Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jaseem
Newcomer I
‎05-24-2024 12:20 PM
‎05-24-2024 12:20 PM

Career Prospects

Hi,

And to Whom It May Concern:

I have recently obtained Certified in Cybersecurity from ISC2. Can you please help me or guide me in obtaining an entry level cybersecurity job? Or some of the roles I should apply to?

I also have completed a graduate course in Foundation of Information Security and Assurance (INFA 610) from University of Maryland Global Campus.

Thank you,
Reply
0 Kudos
11 Replies
emb021
Advocate I
‎05-24-2024 05:07 PM
‎05-24-2024 05:07 PM

Well, obtaining a job is up to you.  ISC2 is a certifying body, not a job placement org.

Some advise.

 

Figure out WHAT you want to do in this field.  I run into too many people who "want to work in cybersecurity" without any idea of WHAT jobs exists or which ones they have the skills or interest in.  Do some research.  Do you want to be a SOC analyst?  Pentester?  Consultant?  etc.  (networking, see below, can help you figure this out).  From there, figure out what skills/experiences are expected for those roles, what they pay etc.

Get a Linkedln profile.  Make sure it matches your resume.  Be sure to include your certification.  You can mark on your profile you are looking AND setup searches for jobs with certain criteria.  You can use Linkedln to search in your area for jobs and even apply thru Linkedln.

Start networking in your local area.  Look for local chapters of ISSA, ISC2, ISACA, etc and join them.  Attend their meetings, chat with members, make it clear (without being obnoxious) that you are looking for work.  Be open to finding a mentor(s) to help.  Am sure you'll find several in the Maryland/Northern Virginia area.

Also look for local events/conferences/job fairs that are infosec/IT related.  Some conferences will have tracks focused on jobs and the like.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
Reply
Jaseem
Newcomer I
‎05-24-2024 08:22 PM
‎05-24-2024 08:22 PM

Thank you so much for taking your valuable time and providing this great feedback and information I will update my LinkedIn.

Thank you,
Reply
JoePete
Advocate I
‎05-25-2024 08:58 AM
‎05-25-2024 08:58 AM

@emb021 wrote:

 

Figure out WHAT you want to do in this field.  I run into too many people who "want to work in cybersecurity" without any idea of WHAT jobs exists or which ones they have the skills or interest in. 

An excellent point. I'll add that just because you have a direction today, it doesn't lock you into it for the rest of your career. If you follow the advice of networking, going to conferences, groups, etc., you will meet people of  many professional paths. I'd also say, that you have to think of security as complementing skill, not a skill unto itself. Whether it is development, networking, system architecture, instructional design, legal, etc., what is the primary skill you are able to bring to the job along with your ability to do that thing in a high-quality or security-focused way? 

Reply
Jaseem
Newcomer I
a month ago
a month ago

Thank you so much both for your responses and some guidance. I am interested in risk and threat mitigation and prevention. So more like defensive roles where I would like to assess for vulnerabilities and apply NIST security control system and guidance. With that being said, any particular roles you think would be ideal for me?

 

Thank you,

 

Reply
Early_Adopter
Community Champion
a month ago
a month ago

I don’t think people can easily give you such prescribe advice without knowing a lot more about your skills, experience and education. It rapidly gets into a game of 20 questions.

It sounds like you’d like to be on either a blue team or SoC role using tools to discover attackers - so first like incident response, following a play book. Then the other areas you might like to do is triage and asses the risk, impact and thread around vulnerabilities- nothing stopping folk in the SOC from doing that, but in most big companies this role works with developers, system owners/managers etc to go through what they are using and also aligns with how they are coding thing(even looking for hardcoded secrets in source code etc) - a lot depends on how they develop things - do they have their own apps, or do they use a load of CoTS products?

The thing is ultimately you’ll need to decide - and right now you haven’t stated any IT experience or education in computing so it’s limiting on what you can beat other candidates on.

This in view, I’d suggest you look for an initial job in IT or a security role that is explicitly looking for trainees.

Some questions to help a bit from basic to getting more involved, have a good think about these, they are not exhaustive but if you spend the time to answer them they can help you to communicate what you know and don’t know, plus you can add some more in to build up a more complete picture.

Lost all relevant qualifications for cybersecurity/IT.
Briefly document your work experience.
Are you proficient in BASH or powershell scripting?
Are you a coder in any common languages, and have you studied secure coding practices?
How many times have you triaged a list of vulnerabilities, and tried to decide if a given system was affected or not? Do you often get into debates on what should be fixed in what order?
Have you worked in any operations role that isn’t a SOC? Was any of it shift-work where you were the most responsible/IC on that shift?
Can you list the security tools you’ve used with how long, from most exposure to least? What teases do you use them for?
Have you written or reviewed system design documents, policy documents or playbooks/job aides? Were these security focused in any way? If so in what way?
How would you start to assess the security of an existing system? What do you feel is often missing that makes it hard to do that?



Reply
Jaseem
Newcomer I
a month ago
a month ago

Good Morning,
Thank you so much for this wonderful feedback and guidance.
Would it be possible for us to connect via phone sometimes if you do not
mind?
Reply
waliji
Contributor I
a month ago
a month ago

Nice feedback and guidance @Early_Adopter 

 

 

 

 

___________________________________________________________________________________________________
I am an experienced Information Security Professional with over 25 years of expertise in diverse industries, including Telecom, Banking, Education and Financial Institutions.
I am ISC2 CISSP certified along with other Information Security certifications.
Reply
Early_Adopter
Community Champion
a month ago
a month ago

@Jaseem sure just PM me and we can chat.

@waliji heh, thanks- though the wisest knowing I have is that I know more wrong ways to do things than right ways. Good thing about this forum is you will get people’s opinion on things, which is helpful as it gives you something to push off from.
Reply
0 Kudos
Jaseem
Newcomer I
a month ago
a month ago

sure and thank you, I will message you now.

 

Thanks,

Jasim

Reply
0 Kudos