How to Get Hired in the Cybersecurity Field

Opinion: The skill gap, open positions do not necessarily state the need for new cyber talent.

For all of the separating veterans, new graduates, or career change folks trying to break into the cybersecurity field, you may see a little difficulty in today’s world. You may see that there are so many open cyber jobs or that the skill gap in cyber is so big. This information would probably give you some hope that it will be easy to break into the field, but I want you to take that information with a grain of salt. As of February 2023, a report shows that there are 755,743 open positions in the cyber career field in the United States (statista.com). If you look further into those open positions, how many of them are actually entry or junior level? From my personal (and frustrating) experience, job postings for entry or junior positions are still requiring so many years of experience. With the “demand” for cyber talent nationwide, even to the point that the POTUS has made a release that states the need for cyber workforce and education, and the increased popularity of the field, you can assume that a lot of your peers will be pursuing the same opportunities. So how can you stand out in the actually saturated market?

Education

You might see companies, schools, or bootcamps claiming that you can get a high demand cybersecurity certification in a few short weeks. If I were looking to break into the field, I would look into the specific niche of cyber that you want to break into (i.e., pen testing, engineering, compliance, threat hunting, etc.) and look into the requirements of the companies hiring those positions. Don’t just take Sec+ because you’ve heard about it, don’t just take CEH if you don’t want to pen test. Make sure you do you due diligence and see what the requirements for your field would be. Pursue certs and a degree in that discipline. Certifications are indeed important, as they highlight your skills in that discipline, just make sure you are taking the right certs for your career.

From what I have seen, as I am trying to pursue a different opportunity, a degree is still highly sought after. 99% of the job postings I have come across, either an undergrad degree is required, or you must have so many years of experience in lieu of a degree. No degree, you’ll need 4, 5, 6, or even 10+ years of experience to supplement that lack of a degree. Get your certs but do not neglect the need of some formal education. If you are lucky enough to come across a position that is not requiring a degree, chances are you won’t be very happy with the pay range. There are plenty of alternatives to a traditional 4-year school like self-paced, online classes that you can finish and earn a bachelor’s degree in just a couple years.

For example, here is the breakdown for a couple niches.

Penetration Tester: CEH, OSCP, or any relevant pen test cert. Coding experience (python, PowerShell, bash, etc.). You can also do your own personal practice by doing hacking games like Hack the Box or Over the Wire. Computer Science Degree.

Engineer: Security+, Computer Science degree, Cybersecurity Engineering Degree. Learn cyber tools, network infrastructure, etc. A lot of cyber engineer roles you come across will be ISSE or ISSO in disguise so make sure you understand RMF controls and different cyber frameworks.

With all that being said, the cyber field is changing day by day. There are always new exploits, new vulnerabilities, new technologies and so much more. Your education doesn’t stop at graduation or when you earn that cert. You have to stay engaged in learning all the time. Continuous learning will help you stay up to date and relevant in the field. A good way to stay in the loop is by subscribing to a cyber news outlet. These sites will tell you about the latest trends, exploits, and technologies. Never stop learning, never stop researching, and never give up the chance to work with a new technology or something you haven’t worked with before. All of these bits are important and can be added to your resume.

Gain Practical Experience

There are things you can do to set yourself up with some relevant experience without having to actually work in the field. Some alternate options for experience are things like internships, part-time work, or volunteer opportunities. Internships might be the most valuable because you will most likely get paid to be trained, gain experience, and possibly even have the opportunity to be hired on as a full-time employee. If you are new to the field, I wouldn’t overlook a paid internship to get that experience hiring managers are looking for. Another option that I see a lot, some schools will offer a program that will place you in part time work while you pursue a degree. This will allow you to get experience and earn you degree simultaneously so when you are ready to break into the field you have a degree and work experience. Win-win. And the last way to give yourself some hands-on training and to set yourself apart in experience is a home lab. Find your niche specialization and create a home lab leveraging that niche’s tools. A RaspberryPi costs around $100. Set one up as a Kali Linux box and use some of the native hacking tools. Configure a private home network and build your own local storage device. Run a network of VMs to see how machines interact with each other on the network, watch the traffic with WireShark. There are so many home lab projects that you can build and learn. Companies love to see that personal free time dedicate to learning your craft.

Networking

Do not undervalue the importance of networking. As they say your network is your net worth. Always take the opportunity to add new people to your network, even your peers and classmates. Maybe one day they will be in a place to help you get a position or opportunity at their company. Attend networking events, hiring events, online communities, and symposiums that will give you the chance to meet and talk to people in the industry. Networking will also give you people to talk to, to provide you some industry insights or opportunities. You can also be that connection and support for someone else when they need it. NETWORK, NETWORK, NETWORK!

While the cybersecurity job market is highly competitive, individuals can stand if you can take and leverage these tips. You might find it a bit easier to land that first job and be off to a great start in an awesome and ever-changing career field. Get your degree, earn those relevant certs, get some experience, and use your network connections. By embracing these strategies and remaining proactive, candidates can distinguish themselves in the dynamic and in-demand field of cybersecurity, ensuring their continued success and impact in this ever-evolving industry.

References:

https://www.statista.com/statistics/1272555/us-cybersecurity-job-openings-state/#:~:text=Number%20of%20cybersecurity%20job%20openings,States%20in%202023%2C%20by%20state&text=As%20of%20February%202023%2C%20there,openings%20in%20the%20United%20States.