Cybersecurity has become the buzzword for Info-Sec with data breaches and ransomware as a service is not just prevalent, but highly lucrative. Through regulations and utter exhaustion of being hacked, companies have invested billions into their IT security posture. This has created a great demand. With shows like "Mr. Robot" and the movie "Blackhat", and activist groups like Anonymous, have paved the way for the “hacker life”. A counterculture, a force to be reckoned with. This perfect storm created one of the largest labor deficits that companies are struggling to efficiently fill these positions. Yet reading all of this, why are so many aspiring cybersecurity peeps struggling to find a job?
There are many answers, but a big piece is simply HR does not know or understand the space well enough to even post effective job openings. They are often loaded with contradictions. For example, a position listed as “entry level” with a low compensation range yet requires a CISSP. Do they know they are doing this? Do they know a CISSP takes 5 years experience before an individual can receive this certification? Probably not unfortunately. Another big part is as a society we are still stuck in the old school mind that you need a 4-year degree to be worth anything. Yet certifications and hands on training are being overlooked. This is all great and dandy to talk about but that doesn’t help our friends get jobs. So how did I do it?
I worked construction before breaking into cyber. I was a high-end finish carpenter who foresaw a recession on its way, and like 2007 when I relied on construction for income I was out of a job. So, I told myself this time I will not wait for the recession to hit, I will move into an industry in which no matter the state of the economy, the world needs its IT nerds. I had already received an Associate’s Degree in Applied Science, specializing in Computer Network Systems back in ‘08 and knew that was my direction. It was early 2021 and the security industry was exploding. After doing research I knew it was time for me to enter a field that I have been around my whole life, from hacker friends in high school and college, to pranking neighbors by changing their Wi-Fi accounts to vulgar SSIDs. In fact, a lot of experiences in my life, being a dumb kid, turns out, is an entire job role called “red-teaming”. I couldn’t believe how many times my friends and I have done things that grown-ups are getting paid to do. Looking back my favorite movies growing up were “Sneakers” and “hackers”. Therefore, I clicked on ad for University of Central Florida advertising their cybersecurity program. In one year, I could earn a professional graduate certification and land a role. I paid the very high fee. After three months I felt very confident in my IT skills and began applying for IT jobs. After a month of applications, I got an interview for a Level 1 Support role. I landed the role and began my journey. I worked hard, forced new responsibilities to showcase my newfound skill-sets. After 7 months I was promoted to Jr. Security Administrator. Now I am maintaining the entire IT infrastructure and hosting monthly Security training meetings. It took a lot of work and some suffering, but I have established myself in a security role and I continue to build upon my own growth. It is important to remember you are not competing with anyone in this industry, you are competing with yourself. I started with zero experience and with my hard work, determination, I am beating the odds. How can you achieve this?
First, the industry is massive, the roles are endless, it is unlikely a newbie is going to learn enough to be experienced and that’s OK. Your first steps for learning will need to be learning the basics like Computer repair, computer networking, and logical fundamentals like IP addressing and sub-netting. Once you have the basics down, you can now move onto landing your first role. Can you get an internship? Yes, but keep in mind, most internships require the applicant to be in a BA program. My advice, target your entry level IT support roles. Any IT experience can easily transfer into Info-Sec. This entry level role will allow you to master the basics and give you a strong foundation to see how corporate networks work. This will give you an edge and better prepare you for the next step. After the mood of comfort sets in and you are on cruise control in your position, that’s a key identifier that its time to buckle down and take your learning up a notch. Start learning security basics. Cisco has the “Skills 4 all” program that will teach you the essentials for cybersecurity which includes labs all for free. YouTube is a great source, there are tons of videos that cater to newcomers. I watched many. LinkedIn is a powerful platform that can lead to great connections and even a mentor. Also, there are great people like Gerald Auger who really helped me put things in perspective. They often host talk panels, podcasts, and discord chats, just for newcomers. They are a great place to really join the community.
Now that you have the basics, you have some experience, it is time to start exploring the many different paths. Such as a SOC analyst or administration. On-prem or in the cloud? There are endless opportunities, it is up to you to find what you enjoy and run with it. Remember you do not have to be Mr. Robot to get a job in security. Red teaming is fun its exciting and I hope I get on one in the future, but to be effective you need to understand the blue side first. Take your time and be a sponge. It is a marathon not a race. This does not mean however you can’t have fun on the weekends. There are plenty of resources like “over the wire/under the wire” and “Vulnhub” to get your beak wet on some hacking. Join some local groups like B-sides. Staying committed and constantly learning in under a year you can also land your first security role. The salary may not be what is advertised by boot-camps but realistically you have to put in the time to make the big money. It will come, as long as you put in the effort. Other resources to train up are “TryHackMe” and “hackthebox”. What about certifications?
Yes, it may be very hard to get a job in security without any certs. That is why I stressed the basics. Don’t go crazy with the certs. It can be very expensive without getting the return on investment. The Security+ offered by CompTIA along with some IT experience will help get you an entry level role like working in a SOC. You may find like myself, the company that hired you for IT Support has treated you well, and you may be able to move laterally in that company into a security role. I could write hundreds of pages on the different possibilities. Just remember the basics, stick to the basics and get that interview. When its your time to shine, shine as bright as you can!
Comments