Taking that first step on the career ladder is a difficult challenge in pretty much any industry. Even for entry-level opportunities, employers generally look for some level of previous industry experience. The question is, how do you get experience without having experience?
Thankfully, cybersecurity professionals have one of the most, if not the most, in-demand skill sets in Australia and beyond. According to Forbes, there will be 3.5 million unfilled positions globally across the industry by 2021. This means, if you’re the kind of person who has the passion and drive to succeed, you will thrive in this industry.
As a cybersecurity recruiter, I’m regularly approached by grads or those wanting to switch to a career in cyber about how they can get their first job in the industry. Here is a step-by-step guide on how you can go about securing your first position in security:
1. Think About What YOU Want
I meet a lot of young cybersecurity professionals who, while passionate and eager to get into the industry, when asked “What kind of role are you looking for?” are unable to provide a definitive answer. I would recommend giving this some thought.
Cybersecurity is vast with a huge array of career paths to consider. Do you have a business mindset and good communication/influencing abilities? Consider GRC. Are you interested in law and criminal investigation? Consider forensics.
Figuring out exactly what you’re looking for and what your skill set aligns to will make your job search that much more refined and will additionally impress hiring managers.
2. Build Your Resume
When looking for your first role, a strong resume is imperative as it’s what gives hiring managers their very first impression of you.
My number one piece of advice when it comes to CVs is to keep it simple. Many people try to make their CV stand out by adding graphics or interactive features. Making CVs too complicated can put employers off as it can often make them harder to read/understand, which takes away from your experience and can really backfire. Also, NEVER put a photo of yourself on your CV – this is a major turn-off for employers.
In terms of CV layout, I recommend the following structure:
- A short bio of yourself/experience
- Bullet points of key skills
- Career history with no more than six bullet points per job
- Education and training/certifications
- References
3. Consider Getting Certifications
Whether you should invest in gaining certifications completely depends on which area of security you want to go into. If you’re looking at going to GRC, for example, certifications aren’t necessarily mandatory – it’s more important to have the right soft skills, such as communication, influencing, interpersonal skills, etc.
However, if you’re considering going down the more hands-on technical route, then getting yourself certified is definitely beneficial. Among the worthwhile certifications to consider are CSX-P, CCSP, CISSP, and if you’re considering penetration testing, then the most highly regarded certification is the OSCP.
These certs can be costly, though, so ensure you choose the right ones for you. Some organizations also offer to pay for them for you when they take you on as an employee.
4. Apply For Graduate Schemes
For those who have just finished university and don’t yet have any industry experience, graduate schemes can provide an excellent opportunity to get your foot in the door and gain experience within large, respected organizations. The Big 4 consultancies (KPMG, EY, PwC, Deloitte) all offer highly regarded cybersecurity graduate schemes and provide excellent training and development. Telstra, Accenture, Thales and Fujitsu are a few other examples.
5. Go To Networking Events/Meetups
Going to industry events and meetups is not only a chance to learn more about your craft, it’s also a chance to network with industry professionals and potential employers. I meet some of my best and most driven/ambitious candidates at meetups. Going to events proves to hiring managers that you are passionate about the industry and driven to succeed.
The best sites to use are Meetup.com and Eventbrite. Join groups that you are interested in (such as SecTalks, Sydney InfoSec, etc.), and they will keep you notified on upcoming events.
6. Succeed In Your Interview
Arguably, the most important step in the job-hunting process is to succeed during the interview process. In order to do this, you need to prepare effectively.
Prior to the interview, make sure you do your full research on the role, the organization, and the interviewer(s). This may sound obvious, but you’d be surprised by just how many candidates forget or simply feel they don’t need to. Ensure you thoroughly review the company website, research the clients they work with, and take a look at the most recent projects they have worked on. If during the interview, you’re able to mention that you really like the work the company did on X project, it’s going to make the employer know you mean business.
Make sure you arrive at the interview no more than 10 minutes early. If you turn up 30 minutes before the interview is due to start, it’s going to make you look inconsiderate of the interviewer’s time – or even make you look desperate and like you have nothing else going on. Equally important, don’t be late!
Throughout the interview, maintain eye contact, smile, and speak clearly and concisely.
7. Be Resilient
Searching for a job – particularly if you’re a graduate and/or have no prior experience – can be a long and frustrating process, and you are highly likely to encounter a few knockbacks. Don’t let this get you down, and remain positive in knowing that you will find the right position for you. Everything happens for a reason, and if one job opportunity doesn’t work out, simply accept it as good interview practice and move on to the next.
8. Don’t Just Accept The First Role You Are Offered
While the job hunt can be tough, I would actively encourage you not to simply accept the first role you are offered “just because it’s a job.” If at any point during the interview process the employer shows you that: they don’t value your time (e.g. by running significantly late or answering their phone during the interview), tries to pressure you into accepting a salary which is far below market rate, doesn’t try to sell YOU the role or the company culture, or asks you inappropriate questions (e.g. whether you plan on having a family) – run. Know your own worth. Know that your skillset has value and in time you will find an employer that will respect and appreciate you.
Lastly, GOOD LUCK!
Go get that dream role. You got this.
Editor’s note: For more resources for rising professionals in cybersecurity and IT fields, visit ISACA’s Membership page.