Let’s face it. Employers are not offering jobs out of the goodness of their hearts (apart from a few). With 21,010 open cybersecurity positions in North Carolina, and almost 600,000 nationally, the job market should be on the side of the applicant, but it is not. Look anywhere—LinkedIn, Reddit, Facebook—and you will see a common theme among new entrants to the cybersecurity field: ‘we’re applying to jobs, but no one is giving us a chance.’ I know people who have applied to over 500 different cybersecurity jobs. In the end, one finally landed a job while another gave up. It sounds bleak, but it is the incentive we need to change how we apply for and pursue jobs. A hiring manager can be overwhelmed with applications. Job seekers need to demonstrate four things (at a minimum): their curiosity, critical thinking, discipline, and ability to do key aspects of the job. You must be memorable. Having a list of qualifications on your resume is not that tempting for employers. They need to see that you have ability, not just “test-taking” knowledge. Here are some tips for hacking the job:
First, find a mentor. Don’t apply blindly for a job in cybersecurity. Find someone to take you under their wing. Also, consider pursuing a role at a company or for an individual professional who will allow you to volunteer your time in exchange for the opportunity to gain real-world experience. It may seem you are getting the short end of the stick, but relationships lead to jobs (personally, I think 80% of these “new collar” jobs are filled thru relationships). Not only do mentorships give you valuable learning opportunities, but they provide a needed foot in the door.
Second, once you have found someone to approach, make them a memorable, personal value proposition. We all have a story—what makes yours unique and worth investing in? Part of this means examining yourself to determine why someone should believe in you – and remember you. Cast a vision, first for yourself and then for others, and give your would-be mentor something not only to believe in but also practical ways that they can both help you and rely on you.
Finally, make your own opportunities to gain experience and demonstrable ability. There are lots of free and low cost (e.g., sub $20) resources out there that range from excellent YouTube, Udemy, etc. courses; YouTube videos for building your own home SOC lab; excellent hands-on labs (did I mention free?) from Black Hills InfoSec; and many, many others. Reach out to me and I’ll send you a 10-page document full of high-quality free and ultra-low-cost resources. Use open-source tools, free labs using existing materials, buy secondhand gear on the internet, and volunteer your time to do something you are proud of. Don’t wait for opportunities to land in your lap; create them.
The Cybersecurity profession is not an easy one. It’s hard to get into, and it’s hard to stay in, as each day means hard work defending against active threats. But it’s also rewarding, morally and financially. Look at the application process as your first real-world test. The curiosity (OSINT, anyone?), tenacity (26 touchpoints to the typical sale), discipline (learning and demonstrating new skills and abilities), and critical thinking nefarious actors use (e.g., phishing) can also be used to create your opportunities. This is what makes you unforgettable. Hack the job and get out there… we need you!