Tips for Getting a Job in Cybersecurity
#1 Cybersecurity is not all about hackers and hoodies
I have never been to the big hacker conferences such as Defcon or Black Hat. Because despite how cool hacking looks, it is not the only career path in Cybersecurity. Examples: Amazing teachers such as Ambareen Siraj who is educating the next generation of cyber heroes and heroines. Lawyers who are working to maintain data privacy and data protection. Data scientists who are developing AI and machine learning algorithms to detect security threats. Engineers who are working to secure new technologies such as AI, Blockchain, and IoT. Analysts who perform Threat Intelligence to find the latest 0 days. Law enforcement who work to solve cyber crimes using digital forensics. SOC analysts who analyze security events and perform malware analysis. Cloud security architects who design security in the cloud Project Managers who keep security projects on track. CISOs who lead security in organizations. Auditors who assess an organization’s security posture and compliance with regulations And the list goes on and on….
#2 Know yourself
In all the articles, posts, journals, and books I have read I hardly see this mentioned in detail. During the daily chaos of kids, long commutes, meetings, and responding to security incidents it is almost impossible to stop and remember who we are and what defines us. Because it is hard to know which job in cybersecurity is right for us without knowing ourselves which goes beyond just strengths and weaknesses. 3 Dimensions: How we see ourselves, who we are under the surface, and how others perceive us. One can reflect and think back to past jobs, hobbies, things you like to do, sports, or even things your partner says you’re good at. Or you can ask your friends and colleagues about things they see in you. Personality tests can also be a guide to discover who we are under the surface. Sometimes who we think we are may not reflect who we really are. Are you a natural born leader? Can you keep a large number of tasks moving forward logically? Are you cool under pressure? Can you look at numbers and letters to recognize patterns such as in cross word puzzles or Sudoku? Can you take multiple components to build a structure? In short once you know yourself, finding the right job in cybsecurity becomes a little bit easier.
#3 Go where the jobs are
When looking for a job in cyber, you can increase your chances by going to where the jobs are based on what you want to do. Some cyber jobs will be more plentiful in certain areas compared to others due to company strategy, strategic location, economic costs, and company history. For example, if you want to work in a SOC, find out where the SOCs are located. A quick search on the Internet will show that one big company has SOCs in the states of Georgia and Colorado. Supply and demand play a role as well. For example, California passed the Consumer Privacy Act in 2018, so as a result, there are more privacy jobs there compared to say Hawaii or Alaska due to increased demand. In 2017 New York introduced the NYDFS (New York State Department of Financial Services) Cybersecurity Regulation (23 NYCRR Part 500). This mandated stronger cybersecurity measures to protect customer data at insurance companies, banks, and other regulated financial services institutions. In turn this led to increased demand for cybersecurity professionals to help these organizations to be compliant. In short, when looking for a job, go where the jobs are.
#4 Hidden job market
Instead of applying for a job directly, you can utilize the hidden job market through referrals. When a candidate is referred for a position, they have a greater chance of getting an interview. One of the best ways to find people to refer you is at networking events and conferences. It is even possible to meet a person who could be your new boss. If you get along, that person can push your resume forward even quicker. Alternatively, if friends know you are looking for a job, they might know someone who has job openings. Working with someone you know can help you get the interview and give you the opportunity to bypass some of the red tape.
#5 Determine the type of company you want to work for
Some criteria for finding the best company for you:
Size — Startups, established companies, to large companies.
Name brand — No names to globally known
Financial health — In the red vs in the black
Reputation — Good vs bad
Distance — Near vs far
Travel — All the time to none
Safety — Would you feel safe
Tips:
Research
Look at news past and present to find any issues, layoffs, management issues, lawsuits
Look at financial reports
There is no one size fits all. Given the current state of the global economy, some companies are doing better than others. Some people would feel happier at startups whereas others will feel more at home in large global corporations. With the current pandemic, many people are working from home. It remains to be seen if this will be allowed to continue after the crisis ends.
#6 Break free of stereotypes
Happy Juneteenth! Today being June 19, this is one of the most important tips for getting a job in cybersecurity. All too often, we are judged based on stereotypes that are ingrained in our history and culture. These stereotypes are also barriers to entry for many who want to work in cybersecurity. When applying and interviewing for cybersecurity jobs, we should not let stereotypes hold us back or define us. We need to break free of stereotypes. cybersecurity
#7 New technology
One of the biggest missed opportunities for folks wanting to work in cybersecurity is when their options are limited and they avoid new technology that is changing the world. Technology innovation, just like during times of war, has been accelerated by the COVID-19 pandemic. One need only look around to see it. For example, some artists use Virtual Reality so people can still go to concerts and feel like they are there even from the comfort of their own home. Another example is the use of drones to deliver lifesaving medicine to distant corners of the world not easily accessible by road. All these new technologies: VR, IoT, Blockchain, AI, Automation, Big Data; they all need new generations of cyber experts to protect them from the latest cyber threats. My tip: Learn about new technology, be inspired by them, and learn to protect them. It will make you stand out from the crowd and open many doors.
#8 Use existing skills
Many people assume that transitioning to a job in cybersecurity means that their skills from school and other jobs are not relevant nor applicable. For example, people working in the legal field are great candidates to work in privacy since they can use their existing superpower knowledge of laws to help companies steer through the storm of multiple layers of privacy legislation that exist today and that are constantly evolving. Others who work in IT already have some technical knowledge to help them make the transition to cybersecurity. Even cyber skills from school such as projects and even volunteer work all help to show one’s commitment to cybersecurity that will help make a difference in the cyber job hunt.
#9 Ask people for help
One tip that is overlooked by many is to simply ask people for help. For example. ask the security engineer at your existing company to find out more about cybersecurity and to learn from them. That same person might one day be the one who refers you to the security team. Ask a person in the industry to mentor you. Ask a friend who you used to work with for a referral. Ask for help with your resume. Ask for help to practice interviewing. Ask a security engineer working at that cool company what its like. As the saying goes: Ask and you shall receive, but we need to have the courage to open that door. If not, the door will remain closed.
#10 Be yourself
After working in tech and cybersecurity for so many years, the biggest tip is be yourself. It is all too easy to let the industry, a company, a boss, a team, or other people mold us into who they think we should be. Sometimes we lose ourselves in the process and forget who we are. We all need to remember to be ourselves, because we are all different with a unique history and background. It is that uniqueness and the choices we make that define who we are and that will determine our success or failure in getting a job in cybersecurity.
Highly accomplished Cloud Security Engineer with special expertise in security architecture, vulnerability management, data security, incident response, security tools, and regulatory compliance in national and global enterprise IT environments. Extensive experience across multiple industries: pharmaceutical, government, retail, oil and gas, software, healthcare, financial, semiconductor, satellite, and manufacturing.
Nathan Chung is dedicated to strengthening the information security environment through continuous learning and community service, Co-founder and board member of Women in Cybersecurity (WiCyS) Colorado, the Colorado local affiliate of the largest women in cybersecurity non-profit in the United States with 20 affiliates and more than 5,000 members nationally. Board member at Spark Mindset, a non-profit in Colorado dedicated to the only gamified Virtual Reality (VR) experience that prepares students for cybersecurity careers. He also volunteers at Cyber XR Coalition, a group dedicated to proactively anticipate and address the cybersecurity challenges faced by globally dispersed researchers when establishing baseline standards and the discovery of novel cyber attacks in emerging technologies.
