Ep15: How to Get a Job in Cybersecurity with No Experience (Extended Version)
The show notes for this episode can be found in the previous shorter episode. No need to over extended an already extended version.
---
I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.
--
--
Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:
--
Support this Podcast with a Tip:
--
If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.
Transcript
So it was a test the other day I put in.
2
:How to get a job in cyber security.
3
:Without experience.
4
:And it was the audio from a YouTube short
of course, YouTube shorts, 60 seconds.
5
:And there's a lot of gems in there,
but I did get a couple of questions
6
:from listeners and they wanted a
little bit more of an extended version.
7
:So they understood the concept, but
maybe wanted a little bit more detail.
8
:So that's what this podcast is.
9
:So it's definitely longer.
10
:It's in the 25 minute range, which
may be a little too long, but Hey, if
11
:you're on a long road trip, And that
is what we're going to talk about today
12
:is that short version of how to get a
job in cybersecurity about experience.
13
:But this is going to be the
extended version, and I'm going to
14
:try to go into a lot more detail.
15
:So with that, I hope you enjoy.
16
:Marc: So can you get a job in
cybersecurity without experience?
17
:Well, short answer, no,
not really long answer.
18
:Yes.
19
:And I am proof of that.
20
:And I'm going to give you some
of the things that I did to get
21
:into cybersecurity without any
direct or initial experience.
22
:Tip number one, educations
and certifications.
23
:Now here's, I did a short on
this, but I want to go into a
24
:little bit more detail and depth.
25
:And what I did.
26
:Was when I was doing my I.
27
:T.
28
:style job, I knew that I wanted
to transfer into cybersecurity.
29
:I just, that just was the
field that I wanted to go into.
30
:I had a passion for it.
31
:I knew that where it
was, where it was going.
32
:It's becoming more and more of a thing
today with AI and everything else.
33
:So it is a very important field.
34
:And if you're passionate
about it and you're at I.
35
:T.
36
:and you want to move there or
you just want to get into it,
37
:then this is the video for you.
38
:I started out.
39
:with the CompTIA Security
Plus certification.
40
:And the reason that I did that was
because I didn't know, I knew I wanted
41
:to get in cybersecurity, but I didn't
have any idea of what realm or what
42
:field or what areas I wanted to do.
43
:But I wanted to study for a certification.
44
:And no, I'm not saying that boot camps
and certifications are the end all
45
:be all, but they are a great way to
get started and to figure out what it
46
:is that you're interested in doing.
47
:So I started out with that.
48
:I downloaded some apps onto my phone.
49
:I started studying.
50
:I got the official study guide.
51
:It was, and I started reading and
studying and studying and just
52
:taking flashcards and tests, anything
I could find in the internet.
53
:And I went to one of those facilities
eventually, and I felt like I was ready.
54
:I went to one of those
facilities and I took that test
55
:and I passed and it was hard.
56
:I felt it was hard.
57
:I really wasn't sure if I had passed.
58
:But I did, you know, that feeling
that you get taking certifications
59
:like that or studying for something I
think is super helpful because it will
60
:narrow down what realm it is that you
actually want to get involved with.
61
:And this is a tip I got from
another friend and it was brilliant.
62
:The C I S S P, go get the manual for
that and start studying for that as well.
63
:Because you get yourself into the jargon
and the language and the thinking of
64
:cyber security, you start to understand
all the different realms of it, all
65
:the domains, and you narrow down maybe
what you want to start to do, but you
66
:also have a lot of talking points, and
so when you start to talk to recruiters
67
:and you're going into interviews, It
really helps to get yourself into that
68
:you're, you're basically emerging,
immersing yourself into that field, right?
69
:So one of the things you think about
is, sure, I could study a language on
70
:an app all day and speak with nobody.
71
:Or I could go to a foreign country and I
would really start to learn that language
72
:faster because I hear it all the time.
73
:If you start to study for the
certifications, even if you
74
:don't intend to take them.
75
:It will help you to start to get
into that world, to understand the
76
:language, to understand the jargon,
and that is vastly important.
77
:So education and certifications, if
nothing else, it's just to get you
78
:interested in the subject and to
start to understand the material more,
79
:and understand that cyber security,
information security, is huge.
80
:And there's a lot of different areas.
81
:And you may want to focus on one of
those when you're applying to jobs.
82
:Tip number two, network.
83
:One of the greatest things about this
industry in particular, maybe a lot of
84
:other industries too, is that you can
network and that doesn't mean just what
85
:you think, like networking on LinkedIn.
86
:Networking isn't going to conferences.
87
:RSA is cheap, cyber security
type conference you can go to.
88
:B sides, DEF CON, whatever.
89
:It isn't just to meet people and look to
see, hey, is there a job or an opening?
90
:It's to get yourself into that industry.
91
:So when I started transitioning from IT
into cybersecurity, I got myself a pass to
92
:go to RSA and I just saw all the different
vendors and all the different booths,
93
:all the different technologies that I
hadn't been directly exposed to, but made
94
:a huge difference in what I was doing.
95
:I also got to talk to a lot of people.
96
:I got to talk to a lot of vendors.
97
:And I think that really helped again, when
you're studying for those certifications.
98
:The jargon, the language, being immersed
in that subject, going and networking
99
:is important, but it's different than
what you might have thought about 10
100
:years ago where, Oh, I'm going to go
to this meetup, I'm going to go to this
101
:conference, and this will be a job fair.
102
:No, no, no.
103
:None of that.
104
:It's simply you going to a place in your
industry and just immersing yourself in
105
:that and understanding what's going on.
106
:It really helps to get you into that
mindset and into that field to be able
107
:to really immerse yourself in that tip.
108
:Number three, internships
and entry level positions.
109
:I'm not so keen on the internships.
110
:I didn't start there.
111
:But if you are in college, I would
definitely check with an advisor
112
:and see if they have any connections
or anything that can help you
113
:out with some type of internship.
114
:That usually isn't something that you
find online, but it is something that
115
:your school may actually know about.
116
:Again, not my expertise, but
definitely a way in if you're younger.
117
:If you have a family to support
and things like that, I'm not
118
:really advocating internships.
119
:Entry level positions.
120
:YouTube video after YouTube video
after LinkedIn article, there's
121
:no entry level cybersecurity.
122
:Not entirely true.
123
:It's true in that you're not necessarily
going to come out of college or just
124
:go from IT right into cybersecurity.
125
:However, if you are in IT and you have
experience in that, and I did, it is a
126
:great way to get your foot in the door.
127
:It is hard to go from IT to
cybersecurity, and that's because a
128
:lot of cybersecurity hiring managers
may not see that as a direct transfer.
129
:However, in some other tips I'm going
to talk about, we're going to go
130
:over what you can do to avoid that.
131
:So those entry level positions
kind of do exist, especially
132
:if you have IT experience.
133
:And here's the thing, I've worked in
a lot of different organizations with
134
:a lot of very large IT departments.
135
:And I can definitively tell you that
not everybody in IT has any interest
136
:whatsoever going into cyber security.
137
:None.
138
:So you're not competing
with all of those people.
139
:But it is a way in.
140
:You do have experience.
141
:And it could potentially
be an internal move.
142
:It's harder to do.
143
:It's kind of a lateral transfer.
144
:But that's an easier transfer than having
absolutely zero IT and zero cyber security
145
:and trying to get into that field.
146
:If you don't have anything, at
all, getting into IT, you're
147
:not competing with anybody.
148
:It's not a bad way to go.
149
:And that is what I did
in my own experience.
150
:I actually had a lot of it experience and
I had to translate that into cybersecurity
151
:experience to let somebody know that,
Hey, while I don't have any direct
152
:experience with this, I have a lot of it
type experience with people, projects,
153
:doing things like that, and I can learn.
154
:And so that's a transferable skill
that I'm going to talk about.
155
:Tip number four is
projects and portfolios.
156
:You've heard this before
everywhere, really.
157
:Labs, building your own home lab,
doing whatever it is that you have
158
:to do to gain that experience, right?
159
:So you're building a lab, you're studying,
those are all things, those projects,
160
:those portfolios, helping, you know,
designing your own website, building
161
:your own route, you know, network,
firewalls, routers, anything like that.
162
:Those actually are things that
eventually you could put on a resume
163
:and have talking points about.
164
:And I think that's important because.
165
:A lot of people will just do a lab
and they'll say, Hey, I, you know,
166
:I completed hack the box or I did
something, but really you're doing
167
:a lot more than you think you are.
168
:And that is, those type of skills
are things that you should showcase,
169
:things that you should talk about.
170
:And so when you're looking at
your projects and your portfolios,
171
:just keep in mind, those are
resume building talking points.
172
:And they're also going to translate
into some other tips I'm going to tell
173
:you a little bit later in this video.
174
:So you do not, absolutely do
not want to discount that.
175
:If you build a website that's around
cyber security, you built this website
176
:that's maybe in direct relationship to
some volunteer activities you're doing, or
177
:helping people out in your community, or
you're teaching, or you're doing videos.
178
:That counts.
179
:That actually counts.
180
:And I don't see that on some
of the resumes I've seen.
181
:I don't see any of those type of things.
182
:Like outside activities where
somebody is, they're not waiting
183
:for a path to be built for them.
184
:They're building their own paths.
185
:And that is how they're helping
themselves get into this field.
186
:So, don't discount
projects and portfolios.
187
:Tip number five is online platforms.
188
:Kind of mentioned it before, but,
hack the box, any type of CTFs
189
:that you've done, things like that,
OSINT type skills, helping finding
190
:missing persons, that all counts for
experience, and again, talking points.
191
:What a recruiter's gonna see is, the job
description, and here's what the hiring
192
:manager wants, and here's your resume,
and here's the skills that you can do.
193
:You've got to figure out a creative way of
getting the things that I'm talking about
194
:doing and getting that onto your resume as
things that you have done and do so that
195
:they match those keywords to let a person
know that, hey, I can do these things.
196
:If you've done CTFs, if you've done
Hack the Box, then you've sort of
197
:done red teaming and pen testing.
198
:And if that's the area that you want
to go into, and you don't put those
199
:on your resume, that's a huge miss.
200
:Tip number six, blogs and publications.
201
:I thought about starting a blog, or
writing a newsletter, or doing something
202
:like that, but to build up that type
of authority in this industry, or any
203
:industry, building up an authority
website, unless you've got a ton of money,
204
:It's going to take a very long time to do.
205
:If I started this YouTube channel and I
doubt it's going to get anywhere until
206
:I get to the 150 plus videos, right?
207
:It doesn't matter how good this video is.
208
:It's going to take me a while to build
up authority that anybody even remotely
209
:is interested in what I'm talking about.
210
:So I didn't go down the
blogs and publications.
211
:I thought about it.
212
:However, what you can do and you
should do is connecting to LinkedIn.
213
:Get your profile going.
214
:If it's not going, get a background,
get those keywords in your title
215
:for what you want to do, not what
you're currently doing, right?
216
:Cause people are looking for people that
are, you know, these are the things I
217
:need to do, not what you have done, unless
you want to go into the same industry.
218
:And you're going to start
writing LinkedIn articles.
219
:It's a great way to do it because
that platform is already there.
220
:It's already established.
221
:It's already authority.
222
:And now it gets you a chance
to start posting and writing.
223
:And making content in the field, the cyber
security field that you're interested
224
:in going into and building up sort of
an authority, a little bit more of a
225
:presence, a lot quicker than you could
if you just started a blog in your own
226
:in the maze of the internet where there's
already a million blogs on the subject.
227
:So I did do the blogs and publications.
228
:I just happened to use the LinkedIn.
229
:Because it takes care of
a lot of things at once.
230
:A, it helped me to network on LinkedIn.
231
:And B, I got to actually start talking
about my expertise and the things that
232
:I was interested on that platform.
233
:Tip number seven is additional training.
234
:I actually did take
Coursera and Udemy courses.
235
:They were cheap and free.
236
:They helped me understand a
particular subject matter better.
237
:Maybe you're a little
light in the DNS field.
238
:Maybe you don't understand how to
build your own firewall, whatever.
239
:Uh, Cyberry is another great one.
240
:I'll link to some of
these in the description.
241
:Taking classes like that online, that's
not something I put on my resume, but it
242
:absolutely started solidifying areas that
I felt that I was weak in, especially when
243
:you talk to recruiters or you start to
get interviews, you go into interviews.
244
:You're going to figure out where
your weak spots are, and you can
245
:use these classes to start building
on that and understanding those
246
:areas that you're weaker on.
247
:So, taking some classes online
like this, like Udemy or Coursera,
248
:uh, Cyberic, any of those type of
classes is actually very helpful.
249
:In addition to studying for your
certifications, you can use that as a
250
:kind of a supplement, but it's a very
good way to understand the subject matter.
251
:And solidify some of the things you
may not understand and maybe even
252
:find a domain in cyber security
that you didn't know existed
253
:that you actually really like.
254
:Tip number eight, soft skills.
255
:I think it's important to talk
about those type of things.
256
:I don't like putting it on a resume.
257
:A go getter, energetic, ability to learn.
258
:This doesn't work in
resumes these days anymore.
259
:Maybe it did back in the 80s.
260
:But it doesn't work now or it really
isn't something that I bother with because
261
:everyone's just going to blow by that.
262
:It's fluff, but you shouldn't discount
it because it is important to let the
263
:people know that you're talking to.
264
:Not only can you do the job and you
have the skills to do the job, but you
265
:have the ability to learn, you have the
willingness to do these types of things
266
:that you're working outside and doing
side gigs and learning on your own and
267
:doing all these types, you know, those
soft skills matter producing this video.
268
:It's a technical skill, but
it's a soft skill to be able to
269
:try and improve on my speaking.
270
:And I think that's extremely important.
271
:And while I don't put that on my
resume necessarily, don't want you to
272
:discount that because it is important.
273
:Tip number nine,
transferable skills, huge.
274
:If you're still in this
video, this is huge.
275
:If you're doing something in
it for a long time and you want
276
:to move into cyber security.
277
:You have to figure out a way to make
those transferable skills matter.
278
:If you've built Linux boxes,
if you've hosted or built Mac
279
:machines, if you've done Windows,
if you've done infrastructure,
280
:if you've dealt with users, if
you're dealing with tickets, right?
281
:This may not be directly related
to cybersecurity, but those
282
:are transferable skills that do
matter in the cybersecurity world.
283
:And you should not discount those.
284
:In fact, I had to take a lot of the
things that I had previously done and
285
:reword them into a cyber security way,
like if I built a Microsoft Active
286
:Directory infrastructure, if I built a
SharePoint server, and if it was in a
287
:lab, or if it was in my, you know, current
IT career, whatever, or if I had You
288
:know, designed it, anything like that.
289
:How do you rewrite those
skills to be transferable so
290
:that they're cybersecurity?
291
:When you're building those machines,
what are you doing in your mind?
292
:What are you doing in your mind to think,
how does this relate to cybersecurity?
293
:Was I thinking in a
cybersecurity type way?
294
:Was I thinking in information
security to protect members data?
295
:Was I looking at patches
and things like that?
296
:And if the answer is yes, and it should be
yes, those are things that go on a resume.
297
:Deal directly with cybersecurity, right?
298
:Patch management, vulnerability
management, thinking about those
299
:type things, those transferable
skills are not worthless and
300
:you do have to connect the dots.
301
:One of the best, one of the best things
I heard is I had a friend who I referred
302
:to a particular position and I know
that he could have done the job, but
303
:he took a stock resume or his current
job and did not tweak it at all and.
304
:Applied for a position that I, like I
said, he could have done, but didn't have
305
:this, didn't connect the dots in that.
306
:And so the hiring manager asked me
because it was a referral from a friend.
307
:I just want to make sure that this
person, you know, just want to
308
:take another look at and make sure
I'm not missing something here.
309
:And the interesting thing was he
gave, he gave me a really good tip.
310
:He's, he said, nobody has
time to connect the dots.
311
:Meaning.
312
:Your resume, when you submit that, and
this is why you always hear about creating
313
:a tailored resume for that particular job.
314
:When you submit your resume for that
position, you need to connect the
315
:dots to the recruiter, to the hiring
manager, so they can understand that
316
:you are the person that can do that job.
317
:They are not going to have time
to connect the dots for you.
318
:So if you don't connect the dots,
they're not going to do it for you.
319
:So those transferable skills that you
have, that you know have something
320
:to do or could have something to
do with cyber security, You're
321
:thinking that mindset, right?
322
:You've got to connect the dots.
323
:So not only do you not discount
transferable skills, but you need
324
:to connect the dots with the hiring
manager and the recruiter to let
325
:them know that you have the skills
to do that because they're not
326
:going to connect the dots for you.
327
:Tip number 10.
328
:Stay updated.
329
:Listen to podcasts, read blogs, keep up
to date as best you can on what's going
330
:on in the field that you're interested in.
331
:I had one person when I was in an
interview, it was kind of a round
332
:table, they said, what podcast
do you listen to for security?
333
:I actually have some on my overdrive.
334
:And so I was able to answer that question.
335
:Doesn't mean you listen to it
every day, but if it's a question
336
:they're going to throw at you,
like how do you stay updated?
337
:You've got a great answer.
338
:I read these blogs, I use Feedly, I've got
Overdrive, and I listen to these podcasts.
339
:That's it.
340
:No one's going to ask you what happened
in those podcasts, or what do you
341
:find most interesting about them.
342
:How do you stay updated in
this field that's constantly
343
:changing is a valid question.
344
:And it is one you can easily
answer by staying updated.
345
:Very easy.
346
:So whatever industry that you're in, go
ahead, subscribe to some blogs, subscribe
347
:to some newsletters, listen to some
podcasts, That's how you stay updated.
348
:That's how you answer that question.
349
:Tip number 11, further education.
350
:So if you want to go back and get
a degree in information technology
351
:or a information security related
field, you can certainly do that.
352
:That isn't what I did.
353
:I studied for, like I said, the
CompTIA, Security Plus and the CISSP.
354
:Those are the two things
that I went after.
355
:However, further education, you want to
learn API security, things like that.
356
:More than just the online
classes, there may be something
357
:you can actually take, right?
358
:You may be able to go to a conference
and go to some of the training sessions,
359
:and that would be further education.
360
:A little bit hard to do when you're
not actually working in the industry,
361
:unless you want to spend that money.
362
:But it's another way.
363
:It's another thing to put in your resume.
364
:It's another talking point and
it's something that's extremely.
365
:Number 12, seek mentorship in college.
366
:This could be a career counselor
or your instructor to figure
367
:out, Hey, are there different
internships, things where I should go.
368
:If it's in LinkedIn, you can actually
network with people, especially
369
:people that you've worked with.
370
:Certainly reach out to people in the
field and craft a message to tell them
371
:what it is that you're trying to do,
what it is that you're looking to do,
372
:and can they offer any tips and tricks.
373
:I've had people who I previously worked
with in the customer service area that
374
:really wanted to go into cyber security.
375
:They didn't do it while they were
working there, but they really liked it.
376
:And it just so happens that
I had some tips for them.
377
:Because I asked.
378
:And so it could be as simple as that.
379
:Seeking mentorship is a good thing.
380
:Cold calling, cold emailing,
cold LinkedIn reaching out.
381
:I don't really care for that myself.
382
:But if you do have someone who you've
connected with previously, and maybe
383
:one of those conferences seeking
mentorship, how you can improve
384
:yourself, what areas should I look at?
385
:How can I do things?
386
:Very valid.
387
:You should do it while you're
currently working, and you should
388
:also do it in your professional life.
389
:It's a little bit easier said than done.
390
:But seeking mentorship is
something you absolutely positively
391
:should spend your time doing.
392
:Tip number 13, volunteer opportunities.
393
:Is there something that you can
do in your community, friends, or
394
:family, to volunteer in the cyber
security field, in the information
395
:world, that can go on a resume?
396
:So if you went to public center and
you gave a presentation on password
397
:managers and why, what they are, why
you should use them, how you should
398
:use them, and then you helped people.
399
:Download one and configure them.
400
:And you made a training
video on that kind of thing.
401
:Do you think that doesn't
go in your resume?
402
:For rolling out a password manager
to, you know, a subset of 50
403
:people, 60 people, whatever?
404
:If you don't, you should put that down
because it is something that you do.
405
:Doing that is just as valid as doing
a 50 60 people at a private company.
406
:It's you doing a thing in the field for
a group of people training and learning.
407
:And educating them and then helping them
out, doing something in cyber security.
408
:If you do it for 50 people at your church
or 50 people at your company, you're still
409
:ruling out a password manager, you're
still explaining it to everybody, and
410
:you're still showing them how to do it.
411
:And it's valid, and if you don't put
it down as a talking point at least, or
412
:something on your resume, you're missing
out on a really large opportunity.
413
:And the last tip, and the best
tip, because nobody's going
414
:to make it to the end of this,
Is starting your own business.
415
:Meaning if you want to go from it and you
want to go to cybersecurity and you've
416
:got this gap in between where it's really
hard, you're using your transferable
417
:skills, you're volunteering, you're
doing everything that you possibly can.
418
:Starting your own business
allows you to pave your own path
419
:and it allows you to go and.
420
:Either offer those services to other
companies or other people for money or
421
:for free or whatever you want to do.
422
:You can create that page on LinkedIn.
423
:You've got your own business now where
you're doing these type of things.
424
:And you can start creating your
own avenues and your own pathways.
425
:into the field that you want to go into.
426
:And then maybe that business
will actually take off.
427
:And you realize that I
like doing small business.
428
:I like actually working for myself.
429
:And if it doesn't work out, the easy
talking point is I tried to do my
430
:own business and I realized it was
a little bit harder than I thought.
431
:And I really like working with people
in sort of an organization where things
432
:are a little bit more managed and that's
an easy transfer into cybersecurity.
433
:So you can go from it, you
have cybersecurity over here.
434
:And you don't know where to get into
that middle, start your own business.
435
:Does that mean you have to start
an LLC or drop a ton of money?
436
:It means you find a name, you find a
logo, you find an about, you put that on
437
:LinkedIn, you start your own business,
and you start doing things in the
438
:business capacity to create your own
experience that goes on a resume, because
439
:it's your own business, and fills in
any gaps that you may or may not have.
440
:And that is a tip.
441
:Hardly anybody is going to give
you is starting your own business.
442
:Because when you do that, you'll be
able to do a heck of a lot more stuff.
443
:Then you would in any other capacity
because you're doing it for yourself in
444
:a business capacity and you're creating
those things So starting your own business
445
:if you haven't thought about it, you
really should think about it So with a
446
:combination of these strategies, you can
really build a robust resume and gain a
447
:lot of valuable experience Even if you
haven't had any Direct experience into the
448
:cyber security world, it is very possible
to go from an IT world into cyber security
449
:by using some of these tips and tricks
and building your own pathway into that.
450
:I would have to say the ones that I found
to be most important were networking, the
451
:industry certifications, starting my own
business and taking those transferable
452
:skills and connecting the dots.
