Landing that First Cybersecurity Role
You’ve heard the news – there are millions of unfilled cybersecurity jobs out there, and companies need qualified professionals to fill them! You’ve also read the never-ending slew of news articles about companies being hacked and data being lost. You may have even watched "Hackers" and thought the moniker "Cereal Killer" was very cool (I admit, it is!). You’re sold and have started to pursue a career in cybersecurity. You’re looking for that first job, and it’s daunting! How do you prepare, and how do you put your best foot forward?
This article provides high-level guidance on how best to focus your learning efforts and create collateral for an interview.
It’s a Broad Field
It would be incredibly difficult for someone to learn everything that encompasses cybersecurity early in their careers, as it intersects nearly all aspects of a business. The ISC2 Certified Information Security Specialist exam has a section devoted to physical security! Yes, cybersecurity professionals are at times concerned about gates, guard dogs, and even how a building is approached.
The common areas we think about are the security of applications, messaging communications, networks, servers, and standard operating systems. These are very technical areas where engineers and administrators can devote an entire career to mastering. Some other areas are auditing, risk management, compliance, etc. These are also areas that one can devote an entire career to, and while they are technical, they depend on non-technical skills even more so.
Cybersecurity professionals must have a solid understanding of all of these areas, and aspiring professionals benefit from honing in on a focus area. This acts as the foundation to expand from to other related areas; a networking professional must understand servers, a server specialist must understand networks, etc.
How Do You Pick?
Start at the foundational levels in the area you are most interested in. If you’re in a degree program, ask yourself, “Is this something I want to dive into?” and begin. There are countless online resources available for learning everything from programming to operating systems internals. As you progress, keep cybersecurity top of mind and think like an adversary (a hacker, a disgruntled employee, etc.). As you are exposed to more of the cybersecurity world, you’ll understand why things like identity management and network segmentation really matter and how easy it is for administrators to get it wrong.
If you find this isn’t for you – not everyone enjoys writing code for hours every day – pivot to the next area of interest. If you find the deep-dive technical areas are not for you, know that governance, auditing, and compliance are equally complex fields. These are much more business-centric and benefit from understanding organizational dynamics and business interests. Take business courses and find and attend conferences and webinars.
What do I Highlight During an Interview?
Even the most seasoned cybersecurity professional will come across a scenario where they are not the expert; they may even be a novice on the topic at hand. What’s important is that a professional has an approach to learning, understanding, and communicating the cybersecurity posture of the situation.
As an aspiring professional, you’re in the same boat, and interviewers are often attempting to gauge your level of autonomy in learning and your willingness to put in the effort. Highlight the efforts you’ve made that are related to the job you are applying for. A ‘home lab’ is a common go-to for technology professionals, the idea being that piecing together a network with systems is a great learning opportunity. That is indeed the case, but it does not apply to all specialties, and learning does not require such an expense or an extensive lab.
Highlighting time spent on TryHackMe to enhance your penetration testing skills, for example, is a great way to show your autonomous approach to learning. Using local virtual machines to implement CIS controls and then attempting to bypass them as an end-user on the system is also great to highlight. Reading about specific exploits and understanding the business implications of them – i.e., what it cost organizations vs. what it would have cost them to mitigate – is not very technical but highlights your business acumen.
Show the interviewer that your sphere of learning is more than classwork, that you have a genuine interest in the field, and are taking pragmatic steps to elevate your career.
What if the Job Isn’t Perfectly Aligned?
That’s okay too. As an aspiring professional, you’ll be applying to entry-level jobs that require little to no experience. If you’ve spent your time honing in on GRC and applying for a penetration testing role, spend some time planning your approach to learning how to pentest. While this might put you behind a candidate that has spent a considerable amount of time already learning this craft, it’s important to remember that you’re also going to showcase what you’ve already made progress on, and that there’s more to an interview than having the technical chops. Interviewers desire the candidate to have the technical skills necessary for the role but also want someone that is fit for their teams, is easy to work with, displays a level of humility and kindness that will be helpful when encountering difficult situations.
What else is there?
Nail the basics. It is incredibly difficult, although not impossible, to recover from being tardy, being rude, or being completely unprepared. Put your best foot forward: show up early, wear business-appropriate attire, treat everyone you encounter along the way with the utmost respect, have a few thoughtful questions, and send a thank-you within a day following the interview.
Conclusion
Cybersecurity is a broad field, and it’s easy to get lost in the sea of options. To help you hone your career, pick a specialty and use it to explore other related areas. Continue your learning outside of coursework and highlight that learning to the interviewer. Do not be afraid to apply for entry-level jobs that do not perfectly align, and be sure to put your best foot forward. Hiring managers filling entry-level roles are looking for aspiring professionals who display autonomy, humility, and make a concerted effort on professional development.
Best of luck on your interview!