Artwork for podcast Byte Sized Security
Ep15: How to Get a Job in Cybersecurity with No Experience (Extended Version)
Episode 1514th October 2023 • Byte Sized Security • Marc David
00:00:00 00:27:04

Share Episode

Shownotes

The show notes for this episode can be found in the previous shorter episode. No need to over extended an already extended version.

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

--

If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.

Transcripts

Speaker:

So it was a test the other day I put in.

2

:

How to get a job in cyber security.

3

:

Without experience.

4

:

And it was the audio from a YouTube short

of course, YouTube shorts, 60 seconds.

5

:

And there's a lot of gems in there,

but I did get a couple of questions

6

:

from listeners and they wanted a

little bit more of an extended version.

7

:

So they understood the concept, but

maybe wanted a little bit more detail.

8

:

So that's what this podcast is.

9

:

So it's definitely longer.

10

:

It's in the 25 minute range, which

may be a little too long, but Hey, if

11

:

you're on a long road trip, And that

is what we're going to talk about today

12

:

is that short version of how to get a

job in cybersecurity about experience.

13

:

But this is going to be the

extended version, and I'm going to

14

:

try to go into a lot more detail.

15

:

So with that, I hope you enjoy.

16

:

Marc: So can you get a job in

cybersecurity without experience?

17

:

Well, short answer, no,

not really long answer.

18

:

Yes.

19

:

And I am proof of that.

20

:

And I'm going to give you some

of the things that I did to get

21

:

into cybersecurity without any

direct or initial experience.

22

:

Tip number one, educations

and certifications.

23

:

Now here's, I did a short on

this, but I want to go into a

24

:

little bit more detail and depth.

25

:

And what I did.

26

:

Was when I was doing my I.

27

:

T.

28

:

style job, I knew that I wanted

to transfer into cybersecurity.

29

:

I just, that just was the

field that I wanted to go into.

30

:

I had a passion for it.

31

:

I knew that where it

was, where it was going.

32

:

It's becoming more and more of a thing

today with AI and everything else.

33

:

So it is a very important field.

34

:

And if you're passionate

about it and you're at I.

35

:

T.

36

:

and you want to move there or

you just want to get into it,

37

:

then this is the video for you.

38

:

I started out.

39

:

with the CompTIA Security

Plus certification.

40

:

And the reason that I did that was

because I didn't know, I knew I wanted

41

:

to get in cybersecurity, but I didn't

have any idea of what realm or what

42

:

field or what areas I wanted to do.

43

:

But I wanted to study for a certification.

44

:

And no, I'm not saying that boot camps

and certifications are the end all

45

:

be all, but they are a great way to

get started and to figure out what it

46

:

is that you're interested in doing.

47

:

So I started out with that.

48

:

I downloaded some apps onto my phone.

49

:

I started studying.

50

:

I got the official study guide.

51

:

It was, and I started reading and

studying and studying and just

52

:

taking flashcards and tests, anything

I could find in the internet.

53

:

And I went to one of those facilities

eventually, and I felt like I was ready.

54

:

I went to one of those

facilities and I took that test

55

:

and I passed and it was hard.

56

:

I felt it was hard.

57

:

I really wasn't sure if I had passed.

58

:

But I did, you know, that feeling

that you get taking certifications

59

:

like that or studying for something I

think is super helpful because it will

60

:

narrow down what realm it is that you

actually want to get involved with.

61

:

And this is a tip I got from

another friend and it was brilliant.

62

:

The C I S S P, go get the manual for

that and start studying for that as well.

63

:

Because you get yourself into the jargon

and the language and the thinking of

64

:

cyber security, you start to understand

all the different realms of it, all

65

:

the domains, and you narrow down maybe

what you want to start to do, but you

66

:

also have a lot of talking points, and

so when you start to talk to recruiters

67

:

and you're going into interviews, It

really helps to get yourself into that

68

:

you're, you're basically emerging,

immersing yourself into that field, right?

69

:

So one of the things you think about

is, sure, I could study a language on

70

:

an app all day and speak with nobody.

71

:

Or I could go to a foreign country and I

would really start to learn that language

72

:

faster because I hear it all the time.

73

:

If you start to study for the

certifications, even if you

74

:

don't intend to take them.

75

:

It will help you to start to get

into that world, to understand the

76

:

language, to understand the jargon,

and that is vastly important.

77

:

So education and certifications, if

nothing else, it's just to get you

78

:

interested in the subject and to

start to understand the material more,

79

:

and understand that cyber security,

information security, is huge.

80

:

And there's a lot of different areas.

81

:

And you may want to focus on one of

those when you're applying to jobs.

82

:

Tip number two, network.

83

:

One of the greatest things about this

industry in particular, maybe a lot of

84

:

other industries too, is that you can

network and that doesn't mean just what

85

:

you think, like networking on LinkedIn.

86

:

Networking isn't going to conferences.

87

:

RSA is cheap, cyber security

type conference you can go to.

88

:

B sides, DEF CON, whatever.

89

:

It isn't just to meet people and look to

see, hey, is there a job or an opening?

90

:

It's to get yourself into that industry.

91

:

So when I started transitioning from IT

into cybersecurity, I got myself a pass to

92

:

go to RSA and I just saw all the different

vendors and all the different booths,

93

:

all the different technologies that I

hadn't been directly exposed to, but made

94

:

a huge difference in what I was doing.

95

:

I also got to talk to a lot of people.

96

:

I got to talk to a lot of vendors.

97

:

And I think that really helped again, when

you're studying for those certifications.

98

:

The jargon, the language, being immersed

in that subject, going and networking

99

:

is important, but it's different than

what you might have thought about 10

100

:

years ago where, Oh, I'm going to go

to this meetup, I'm going to go to this

101

:

conference, and this will be a job fair.

102

:

No, no, no.

103

:

None of that.

104

:

It's simply you going to a place in your

industry and just immersing yourself in

105

:

that and understanding what's going on.

106

:

It really helps to get you into that

mindset and into that field to be able

107

:

to really immerse yourself in that tip.

108

:

Number three, internships

and entry level positions.

109

:

I'm not so keen on the internships.

110

:

I didn't start there.

111

:

But if you are in college, I would

definitely check with an advisor

112

:

and see if they have any connections

or anything that can help you

113

:

out with some type of internship.

114

:

That usually isn't something that you

find online, but it is something that

115

:

your school may actually know about.

116

:

Again, not my expertise, but

definitely a way in if you're younger.

117

:

If you have a family to support

and things like that, I'm not

118

:

really advocating internships.

119

:

Entry level positions.

120

:

YouTube video after YouTube video

after LinkedIn article, there's

121

:

no entry level cybersecurity.

122

:

Not entirely true.

123

:

It's true in that you're not necessarily

going to come out of college or just

124

:

go from IT right into cybersecurity.

125

:

However, if you are in IT and you have

experience in that, and I did, it is a

126

:

great way to get your foot in the door.

127

:

It is hard to go from IT to

cybersecurity, and that's because a

128

:

lot of cybersecurity hiring managers

may not see that as a direct transfer.

129

:

However, in some other tips I'm going

to talk about, we're going to go

130

:

over what you can do to avoid that.

131

:

So those entry level positions

kind of do exist, especially

132

:

if you have IT experience.

133

:

And here's the thing, I've worked in

a lot of different organizations with

134

:

a lot of very large IT departments.

135

:

And I can definitively tell you that

not everybody in IT has any interest

136

:

whatsoever going into cyber security.

137

:

None.

138

:

So you're not competing

with all of those people.

139

:

But it is a way in.

140

:

You do have experience.

141

:

And it could potentially

be an internal move.

142

:

It's harder to do.

143

:

It's kind of a lateral transfer.

144

:

But that's an easier transfer than having

absolutely zero IT and zero cyber security

145

:

and trying to get into that field.

146

:

If you don't have anything, at

all, getting into IT, you're

147

:

not competing with anybody.

148

:

It's not a bad way to go.

149

:

And that is what I did

in my own experience.

150

:

I actually had a lot of it experience and

I had to translate that into cybersecurity

151

:

experience to let somebody know that,

Hey, while I don't have any direct

152

:

experience with this, I have a lot of it

type experience with people, projects,

153

:

doing things like that, and I can learn.

154

:

And so that's a transferable skill

that I'm going to talk about.

155

:

Tip number four is

projects and portfolios.

156

:

You've heard this before

everywhere, really.

157

:

Labs, building your own home lab,

doing whatever it is that you have

158

:

to do to gain that experience, right?

159

:

So you're building a lab, you're studying,

those are all things, those projects,

160

:

those portfolios, helping, you know,

designing your own website, building

161

:

your own route, you know, network,

firewalls, routers, anything like that.

162

:

Those actually are things that

eventually you could put on a resume

163

:

and have talking points about.

164

:

And I think that's important because.

165

:

A lot of people will just do a lab

and they'll say, Hey, I, you know,

166

:

I completed hack the box or I did

something, but really you're doing

167

:

a lot more than you think you are.

168

:

And that is, those type of skills

are things that you should showcase,

169

:

things that you should talk about.

170

:

And so when you're looking at

your projects and your portfolios,

171

:

just keep in mind, those are

resume building talking points.

172

:

And they're also going to translate

into some other tips I'm going to tell

173

:

you a little bit later in this video.

174

:

So you do not, absolutely do

not want to discount that.

175

:

If you build a website that's around

cyber security, you built this website

176

:

that's maybe in direct relationship to

some volunteer activities you're doing, or

177

:

helping people out in your community, or

you're teaching, or you're doing videos.

178

:

That counts.

179

:

That actually counts.

180

:

And I don't see that on some

of the resumes I've seen.

181

:

I don't see any of those type of things.

182

:

Like outside activities where

somebody is, they're not waiting

183

:

for a path to be built for them.

184

:

They're building their own paths.

185

:

And that is how they're helping

themselves get into this field.

186

:

So, don't discount

projects and portfolios.

187

:

Tip number five is online platforms.

188

:

Kind of mentioned it before, but,

hack the box, any type of CTFs

189

:

that you've done, things like that,

OSINT type skills, helping finding

190

:

missing persons, that all counts for

experience, and again, talking points.

191

:

What a recruiter's gonna see is, the job

description, and here's what the hiring

192

:

manager wants, and here's your resume,

and here's the skills that you can do.

193

:

You've got to figure out a creative way of

getting the things that I'm talking about

194

:

doing and getting that onto your resume as

things that you have done and do so that

195

:

they match those keywords to let a person

know that, hey, I can do these things.

196

:

If you've done CTFs, if you've done

Hack the Box, then you've sort of

197

:

done red teaming and pen testing.

198

:

And if that's the area that you want

to go into, and you don't put those

199

:

on your resume, that's a huge miss.

200

:

Tip number six, blogs and publications.

201

:

I thought about starting a blog, or

writing a newsletter, or doing something

202

:

like that, but to build up that type

of authority in this industry, or any

203

:

industry, building up an authority

website, unless you've got a ton of money,

204

:

It's going to take a very long time to do.

205

:

If I started this YouTube channel and I

doubt it's going to get anywhere until

206

:

I get to the 150 plus videos, right?

207

:

It doesn't matter how good this video is.

208

:

It's going to take me a while to build

up authority that anybody even remotely

209

:

is interested in what I'm talking about.

210

:

So I didn't go down the

blogs and publications.

211

:

I thought about it.

212

:

However, what you can do and you

should do is connecting to LinkedIn.

213

:

Get your profile going.

214

:

If it's not going, get a background,

get those keywords in your title

215

:

for what you want to do, not what

you're currently doing, right?

216

:

Cause people are looking for people that

are, you know, these are the things I

217

:

need to do, not what you have done, unless

you want to go into the same industry.

218

:

And you're going to start

writing LinkedIn articles.

219

:

It's a great way to do it because

that platform is already there.

220

:

It's already established.

221

:

It's already authority.

222

:

And now it gets you a chance

to start posting and writing.

223

:

And making content in the field, the cyber

security field that you're interested

224

:

in going into and building up sort of

an authority, a little bit more of a

225

:

presence, a lot quicker than you could

if you just started a blog in your own

226

:

in the maze of the internet where there's

already a million blogs on the subject.

227

:

So I did do the blogs and publications.

228

:

I just happened to use the LinkedIn.

229

:

Because it takes care of

a lot of things at once.

230

:

A, it helped me to network on LinkedIn.

231

:

And B, I got to actually start talking

about my expertise and the things that

232

:

I was interested on that platform.

233

:

Tip number seven is additional training.

234

:

I actually did take

Coursera and Udemy courses.

235

:

They were cheap and free.

236

:

They helped me understand a

particular subject matter better.

237

:

Maybe you're a little

light in the DNS field.

238

:

Maybe you don't understand how to

build your own firewall, whatever.

239

:

Uh, Cyberry is another great one.

240

:

I'll link to some of

these in the description.

241

:

Taking classes like that online, that's

not something I put on my resume, but it

242

:

absolutely started solidifying areas that

I felt that I was weak in, especially when

243

:

you talk to recruiters or you start to

get interviews, you go into interviews.

244

:

You're going to figure out where

your weak spots are, and you can

245

:

use these classes to start building

on that and understanding those

246

:

areas that you're weaker on.

247

:

So, taking some classes online

like this, like Udemy or Coursera,

248

:

uh, Cyberic, any of those type of

classes is actually very helpful.

249

:

In addition to studying for your

certifications, you can use that as a

250

:

kind of a supplement, but it's a very

good way to understand the subject matter.

251

:

And solidify some of the things you

may not understand and maybe even

252

:

find a domain in cyber security

that you didn't know existed

253

:

that you actually really like.

254

:

Tip number eight, soft skills.

255

:

I think it's important to talk

about those type of things.

256

:

I don't like putting it on a resume.

257

:

A go getter, energetic, ability to learn.

258

:

This doesn't work in

resumes these days anymore.

259

:

Maybe it did back in the 80s.

260

:

But it doesn't work now or it really

isn't something that I bother with because

261

:

everyone's just going to blow by that.

262

:

It's fluff, but you shouldn't discount

it because it is important to let the

263

:

people know that you're talking to.

264

:

Not only can you do the job and you

have the skills to do the job, but you

265

:

have the ability to learn, you have the

willingness to do these types of things

266

:

that you're working outside and doing

side gigs and learning on your own and

267

:

doing all these types, you know, those

soft skills matter producing this video.

268

:

It's a technical skill, but

it's a soft skill to be able to

269

:

try and improve on my speaking.

270

:

And I think that's extremely important.

271

:

And while I don't put that on my

resume necessarily, don't want you to

272

:

discount that because it is important.

273

:

Tip number nine,

transferable skills, huge.

274

:

If you're still in this

video, this is huge.

275

:

If you're doing something in

it for a long time and you want

276

:

to move into cyber security.

277

:

You have to figure out a way to make

those transferable skills matter.

278

:

If you've built Linux boxes,

if you've hosted or built Mac

279

:

machines, if you've done Windows,

if you've done infrastructure,

280

:

if you've dealt with users, if

you're dealing with tickets, right?

281

:

This may not be directly related

to cybersecurity, but those

282

:

are transferable skills that do

matter in the cybersecurity world.

283

:

And you should not discount those.

284

:

In fact, I had to take a lot of the

things that I had previously done and

285

:

reword them into a cyber security way,

like if I built a Microsoft Active

286

:

Directory infrastructure, if I built a

SharePoint server, and if it was in a

287

:

lab, or if it was in my, you know, current

IT career, whatever, or if I had You

288

:

know, designed it, anything like that.

289

:

How do you rewrite those

skills to be transferable so

290

:

that they're cybersecurity?

291

:

When you're building those machines,

what are you doing in your mind?

292

:

What are you doing in your mind to think,

how does this relate to cybersecurity?

293

:

Was I thinking in a

cybersecurity type way?

294

:

Was I thinking in information

security to protect members data?

295

:

Was I looking at patches

and things like that?

296

:

And if the answer is yes, and it should be

yes, those are things that go on a resume.

297

:

Deal directly with cybersecurity, right?

298

:

Patch management, vulnerability

management, thinking about those

299

:

type things, those transferable

skills are not worthless and

300

:

you do have to connect the dots.

301

:

One of the best, one of the best things

I heard is I had a friend who I referred

302

:

to a particular position and I know

that he could have done the job, but

303

:

he took a stock resume or his current

job and did not tweak it at all and.

304

:

Applied for a position that I, like I

said, he could have done, but didn't have

305

:

this, didn't connect the dots in that.

306

:

And so the hiring manager asked me

because it was a referral from a friend.

307

:

I just want to make sure that this

person, you know, just want to

308

:

take another look at and make sure

I'm not missing something here.

309

:

And the interesting thing was he

gave, he gave me a really good tip.

310

:

He's, he said, nobody has

time to connect the dots.

311

:

Meaning.

312

:

Your resume, when you submit that, and

this is why you always hear about creating

313

:

a tailored resume for that particular job.

314

:

When you submit your resume for that

position, you need to connect the

315

:

dots to the recruiter, to the hiring

manager, so they can understand that

316

:

you are the person that can do that job.

317

:

They are not going to have time

to connect the dots for you.

318

:

So if you don't connect the dots,

they're not going to do it for you.

319

:

So those transferable skills that you

have, that you know have something

320

:

to do or could have something to

do with cyber security, You're

321

:

thinking that mindset, right?

322

:

You've got to connect the dots.

323

:

So not only do you not discount

transferable skills, but you need

324

:

to connect the dots with the hiring

manager and the recruiter to let

325

:

them know that you have the skills

to do that because they're not

326

:

going to connect the dots for you.

327

:

Tip number 10.

328

:

Stay updated.

329

:

Listen to podcasts, read blogs, keep up

to date as best you can on what's going

330

:

on in the field that you're interested in.

331

:

I had one person when I was in an

interview, it was kind of a round

332

:

table, they said, what podcast

do you listen to for security?

333

:

I actually have some on my overdrive.

334

:

And so I was able to answer that question.

335

:

Doesn't mean you listen to it

every day, but if it's a question

336

:

they're going to throw at you,

like how do you stay updated?

337

:

You've got a great answer.

338

:

I read these blogs, I use Feedly, I've got

Overdrive, and I listen to these podcasts.

339

:

That's it.

340

:

No one's going to ask you what happened

in those podcasts, or what do you

341

:

find most interesting about them.

342

:

How do you stay updated in

this field that's constantly

343

:

changing is a valid question.

344

:

And it is one you can easily

answer by staying updated.

345

:

Very easy.

346

:

So whatever industry that you're in, go

ahead, subscribe to some blogs, subscribe

347

:

to some newsletters, listen to some

podcasts, That's how you stay updated.

348

:

That's how you answer that question.

349

:

Tip number 11, further education.

350

:

So if you want to go back and get

a degree in information technology

351

:

or a information security related

field, you can certainly do that.

352

:

That isn't what I did.

353

:

I studied for, like I said, the

CompTIA, Security Plus and the CISSP.

354

:

Those are the two things

that I went after.

355

:

However, further education, you want to

learn API security, things like that.

356

:

More than just the online

classes, there may be something

357

:

you can actually take, right?

358

:

You may be able to go to a conference

and go to some of the training sessions,

359

:

and that would be further education.

360

:

A little bit hard to do when you're

not actually working in the industry,

361

:

unless you want to spend that money.

362

:

But it's another way.

363

:

It's another thing to put in your resume.

364

:

It's another talking point and

it's something that's extremely.

365

:

Number 12, seek mentorship in college.

366

:

This could be a career counselor

or your instructor to figure

367

:

out, Hey, are there different

internships, things where I should go.

368

:

If it's in LinkedIn, you can actually

network with people, especially

369

:

people that you've worked with.

370

:

Certainly reach out to people in the

field and craft a message to tell them

371

:

what it is that you're trying to do,

what it is that you're looking to do,

372

:

and can they offer any tips and tricks.

373

:

I've had people who I previously worked

with in the customer service area that

374

:

really wanted to go into cyber security.

375

:

They didn't do it while they were

working there, but they really liked it.

376

:

And it just so happens that

I had some tips for them.

377

:

Because I asked.

378

:

And so it could be as simple as that.

379

:

Seeking mentorship is a good thing.

380

:

Cold calling, cold emailing,

cold LinkedIn reaching out.

381

:

I don't really care for that myself.

382

:

But if you do have someone who you've

connected with previously, and maybe

383

:

one of those conferences seeking

mentorship, how you can improve

384

:

yourself, what areas should I look at?

385

:

How can I do things?

386

:

Very valid.

387

:

You should do it while you're

currently working, and you should

388

:

also do it in your professional life.

389

:

It's a little bit easier said than done.

390

:

But seeking mentorship is

something you absolutely positively

391

:

should spend your time doing.

392

:

Tip number 13, volunteer opportunities.

393

:

Is there something that you can

do in your community, friends, or

394

:

family, to volunteer in the cyber

security field, in the information

395

:

world, that can go on a resume?

396

:

So if you went to public center and

you gave a presentation on password

397

:

managers and why, what they are, why

you should use them, how you should

398

:

use them, and then you helped people.

399

:

Download one and configure them.

400

:

And you made a training

video on that kind of thing.

401

:

Do you think that doesn't

go in your resume?

402

:

For rolling out a password manager

to, you know, a subset of 50

403

:

people, 60 people, whatever?

404

:

If you don't, you should put that down

because it is something that you do.

405

:

Doing that is just as valid as doing

a 50 60 people at a private company.

406

:

It's you doing a thing in the field for

a group of people training and learning.

407

:

And educating them and then helping them

out, doing something in cyber security.

408

:

If you do it for 50 people at your church

or 50 people at your company, you're still

409

:

ruling out a password manager, you're

still explaining it to everybody, and

410

:

you're still showing them how to do it.

411

:

And it's valid, and if you don't put

it down as a talking point at least, or

412

:

something on your resume, you're missing

out on a really large opportunity.

413

:

And the last tip, and the best

tip, because nobody's going

414

:

to make it to the end of this,

Is starting your own business.

415

:

Meaning if you want to go from it and you

want to go to cybersecurity and you've

416

:

got this gap in between where it's really

hard, you're using your transferable

417

:

skills, you're volunteering, you're

doing everything that you possibly can.

418

:

Starting your own business

allows you to pave your own path

419

:

and it allows you to go and.

420

:

Either offer those services to other

companies or other people for money or

421

:

for free or whatever you want to do.

422

:

You can create that page on LinkedIn.

423

:

You've got your own business now where

you're doing these type of things.

424

:

And you can start creating your

own avenues and your own pathways.

425

:

into the field that you want to go into.

426

:

And then maybe that business

will actually take off.

427

:

And you realize that I

like doing small business.

428

:

I like actually working for myself.

429

:

And if it doesn't work out, the easy

talking point is I tried to do my

430

:

own business and I realized it was

a little bit harder than I thought.

431

:

And I really like working with people

in sort of an organization where things

432

:

are a little bit more managed and that's

an easy transfer into cybersecurity.

433

:

So you can go from it, you

have cybersecurity over here.

434

:

And you don't know where to get into

that middle, start your own business.

435

:

Does that mean you have to start

an LLC or drop a ton of money?

436

:

It means you find a name, you find a

logo, you find an about, you put that on

437

:

LinkedIn, you start your own business,

and you start doing things in the

438

:

business capacity to create your own

experience that goes on a resume, because

439

:

it's your own business, and fills in

any gaps that you may or may not have.

440

:

And that is a tip.

441

:

Hardly anybody is going to give

you is starting your own business.

442

:

Because when you do that, you'll be

able to do a heck of a lot more stuff.

443

:

Then you would in any other capacity

because you're doing it for yourself in

444

:

a business capacity and you're creating

those things So starting your own business

445

:

if you haven't thought about it, you

really should think about it So with a

446

:

combination of these strategies, you can

really build a robust resume and gain a

447

:

lot of valuable experience Even if you

haven't had any Direct experience into the

448

:

cyber security world, it is very possible

to go from an IT world into cyber security

449

:

by using some of these tips and tricks

and building your own pathway into that.

450

:

I would have to say the ones that I found

to be most important were networking, the

451

:

industry certifications, starting my own

business and taking those transferable

452

:

skills and connecting the dots.

Links

Chapters

Video

More from YouTube