August 1, 2024

Where to Begin

With thousands of unfilled positions reported year over year, why is it so hard to get a job in cybersecurity? You’ll find no shortage of online banter on the topic, but the simplest explanation is due to the need for senior and mid-level cybersecurity talent, not junior. Before you lament, however, consider this: while there is some truth to the lack of entry-level cybersecurity positions, there is no reason to turn your back on such a diverse and in-demand career field. Entry-level positions may be hard to come by, but a few simple actions will help you land your first job. No secret sauce needed.

Upskilling

Whether you’re fresh out of school or looking to change careers, a critical first step toward a cybersecurity career involves gaining a baseline knowledge of cybersecurity concepts, networking, IT infrastructure, and the like. Anymore, the sheer quantity of learning material available online is enough to overwhelm the most determined student. Rather, focusing on your needs first will help you narrow down your options.

At least for Americans, our relationship to education is fairly prescriptive: you’re told what to do and when from pre-k and even through college. An amazing freedom afforded to professionals is the ability to tailor your learning to your personal needs. What is your learning style? Do you learn best in a classroom environment, or alone at a computer? Do you like hands-on learning, or would you rather read and take notes? Does watching hours of recorded video material seem approachable, or would you rather have a live instructor walking you through the material?

More than likely, you’re going to do a mix of all these things on your upskilling journey. Regardless, keeping in mind your learning style will help you build knowledge more efficiently. As for the countless online learning platforms, bootcamps, and academic courses, many online resources exist to help. Course Report ranks cybersecurity bootcamps, but you’ll need to do the footwork to scrutinize what the program offers, who teaches it, and if there are any job guarantees at the end.

There are also as many, if not more, online learning platforms to get you started, some even for free. A simple online search for “cybersecurity training platforms” will point you in the right direction. Also, don’t forget to check if your current employer will sponsor any training for you or offers any training partnerships or programs already.

Another important consideration when determining your training options is understanding that there are two primary methods to develop knowledge and skills: on-the-job training and academic education. Perhaps the easiest and most beneficial path into cybersecurity is to apply to cybersecurity-adjacent positions. This way, you not only learn on the job but grow professional experience related to technology. Think of jobs like tech support, help desk, computer repair, data analysis, networking engineer, systems administration, or any job that offers you a chance to work more closely with technology than the typical person. Of course, there is always the chance that you find an entry-level job, say at a Security Operations Center (SOC) or as a security analyst, to get your foot in the door.

Or perhaps you find a great internship or apprenticeship opportunity, like, for example, GPSU. Ideally, any opportunity like this would be paid, but the truth is some internship opportunities will require you to get creative with your financial situation while you gain critically valuable job experience. Lastly, don’t forget to factor in your present circumstances when deciding on your learning strategy. Have a newborn at home? Asynchronous online classes might suit you better? Trying to skill up as quickly as possible? Perhaps a bootcamp program or massive open online course might be the most efficient.

Certifiabilityish

While this is often a contentious topic, depending on your level of professional experience, cybersecurity certifications can give you an advantage during initial job application screenings. If you are changing careers, it can also convey your commitment to the industry. And, of course, you could learn some important concepts in the certification process. There are plenty of certification roadmaps online and lists of available certifications to review. Definitely worth looking at – especially if you see certifications mentioned in job postings.

Networking

Arguably as important, if not more than knowledge and skill-building, is networking with professionals and finding communities of like-minded individuals. Thankfully, this is not at all hard to do. There are hundreds if not thousands of Reddit forums, Discord servers, Mastodon servers, X accounts, Telegram channels, and countless other newsletters, blogs, and more. These are places where you can not only gain knowledge but also meet people and often even find job opportunities.

Realistically speaking, you’re much more likely to find success landing a job by meeting people, building rapport, and ingratiating yourself within cybersecurity communities. The days of submitting hundreds of applications online are gone. Well, they’re not gone, but they’re also not effective. Save your energy for more fruitful job-hunting strategies. Word-of-mouth opportunities and personal referrals are your best chance.

More specifically, your focus here is to find people who are doing the work you want to do. Or you could specify even further and find people who work at an organization you want to work for. LinkedIn is your friend during this process. Use it to search for organizations, positions, people, and job offers. You can message people to ask them how they like their job or how they got into security. But always keep in mind that people are busy and may not be able to respond. That’s alright. Be patient and kind, and perhaps someone will respond and strike up a friendly conversation.

Not to be overlooked is the importance of your self-presentation online, and especially LinkedIn. Customize your profile with appropriate background graphics. Upload a professional photo of yourself in business attire. Any modern smartphone can render a great professional portrait if you’re not ready to hire a photographer – just enlist the help of a friend. Next, find successful peoples’ profiles, and reproduce their profile structure with your own experience. No need to lie, rather, find ways to relate your work or school experience to cybersecurity concepts and broadly applicable professional skills.

Are you working on any interesting coding projects? Keep your GitHub account up to date and incorporate it into your online profiles, resumes, and work experience. Overall, frame your online presence with this question: who do you want people to see you as? What’s that old saying: “people hire people, not resumes“? People ultimately want to work with capable, kind, and intelligent people, while technical skills can and will always grow.

Another important opportunity to meet industry professionals is local cybersecurity organizations like ISSA, Women in Cybersecurity, ISACA, SANS, and ISC2, to name just a few. Yes, these organizations meet in person, often monthly. There are even more informal industry meetups that you can find online for your area. How about your local DEFCON crew? Don’t love introducing yourself to strangers? It’s not easy for most people, but again a kind and inquisitive approach will go far here. You don’t have much to lose, and people are often much nicer than you anticipate. Plus, socializing will better prepare you for interviews.

What do you want to do?

While figuring out early on what kind of position you want to strive for in cybersecurity is challenging, it may still be a helpful exercise to get you started in a specific direction. Cybersecurity is a massive industry in terms of the types of jobs in various sectors. Blue team? Red team? Purple team? Architecture and engineering? Cloud Security? Vulnerability management programs? Incident Response and Forensics? Bug bounties and web applications? Governance and compliance?

Focusing on your interests will also help you narrow your learning material, and industry professionals you would like to meet. Not a must, but a useful exercise. Really no idea what path you want to take? Then focus on meeting as many folks doing as many jobs as possible. Keep in mind people’s work experience and position – talk to as many juniors, mid-levels, and seniors as possible. You’ll walk away with helpful information about what a certain job is like day-to-day, and if it would be a good fit for you.

Trend Hunting

A final component of your upskilling journey involves the news. Cybersecurity, specifically, is an industry that lives on the bleeding edge. Every week, if not every day, new vulnerabilities are announced, and new patches are released. Reading the news and maintaining an awareness of current events is not only expected but mandatory. You’ll be a better professional for it.

Generally speaking, cybersecurity is a great career field for people who love to learn. You’ll be doing a lot of it for the rest of your career, so keep this in mind. Technologies change all the time, and as a professional, you’ll be responsible for keeping up with them.

But as it pertains to job hunting, staying aware of current trends is a great idea and will often be a topic of conversation in interviews. Additionally, understanding the business impact of vulnerabilities will serve you well in successfully communicating with your companies’ stakeholders – a talent desperately needed for planning smart security budgets and more.

Applying for Jobs

Now for the main course. Hopefully, if you’ve followed any of the previous advice, your job application process is centered around the opportunities you’ve found by word of mouth or within the communities you’ve joined. It may still be worth cold submissions of your resume to various job postings but spend your energy wisely and prepare for ghosting or rejection letters.

This may be when the imposter syndrome really starts kicking in. The adage “fake it till you make it” sounds a bit crass, but there is value in projecting confidence and presenting yourself well. Lean on your network for support and reality checks. Also, lean on your network for resume edits, interview questions and the like. If you’re really lucky, you may even find someone willing to do mock interviews with you. It sounds awful and is awful, but it is also an unavoidable part of the process, so it is best to face it early and often.

When applying, ensure that your online profiles are nice and shiny and that you’ve tailored your resume to the specific job posting. Reading job postings, in general, can be super helpful in writing your resume, as the words you need to use to explain your work experience are already listed for you. There’s no doubt that this part of the entire process is the worst grind. The rejections, the complete silence from prospective employers, hearing back weeks or months later – all of it will try your patience. All the more reason to focus on job opportunities from within your network.

To Cybersecurity and Beyond

Cybersecurity is a fantastic career field, and it is worth the effort to land your first job. When you do come out on top, there are a few things to remember. The learning never stops. Pay it forward and help the next person get a foot in the door. Contribute to your industry. That could be through developing open-source tools, sharing educational material, giving talks, and more. Leave it better than you found it.

Resources

Infosec Job Hunting with BanjoCrashland YT Playlist

Infosec Survival Guide

Security Certification Roadmap

List of Computer Security Certifications

Cyber Unlocked: Ultimate Guide to Breaking into Cybersecurity

*** This is a Security Bloggers Network syndicated blog from The Guiding Point | GuidePoint Security authored by Katy Vonk. Read the original post at: https://www.guidepointsecurity.com/blog/one-does-not-simply-get-a-cybersecurity-job/