ANOTHER HIRING MANAGER’S ADVICE

Kip Boyle:        

Hi everyone, this is Your Cyber Path, the podcast that helps you get your first cybersecurity job. My name is Kip Boyle, I’m an experienced hiring manager of cybersecurity professionals. If you want to give me feedback on the show, or if you want me to answer your question on a future episode, just visit the show page at anchor.fm/yourcyberpath, that’s all one word. Now, when you get there, just click on the message button and start talking. On today’s episode, I’ll tell you about a conversation I recently had with another experienced hiring manager named Eric. So, Eric and I have similar career arcs, we both started out in the US Air Force and we’ve both built information security programs for a wide variety of private sector companies. Now, here’s what happened that caused me to want to share this information with you.

So, I wanted Eric’s feedback on the masterclass lessons that we’re going to be giving you, and so I gave him a copy of the lesson plan in a LinkedIn message. I thought he’ll look at it in a couple of days or something, get back with me. But in less than two hours, he flooded me with this amazing feedback. Clearly, he found the material engaging, and he wanted to help you, so I looked at all this feedback and I just thought, man, this is so good. I really got excited about sharing it with you. I thought I don’t know if I can sit on this until, until the masterclass, and so I thought, well, let’s just share it in an episode of the podcast. So, that’s what I’m doing. Okay, so there’s three things that Eric told me that I want to cover here.

So, the first thing is he said, “When I talk to someone who’s interested in cybersecurity, and even when I’m interviewing them for the first time, I’m very blunt about the reality of the job.” It can be boring, because there are long hours of oftentimes tedious work. It can be stressful because as you’re doing your job, you realize that a mistake by you could result in millions of dollars in damage to your employer. Either because a cyber attacker succeeds, or there’s been some other kind of failure that you were trying to anticipate and prevent, but you weren’t successful. It’s a lot of stress, it’s usually a very thankless job. Unlike Hollywood movies and shows, there are rarely heroes, there’s rarely a time when you’re acknowledged for saving the company. It’s really not a job for everyone, we see lots of people drop out after different periods of time working in this career.

Then he said to me, “Hey, when I’m interviewing someone, I look at their reactions to these very blunt things that I’m saying, and I want to know, do they really get this? Do they really understand what they’re in for if I offer them the job and they come onto my team?” So, what a huge dose of reality, I think Eric is right to share these things. I don’t believe his goal is to scare people away, but rather to just make sure that they don’t get shocked, he wants them to be ready. I think that’s very reasonable, so that’s one of the reasons why I’m sharing with you now is because you probably haven’t even had an interview yet. Hopefully you have, but if you haven’t and even if you have and you haven’t heard anybody speak with you so bluntly, then you should start thinking about this now, before you go any further.

I would not want you to waste your time on a career that is too stressful, too tedious, and it’s not going to excite you to get out of bed. But I will tell you, people who are passionate for cybersecurity, despite all that stuff, will get out of bed every day, and will go to work, and will do their very best. So, that could be you. So here’s another thing Eric said, here’s the second thing he said, “One skill that I feel is missing with new cybersecurity people is basic communication,” and there’s two dimensions that he’s thinking about. The first is are you able to explain information technology and cybersecurity concepts to non-technical people, like senior decision makers, or other folks who are depending on you? He said, “I’ve seen times where a critical issue is ignored because the decision maker didn’t understand what the cybersecurity person was saying.”

The second dimension of this basic communication that Eric is talking about is are you able to explain the business impact of this risk that you’re working on? He said, “Few cybersecurity people understand the business that they’re actually a part of,” and that they have a really difficult time translating cybersecurity and cyber risk into business risk and business impact. That’s a very difficult thing, and I’ll be honest, your first cybersecurity job, you may not actually sort all that out or figure it all out. But if you find yourself in your first cybersecurity job and you’re facing this, you better ask for help. It’s just too important to try to fake your way through it. I’ll be honest, on this second point about communications, he and I both agreed, we’ve seen people fired from their jobs because they just could not communicate these very crucial things to the people who needed to hear them.

Okay, so there was one more thing that Eric shared that I want you to know about right now. It’s related to the fact that cybersecurity can be a very stressful job. He said, “Hey, for their own health and wellbeing, I urge new people to create a personal financial parachute.” I said, “Eric, what does that mean?” Well, he said, “It’s a three to 12 months savings that you actually are going to put together for yourself.” So, whatever your net income is, figure out what’s my net income per month multiply by three, and that’s your initial savings goal. Eventually, you want to get that to 12 months and cybersecurity salaries are pretty high. So, you should be able to do this without too much stress and strain. Now, why do you do this? Well, your job could become intolerable at some point, either because the amount of stress is just wearing you down to a nub, or you’re working for unreasonable people in unreasonable situations with inadequate resources.

If you find yourself in a situation like that, you need just-in-case money. Now, I know there are different words for this savings fund, but I got to keep it clean here, so this is your just-in-case money. If you have this money, then you can stop working for companies or people you don’t like, or you may like them, but they may treat you badly. You may realize it’s time for me to get out of here. If you have just-in-case money, then you don’t have to sweat it. You do not have to keep going back there day after day, and hating it. What kind of a way of life is that? I don’t recommend it. Okay, so those are the three things that Eric shared with me that I couldn’t wait to share with you. I hope that was helpful. If you’re listening to me now and you haven’t already opted into this free masterclass, this is the first one that we’re doing. It’s free, because we want to make sure that we’re getting this right.

The future classes, if we can figure out how to get it right, future classes, we are going to charge money for, because we want to be able to do this over the long haul. So, the class is called How to Get Your First Cybersecurity Job, as told by hiring managers. If you want in for free, here’s what you do, you tell me your number one question about getting your first cybersecurity job. You do that by using an online survey that we’ve set up, and when you do that, and I’ll give you the link in a moment. When you do that, you’re going to get free access. It’s a four week online class, it starts April the 6th. Just as a bonus, even if you choose not to sign up for the class, you’re going to get a free copy of my Amazon bestselling book, Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks.

Listen, I wrote this for executives, that is non-technical people who have to big decisions about cyber risk. If they can understand this, and I know they can, so can you. So, if you’re new to cybersecurity and you want to understand, hey, what’s going on here? Grab a copy of the book. Now, don’t wait too soon to do this, because we’re going to close the survey soon. The last day to join him for free is actually today, Friday, March 27th. So, later on today I’m going to pull the survey, and I’m going to shut the door, and we’re going to proceed with the course with the people that we got. By the way, we have a lot of people. We have about… What was it now here? About 180 people. If you went in on this, don’t delay. So, go to the survey, here’s what you type into your web browser, b.link/cyberpath. That’s the letter B.L-I-N-K/cyberpath, that’s all one word.

Share this with anybody that you think is going to appreciate either getting a copy of the book, or actually wants to show up and go through the masterclass. Listen, we’re doing this masterclass even though there’s a pandemic on, this is the perfect time to do something like this to get ready. Because the world is going to get normal again, and you want to be ready for that. I think the need for cybersecurity people is going to go up, and it’s going to go up even more than it already is. Why? Because people in the pandemic are getting used to buying their things online, people who’ve never done it before, and they’re going to keep doing it. That means more commerce on the internet, and that means more cybersecurity people, because there’ll be more cyber attacks. Okay, but remember, the last day for this survey is Friday, March 27th. That wraps this episode, so until next time, remember, you’re just one path away.