By: Emin Caliskan, Cybersecurity Trainer, Career Mentor and a finalist in the Security Leader/Mentor category in the Security Serious Unsung Heroes Awards 2019.
When it comes to cybersecurity skills shortage discussions, I genuinely admire our colleagues & academics when they advise “companies” to stop looking for best-of-the-best and give opportunities to job seekers (internship, entry-level position etc.)
But here’s the blunt truth: that’s NOT going to happen.
I am sorry to say this, especially for individuals who are trying to get into this business, but companies (I mean employers & hiring managers, obviously) really don’t care about your personal/career/life situation.
And there is absolutely no reason for them to *help* you. They only care about their problems. And they are right.
They don’t want to take the risk with someone with no experience, motivation or dedication who simply applied for a job in 30 seconds with a template CVs they use to apply 100 jobs everyday.
That’s not really a differentiator, as you probably agree.
Furthermore, cybersecurity is a risky business. That’s why many times they are willing to pay extra 50K per year to find an experienced professional who is “more likely” to solve their problems. They decrease their chances this way. Why? Because the problems (cyber attacks like ransomware, DDoS, phishing etc) which might occur in their environment can be very, very costly (millions of dollars/pounds)
In fact, that’s the reason why “skills-gap” is only experienced individuals. Not for beginners.
If that’s the case, what can you do if you’re looking for an entry-level position in this field?
There are certain ways to bypass this challenging situation and increase your chances.
After meeting/talking/discussing with 150+ entry-level professionals last year who are trying to get into this business; I observed certain things which high-achievers do and others don’t.
Here is the summary of that list.
1) Accept the fact that only YOU can help yourself.
Embrace it. Don’t wait/expect anything from the industry. Take ownership of your life/career. This is the mindset part, which is the most important 1st step.
2) Complete the essential training/certification in your desired field.
This will help you to build confidence and it’s a conversation starter. Complete this step as soon as possible. This training/certification is NOT enough to get you hired. But it’s something you need to do if you are just starting out. Do this sooner than later.
3) Don’t spend months and months to become a “cyber-ninja”.
You can only learn up to a certain level if it’s not a real-life business environment. Simulations have certain limitations. Most importantly, they are *simulations* 😉
4) Don’t try to collect all the certifications out there.
And don’t even start with advanced certifications like CISSP or CISM etc. If you are just starting out, let’s say in ethical hacking, even OSCP is an advanced certification for you. It takes a lot of time to get it, which might create lots of frustration. You may potentially give up just because of this. Focus on quick wins instead (Security +, CEH etc.) and don’t forget your ultimate goal, which is getting a job. No matter what the certification is, no-one will hire you just because you are certified X,Y,Z.
5) Find Career Advocates
There is a thing called “Unconscious Bias”. Hiring managers tend to hire individuals who are known to the organization. (Hidden job market)
You have probably witnessed so many times people can get jobs simply because they have connections. Friends. Relatives. The list never ends, but if you don’t create a *genuine* network and meet with individuals who can be your advocates, you will miss a significant step. And don’t forget, according to a theory, you can reach ANYONE in the world in just 7 steps. You need to take advantage of this.
6) Don’t be a commodity
If you only rely on your skills, I have bad news for you. There will always be a competitor who has more certifications, has more skills, has more experience etc. The only way to bypass this is with your passion, interest and genuine care about that position.
7) Find a problem you care about and solve it BEFORE you get hired.
This is valid for every career. If you don’t care about that industry/company/position, don’t even apply for that. Even if you get hired, you will have miserable days to spend in that company (personal experience back in my own career :/ )
The second step is to spend enough time to show your dedication.
After identifying the problem, make sure you solve it for FREE before the interview/job application process. Spend some time. Come up with a report, maybe a small tool, market research or a vulnerability mitigation plan. Whatever they might be interested in, just prepare & present this to your potential employer. It’s 10x more effective than your CV/Cover letter (which, in reality, they don’t really care much about it)
8) Narrow down your interests, strengths, and focus
Don’t be a perfectionist. Less is more. Focus on quality instead of quantity. It helps you dramatically because you don’t have to learn every bit of detail this way. You can just focus on specific solutions/tools/technologies which can save countless hours from your time.
9) Be a learn-it-all, instead of a know-it-all
No matter what you study on your own, there will always be a tool/business process/solution which you are not familiar with. Just accept this fact and change your attitude/aptitude accordingly.
The hiring decision is a complicated thing, and many times, a subjective thing. Although recruiters/HR managers talk about skills/credentials etc, they decision makers (hiring managers) look at the attitude/aptitude more often. Because they KNOW skills can taught if you have the right attitude. It’s good news though, because they can pay for your training once you get the job (and you get paid for your time being in that company as well. win-win:)
10) Find a mentor
You just read the 10 steps which I put together according to my own experience. You can find same/similar/different advice out there when you google it. That’s not the point.
The point is, what matters is the execution. Not the roadmap.
The reason is, it’s not an easy task to get hired as a cybersecurity professional if you are just starting out.
There will be challenges. Obstacles. Rejections.
That’s why it’s crucial to find someone who can help you from beginning to end. I am not talking about online forums/discussion groups where you can get random advice from random people, which are not even consistent btw. Everyone has an opinion in this field, and many times some people lead entry-level professionals in the wrong direction I am afraid.
What I actually mean is you need to find mentors who are willing to help you and can be there for you when you need it (and you will need it for sure)
TL/DR – Summary
If you want to start a career in cybersecurity, make sure you focus on these things;
– Find a problem you can solve (or you will be able to solve in a couple of months after you get hired)
– Find a problem you are willing to solve (Don’t focus on things you don’t care or no else cares)
– Make sure hiring managers like you (I am talking about your building a network, attitude, aptitude, business-acumen or referrals)