Please upgrade your web browser

These pages are built with modern web browsers in mind, and are not optimized for Internet Explorer 8 or below. Please try using another web browser, such as Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, Google Chrome, Mozilla Firefox, or Apple Safari.

How to get started in cyber security when everyone wants only experienced workers?

Veteran

clyde underhill Jacksonville, FL

I know everyone wants this question answered but I was hoping to hear from someone in infosec or cybersec, what else can I do to get a start in that field.

9 September 2020 13 replies Mentoring

Answers

Advisor

Jeff Martin Ashburn, VA

I’d suggest that you network at the target company or industry. Use LinkedIn to find people already working there and reach out to them. Ask them the process they used to get hired and ask them to help you navigate the hiring process and if they are willing, ask them to submit you as a referral. These activities require much more time on your part but in my opinion would greatly increase your chances for success. Good luck!

18 September 2020 Helpful answer

Advisor

Richard Darden Leesburg, VA

Clyde,

Looking at your profile, I would say you are experienced! It is just not the normal experience that folks use to gate a typical cyber security job position. So you need to get creative in your resume to attract a recruiter's attention so they want to know more about your skill set. You obviously can take a class and pass a certification. My guess is you could teach what you have learned/ So could you teach cyber security? That way you can leverage your teaching experience. Color outside the lines to get your nose under the door.

Dick

Advisor

Johnathan Van Houten Sarasota, FL

It’s an example of the old catch-22; I want a job in this field to acquire some experience, but I can’t receive a job in this field unless I have experience.

The beauty of working in cybersecurity is that it aligns with all other aspects of technology work. What you really should be asking is, what do I need experience in to move into cybersecurity, and the answer is “yes.” While that may seem counterintuitive, bear with me.

Cybersecurity is all about passion, passion in wanting to know things, how things work. If you know how things work, you can start to see the patterns in what makes them not work. Start with something like system administration, then lead that into application server admin, databases (structured and unstructured), and networking.

Once you have a foundation, moving into the security realm is more about timing and interest. All these other things feed into cybersecurity, so to know it, you must know them. Certifications are OK, but without foundational knowledge, they are hollow. It’s more about passion than anything else, aside from experience, of course.

I might recommend you start where you left. When I got out, I worked as a contract engineer at special operations HQ, working in the comm group. The pay was suboptimal, but I moved around quickly and reached into all the areas I desired. Eventually, this led to working security and then breaking things – intentionally. All of this took less than two years. It comes down to drive and desire.

Job postings are sometimes ambiguous (often purposefully). For example, if you take a role as a system administrator, you will be expected to comply with corporate and regulatory guidelines. Your organization will (should) have a policy in place to govern how you comply, but the act of compliance rests upon the shoulders of the ones who manage the program. Therefore any job can relate, to a degree, to security. If not already an expectation, you may find opportunities to be proactive in this capacity. However, while cybersecurity is everyone’s job, not everyone is a qualified cybersecurity analyst. Use the opportunities to garner enough experience to make the step in that direction.

Cheers,

Johnathan

Advisor

Amit Chaudhary San Jose, CA

One way to standout,
-Be good in some subfield that you write articles on it.
-First, just find out what these folks are doing in their roles. In my company, they investigate and learn to use tools such as signal science and cloudflare, to approach would be have your own website signup for these and tune them, incl. blocking countries, failure limits or learn how to send dictionary or paid password attach to your own website and then how to block it so your real users can continue. You can do the same for networking, or Microsoft ADSI, etc
-Now, In your application, put as much effort in each as you would in full day job interview. Go for 5 applications in a month, 1 per week and 2 interviews and one job.
-Use new email address and google phone, if you sent canned resumes earlier and have been marked as reject due to same.

All the best.
DM me after trying above, if you have questions, etc

Advisor

Jordie Kern Amherst, MA

We provide free training, mentorship, and job placement. Let me know if you'd like to learn more. Good luck!

Veteran

Shane Metz Maple Valley, WA

Hi Clyde,
Have you instituted any security policies, or cybersecurity requirements at your current job? Look at what you have done in the past 4 years and look at how to input it into your resume. But I would look at getting started with USAJOBs (https://www.usajobs.gov/GetJob/ViewDetails/535649500) Information Technology Specialist (INFOSEC) GS 9-12.

Advisor

Ruben Gavilan Reston, VA

There are some interesting responses here. I wanted to step in and provide some information that everyone is perhaps accidentally skipping over.

Previously it was mentioned that "Everyone requires experience". Please keep in mind when you say this that many busineness providing cyber security and providing it to their end customers, these customers (rightly so) define what are the acceptable minimum levels of qualifications that they will accept for a given Labor Category.

This is generally beyond the company owner to manipulate, at least significantly. Please do not take it out on the recruiter or anyone else that you do not have the qualifications to meet the positions requirements. That is not their fault.

Moving past that, the speed at which Cyber moves is exceptional. If you can prove to me you are doing more than anyone else is, or doing it better, you will get a job. If you are just lining up to say " me too " and everyone with you has the same or better qualifications, then you are likely to lose.

As with anything you do, if you want value beyond others, you must demonstrate value beyond others.

Have you exhausted all of the free training that's available for commonly used security products such as Elastic or Splunk?

That would be a great place to start, learn it, develop something worthwhile, and you will have your job.

Veteran

Lee Legnon Spokane, WA

Hello Clyde,

First best of luck in your search, we've all been there. There are a number of free resources you can find for training here's one (https://niccs.us-cert.gov/training/veterans). Certifications in conjunction with experience is important to most employers, but as someone else mentioned there are many Jr. Analyst Positions available where you can also build skills. They aren't the most glamourous, but you'll learn a lot while in the trenches. I've advised a few others of this path. They've increased their certifications while "at the desk" and come away with 2-3 years of real world experience that you can discuss during any technical interview. If that doesn't work for you, any chance you could use what skill you have in a volunteer capacity at a local cause (education, non-profit, etc.) for a resume builder? I think you have lots of options.

Again, best of luck

Veteran

Tim O'Brien Santa Clara, CA

Hello Clyde,

This is a common ask for those trying to "break into" our industry; and are plenty of threads out there on the topic - some helpful, many not. May I suggest getting connected with VetSec folks, the Starting an InfoSec Career – The Megamix by fellow veteran Lesley Carhart [start here: https://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/]. Also, to help with your journey there are two readings I provide to folks I'm mentoring:

How To Ask Questions The Smart Way by Eric Steven Raymond (ESR)
http://catb.org/~esr/faqs/smart-questions.html

and

How To Become A Hacker also by Eric Steven Raymond (ESR)
http://catb.org/esr/faqs/hacker-howto.html

Good luck!

Advisor

Brock Renshaw Tampa, FL

Have you considered a head hunter in the JAX area who specializes in field? Or a temp agency?

Advisor

William Munroe Dunstable, MA

Hi Clyde
There are a couple of organizations out there that helps vertans move into IT and cyber security. Rhere are hundreds of thousands of opennings in cyber security that no one can fill and a majority of the roles are for junior analysts. Take a look at
https://www.npower.org/ and https://www.icmcp.org/ - both have specific vertans focus.

What you need to get a cyber security job is hands-on experience to show you can get in and do the work. Look for all the free online training you can find and then talk to those folks.

My company is a cyber security training company and I am work with both of them and give them highly discounted training that leads to a security analyst level 1 cert. If you send me an email address or connect with my on LinkedIn, I will also send you all the training we offer through promotion - we have another one next week.

What is your cyber experience?

Best Regards
Will

Advisor

Charles Lewis Darien, CT

Hi Clyde,

Great question but unfortunately it is not the easiest one to solve. You have the degrees and certifications to get you in the door. There is the standard "hands on" experience many security folks expect you to have that may be missing, however. I recommend three approaches. First, demonstrate how your previous experience aligns well with what you want to do. It may not match perfectly but you can frame your story that way. You can also work to join hackathons and conferences to network and make connections. Second, apply for some of the entry jobs and know you can rapidly move up, especially in the banks in Jacksonville. Finally, look at cybersecurity specific organizations. These will recognize your skills and have HR folks targeting cybersecurity specifically.

Hope that helps!

Advisor

Andrea Bryant New York, NY

Hello Clyde,

Thank you for your question, and thank you for your service! I will reach out to a couple of folks I know who may be able to speak to your question to hopefully get some more tailored advice for you.

In the meantime, I would recommend checking out past questions similar to yours, especially this one:
https://acp-advisornet.org/questions/5168
It is recent and would give you an idea of Advisors with the experience you are looking for on this site. Should they have it indicated in their profile, you can send them a direct message for more detailed answers to your question.

I realize my answer is more than a little general, but I will direct my responsive contacts to your inquiry as well once I get in touch.

Best,

Andrea

Your Answer

Please log in to answer this question.

Sign Up

You can join as either a Veteran or an Advisor.

An Advisor already has a career, with or without military experience, and is willing to engage with and help veterans.
Sign Up as an Advisor.

A Veteran has military experience and is seeking a new career, or assistance with life after service.
Sign Up as a Veteran.