CHOSE YOUR DREAM CYBERSECURITY JOB

Kip Boyle:        

Hi everyone. This is your Cyber Path, the podcast that helps you get your first cybersecurity job. I’m Kip Boyle and I’m an experienced hiring manager of cybersecurity professionals. If you want to give me feedback on the show or if you want me to answer your question on a future episode, please visit the show page at anchor.fm/yourcyberpath. That’s all one word. When you get there, just click on the message button and start talking.

Well today we’re wrapping up the first week of the initial version of our masterclass, which I’ve talked about in previous episodes. It’s called, “How To Get Your First Cyber Security Job As Told By Hiring Managers” and on today’s podcast episodes, I want to share with you some useful highlights from the first module. It was four lessons. And what we were focused on was choosing your first cyber security job by title, by job title. Now this is important because without a job title, you might spend a lot of time going to school or getting certifications as it occurs to you, or as things seem relevant, but you might find out after spending a lot of time and energy doing that that your resume with all of your schooling and certifications and maybe even some work experience on a resume, a hiring manager might see your resume as unfocused. Whereas a strong candidate is going to have a resume that is much more focused on a very specific job by title. Now, the idea here is that you’ve got to make yourself useful on day one of joining a new cybersecurity team, especially if this is your first cybersecurity job. Hiring managers want to see that you can come up to speed and be productive and contribute to the team as fast as possible.

So that means you’ve got to present yourself as a strong candidate who has a very high chance of being able to do that. If your resume is unfocused around a specific objective but that hiring manager is seeing other people who have laser focused preparation and that’s clear on their resumes, then they’re going to present as the stronger candidate. So I want you to avoid a situation like that. Now, the way that you choose your job by title is more than just sticking your finger on a list of job and saying, “Okay, I’m going to go to that one.” You really have to consider who you are as a person as well. So you have to know yourself, you have to know what are your strengths and how do you like to work? And that was another thing that we worked on this week in the masterclass was just doing a little bit of self discovery, a little bit of know thyself and trying to be really clear about what we like and what we don’t like on the job.

So for example, if you are an extrovert, you like hanging around with people, you get a lot of energy from that. It may not be a good idea for you to take a job where you’re sitting and staring at a computer for eight hours a day. That would be very draining and difficult time for you. You would struggle to have energy to get through a day like that. Now I see the other side of that coin a lot too, maybe a little bit more, where somebody gets energy by being alone. They love their job sitting and typing alone on their computer. But then they get called off to go to meetings and to participate in other activities, high energy activities, with other people and that really drains them and really messes up their day the more that they do that. So it’s really important to get that fit and to get your strengths.

Another thing we looked at in the masterclass this weekend is aptitude. Do I have the aptitude for a highly technical cybersecurity job? And you may think you do and then you get in there and you start going to school and then you find out you can’t stand it. That’s happened to more than a couple of people. What you can do about that is you can actually take aptitude tests to determine whether you have the ability to complete a long course of study that’s highly technical and then work in a job like that. But if you’ve ever heard the phrase, “When you do what you love, you’ll never work another day in your life.” I think that can be true for people. I have definitely felt that way in my working life over the course of my career in cybersecurity.

But again, let’s get back to the point here, which is you need to pick the job that you want by job title. But here’s an important thing a lot of people don’t to understand. There is no such thing as a single cyber security job. There are actually many different jobs in this career field that you need to understand what they are, and then you need to go through the process of figuring out which one’s going to be the best fit for you. And then the other thing that we discussed in the class is that very few cybersecurity jobs are actually entry level. They may be entry level for the career field of cybersecurity. However, you really do need to bring some kind of work experience with you when you get that first cybersecurity job. That’s another big topic of conversation that we have coming up in a future lesson.

Now, the one way around that is if you join a very big organization like the military or a large private enterprise. T-Mobile comes to mind because I know that they have a very formalized talent pipeline that you can get yourself into. And they’ll do a lot of the training to get you ready to have a cybersecurity job, which is wonderful. But unless you do something like that, you’re on your own in terms of getting experience. Now, there’s two big ways of looking at what kinds of cybersecurity jobs are available to you. You can sort them into technical versus non-technical jobs. That’s one way of doing it. Another way is to think about what those jobs are all about. And so you could think about sorting them into builders, breakers, and defenders.

Now I’ve already done all this for you. You can actually see how these are all broken out if you go and get the mind map that I made for you, and it’s very easy to get. You just go over to our Twitter feed and our handle over there is @CyberPathMaker and I’ve pinned that tweet to the top of our feed. So go ahead and go over and get that. It’s @CyberPathMaker. But let’s take a quick look at the builders, breakers, and defenders category. So builders do things like create new products. They code, they do software development, they might do hardware development. Builders also install products, commercial grade products, or maybe an open source project. They’ll go and download it and install it, get it configured and running. And builders also implement new processes, which is not a very technical thing to do. So you can see that in this way of looking at cybersecurity jobs, the technical and the non-technical jobs can sit right now to each other. So that’s what builders do.

Breakers do things like penetration testing of networks and products. They can do vulnerability assessments, vulnerability demonstrations, or they might be an IT auditor. And defenders, the third job title. They might have job titles like security operations center analyst or SOC analyst. That’s a very common one. You might hear firewall administrator, incident responder, or digital forensics specialist. Now, just by listening to this list, I hope you can appreciate that the way you prepare to be a firewall administrator is very different than the way you would prepare to be an IT auditor. So if you found yourself doing a lot of firewall administration, then you applied for an IT auditor job that might not be the best way to present yourself as a strong candidate for that job. So I hope this all makes sense.

So again, the master class is closed right now. We’re going through it with our first group of students, but we’re planning to reopen it after we incorporate the feedback that we’re getting from this first group that’s going through it right now. And by the way, they’re doing a great job of telling us what they like and what they need to be better. It’s a little embarrassing sometimes to be honest with you, but we’re going to get through it. And if you want to join us in a future master class, you’re going to benefit from that feedback and my embarrassment. Okay, that’s enough for now. So until next time, remember, you are just one path away from your dream cybersecurity job.