EPISODE 30
A Cybersecurity Job That Fits You Like a Glove
EPISODE 30
A Cybersecurity Job That Fits You Like a Glove

A CYBERSECURITY JOB THAT FITS YOU LIKE A GLOVE

About this episode

In this episode, we are focused on the ever-divisive question of the importance of certifications in the cybersecurity industry. The answer to this question has changed over time from certifications being unimportant, to them being extremely important, to well, it depends.

 

Certifications can be extremely important for several reasons, including their ability to help your resume get through the Applicant Tracking System (ATS) filters used by the human resources and recruiting team, but they are not a silver bullet that will instantly land you a job.

 

As Jason Dion (Lead Instructor of Dion Training) shares with us in this episode, certifications can be your ticket to getting an interview, but they alone won’t get you the position. That said, without having that certification on your resume, you can easily be filtered out of consideration before a hiring manager even gets a chance to look over your resume. This makes having the right certifications and experience imperative if you want to land your dream cybersecurity position.

 

Just as a certification isn’t a substitute for a college degree, you will also learn that a college degree is not a substitution for having the right certifications. This is often not an “either-or” thing, but a “yes-and” type of thing that you must achieve for many cybersecurity positions.

 

What you’ll learn

  • Why certifications are important in the cybersecurity industry?
  • Are certifications or experience more important to a hiring manager?
  • Are certifications or college degrees more important to a hiring manager?
  • Which certifications should you be getting to advance in your career?
 

Relevant websites for this episode

Tags:

Episode Transcript

Kip Boyle: 

Hi, everyone. This is Your Cyber Path. We are the podcast that helps you get your dream cybersecurity job. I’m your host Kip Boyle. And I’m here with Wes Shriner. He’s also hosting. Wes and I are experienced hiring managers of cybersecurity professionals. And so, our goal on the show here is to share with you what we know about what works when you want to get your dream cybersecurity job.

Or maybe even turbocharge your career? Maybe you’re already in cybersecurity and you want to get that next promotion? If you want to give us feedback on the show, or if you’ve got a question, and you want us to answer your question in a future episode … That’s easy.

Just visit the show page, anchor.fm/yourcyberpath. That’s the URL. When you get there, you’re going to see a message button. You click that, you start talking, and we hear you. We would love to hear from you.

We’ve said this before. Every hiring manager, although they are engaged in a highly regulated activity, which is hiring … They do their jobs a little differently. They bring a different perspective.

And so, Wes and I think it’s valuable for you, dear listeners, to hear from other cybersecurity hiring managers. We also think it would be great if you could hear from people who don’t work in the United States. And so, today we’ve got somebody who’s going to check both of those boxes. We have a guest. Please welcome, Anna-Lisa Miller.

Wes Shriner:

I’m so glad she’s here with us today, Kip. She’s going to bring a lot of new and interesting ideas to how we look at pursuing our career opportunities. I think some of it’s going to be brand new and totally different than what we might do in the Seattle environment.

And then, another part of it might be, “Wow. It’s actually pretty much the same across the world.” And I think that’s going to be a powerful insight from today’s conversation. I’m really glad she’s here. Hi, Anna-Lisa.

Anna-Lisa Mille: 

Hi, Wes. Hi, Kip. Thank you so much for inviting me. It’s a real pleasure to be speaking to you both. I’ve been looking forward to it, and I hope our discussions are useful.

Wes Shriner: 

Well, tell us a little bit about your career background, and maybe salt us with a little bit of interesting things about your life and what you do for fun.

Anna-Lisa Mille:

Fun, eh?

Wes Shriner: 

Yup.

Anna-Lisa Mille: 

I suppose some of us cybersecurity have fun occasionally.

Wes Shriner: 

We’re allowed.

Anna-Lisa Mille: 

I currently work for a company called Spectris. I’ve been there for the last three years.

Kip Boyle: Sounds like a James Bond villain. I’m sorry. I just have to say that. Keep going.

Anna-Lisa Mille: 

Thanks for that. My husband said that to me when I joined, and you know what it? It does. And it is the best kept secret when it comes to companies. Not quite as evil as something out of a James Bond film, but a really brilliant company to work for.

We make widgets and gadgets. I think the official line is, “We make high precision instrumentation,” and we do that for a really wide variety of industries and businesses. We provide customers all around the world, in the US, in Asia, and all across Europe with high tech instruments and test equipment.

It ranges from high tech products that measure ketchup manufacturing to make sure it’s the right consistency. We have oxygen analyzers that are used in life-saving incubators and ventilators. We work with car manufacturers on all sorts of testing, including self-driving cars using 5G networks. This year, we had 200 of our sensors on rockets that SpaceX sent into space. There’s thousands and thousands of other brilliant things that we do.

Kip Boyle: 

Wow.

Anna-Lisa Mille: 

It’s so brilliant, but no one’s ever heard of us. There you go. My role at Spectris is … Well, my job is to make sure that we keep all of our information, all of the information associated with our brilliant business, as well as our systems and our networks … I keep them safe and secure.

I am their chief information security officer. And I’ve been doing security work for longer than I care to admit. More than two decades now, in all sorts of different industries. I’ve actually worked all around the world as well. Over in Australia, I’ve worked in Asia. I’ve done a bit of work in the US as well, and quite a few countries in Europe as well.

Kip Boyle:

Don’t forget what you do for fun.

Anna-Lisa Mille: 

What do I do for fun? Well, actually, one of the things that I really enjoy is swimming. And I particularly like swimming in open water. Thankfully, during COVID and the lockdowns that we had in the UK, I was able to carry on doing that. If I’m not socializing with friends and family, you can typically find me swimming down a river or in a lake. Or even across the sea sometimes.

Kip Boyle: 

Wow.

Anna-Lisa Mille: 

That’s me.

Wes Shriner: 

Outstanding. Cool. Well, thank you for that. It’s great to get to know you. It sounds like four continents, and you swam between all of them. You’re on your way.

Anna-Lisa Mille: 

That’s stretching it a little bit, but yeah.

Kip Boyle: 

Well, hyperbole and podcast go together, so I don’t feel ashamed. Anna-Lisa, let’s transition here. When did you first start hiring people for cybersecurity jobs? What’s that like for you?

Anna-Lisa Mille: 

Well, I guess back at the turn of the century. Oh my god. That makes me sound so old.

Kip Boyle:

I’m the same way. Let’s be old at the same time on the podcast.

Anna-Lisa Mille: 

Back in 2000 or 2001, I was working at PWC. PricewaterhouseCoopers. I joined them as a graduate, and after 12 or 18 months or so I was involved in the hiring process and the recruitment process. Only in a small part, and mostly to make sure that potential recruits had certain technical skills or the ability to learn technical skills. But the thing that was so great about that … Anyone that has worked in a consultancy will know this. You tend to have pretty rigorous and well-structured processes for hiring when you work in a consultancy.

It really was the perfect way for me to be introduced to that side of recruitment. That was back in … I think it was late 2000, early 2001 that started. A year or so after that, I did a bit of traveling, ended up in Australia. I got a job in the security team at Nestle. Not too long after I joined, the remit of our team grew.

We had a lot of work that we needed to expand into a number of different areas, and I was able to recruit my first direct report. And it was tough, because I was in my early twenties. People back then working in security were typically a lot older than me. So I had some anxiety, I guess, about hiring people who I felt had a lot more experience.

But they didn’t necessarily have the technical expertise that I had, so it was definitely an interesting process to go through. I’m really proud actually to say that the first person that I recruited to report directly to me was another woman, which I would say, back in the early 2000s was quite unusual. For two women to be working together in a security team.

Kip Boyle: 

I would say that’s true. I’ve hired some women as well. And I know that the larger conversation right now is on diversity. All forms of diversity. I should also say that I’m the father of four daughters, so I’m really interested in access and diversity from that perspective. I’m glad you brought that up.

Anna-Lisa Mille: 

And I think you’re right. Diversity is … It’s an often used word, isn’t it? I don’t think it’s just about gender. I think it goes a lot further than that. I think really … Now, when I’m recruiting, I don’t focus too much on gender or race or even background necessarily. It’s more about diversity of thought.

When I’m recruiting now, I’m really looking to build high performing teams. And I think you can only ever have a high performing team if people think differently, and bring a different perspective, and can do that with some courage in a safe environment. And that safe environment comes when you’re prepared to support your colleagues. Those are the qualities that I really look for when I’m recruiting now.

Kip Boyle: 

And that’s a whole different podcast that we could do and probably should do. Right? Because there’s so much to unpack there. There’s emotional intelligence, and then there’s feeling safe to speak what’s really on your mind.

And so, there’s these rare qualities that a team has to have in order to take full advantage of true diversity. And I would love to go to that place with you, perhaps on a different episode. But how intriguing. Hey, Wes, I think it’s time for you to pitch Anna-Lisa a question.

Wes Shriner: 

It probably is. Thank you. Anna-Lisa, as we start looking at a career path and what a person is looking for in their next role … What would be the first step you would recommend somebody take in that process?

Anna-Lisa Mille: 

I think it’s really important first and foremost, to not stand in your own way. I think it’s something that people do sometimes without realizing. I think there’s enough out there that that can get in your way without you doing it yourself. So I think the first thing to do is to focus on what you can do. Focus on what you enjoy, and focus on how you want to grow.

Don’t focus on what you haven’t done yet. Getting started or taking your next step can be pretty daunting. Even if you’ve managed to narrow down your thinking to, “I want to be someone who works in informational cybersecurity …” There are so many different flavors of that and what that might mean. And there’s so many different potential routes into cybersecurity.

You can go down the military route, law enforcement route, consulting as I did through your existing IT team. If you already work in IT, through project management. So many permutations. Actually, in the UK … I don’t know if you guys have this in the US. But we also have cybersecurity apprenticeship schemes, which are schemes that the government supports both for graduates and nongraduates, which is another great way for people to start their cyber career.

Kip Boyle: 

Oh, I wish we had that. I wish we had that as a formal thing. Actually, in the US, some companies offer that as part of building their talent pipeline. There’s some forward-looking companies that do that. Certainly, the US Military and some of our federal government institutions will do those sorts of things.

But it’s on a very organization by organization basis. But I know a lot of people have asked me about that, “Hey, how can I get an internship? How can I get an apprenticeship?” I think that’s a brilliant scheme. That’s so funny, that word, “scheme.” Americans don’t like using that word.

Anna-Lisa Mille: 

Initiatives. Let’s go with that.

Kip Boyle:

It has negative connotations in the US. Isn’t that crazy? But it’s a perfectly fine word. Anyway, I wish we did more of that.

Anna-Lisa Mille: 

It is great. So I think, definitely don’t stand in your way. But once you’ve made that decision, that that’s the step that you want to take … You’ve got to really, really want it. We spend a very large proportion of our time and energy doing our jobs. I certainly do. And I think it’s really important that you enjoy what you do.

When you are applying for a new role or you are thinking about moving into something like cybersecurity … You need to know that you are going to enjoy the fundamental tasks and activities associated with that role. You also need to buy into the company that you are looking to join. Are you interested in what they do? Do you agree with their values? I think really the key is, be honest with yourself. Be absolutely sure that you want to do this role.

Kip Boyle: 

That can be difficult, right? Wes?

Wes Shriner: 

Well, usually when I’m encouraging folks and they’re pursuing opportunities … I recommend they pursue multiple roles at one time. Pursue them in parallel. There’s often times a long response window for some companies.

And so, is there … How do you rationalize the spray and pray method with the, “Make sure you really want it and you’re going to enjoy it,” method? What’s the right balance there?

Anna-Lisa Mille: 

Well, I think you make a really good point there, because what I was saying might have sounded like I was very close-minded. “You definitely want to be an ethical hacker and that’s it.” That’s not quite what I meant. I think the spray and pray method is fine.

Wes Shriner:

I don’t think that one works either, for the record.

Anna-Lisa Mille: 

Okay.

Wes Shriner: 

I don’t think spray and pray works either, but there’s somewhere on the continuum that is a good answer. And I don’t know how to find that exactly. I have some ideas. I’m going to throw it out there. I think that career searching should go in waves.

And I think on Monday of your career search start, you apply for eight jobs in that Monday, Tuesday, that you think are good choices. But then, you slow down on your application process and you see … How do those eight move through the process? Usually, in a two-week period, you have a couple that have moved through, and a couple that have fallen on deaf ears.

And then, you start another wave going through two weeks later. That way you’ve got some methodology to how you are approaching your job search, and you’ve got some thought into which roles you’re applying for. I think if you did one every two weeks, you would be here a long time. And I think if you did a hundred every two weeks, you would be exhausted and worn out, and unable to appropriately respond to all of the ideas and pursuits that may come your way.

Anna-Lisa Mille: 

I agree. And I think as well, when you’re reading through those job specs, there will be elements in there that will really speak out to you. You’ll think, “Well, I can really imagine myself doing that,” or, “I’d really enjoy that.” Or, “Oh my god. There’s no way I could possibly do that particular task.” So I think it’s about being honest as well.

Wes Shriner: 

You said you should buy into the company that you’re looking for. And I’m trying to figure out what that means in the bigger world. You said, “Agree with their values.” How do I do that? What does that look like?

Anna-Lisa Mille: 

I was very nervous before I joined Nestle, back in my early twenties, because in those days there was a lot of controversy about pounded milk in Africa being provided by Nestle to people who couldn’t afford to buy it. There was a lot of controversy, whether or not it was true. To this day, I’m still not a hundred percent sure. But I was worried that I was being interviewed by an organization that wasn’t particularly ethical.

And I actually talked to my, my potential boss about this. I said that the only thing that I’m worried about here … Because everything else about the job sounded great. I could tell that my boss, who was interviewing me, and I were going to get on like a house on fire. I could totally see that we were going to work well together.

So I said to him I was worried about it. He was very good at explaining the Nestle side, which hadn’t been reported in the media. It wasn’t in any of the conspiracy theories that were being … Or the gossip that I’d heard. Actually, when he explained to me the values of Nestle, and the much more caring and moral side of it, I felt that it was a company that I could be proud to work for.

And that’s the really important thing is. When you get up in the morning, you’ve got to really enjoy what you do. You’ve got to feel that what you do is for a good company with a good cause. There’s a quote from Maya Angelou, “You can only become truly accomplished at something you love,” but I think it goes further than that.

I think the intrinsic motivation to do something for the love of it, rather than being reliant on external motivators, I think that expands to the company that you’re working for as well. Whether it’s a law firm that’s fighting for people’s human rights, or a company that makes widgets and gadgets, or a company that makes wax works like at Maddame Entertainments where I worked before.

That might sound really fickle, but I really loved the fact that was a company that was providing entertainment and fun. A safe and enjoyable environment for families and people to go and have a good day. And so, I think it is really important that you reconcile the company that you are looking to join with your own morals and values.

Wes Shriner:

That makes a lot of sense. I remember I was in a job, many years ago, and my boss looked at me and he said, “On a scale of one to 10, how much do you like your job?” He was really just looking for feedback in the first one year of my role with him. “One to 10, how much do you like your job?” And I think he was expecting me to say 10. I said eight, and I broke his heart. And I didn’t mean to. I didn’t mean to break his heart at all.

I had to quickly repair it by saying, “I like what I do. I like who I work with. I like what we’re delivering. There’s no complaints on that. We’re just not curing cancer.” If we were curing cancer, we could move to the nines and tens, but we’re not. And so, for me, we’re at a solid eight. And I’m happy and I’m not complaining at all. Just understand that to get in that 10 range, we’ve got to do something major for humanity.

Kip Boyle: 

Great.

Wes Shriner: 

And so, I recovered in that conversation, but it stuck with me. You said, “Enjoy your work.” You’ve got to enjoy your work and understand what you’re going to enjoy about it. I’d love to hear more about … How do you figure out if you’re going to enjoy that job?

Anna-Lisa Mille: 

That’s a really tough question.

Wes Shriner: 

Well, I’m going to buy you some time on that for just a second, and tell you that there’s four things that … When I was last hiring and I made a decision, “I’m likely going to give this person an offer …” I would come back with, “Let me describe the team to you. There’s four things about this team.”

One is we’re going to do big things. We’re going to have big hardware and we’re going to work on big hardware and big things. We’re going to have big influence across the company. We’re going to treat each other as adults. And we’re going to go home for dinner. Those are the four tenets of how our team operates. Do big things, have big influence, treat each other as adults, and go home for dinner.

And if that’s the kind of lifestyle you’re looking for, then we’ve got an opportunity for you. And I say that to say, I never had the highest salary. Anybody who came to work for me could have worked for bigger salaries at other places. But the opportunity to work with those four tenants was a big deal for a lot of the folks who came to join our team.

Anna-Lisa Mille: 

That sounds like you … Sorry. I was going to say, it sounds like you provided a great environment with those four pillars.

Wes Shriner: 

You can ask them whether or not we actually lived them or not, but we advertised them, and we did our best.

Kip Boyle: 

Well, and I think, Wes, you deserve credit for bringing that up in the interviewing process. Because I can tell you from personal experience that’s rare. That was a rare thing for me, to have somebody that I was interviewing be so bold and so upfront about it. And I just think that you really served your interviewees well when you did that.

Wes Shriner: 

Well, it helped me win talent. This talent could work anywhere they wanted to. These are 20-year veterans of security. They can work anywhere they want to. In fact, some of them don’t have to work if they don’t want to. And so, I’ve got to find a way to interest them in what we’re doing here as better or more beneficial to them by being here. And so, I did that.

Now, I need to clarify in my, “And home for dinner,” statement … Understand that when the lights are bright and the stage is set and the audience is in their seats, and you’re on the stage … You’re going to work all weekend if you have to. Because that’s what happens when the show is going.

But when we’re still practicing and preparing and being a part of preparing for that show, we’re going to be home for dinner. Understand that you own your workload, and that you will deliver your workload. When it’s time, you’ll step up and be on that stage. And so, I didn’t set an expectation. It was, “every dinner,” just for the record. But I want to get it back to Anna-Lisa here. How do you define enjoying your work? Or how would you help people find that for themselves?

Anna-Lisa Mille: 

I guess there’s different points that you’d need to try and figure out whether you’d enjoy a role. There’s the point at which you are looking for your next role or even your first role in cybersecurity. You’re going through the job specs, all the tasks and activities. Things you think will be fulfilling, and that your skills get you at least part of the way there.

And then, the bit that you raised there, Wes, which I find really interesting is … What’s the energy going to be like with the team that you’re about to join? That’s really hard to figure out through the interview process, for both the recruiter and the person that’s looking to join the organization.

But there are some fairly telltale signs. Someone that’s as open as you were, Wes, by coming up with those four pillars. Openly encouraging to people to have a work life-balance, when it’s right to have a work-life balance and in a flexible way, I think is superb and a really good sign.

And there’ll be some really bad signs. I think if you are in an interview, and you get the impression that perhaps your boss has got a whip and he’s literally going to be cracking it every five minutes …

Wes Shriner: 

Oh, my word.

Anna-Lisa Mille: 

If that’s not what you’re after, then just be aware. Again, just be really honest with yourself and the vibes that you’re picking up through that.

Wes Shriner: 

I have a story for you on that one, if I may. I’m sorry, I’m interrupting you. I don’t mean to. But we don’t have a script, so it works out okay.

Anna-Lisa Mille: 

Okay.

Wes Shriner:

I was sitting in an interview. I had been through the full-day loop. I was now sitting down with the hiring manager, and he’s ready to give me an offer. He said, “Do you have any questions for me?” And I said, “What’s the team dynamic like? How does the team get along?” Because this is back in the day, when we all got to work together in the same office. Way back when, in the mystery days.

And I asked him, “What’s the team dynamic and how does the team work together?” He said … He looked through his window and he pointed out the window, because it was an internal window to part of the office. He goes, “It’ll be a lot better when that guy goes home.”

He was saying, “When that guy is fired.” And I was … Oh my gosh. The look on my face gave me away. I did not get the job offer. I have never been invited for an interview with that company ever again since. I never said anything aggressive, but I was amazed at his response. And I was not prepared or interested in working in an environment like that.

Anna-Lisa Mille: 

I think you had a lucky escape.

Kip Boyle: 

Isn’t it nice to find out before you accept the offer?

Wes Shriner: 

Yes. I think, “lucky escape,” is the right phrase.

Kip Boyle: 

I would like to ask Anna-Lisa about the resume or the CV, because I know she’s got some …

Wes Shriner: 

“Which continent are you on,” is which one you’re asking about.

Kip Boyle:

Well, okay. They have different labels, but call it a truck or call it a lorry … You still get in, you still drive it around, and you still carry stuff.

What about your resume, Anna-Lisa? What do you think that job seekers looking for their dream cybersecurity job … How should they be thinking about their resume? What’s your take on that?

Anna-Lisa Mille: 

I think you’ve got two real stages to getting your dream cybersecurity job. The first one is getting your foot in the door. And then, once your foot’s in the door, it’s about just getting that last stretch of the interview process. So the CV … The job of the CV or the resume is to get the attention of the hiring manager or the organization that you’re going to be joining.

To do that, you need to make sure you do yourself justice. You’ve got to really bring out any transferable skills that you’ve got or any relevant experience that you have. Make sure it reflects what the job spec is actually asking for. If you are really keen for a job, you may need to tweak your resume.

You may need to just adjust it slightly to make sure it really prioritizes your skills or reflects your skills in the same way that the job spec appears to be prioritizing them. Don’t be afraid to do that. It’s okay to have multiple versions of your resume. Because once your hiring manager has read your resume and wants to then meet you, your next job then is to really do the sales pitch. To go into a lot more detail about your skills, and the way that you will help your hiring manager solve all the problems that he’s hiring you to solve.

I think it’s important. Focus on yourself, focus on your skills. Don’t worry too much about what other people are doing, although there will be certain things that you need to be cognizant of. At certain points in my career, it was a really good thing to have quite a long resume that had a lot of technical detailing.

Some hiring managers really like that. That might have been a sign of the times or it might have been a sign of the kind of roles that I was going for. Now, two pages max. Just be aware of what the expectation is. Don’t be afraid to ask, and make sure that you’re really focusing on your core skills.

Wes Shriner:

If I can ask a question here … The customizing a resume is sometimes a very time-consuming endeavor. And I find some people get lost in it. They go off to customize their resume and they’re gone for three days.

By then, the job opening has closed and they’re no longer taking new applicants. How do you find that balance between amount of customization versus the fuse available for early application on a role?

Anna-Lisa Mille: 

It’s a really good point. Of course, you could get carried away with it. I guess what I mean is the slight adjustment. You may just want to take one section higher up your resume and just swap a section around. We’re talking about like a two-second change.

Wes Shriner:

Sure.

Anna-Lisa Mille: 

Just so that, if someone’s in a real rush and they’re reading through your resume … If the first thing that you think they want to know about is your qualifications, for example … If that’s really focused on the job spec, you may just want to flip that round.

For me, personally, my qualifications are right at the end of my resume. It’s little tweaks like that, I think, rather than a massive overhaul.

Wes Shriner: 

I would suggest that there’s a 24-hour fuse on any application or response. If someone sends you an opportunity and says, “Hey, you should maybe consider applying for this.” You’ve got 24 hours to pick that up and respond to it with resume.

If you come across an opportunity on one of the job boards, and you want to post for it, you’ve got 24 hours before … It’s likely that opportunity is going to … The fuse is going to expire.

Anna-Lisa Mille: 

I agree.

Wes Shriner:

It could go three weeks, but I can’t guarantee that. I can only tell you, you’ve probably got about 24.

Anna-Lisa Mille: 

I think it’s also really important that you … The point that you’re making as well is, “Put a time limit on it as well,” Because when you are applying for a job, I think you do also have to prepare yourself for some rejection.

Not every job that you apply for will end up in an interview, and not every interview will end up in a job offer. I think you have to be ready for that. With that rejection, of course, you’re going to have a bit of a turn turnaround on your applications.

Kip Boyle: 

I like the idea of putting the work that you do when you are modifying your resume in a time box. I often do that. Where I’ll say, “Right, I’ve got 10 minutes to modify this resume for the position that I’m seeking.” I like that, because it forces me to focus on what’s truly important, what’s really going to move the needle.

Rather than me saying, “Oh, I don’t like this font. God, I need a better synonym for this word.” Because I agree with Wes. It’s just a such an easy trap to fall into.

Anna-Lisa Mille: 

Definitely.

Wes Shriner:

I think you said something very similar to me about content creators here recently, Kip. Content creators create content. They don’t draft content and think about it and decide, “I’m not sure if I’m ready to publish that yet or not.”

Kip Boyle: 

Creators publish.

Wes Shriner: 

Publish.

Kip Boyle: 

That’s what we do on this podcast. We create and publish. I could fiddle with the episodes endlessly, just trying to get that perfection. We know the old trope, right? Perfection is the enemy of, “good enough,” of getting a job done. I don’t know. If you’re going to a launch a rocket, well then, you’d dang well better be perfect. Anything short of that … Be careful.

Wes Shriner: 

Anna-Lisa, I got a couple more questions for you, and I’m running out of time. I keep taking us down rabbit trails, so it’s my fault today. If I was trying to figure out the team dynamics and team structure, either before I’m in the interview or during the interview, with questions that I have during the interview … What would be some ways I might ask about or glean information about the team structure and how the team dynamics inter-operate in that interview?

Anna-Lisa Mille: 

Well, there’s … One option is just to ask it straight out, like you did. Another way could be to talk about org structures. Find out exactly where you sit, who your peers would be, what support you might get from other people in the team. You could use an organization structure as a basis for that conversation.

One time, I went for a job and I was a little bit unsure about it. Someone suggested to me, why don’t you ask if they’ll show you around the office? Maybe that will give you a better impression of the organization, give you a better feel for it. And I did actually ask the company. I said, “Would it be possible to have a look around the office?” They were very surprised. They were like, “Well, no one’s ever asked us that before.”

It was almost as if it was okay just to sit in one room, and make a decision about my career based on having met one person and seen one room. They kind of scratched their heads a bit. And they did … They said, “No, it’s okay. We can show you part of the office.” Part of it, I think they had some sensitive stuff that they couldn’t show me. But they pointed through a bit of glass and said, “Down there is where you’ll see these people.”

Do you know what? It really helped me. The fact that they listened to my request, took it seriously, and then actually showed me that the office was actually quite a normal place. People seemed to be reasonably happy at their desks, and talking to each other and stuff. That was helpful for me.

Wes Shriner:

I agree, because you’re going to hear them say, “And this is where the risk team sits. This is where third-party risk. And this is where the incident response team sits.” But you also hear in their tone and in the dynamic of walking around the office, whether or not people wave at each other and whether those groups talk to each other.

Anna-Lisa Mille: 

Yep.

Wes Shriner: 

You also get to see if there’s people like me that work here already. Or if I’m going to be special in some way, that I don’t see someone like me already in that role or in that leadership.

Anna-Lisa Mille: 

And that in itself can be really daunting. I remember when I was a consultant at one place I worked … It was in engineering. There was an open-plan office with about a hundred people, and I was the only woman. That was quite scary.

Wes Shriner: 

And that is a very different environment.

Kip Boyle:

Okay. Let’s move on. We have two more things that we would like to get Anna-Lisa’s perspective on. The next one is the interview.

How should our listeners think about being prepared or preparing themselves for the interview? What do you like to see candidates do when they show up and therefore how they must have prepared?

Anna-Lisa Mille: 

I’m, as a hiring manager, keen to meet a short list of people. Because I want them to know as much as possible about a role. But equally, I’m not going to interview every single person that’s applied for the role. Quite frankly, if you’ve got to that stage, you’re in with a good shot. I don’t know many hiring managers that are going to go and spend all day, every day, just speaking to people for the sake of it.

They’re taking you seriously, so use that time to the best of your ability. Do prepare. You’ve got your foot in the door now, so enjoy. Make sure that you listen carefully to the questions. Because they may be asking you competency based questions, which would need you to follow a process where you talk about the situation and what you did, and speak very much about your personal contributions.

Or they may be looking for something different, so listen very carefully to the questions. Take a breath. Take some time to think and answer to the best of your ability. This is your opportunity to showcase your experience, your transferable skills, and what you can bring to this organization, to the role. And it’s a really good opportunity to do that.

Also, part of your preparation, do your homework. Make sure you’ve got some questions that will help you understand more about the role. That will show your hiring manager that you are genuinely interested, which is always a good thing, but it will also give you the chance to answer some of those questions.

It’s like you were saying, Wes. How do you actually know about the dynamics of the team? How you know that you are actually going to enjoy this role? Do a bit of homework about the organization and the team. Think about the challenges that they’re probably facing, and dig into those a little bit.

You may be a bit time constrained in an interview, so you might not get a chance to cover all your questions. But do the best that you can, and try and put yourself … Or try and imagine yourself already in the role and ask the questions from that perspective. That can sometimes give you a much better perspective of the role, when you’re asking those questions.

What you want to do when you leave that interview is to have achieved two things. The first one, of course, is to have made sure that the hiring manager has seen the best of you, and heard about your experiences, so that they can make a really good decision. The second thing, which in some ways is even more important, is that you’ve come away with a really good understanding of what you’re about to get yourself into. I think it’s really about those two things.

Kip Boyle: 

Excellent. Wes, did you want to ask any questions about that before we move on to our fourth and final area?

Wes Shriner: 

I think we should keep running.

Kip Boyle: 

Okay. Seriously, this conversation could go on for a long time, but I know our listeners have limited time to listen to us. The final thing that we wanted to ask you, Anna-Lisa, was skills gaps. Everybody has them, right? You read this intimidating long list … And it’s really a wish list, by the way everybody, of skills and capabilities and problem solving talent.

You can get intimidated. And I know the data shows us that some people, if they don’t have at least 80% or even 90% of the skills that they see listed, they won’t even bother making an application, which is unfortunate. What’s your perspective on this?

Anna-Lisa Mille: 

I hear you. And I believe that that women are possibly harder on themselves when judging themselves and their skills applicable for a role. And this goes back to my first point, really, which is don’t stand in your own way. You will have to skills that are transferable, even if they’re not in the workplace. You can go a little bit off-piece here.

If you’ve maybe been in amateur dramatics or a musical performer, even at school … To have done those things, you will have had to have done a lot of preparing and rehearsing. You would’ve needed to have potentially worked with other people, if it was a choir or an orchestra or a stage show of some sort. There are lots of things that you would’ve done during those activities that could be skills that are relevant and transferable to the workplace.

Team sports is another great thing to draw on. Don’t necessarily constrain yourself to work experience. Particularly, if you’re at the very beginning of your career. Even things like gaming. If you’re really enthusiastic about gaming, there are things in there that could potentially be the cornerstone of your interest in IT and security.

The other thing, of course, is things like voluntary work or even non-IT jobs that you may have had previously where you’ve needed to be organized. Yes, you may not have had the opportunity to solve co complex problems, but you have been able to solve problems. Everybody does every day at work. You can still bring that out when you are in interview and when you’re explaining your skills.

But you’re absolutely right. I think it is very hard when you are looking at a job spec that’s full of very specific things around cybersecurity or qualifications. Just do your best to draw on your experiences. But also, one of the things that I have to really emphasize as a hiring manager is … I’m not looking for someone that that’s been there, seen there, and done it.

I’m looking for someone who’s got the right attitude, who is going to bring a fresh perspective, and is going to have the tenacity to do their absolute best in the job. And that doesn’t necessarily mean that you’ve done it before. It means that you can do it in the future. If you’ve done your research and you know that you want to do it … You just need to find a way to really highlight that, if you’ve made it through to interview to your perspective hiring manager.

Kip Boyle: 

You’re really selling yourself. Part of this really is selling. It’s highlighting the benefits of bringing me onto your team. And in cybersecurity, this is really tough. Because in the broader technology space, people don’t like selling. They don’t like to being sold to. Most people don’t. But they don’t like selling themselves. It feels unauthentic, and oftentimes dirty.

And so, I think that’s one of the things that makes this so difficult. They’re also worried that they’re going to oversell themselves, and then find themselves in a situation where people thought they were a lot more capable than they really were. And then, that feeds into imposter syndrome … Anna-Lisa, you’ve studied psychology, so I’m sure you’re well-versed in all these things. Right?

Anna-Lisa Mille: 

You’re absolutely right. I do think it’s important that people find a way to be authentic and honest in interviews. But it’s so hard to get started in that. Maybe there’s an opportunity to practice?

Maybe every time that you have an interview, you just try a little bit more to draw out your skills and experience in an authentic and honest way. Even if that does end up in a rejection, or you don’t get the job offer, that experience is still really good. Every time you go to an interview, it’s good.

Kip Boyle: 

Yes.

Anna-Lisa Mille: 

It’s a good experience. Even if it doesn’t feel like it at the time, and you leave with your head down … It is, fundamentally, still a good experience. Because you will have grown from it, and you will have learned from it definitely.

Kip Boyle: 

Well, I wish we could continue to talk with you on this episode, but we do need to wrap up. Maybe we should talk later on about having you come back and explore some of these other topics. Thank you so much for being our guest today, Anna-Lisa.

Anna-Lisa Mille: 

Oh, thank you for having me. It’s great to speak to you both.

Wes Shriner: 

Thanks so much.

Kip Boyle: 

Yep. If you like our podcast, ladies and gentlemen, then you should consider grabbing this free guide that we recently put together. It’s called Play to Win: Getting Your Dream Cybersecurity Job. It’s a PDF.

You can download it, take a look at it. It’s quite a visual guide. It’s very attractive. We hired somebody to make it look great, because honestly my arts and craft skills are not all that great. So I really appreciated the help.

But what this guide does is it says, “Hey. Look, if you like playing capture the flag, or if you understand how that game’s played … You can actually take that approach to compete and win in your job hunting.” And so, there’s lots of instructions and screenshots. Tips from hiring managers. How to use LinkedIn.

It’s great. And I think you should get it. We’ve gotten some good feedback on it. If you want it, go to yourcyberpath.com/pdf. Until next time, remember … You’re just one path away from your dream cybersecurity job.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!

Headshot of Jason DionYOUR CO-HOST:

Jason Dion
Dion Training Solutions

Jason Dion is the lead instructor at Dion Training Solutions. Jason has been the Director of a Network and Security Operations Center and an Information Systems Officer for large organizations around the globe. He is an experienced hiring manager in the government and defense sectors.