Cybersecurity is a sector a really hot right now that a solid bunch of people out there right now are trying to pivot into. I’m sure you’ve seen the commercials on TV at this point.
Good afternoon folks! If your’e reading this I’m assuming you’ve begun to think about a potential career in Cyber Security which may seem pretty daunting at first. I’ve been in the field for about three years now myself, graduating from college in 2020 so it is definitely possible but that’s not to say there may be a few hurdles along the way. In this post I’ll give a guide on how to kick your start you’re jump into an entry level role and I’ll be as honest as possible. With that being said, getting a cyber security position right out of the gate is pretty challenging. Most people do transition to Cyber Security from working in an IT related role first but again that’s not always the case so don’t get discouraged and stick along to prepare you’re best plan of attack!
For starters, this post will cover tactics that are applicable for people with all backgrounds in the current stage of their careers. Whether that be a current college student, a professional with no degree (that’s okay!), or someone in a different field at the moment for example. Again, I will not lie to you all say this is one a size fits all guaranteed golden ticket but from a candid standpoint this should give you a pretty realistic plan of attack to give yourself the best shot.
Plan of Attack Starts Here
I mentioned I want to keep this neutral for all working backgrounds but I will throw in some tips that many only apply to certain situations here and there.
Certifications
First and foremost, regardless of experience or technological skills, certifications exist out there that can help you not only get your feet wet with core cyber security concepts but also give you’re resume another edge when passing the HR barrier. For example, I did get a degree in Information Technology but during my time in college I pursued several CyberSecurity focused certifications to help shore up this knowledge. This in my eyes is definitely the most applicable aspect across all backgrounds as often times you will see these certifications mentioned on job positing, even for the most entry level positions. You don’t want to limit yourself in anyway so I highly suggest pursuing these to give yourself a fighting a chance to work your way into an interview. To rattle off a few that I often see in HR posts for entry level positions for Cyber Security (and for tech in general are the following. Also, not to mention there usual online study groups in Discords out there to find a study buddy too!
CompTIA Security+:
This is generally thought of as the most common / foundational cyber security certification. If you give a quick search on LinkedIn for example for this certification, the results will tell a similar tale. Although some aspects of this exam do expect some level of technical knowledge, I was able to pass myself without having any. However you will need to dedicate time and ensure you are fully grasping the concepts to defeat this certification exam. I highly suggest adding multiple study sources to your arsenal such as textbooks, online courses and scouring forums for advice. As a beginner with no experience, or even experience this should be a priority to not only gain knowledge into the space but to also give you’re resume that box to check.
CompTIA Network+ — again similar concepts as above. It really is for some reason one of the most common certifications you will see for entry level / and even in some cases internships coupled with the security+. If you are completely new to security you will realize that having a good grasp of networking concepts will be vital in the cyber security world and especially can give you very great foundational knowledge to fall back on if questions arise in an interview.
Worthy mentions!
Blue Team Level 1 Certification — although this certification hasn’t made its way just quite yet to the main steam of HR requirements, from a purely learning standpoint this is the best bang for your back certification. The CompTIA exams mentioned focus more on theory in a traditional exam setting with multiple choice. However — this certification is almost all hands on through their virtual lab which is focused on common industry used cyber security tools and very similar real to day security professional tasks. This would easily get my vote as #1 if it had the popularity of the previously mentioned certifications on job postings. If you have the time and funds to also pursue this certifications, it will have the biggest positive for interviews that may get a bit technical.
Online Presence / Activities
Although as mentioned certifications for getting your resume through the HR barrier is pretty top notch for entry level positions, it doesn’t end there. Another tip I would recommend is fully emerging yourself into the Cyber Security space. Take advantage of free news outlets out there such as R/CyberSecurity which contains a non-stop wealth of cyber security related news and articles that you will slowly start to absorb. Once you feel comfortable, having some sort of blog to post your own thoughts or even for cyber security related news could help catch the eye of an employer. For example, a recent new hire for one of our internship positions actually mentioned they have a Cyber Security related blog that they post their own personal how to videos and also reactions to cyber security news. In no way was it super professional but even seeing that slight extra interest and devotion to the space landed them an interview. Keep in mind, this was an internship and the student who got hired hadn’t even begun their college semester yet so they truly had no experience. Get creative with ways to stick out! LinkedIn involvement is also pretty apparent too. Being involved even in cyber security online events or reacting to posts on LinkedIn for cyber security news is a good way to build an online presence that shows you are definitely trying to take the next step into the space!
Many cyber security professionals out there often host events that you can network even further within as well. Get your name and face out there! There are also millions of online groups out there that you can start contributing to no matter the skill level you are out. Discords are pretty handy for this!
Hands on Work
Of course this goes in hand in hand with the tactic of strengthening your resume but there’s still more you can do to get your hands dirty. If you do a quick Google, there are hundreds upon hundreds of beginner walk throughs for cyber security projects and tools in your own personal lab out there. AWS also allows for the virtual lab costs to pretty cheap too (just remember to turn them off when you’re done using them!). For example, before I got hired for my position I actually was super interested in threat intelligence which is basically enriching your security team with more data to potentially detect / prevent known attacks in the cyber security community. I wasn’t getting any bites on resume at the time and it was during covid so I said hey why not let’s give it a shot! Sure enough, I found an extremely beginner friendly guide that walked me through setting up an open source threat intelligence feed in AWS, for maybe 10$ if I recall. It walked me through setting up a MISP (free platform) threat intelligence feed and I included this on my pretty bare resume at the time under projects! During my interview, I was actually asked about the project and I was able to give a pretty technical breakdown since I actually had done this with a legit hands on set up! My advice is find something that interests you OR something you see often on these entry level positions and look into how you can set up something of your own in a virtual lab of some sort. This will again beef up your resume and give you the ability to show this off during your interview!
Real Job Experience
Listen, I told you guys I would be honest and to honor that, breaking into cyber security with no experience even with a degree can be pretty tough. I had an internship beforehand that was related to IT support which did help to have some technical background. With that being said, don’t be afraid to take that IT job even though it’s not related to cyber security directly. A good majority of cyber security folks began as that help desk person or IT support representative. It is a perfectly acceptable and pretty realistic way to start getting your feet wet in the industry. To be honest, I learned the most from having to troubleshoot issues about the under the hood technology than I ever did in any of my college courses. Often times too, companies will give incentives to get certified with IT certifications as well. You never know too, you can even find yourself making a jump into a new role that opens up at that said company.
A good majority of cyber security folk transition from Help Desk Roles / System Administration roles. It doesn’t always involve cyber security directly but many times in these positions you will find yourself involved with the cyber security team to some aspect in your daily work flow. For example, in my help desk gig, I worked with being the front line of all IT issues which also included potential cyber security events. For example, if a user had a weird looking email, I would fill out a detailed report of what I noticed and then escalate it to the security team. Or if a user potentially clicked something bad, I’d be the first one to run a security scan while the cyber security team did their detective / higher level work in the background. Don’t get in your head if you are not getting any cyber security job bites out of the gate and don’t be afraid to jump into that non-cyber security related job out of the rip. Experience at the end of the day in some sort of technological position goes a very long way and often times trumps just earning a certification.
If I’m being honest — I think the BEST plan of attack is to accept one of these positions in the interim. This will allow you to still pursue certifications and self-learning while also beefing up the resume with real hands on IT work in a professional setting. The name of the game here is to BEEF that resume up!
Conclusion
I told you all I wouldn’t lie to you and I held myself to that. The reality is jumping right into cyber security with no real technical experience in a professional environment can be an uphill battle but do not get discouraged. Explore the things I mentioned above to beef up your resume in any capacity possible whether that is certifications, getting involved in online communities or running your own cyber security blog for example. But most importantly do not get discouraged and do not overlook gaining real life experience as well. A technical position in any capacity, even if it is not cyber security related directly will make your resume much more appealing than someone with no experience at all so don’t be afraid to look at those Help Desk / Support jobs in the interim while you embark your journey. That is basically what I had done since my internship was with IT / Help Desk support (I still gained certifications while working this summer gig. It may seem daunting and you may have to put in that extra work, but if I can do it, you can do it!
Stay tuned for a part 2 of this blog post. Most of this information came from the top of my head in one shot. Part 2 will be covered in a much more granular / detailed fashion and I definitely will add more specific content now that my brain is focused on this topic.
Please excuse any typos as this was typed during my break on my phone!!
Good luck to all!
Comments