I have an undergrad and Masters degree in Cybersecurity from UMUC and my CISSP. I have spent the last 10yrs working for myself as a technology consultant for small businesses, but due to some family issues, I am trying to get a job in Cybersecurity as an employee. It has been beyond hard, I have applied for everything from entry-level analyst to senior engineer positions, even management, and I have yet to gain any traction. One of the issues I have noticed was, as a consultant, I have to be flexible my skills are not specialized and I feel folks really seem to want specialized people. And while I get that the fact that I have a Masters shows that I can learn new things and pick them up rather quickly. I have tired government but that is a lengthy and time-consuming process to include tailoring a resume, making the first cut but not interviewed. There is no ISC2 chapter that is active in Los Angeles, so I don't know what to do, at this point I am willing to do pro bono work just to show folks that I can do that job. Any ideas or suggestions?
Having spent 25 years in the Federal Government I can tell you that it is a numbers game. You have to apply a lot in order to get through, especially if you are coming in from outside the government or do not have a special hiring category (i.e. veteran status, disability, etc.). My stats were about 100 job applications, resulting in 2-4 interviews and 1 job offer. Sometimes it wasn't that many, sometimes it was. I know people that only applied for 1 job and got it and I know people that applied for 300 and never got one. You have to keep trying.
I imagine you know about the job websites indeed.com and dice.com. Also look for state and local job websites. Consider having several resumes, each one tailoring to a more specific IT skill. That way you can use the limited space more effectively. Attend trade shows or conferences in your area. Make sure when you apply to a job that you do not use a standard resume for every job application. Tailor it to the job you are applying for. I have seen several people's resume come across my desk and they used the same resume for both positions (IT specialist & webmaster). Sure an It specialist may be able to make websites but may not have the creativity I am looking for in a webmaster; and conversely a webmaster may be able to design my websites but are they going to know what to do when a printer stops working on the 4th floor and someone can't get a program to work on the 1st floor? Now you see why blasting one resume for every job is not effective. You have to be able to show why you fit to that job. If you go to a job fair carry different resumes that speak to your specialties. Try calling or looking on government contractor websites. Practice interviewing. Practice Interviewing. Yes, I said it twice. It is that important. I have seen plenty of paper tigers (people who look GREAT!!! on paper) but couldn't interview to save their life! I have seen coworkers fumble through interviews because they didn't practice interviewing enough. Most people do interviewing so rarely in life that they never practice it enough.
A real conundrum. We are told that millions of infosec jobs are going wanting; but managers aren't hiring qualified candidates.
It is a numbers game as our colleague says; it's also a game of salesmanship and marketing. Hiring cadres are very nervous when hiring resources, and they often are looking for the slightest reason to say no.
Therefore, you have to analyze their pain points and be very attentive to them in an interview. Know the organization your interviewing for; research them; know who your interviewer is; know his story.
When you land an interview, make sure you condition your resume to that specific job. If they say, the want someone who has n number of years in such-and-such, prove that you have it and prove how you made the world a better place for the organization.
Interview potential places for which you would like to work. What are your ancillary interests? Focus on security of those things.
What will happen often is that you will become favorably known. Your phone will ring and your email will ping.
Keep sharpening the saw and learning. And keep striving. People want to hire you, but you have let them know they're making a good investment in you. Don't let them, or yourself, down.
Keep us informed of what's happening -- because whether we are beginning, in mid career, or in the Autumn of our professional lives, we are all as good oas our last gig. We are all in your shoes (even if we are loathe to admit it!)
Good luck and keep truckin'.
> Jaesimpson (Newcomer I) posted a new topic in Career on 11-15-2018 09:31 PM in the (ISC)² Community :
> I have an undergrad and Masters degree in Cybersecurity from UMUC and my
> CISSP. I have spent the last 10yrs working for myself as a
> technology consultant for small businesses, but due to some family issues,
> I am trying to get a job in Cybersecurity as an employee. It has been
> beyond hard, I have applied for everything from entry-level analyst to
> senior engineer positions, even management, and I have yet to gain any
> traction.
You have the sympathy of all of us who don't believe all the articles and Gartner studies that claim there are millions of unfilled security jobs out there.
> One of the issues I have noticed was, as a consultant, I have to
> be flexible my skills are not specialized and I feel folks really seem to
> want specialized people.
Mostly folks don't know what they want, and won't be happy until they get it.
> There
> is no ISC2 chapter that is active in Los Angeles, so I don't know what to
> do, at this point I am willing to do pro bono work just to show folks that
> I can do that job. Any ideas or suggestions?
Well, the first that comes to mind is volunteer to start an ISC2 chapter in Los Angeles. (I'm active in the Vancouver chapter, so any help we can give you, including the fact that you can piggyback off our Webcast meetings ...)
Volunteer/pro bono work in general is a good idea: there is another discussion topic on the "community" here that addresses the issue.
@rslade wrote:
Mostly folks don't know what they want, and won't be happy until they get it. !!!CHORTLE-;-)
Volunteer/pro bono work in general is a good idea: there is another discussion topic on the "community" here that addresses the issue.
Quite true Rob. Moreover, HR types and (gasp!) often managers themselves really have no clue. On the other hand, they want/need to let them know what they want/need; even if they don't really want/need it.
Since these folks (many in civil service; but across all industries, too) follow all kinds of SoPs, rules and regs, they don't care about the next bushy-tailed cybersec grad; rather, like Lumberg, they want their TPS reports WITH A PROPER COVER SHEET.
One thing I might suggest to our beleagured frined is that he find a nich (an itch?) and learn the heck out of it, then becaome the go-to resource for it. Write well and prosper.
@Jaesimpson wrote:There is no ISC2 chapter that is active in Los Angeles,
Jeremy,
There are more professional networking opportunities for information security than just (ISC)2. In fact, (ISC)2 is a johnny-come-lately to the membership business, and even younger in the local chapter regime. The (SCS)2 marketing arm (does the term Gold Standard ring a bell?) has for years tried to get both practitioners and employers to think it is the one and only, but that is not true.
Look to the following organizations:
1. Information Systems Security Association (ISSA)
ISSA was an original founding member of the IISSC Consortium (ISC)2 whose members were organizations, not individuals. (ISC)2 changed to a membership orgainzation for individuals less than two decades ago.
2. ISACA (formerly known as the Information Systems Audit and Control Association)
ISACA's baseline certification is the Certified Information Systems Auditor (CISA). However, a little over a decade ago they added the CISM as a management certification for those who oversee the work of CISA-type auditors. The CISM is a close analog to the CISSP, and some see it as competitive to the CISSP. Many practitioners hold both CISSP and CISM designations.
3. Open Web Application Security Project (OWASP)
Focusing on security of applications, and a more technical group than ISSA, ISACA, and (ISC)2, OWASP is very highly thought of within the broad security community.
Most chapters welcome non-member attendees in their meetings. Also, unlike (ISC)2, none of the three groups listed above require you to pass a certification exam before you can be a member.
Good luck!
Hi
I have some opinion. First of all, recruiting is broken in many places. As a hiring manager, I have seen a lot. Some companies filter out resumes based on keywords, some do not. Often though, hiring managers don't have access to the Applicant Tracking System and rely solely on the recruiter. With 100s of applicants applying, not being in the first 20 or 30 makes the chance of success harder.
I, however, have never skipped over review of someone who reached out to me directly. I recommend the original poster do his best to reach out with a few paragraph email showing his value.
Additionally, there are various meet up groups for not only security, but other disciplines. When you go, don't focus on what you are looking for, but focus on the value you provide.
Best of luck