Ten tips for finding your first job by building up your cybersecurity knowledge and experience.
Congratulations to the class of 2023, and welcome to the job market! If you’re interested in cybersecurity, you may be frustrated that most entry-level positions require two to three years of experience. And if everything requires experience, then nothing is really an “entry-level job,” right?
It leaves you wondering: WHERE ARE ALL THE JOBS?
Here’s what’s going on. Hiring companies normally post jobs seeking an “entry-level expert” in cybersecurity. They are looking for someone with a combination of technical product knowledge and experience performing investigations, troubleshooting, and response activities.
You may not have these skills right out the gate, so here are 10 ways you can build your cybersecurity resumé:
- Gain Baseline Knowledge in Cybersecurity.
At a minimum, you should have the Security+ Certification from CompTIA. These topics are some of the most important aspects within the industry, and prospective employers want you to know the basics. The Security+ certification provides a basic understanding of the terms, concepts, and approaches you will need for day one. This is non-negotiable and is a necessary certification to get started in this industry.
- Get Cloud Certified.
Cloud technology is the core of every IT department, and it is critical for you to understand. Whether you want to be a developer, auditor, analyst, or consultant, you need to know cloud-related terms and approaches. Amazon, Azure, and Google all offer free introductory courses for understanding their cloud platforms and the basics of security. Earning their initial certifications or accreditations is necessary to prove your knowledge.
- Train on a Leading Technology.
In addition to cloud knowledge, having an exact platform skill is a game-changer for your resumé. Increasing your knowledge and experience with the largest companies in cybersecurity will never fail. You can get in on the ground floor with these companies as an engineer or analyst that helps respond to alerts, works with help desk tickets, and manages users but you won’t be given full administration rights on day one. Leading companies such as Microsoft, Palo Alto Networks, Fortinet, Okta, Splunk, Proofpoint, CyberArk, Trellix, SailPoint, and Cisco all have platforms in use by a majority of Fortune 1000 corporations and there are positions open to help run and manage these environments. Many of the cybersecurity companies mentioned above offer free training or a test drive of their products and platforms to help you prepare.
- Focus on Operations.
ITIL certifications are rare these days. ITIL is an adaptable framework for managing cybersecurity. Having an ITIL approach to platform management really shows that you have your act together and separates you from the pack.
- Seek Out Advice.
Join a local association meeting and start networking within the industry. Ask questions to determine what real security managers need in their departments. Associations such as ISSA, ISACA, and CSA are great places to start. Ask about mentor programs or other ways to get involved to meet members in the community.
- Start at the Help Desk.
This has long been the best in-road for getting started in the IT industry by understanding the company, its requirements, and the technologies it has in place. This position allows you to work with a variety of users and provides an opportunity to understand the overall skill level needed to succeed.
- Consider Temp or Contract Work.
Companies are constantly looking for temporary staff members to fill openings when they cannot justify a full-time position. Leveraging a temporary placement will help you get the real-world experience you need and allow you to show off your skills to the hiring manager.
- Remember, Your First Job Won’t Last Forever.
Companies make a sizable investment in your first year of employment and do everything possible to reduce the cost of your position. Think of your first few years as a part of your job search, and put in the extra hours at a consulting firm or systems integrator to get some of the best training possible for success later in your career. You may be up for a career change or find your niche in a particular area of IT.
- Show You Can Train Yourself.
Online training is practically free, and it is a critical requirement for anyone hoping to join a cybersecurity team. There are an abundance of online providers, and training in cybersecurity has never been more accessible. Look for deals from StackSocial. You can get a full bundle of certifications for less than $50. Employers will know that you are able to quickly onboard to new technologies and teach yourself vs waiting for expensive in-person training.
- Attend Local Cybersecurity Conferences.
Student rates are often available, making it inexpensive to attend local cybersecurity events. Learn about the latest industry trends, understand and speak with the vendors, network with others in the space, and have a good time. You may need to contact the conference manager directly to ask for a discount code, student rate, or even volunteer to help with the event.
These tips for finding entry-level cybersecurity positions will prepare you with the skills you need to get a foot in the door and have a successful career in cybersecurity. Hiring managers are looking for ambition, fast ramp-up times, and knowledge about existing products. While the job market for new graduates may seem tight, it still has advantages. If you’re willing to do the work to stand out, you will have a better chance of hearing that you’re the best candidate for the position.
About the Author
Ricky Allen is the Field CISO for CyberOne Security, an ISSA Fellow, where he provides security architecture design and leadership management for customers across the country. Allen was President of the South Texas ISSA chapter, and he holds certifications in SABSA Security Architecture, CISSP, CISA, and Six Sigma. Previous roles include time at Accenture as an executive in their strategic information security consulting practice and at HP Enterprise Security Products as the Practice Lead for developing Security Operations programs for ArcSight SIEM products. Allen was focused on retail and manufacturing industries while at PwC where he managed penetration testing and risk assessments for companies across the US. He has presented at conferences such as BSides, Black Hat, API Cybersecurity, HOU.SEC.CON, SANS, SecureWorld, and Data Connectors. Allen is based in Houston, TX and earned a degree in Management Information Systems from Texas A&M University.