• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is Secure Access Service Edge (SASE)
      • What is Security Service Edge (SSE)
      • What is a Cloud Access Security Broker (CASB)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

What It Takes to Master Security (Hint: It's Not Certs)

Author avatar of Owen LystrupOwen Lystrup
Updated — October 15, 2020 • 3 minute read
View blog >

Currently in security jobs are plentiful. LinkedIn connection invites and recruiter calls are as normal as a daily Agile meeting. But those with career foresight know, it’s not enough to be complacent. To become an expert at the top of the field, progression is essential.
Understanding, Not Illusions of Competence
In his interviews with candidates, OpenDNS Security Researcher Kevin Bottomley proposes a simple test that will quickly uncover how much a candidate knows. “I ask them to draw me a picture of a DNS request,” he said. “That’s it. Simple.”
It sounds simple, but there is a lot to learn from someone’s impromptu illustration of how DNS works. Does this person know the difference between authoritative and recursive DNS? Where does the ISP fit in the traversing route of DNS traffic? As a result, Bottomley gets a good idea of the person’s understanding of the concepts involved, and also how the candidate thinks logically and can apply that Sketch of a DNS Requestunderstanding. Security is no place for the illusions of competence.
Personal challenges are a huge component to advancing knowledge in any field. The skillsets of security professionals, sys admins, and software programmers are very closely tied, and as such so are the career progression of all three. And for all three fields, being adaptable and flexible plays a huge role. Sys Admin Shahab Sheikhzadeh reiterated this in an e-mail interview, “[Security professionals] have to be crafty & be able to adapt to the situations that arise. Being able to know how to overcome the failings of a script & how to write code to perform an operation, or use different system calls to accomplish the same task, is paramount.”
In terms of skills, there are no shortage of resources to mine for knowledge: hundreds of technical how-to books, classes and MOOCs, sites like IronGeek.com. But to become an elite security pro, it takes a lot more than skills. To Digital Forensic Analyst and SANS Institute Fellow Hal Pomeranz, it’s also about putting yourself into the community.
Apply Knowledge, Then Share It
“The people that I am more likely to listen to and trust are the ones who are doing work, doing research, and actually talking and writing about it effectively,” Pomeranz said in an interview. “Putting yourself out there means you have enough confidence in your abilities to withstand peer review. And it also demonstrates good communication skills, which are important in any field, but also one of the distinguishing factors for an expert.”
Pomeranz alluded to a progression that security professionals — and really any programmer or developer — goes through to reach expert level. The major difference in the progression is knowing how, versus knowing why. “Practicioners can perform skills that they’ve been trained to do. Experts can integrate knowledge, possibly from multiple disciplines, to solve novel and complex problems.”
And then of course, there’s the continued learning that is required. Because in security, like many other related fields in tech, everything changes. Constantly. Pomeranz quoted a friend of his, Celeste Stokely, who told him “Learn one big new thing every year.” It’s not bad advice, because staying sharp and ahead of colleagues means working and learning while they are sleeping…or doing that extra conference talk.
Don’t Focus on the Right Tools
According to Spotify Developer Mattias Johansson — who also runs the programming YouTube channel “funfunfunction” — it’s also important to not get hung up on which system or toolset will give you an edge and career longevity. In a video posted September 2015, Johansson covers a topical question he gets constantly from early level programmers. What is the best toolset or programming language to learn? Johansson decoded this question and reinterpreted it to find what commenters were really asking: What should I learn to keep myself employed?
“Learning a popular tool or the next big thing will get you a job,” he says in the video’s summary. “But in order to be relevant, you should learn programming, not tools. If you practice programming well, and not just tools or languages, you will be a very sought after programmer.”
Regardless of the career field in question, Bottomley, Pomeranz, and Johansson all allude to one unifying theme to becoming a respected expert: a fluid mastery. A tip-of-the-tongue, verbose understanding of the field, it’s tools and all that’s required to solve problems, with the added tenacity to do it.
It’s a mindset more than just a skillset.

Suggested Blogs

  • Cisco Umbrella Delivered Better Cybersecurity and 231% ROI February 21, 2023 2 minute read
  • Cisco Listed as a Representative Vendor in Gartner® Market Guide for Single-Vendor SASE January 26, 2023 3 minute read
  • How to Evaluate SSE Vendors: Questions to Ask, Pitfalls to Avoid June 23, 2022 5 minute read

Share this blog

FacebookTweetLinkedIn

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella