Why does it seem so hard to break into cybersecurity? From personal experience, it took me almost 4 years to get my first cyber security role, while having a CompTIA Security+ certification and a bachelor’s degree in CIS (computer information systems). Now that I have the experience, I know what I was doing wrong and why it took me so long to land a role.
Like most of us that get intrigued about a career in cyber security, we dive in headfirst without having a plan! For example, you can’t travel to a place you’ve never been to, without directions from a map or gps. The world of cybersecurity is the same way, without a plan you are spinning your wheels and going in circles. Here are some steps to get into the field faster:
These steps do not have to be completed in order, they should be a guide in your new career search.
Define a Career Path: I 'm a career coach now and with my Instagram, Twitter, YouTube, and LinkedIn presence, I receive tons of messages about how to break into the industry. One of the first things I ask people is what role do they want to get in cybersecurity? Most of the time they do not know what path they want to take in cybersecurity, but they know they can make good money in the industry. Here’s a tip, write down your interest and see what career path(s) align with your interest. If you need help learning about the different cyber career paths, then check out this website Cyber Career Pathways Tool. Once you have done your research, then you can get more granular with your approach.
Research Job Descriptions:
Now you need to research the skills required to do the positions you want to land. The best way to do this is to get 3 or 5 job descriptions and chart the skills that reoccur often in these descriptions. This will give a specific approach to your job search instead of doing the scattershot approach. Writing these skills down will help you determine what entry level cyber certification you want to attack first. Pay attention to the job descriptions in different areas of the country as well, I’ve noticed that the south, east coast, and west coast look for unique skills in their applicants.
I believe this is the trickiest part for newcomers; they hear so many voices tell them they need these different certs, but truth be told they don’t need all of those certs. The only cert you need to start off your journey is Security+. I’d only recommend A+ and Network+ if you have zero knowledge of the IT industry. I see countless post with users having these certifications but they can’t get hired anywhere. Do you want to know why this happening? The actual truth about certifications is that they show you can pass a test ,but they do not show that you know what you are doing! There are different ways for users to pass these exams without actually knowing what they are doing, which has caused certs to be devalued. For example, I made a post about this guy on LinkedIn that has Security+, Pentest+, and CySA+ with no experience at all in 6 months. That is a lot of material to digest in half of a year, and I know he doesn’t know how to do everything that in those books.
The last year I’ve noticed the rise of CyberSecurity bootcamps and other means to help users understand what it takes to be a cyber professional. I believe these are great for people because lets be honest who wants to go to college for 4 years and waste all of that money to not get a position in your field after graduation. The only issue I have with them is promising people a job after they finish their program. A veteran like myself knows it doesn’t work like that. The only way for this to work is for the bootcamp to be a feeder program for certain companies. If you went to college do not fret because a bachelor’s or associate’s degree can still prove to be useful in your job search, in fact sometimes it’s one thing that can help you stand out from everyone else. If you choose to go with one of these routes, research the programs to see how they can benefit you the most. The route I chose in undergrad was a bachelor's in Computer Information Systems. You can check out the video i did on that right here.
This is the biggest obstacle for most of us starting off in the industry because most of the “entry” level positions tell us we need 3-5 years of experience for an entry level role in cybersecurity. Disregard those requirements and apply anyway because the worse thing they can say is no. You may ask yourself how can I get an entry level position without having experience? It’s difficult to do, but you can overcome not having experience by getting an internship, volunteer experience, CTFs, and more. I suggest you make some recordings of you performing certain skills that are in the job requirements and sending the links to recruiters when you apply to jobs.
Resumes are a major key in getting noticed in this industry, but it’s also not the time to oversell yourself either. Hiring managers can have a quick conversation with you and know when you are lying about your experience on your resume. I have experienced an interview where I oversold myself, and it was a tremendous learning experience for me. I suggest that you be transparent and be very specific with your objective or job summary on your resume. When you let a company know what you want to do with your career, it lets them know what your area of focus is. If you don’t have the requisite experience for certain jobs on your resume, then add a related course work section to show the learning you’ve done to prepare yourself for these roles. Only add technical skills or applications to your resume that you can talk about in great detail.
This is a step that can also overcome needing a certain amount of experience. How many times have you heard, “It’s not what you know but who you know.” This applies to cybersecurity big time! Social media has made networking even easier for everyone. The best sites to network on are Clubhouse, Twitter, and LinkedIn. LinkedIn is the one I suggest you become very familiar with. It’s the only platform that allows you to apply to jobs, reach out to recruiters, reach out to hiring managers, and network with everyone. LinkedIn has become my best friend for job searching.
If you need help with any of this after reading this blog, please book your consultation here: