Hello all, I am seeking advice from my fellow community members about what may be beneficial moving forward. I am finishing up my MS in Cyber-security in 4 weeks and haven't quite found success yet landing my first entry level role (interviews with no offers). I have completed Security + and had interviews but with no hands on experience I cant seem to seal the deal so to speak. I am wondering what my next step should be, I am open to any opportunities for experience (internships, contract, temp, etc). Should I consider continuing with more certs or diving into individual technologies such as Active Directory?
First, congrats on the MS. That shows you are dedicated to our field. At this point, I would recommend a lot of networking. Attend ISC2, ISSA, or any security related events in your area. While certifications bring valuable knowledge, and you should definitely continue to study study (perhaps become and Associate of ISC2). What appears to be holding you back is the lack of experience. You could volunteer somewhere, this will help illustrate that you have covered theoretical knowledge into practical experience. You may want to have a professional review and update you LinkedIn and resume. I am not sure which entry level jobs have applied for, but you may also look at working as system admin and network admin. May company keep security in the IT department and all are in need of qualified people to implement security. A word of caution, if you have the funds to hold out until you have a job in InfoSec (SOC Analysis, Network Security Administrator, etc...), then that is the ideal option. If you take an entry level potion that is InfoSec adjacent (like help desk, or sys/network admin without security responsibilities) you could only delay you entry into the field by a few years.
Since you are in Raleigh, and I assume that means NC, I would expand the networking to the local OWASP and RIoT meetings, at least. OWASP is obviously more in the application space, but I have heard good things about it (I am in Charlotte). If you aren't aware, RIoT is an IoT advocacy group, started in NC, but have expanded up and down the East Coast. They have a lot of meeting that are good for networking in general. Not security related, per se, but you can't read cybersecurity news without running into security conversations. They are associated with a lot of startup activity, and that might be a good in, even if you are just helping people out pro bono to start. Good luck.
Hi! Also in Raleigh here.
I agree that networking and volunteering are the best way to get a foot in the door. In addition to the networking groups mentioned above, check out meet up groups like DefCon919 (look for @DC919 on Twitter) and TriCy Tuesdays. Also, in addition to ISSA's InfoSeCon coming up in two weeks, RDU B-Sides will be held this Friday - while not as big as InfoSeCon, it's will be a great networking opportunity.
Also, congratulations on your MS degree! Have you had the chance to do an internship? I know you're at the end of your degree program, and a little offset from the typical summer internship schedule, but if you haven't already done so, check with your advisor or school's career services department to see if there are any companies that are looking to hire interns in the near future. Or, if you are currently employed but not in an info sec role, see check with the info sec or IT organization in your current company to see if they might have an opportunity for you to work on a project with them.
Please feel free to drop me a private message if you'd like to talk more.
Congratulations on the MS degree! I would set an appointment with the Career Center to revamp your application letter and resume. Next, I would search for companies nearby that have an established or developing SOC (Security Operations Center). Typically you will find SOC related positions offer the most exposure to enterprise security tools. Having experience working with various security tools will lead to project related experience as well. Keep striving!