topic Re: Career Prospects in Welcome

Career Prospects

Jaseem — Fri, 24 May 2024 16:27:56 GMT

Hi,

And to Whom It May Concern:

I have recently obtained Certified in Cybersecurity from ISC2. Can you please help me or guide me in obtaining an entry level cybersecurity job? Or some of the roles I should apply to?

I also have completed a graduate course in Foundation of Information Security and Assurance (INFA 610) from University of Maryland Global Campus.

Thank you,

Re: Career Prospects

emb021 — Fri, 24 May 2024 21:10:24 GMT

Well, obtaining a job is up to you. ISC2 is a certifying body, not a job placement org.

Some advise.

Figure out WHAT you want to do in this field. I run into too many people who "want to work in cybersecurity" without any idea of WHAT jobs exists or which ones they have the skills or interest in. Do some research. Do you want to be a SOC analyst? Pentester? Consultant? etc. (networking, see below, can help you figure this out). From there, figure out what skills/experiences are expected for those roles, what they pay etc.

Get a Linkedln profile. Make sure it matches your resume. Be sure to include your certification. You can mark on your profile you are looking AND setup searches for jobs with certain criteria. You can use Linkedln to search in your area for jobs and even apply thru Linkedln.

Start networking in your local area. Look for local chapters of ISSA, ISC2, ISACA, etc and join them. Attend their meetings, chat with members, make it clear (without being obnoxious) that you are looking for work. Be open to finding a mentor(s) to help. Am sure you'll find several in the Maryland/Northern Virginia area.

Also look for local events/conferences/job fairs that are infosec/IT related. Some conferences will have tracks focused on jobs and the like.

Re: Career Prospects

Jaseem — Sat, 25 May 2024 00:22:32 GMT

Thank you so much for taking your valuable time and providing this great feedback and information I will update my LinkedIn.

Thank you,

Re: Career Prospects

JoePete — Sat, 25 May 2024 12:58:16 GMT

@emb021 wrote:

Figure out WHAT you want to do in this field. I run into too many people who "want to work in cybersecurity" without any idea of WHAT jobs exists or which ones they have the skills or interest in.

An excellent point. I'll add that just because you have a direction today, it doesn't lock you into it for the rest of your career. If you follow the advice of networking, going to conferences, groups, etc., you will meet people of many professional paths. I'd also say, that you have to think of security as complementing skill, not a skill unto itself. Whether it is development, networking, system architecture, instructional design, legal, etc., what is the primary skill you are able to bring to the job along with your ability to do that thing in a high-quality or security-focused way?

Re: Career Prospects

Jaseem — Sun, 26 May 2024 21:41:23 GMT

Thank you so much both for your responses and some guidance. I am interested in risk and threat mitigation and prevention. So more like defensive roles where I would like to assess for vulnerabilities and apply NIST security control system and guidance. With that being said, any particular roles you think would be ideal for me?

Thank you,

Re: Career Prospects

Early_Adopter — Sun, 26 May 2024 23:24:50 GMT

I don’t think people can easily give you such prescribe advice without knowing a lot more about your skills, experience and education. It rapidly gets into a game of 20 questions.

It sounds like you’d like to be on either a blue team or SoC role using tools to discover attackers - so first like incident response, following a play book. Then the other areas you might like to do is triage and asses the risk, impact and thread around vulnerabilities- nothing stopping folk in the SOC from doing that, but in most big companies this role works with developers, system owners/managers etc to go through what they are using and also aligns with how they are coding thing(even looking for hardcoded secrets in source code etc) - a lot depends on how they develop things - do they have their own apps, or do they use a load of CoTS products?

The thing is ultimately you’ll need to decide - and right now you haven’t stated any IT experience or education in computing so it’s limiting on what you can beat other candidates on.

This in view, I’d suggest you look for an initial job in IT or a security role that is explicitly looking for trainees.

Some questions to help a bit from basic to getting more involved, have a good think about these, they are not exhaustive but if you spend the time to answer them they can help you to communicate what you know and don’t know, plus you can add some more in to build up a more complete picture.

Lost all relevant qualifications for cybersecurity/IT.
Briefly document your work experience.
Are you proficient in BASH or powershell scripting?
Are you a coder in any common languages, and have you studied secure coding practices?
How many times have you triaged a list of vulnerabilities, and tried to decide if a given system was affected or not? Do you often get into debates on what should be fixed in what order?
Have you worked in any operations role that isn’t a SOC? Was any of it shift-work where you were the most responsible/IC on that shift?
Can you list the security tools you’ve used with how long, from most exposure to least? What teases do you use them for?
Have you written or reviewed system design documents, policy documents or playbooks/job aides? Were these security focused in any way? If so in what way?
How would you start to assess the security of an existing system? What do you feel is often missing that makes it hard to do that?

Re: Career Prospects

Jaseem — Mon, 27 May 2024 14:24:04 GMT

Good Morning,
Thank you so much for this wonderful feedback and guidance.
Would it be possible for us to connect via phone sometimes if you do not
mind?

Re: Career Prospects

waliji — Mon, 27 May 2024 14:30:10 GMT

Nice feedback and guidance @Early_Adopter

Re: Career Prospects

Early_Adopter — Mon, 27 May 2024 16:48:27 GMT

@Jaseem sure just PM me and we can chat.

@waliji heh, thanks- though the wisest knowing I have is that I know more wrong ways to do things than right ways. Good thing about this forum is you will get people’s opinion on things, which is helpful as it gives you something to push off from.

Re: Career Prospects

Jaseem — Mon, 27 May 2024 18:56:02 GMT

sure and thank you, I will message you now.

Thanks,

Jasim

Re: Career Prospects

Lilylowe — Thu, 30 May 2024 21:17:36 GMT

Having recently become certified in Cybersecurity from ISC2, I am eager to apply my skills in a real-world setting. I am currently looking for an entry-level cybersecurity job where I can contribute and grow professionally. While I've been focusing on cybersecurity, I've also found some impressive resources such as online UK law essay writing services that have been instrumental in helping me manage my academic workload. If anyone has any advice or can direct me to opportunities in the cybersecurity field, it would be greatly appreciated!

Re: Career Prospects

CISOScott — Wed, 05 Jun 2024 15:48:27 GMT

Here is the advice I give to anyone wanting to break into any industry. Get any job you can get in that industry and try to learn it. Then volunteer to do extra stuff. Get an IT job, even if it is outside cybersecurity. There is a cybersecurity component to almost every IT job. Then look for jobs that are going undone. Volunteer for every extra duty you can, even if it means no more pay, or extra duties outside of your normal duties, etc. I see so many people get hung up on the idea of "I'll do more after they pay me more." and they miss out on so many learning and resume building opportunities because they cannot see how gaining the experience now is worth more than gaining the money. Or they say "I'm not going to let my employer abuse me that way." And yes, I know that there are employers that will overwork employees, that's not what I'm talking about.

I am talking about soaking up as much experience as you can get even if you have to seek it out, that will be applied to future opportunities. That is how I, and several more successful people I know, got ahead. We were hustling for tomorrow's opportunities/money, not today's money.

Ask about shadowing other people who have jobs you want. As if your company would be able to do job rotation. Can you volunteer at your church, or at other places that need some IT or cybersecurity help.

Be realistic about salary too. I have seen some people come out of college and expect to make 80K in an entry level position. They would rather stay unemployed with an unrealistic expectation than take a job for 40K, work 2 years and have plenty of experience to start to apply for those 80K jobs, or maybe the 60K jobs.

As a hiring manager I can tell you the experiences of 3 interviewees this week.

One had IT experience but didn't show enthusiasm for the position or that they had given much thought into the cybersecurity aspect of the job. Didn't have any questions for us at the end of the interview, and hadn't done work on their own into learning cybersecurity, like taking classes, experimenting with free tools, etc. I once hired a person to be on my team who had zero IT or paid cybersecurity experience. They had taken free cybersecurity courses on their own time to get into the field. Since they showed that much ambition into getting into the field, I gave them a chance. But it was not this candidate.

One had over embellished their skills. They had no IT work experience but because they had used a few tools for a few hours, they listed themselves as an expert in using those tools. They talked about a home lab they had built, but it seemed more like a project they were planning on doing, but hadn't really given it much thought or work. Or that they had started to set up but never finished. When questioned in the interview, they were unable to substantiate those skills. It became very evident that they could talk the talk, but not walk the walk. Their only question at the end of the interview revolved around benefits. Plus their social media posts were not very flattering (yes some of our team members will check out your social media).

The 3rd candidate, while very eager, had taken the initiative to learn the tools of the trade, had done their research on our company, had prepared questions for us (that were not just about salary or benefits). They had some part-time experience that they had gained while at school and that will be enough to push them into a forthcoming offer.

I can teach a candidate about cybersecurity tools. I can't teach passion, initiative, and ambition. Practice interviewing and if you are going to list a tool you've used in your resume, please don't embellish. Have prepared questions and calm down and breathe.