There are a ton of reasons why so many people want to work within the Cybersecurity sector. Many have a true passion for helping keep systems, companies, and individuals secure, others like the unique challenge that the sector offers, and some simply want to be part of an exciting, innovative, and evolving global industry.
If you’re already working in the sector then great, well done, you’re in the right place. But if you, like many, are trying to get your first security role then it may be proving slightly harder than you first thought. When the huge skills gap figures, 3,100,000 professionals globally as of 2020, are plastered all over the place, it can give the impression that people can walk into a role so long as they have an interest in the sector.
Why isn’t it that easy?
Yes, this is a sector with a huge demand for talent, but that does not mean it is easy to get a role. This is a sector looking for highly skilled, passionate and sought-after candidates. Companies are trusting candidates with securing their own and customers data, capital, and reputation and want the best people they can find. Just wanting to work in the sector isn’t enough.
So how can you land your first Cybersecurity position?
Define your goal:
First, define your goal and decide what you want to achieve within the industry. Do you want to be the person hacking into systems or fighting breaches like a Penetration Tester or an Incident Response professional? Do you want to focus on assessing and ensuring correct security procedures are in place? Or do you want to do a non-security role within the security industry like sales? It is important you decide what area suits your skill set and interests you so you can make your search as efficient and realistic as possible. There is simply no point in a non-technically minded person pursuing a role that requires a high level of technical ability.
Attend industry events:
Events not only offer the opportunity to keep up to date with the latest security trends, but to see and speak with people on the front line doing the jobs you’re interested in. Chances are there is someone in that room who can give you that first step, it’s just about networking and finding that opportunity. There are tons of these all over the world ranging from free to attend to exclusive invite only events. Check out a full list here https://infosec-conferences.com/#2021july
Following the global pandemic you can’t rely on networking at events alone. Although most now have a virtual offering, it isn’t as easy as it once was when you could bump into people in person. But there are loads of great online communities which do the job. Just by following hashtags like #cybersecurity on twitter or LinkedIn will give you exposer to groups and individuals who can offer advice and guidance and even forums like Reddit provide a platform for people to ask questions and gain insights. Take your pick from here. https://www.goanywhere.com/blog/40-cybersecurity-user-groups-forums-and-communities-to-join
Online courses & training:
One of the best ways to prepare yourself for any role is by upskilling and training yourself in that area. There are tons of training providers for all areas and levels of security professional. These range of courses you can complete in your spare time to intensive courses like the SANS Academy. We’d highly recommend the CompTIA Network+ and Security+ for entry level candidates. https://www.comptia.org/certifications/security#top
Blogs & podcasts:
These are perfect for gaining a broader knowledge of the industry and players and terminology within it. You can find everything from your deeply technical and very specific ones to the more general news and current affairs format. A favourite of mine to stay up to date and entertained is Graham Cluley & Carole Theriault’s Smashing Security podcast. https://www.smashingsecurity.com
Bug Bounties & CTFs:
If you want to be a Penetration Tester/Ethical Hacker then participating in bug bounties and Capture the Flag events allow you to practice your hacking skills from home, LEGALLY! Bug bounties are basically rewards offered by companies and websites to individuals who discover and identify security exploits and vulnerabilities on their sites or in their software. CTFs are more like hacking events where you compete against others to solve security challenges the quickest. Think Counter Strike Capture the Flag but with security instead! You can make a fair amount of money from these the more advanced you get, but a lot of people do them for fun and self-development in their spare time. Hack the Box is a great platform to get started. https://www.hackthebox.eu
Specialise from the start:
Now we’re not all fortunate enough to know exactly what we want to be when we grow up. But if you do know early on that this is the industry for you then use that to your advantage. Schools, Colleges and Universities have much better technology and security focused courses than ever before, and if you’re able to pursue your desired area of security academically from a young age then this is only going to help your career.
Utilise your situation:
Make the most of your current circumstances. For example, if you’re currently in a general IT role then do your best to show your employer and managers your interest in security. Speak to the existing security team and push to gain some training and responsibility in that area. This could potentially lead to a transfer if you are fortunate enough, or at the very least give you a broader understanding of the workings of a Cybersecurity function and allow you to enter your job search more informed than before.
So the biggest take away from this is firstly deciding which area of security you’re interested in, make sure your skill set is relevant and transferable to this and then throw your all into securing a role in the area.
As with any job search as long as you have passion, persistence and patience then you will be able to get where you want to be.
For advice and guidance on securing a role in Cybersecurity please contact email@example.com
2020 Cyber workforce study