How to Break Into Cybersecurity

Breaking into Cybersecurity: A practical guide

While the exact number is often debated, the fact that there are more cybersecurity jobs than there are people to fill it is not disputed. For several reasons, a career in cybersecurity might seem like a good idea. When approached correctly, a decent salary is almost inevitable, but should never be the primary reason for wanting to pivot into a cybersecurity career.

From time to time, I encounter aspiring cybersecurity professionals. Many times, this is the theme of the conversation: I have been studying cybersecurity for the past 12+ months, I have been applying to X number of jobs, but I am not even getting an interview.

This is heart-breaking on so many levels; on the one hand we claim to have a shortage of cybersecurity professionals, and on the other hand we have willing people struggling to break into the industry. Naturally, this can lead to demotivation, and the cybersecurity industry can lose potentially top talent altogether.

In this article, I share some ideas and suggestions on how to approach this. I do not make any guarantees. Use what makes sense for you and discard the rest of the advice.

• Define your Why: When you are honest about why we want to break into cybersecurity, it can save you a lot of time, money, and effort. For example, if your expectation is to land a job, do little work, and earn a big salary, I can save you time. Cybersecurity is not for you.

If you want to learn new skills, be challenged, and down the line earn a decent living, cybersecurity might be for you. A good salary is a by-product of good passionate resources. Making this the primary objective will drive the wrong behaviour, create unrealistic expectations, and is unlikely to end well for you.

• Calculate your minimum salary requirement: Note the word requirement, and not expectation. What is the absolute lowest salary you can settle for and still maintain your quality or life and meet your financial obligations? While not ideal, and not always necessary, there might be cases where a salary cut is required. Knowing your minimum requirement will save your time and effort when opportunities are presented to you.

• Network: Once you have determined your why, and you are still convinced cybersecurity is for you, networking is the most powerful tool at your disposal. Networking provides you with the opportunity to connect with potential hiring managers in a less formal setting. At this point, your personal brand must project eagerness, passion, and consistency. Above all else, you must be a curious learner.

• Understand the cybersecurity domains and choose a target: Networking will allow you to meet hiring managers and security professionals. You need to ask as many questions as possible: What do you do? What did you study? What do you look for in a junior security person, and so forth. Asking questions will provide two benefits; firstly, it will give you insight into what the market is looking for, and secondly, it will allow you to connect with security professionals. It will also contribute to your brand of curiosity and eagerness. Your objective at this stage should be to identify a potential job role you want to pursue. This could be a level 1 SOC analyst, an information security analyst, or a junior GRC analyst. It could even be a graduate programme. It will depend on your situation.

• Identify transferable skills and gaps: Once you know what role you are aiming for, you can develop a focussed plan around it. The first step is to reflect and identify transferable skills and attributes; anything from your current or past experience that will put you in good stead with a future employer is worth noting. It must be noted that not all transferable skills may be obvious. For example, report writing, coordination and planning, stakeholder management, vendor management, and people management are all skills that you may have learned in a previous job, which is easily transferable to cybersecurity.

The people you connect with on LinkedIn, the books you read, and the conferences you attend, should all in some way be linked to the role to which you are aspiring. Everything you do, must be evaluated against the goal and objective of landing that role.

• Get Involved: Local chapters and communities such as BSIDES and ICS2 CHAPTER are good places to start. Conferences are another great place to network and learn. While conference prices can be restrictive, view this as an opportunity to be resourceful. Contact conference organisers and volunteer your time as a helper. Being resourceful is a skill worth learning as early as possible.

• Update your LinkedIn and be active: Being on LinkedIn provides several opportunities, including but not limited to, job opportunities, cybersecurity news, networking events, webinars, and the ability to connect with professionals. If you are not comfortable posting your own content, start by liking posts you find useful, and add comments. Even something as simple as “I find this post very insightful, thanks for sharing your insights” is a good place to start.

If you found this article helpful, please share it with anyone else trying to break into cybersecurity.