally unhealthy. You  join a profession (perhaps wear a uniform identifying you as such) that ensures that a portion of the population will hate and distrust you. There is the real possibility that someone might try to kill you, injure you, humiliate you, get you fired, or put you in prison.

To be a good cop (or agent) your time of blissful obliviousness in life is over. A percentage of every waking moment needs to be ready to make the right decision in a life-changing instant--perhaps saving a life or taking a life. You will worry if you will be ready for the moment (if it ever comes). You might have nightmares about making the wrong decision. You will regularly see the darker side of people and you might have nightmares about something you saw or experienced at work.

Did you know that the law generally prohibits employers from having a "hostile work environment" for their workers? In policing and law enforcement, in a sense that is the definition of your workplace!

We see the demonization of law enforcement from both extremes of the political spectrum. This means powerful political forces, for their own goals and interests, want to demonize both organizations and individuals too, sometimes just for doing their jobs. Admittedly, law enforcement is far from perfect, mistakes and bad things happen. But demonizing the profession and people within it is not the solution.

Caveats aside, good police and law enforcement will always be needed, and it is an important, essential job. Good people will always need help from law enforcement. Other people will do bad things and need to be investigated, caught, and brought to be justice. Sworn law enforcement are the doers of that law enforcement agency. They can be proud because it is hard.

It is a difficult job. We need quality, ethical, courageous people to do it. I'm glad I got to do it myself, and still look back and think "Wow, I did that". I am still impressed by those law enforcement personnel I served with.

You need to decide if it is right for you.

A twenty minute explainer video

I meant for my video to be ten minutes but it ended up being twenty. Maybe I will redo it someday, but for now, I did not have time to redo it. Maybe that extra content helps someone anyway.

Conclusion

Be wary of anyone promising or selling the magic answer for you, whether it is a college or graduate degree, certification, online course, or anything else.

Your life is a journey, so is your career. Try to take good steps but realize you will suffer setbacks.

Resolve to be a life-long learner and build diverse skills and knowledge.

Good luck and thank you for reading and watching my video!

Whatever you do, try to do good.

Additional reading

• • Certifications and Improving Your Knowledge and Credentials
  • How to Learn and Study
  • CIPP US Certification
  • My online Udemy courses (courses on cyber, law, cybersecurity, privacy, learning)
  • Tips for a career in cyber (cybersecurity or cybercrime investigations) (20 minute explainer lecture)
  • My Cyberlaw Book
  • Cybercrime Investigations book

This article is hosted at https://johnbandler.com/tips-for-career-in-cyber, copyright John Bandler, all rights reserved.

Originally posted 2/8/2025, updated 2/8/2025.