topic Re: Jobs in Cybersecurity Job Openings

Jobs

ChristianC — Wed, 11 Oct 2023 22:24:58 GMT

Hello all! I recently passed my CC exam and am excited to be joining the community! I have ten years of experience as a retail manager for a very large well known home improvement store and am desperate to get into cybersecurity. I have experience leading teams of 140+, operational and some technical experience from solving issues on a daily basis but no formal tech experience. I’m wondering if the CC is enough to help me get my foot in the door while I continue my education and go for my CISSP? Thank you for any help!

Re: Jobs

emb021 — Thu, 12 Oct 2023 15:47:58 GMT

Sorry to break it to you and everyone else trying to get into the field, but NO certification BY ITSELF will get you a job.

At best, they will help you get past the HR gatekeepers.

What companies are looking for is knowledge, skill, and experience. Certs by and large indicate knowledge. Very few indicate skills. Some may indicate experience.

Its often VERY hard for people to get into our field, but you often have to pivot from related fields using your technical or other skill set.

One issue is you made no mention of WHAT kind of role you are aiming for. I recommend you check out something like the NIST NICE framework, which lays out several IT jobs and what is needed for them.

I would ALSO recommend that you seek out local infosec/infosec related groups to meet and network with people in the field. This includes local chapters of ISSA, ISC2, ISACA, maybe Infragard, maybe local Defcon groups, etc. Here you can meet a wide range of people working in the field. They can give you advise, maybe point you in the right direction.

You mentioned you are going for your CISSP. Understand you will need to show you have experience in 2 of the domains over a period of 5 years. Otherwise you'll only be able to obtain Associate of ISC2 status.

Am sure others here can add to this.

Re: Jobs

JoePete — Thu, 12 Oct 2023 19:13:32 GMT

@ChristianC wrote:
I have ten years of experience as a retail manager for a very large well known home improvement store and am desperate to get into cybersecurity. I have experience leading teams of 140+, operational and some technical experience from solving issues on a daily basis but no formal tech experience. I’m wondering if the CC is enough to help me get my foot in the door.

You've got some management experience. Ask yourself, how do you hire people. Do you care that they took a training course/certification for the cash registers you have (probably not). You're more interested in are they reliable, professional, coachable? A lot of verifying those things come down some form of personal connection or recommendation.

Security is not really an entry level gig. It's a secondary level. Construction has laborers, sub-contractors, carpenters, etc. That's the parallel of entry-level IT and some specialization. Security is more akin, architects, building inspectors, and engineers - people who probably started in those other jobs or have at least spent a few years getting to know what those jobs do.

Having the CC or other entry-level certs won't hurt you, but I'd find someone in the industry that you want to be in a few years, and ask him, her, them, what you should be doing. They'll probably point you toward some IT roles. But I would focus on finding the right people more so than job titles. Who can you learn from and work with are really important in this industry.

Last comment, I always grimace a little when I see things like "lead" or "manage" hundreds of people. Yes, they may be in your reporting line, but unless you work at a nightmare of a place, the reality is most of us have only a handful of people who report to us. It's all hierarchy and delegation. That's a pretty important concept in security as it dovetails with governance concepts, policy, even privileges. Think of how you want to present that to an employer - you want to get across that you were important, but you also want to communicate that you can delegate and develop other managers.

Re: Jobs

denbesten — Thu, 12 Oct 2023 19:34:56 GMT

@emb021 wrote:
What companies are looking for is knowledge, skill, and experience. Certs by and large indicate knowledge. Very few indicate skills. Some may indicate experience.

This is an excellent insight.

One might claim "skill and experience" is a chicken-vs-egg problem, but it is not because a perfect match is not needed. Yes, a closer match is better, but any IT experience can be helpful, as can any physical security experience. For example, a university sysadmin might emphasize insider threat handling; an EMT might discuss their "incident response" experience and a law enforcement officer might compare the decision to issue a ticket with "risk analysis". The goal being to figure out how to best align your story to the details mentioned in the job description.

If you truly have no relevant experience then cybersecurity may not be the job for you today. But, it may be in the future, once you do some time in that Sysadmin, EMT, LEO, etc. job that will allow you to develop the compelling story.

CISSP ... show you have experience in 2 of the domains over a period of 5 years.

One small nit. You need to show 5 years of experience, but it need not be continuous. And, there are options for waiving one year.

Re: Jobs

Early_Adopter — Fri, 13 Oct 2023 12:16:08 GMT

You should look at landing a role in IT, find somewhere that does its own security and be keen and ask to try it.

I think CC is very unlikely to do/get the job for you on its own. However if you get lucky, you get lucky… good luck!