I speak at a lot of events from conferences to webinars each year. One common question I get when I’m taking final questions is the title of this post (or something like it). I’m often asked about what certifications I should take, what training to get a role in cyber or how do I get my first job in cyber? I’ve posted thoughts on this such as answering which cert/training you should take HERE.
I saw this post from shehackspurpole that hits a lot of the points i’ve made in my view of this topic. That post can be found HERE. Some recommendations she makes are ones I haven’t considered but sound useful. My personal overlap of thoughts are
1) You need to first figure out what type of work you want to do. Pre sales or delivery? Technical, or more social? Red, Blue or Purple? Lots of travel or work from home? There is a role for every type of person but you need to figure that out before building the best path to that goal.
2) Build a brand. The shehackspurple talked about specific steps around building a brand such as tuning up your LinkedIn account. Agree that your brand is important. I would say even your approach to how you think is just as important. For example, I’ve hired people that spent most of the interview talking about home projects they built vs somebody with a ton of certs. People can train you on the job. What they typically are looking for is your passion and grit aka how you work in an environment. If the role requires soft skills aka presenting in front of people, you better expect you are going to be evaluated how you answer questions as well as ask questions to make sure you are understanding the questions being asked. So I say brand + your persona matching the role you are seeking is key. I’ve seen many people NOT get the role because they had the technical chops but was not somebody the team would want to put in front of an audience.
3) Mentor is a great idea to understand what the day in the life is really. Everybody at first thinks pen testing is the cool stuff but it may not be the life you want. I give the example of lawyers. We all have seen movies with lawyers in court rooms doing cool things but the actual job is 90% in an office doing research. You won’t know this unless you research and/or speak to somebody in the actual role.
4) Learn the skills …. but I would add also match that with what the role is hiring for. If you want to work at Microsoft … get Microsoft certs to show you are committed to that type of role. If you want to a leadership role, think CISSP so you have the language down for the role.
5) The last one I will take is she points out volunteering and telling people about what you want to do. My view of this is try to get around the people and if they like you, they will get you the job. A long time ago I wanted to get an engineering job and applied for everything. People with more experience was beating me every time. So I took a temp job to get in the org I wanted to work for and busted my ass as well as met everybody I could meet. I explained my background and goals with those that listened and eventually, I had internal champions helping me get the role. I had one guy say “if you can get these four certifications in 1 month, I’ll hire you” … which he was thinking its a impossible challenge. I got those certs and he got me hired into the engineering org bypassing many people in help desk that have been waiting for the same role.
Hope this all helps. Check out that article and my posts on this blog. Lastly, I talk about this topic in my Modern SOC book found HERE.