Running your own home lab is a great way to help yourself stand out from…
This blueprint aims to give the reader an understanding of an excellent approach to help them break into the cybersecurity industry; breaking into the industry can be incredibly challenging. However, there are means and methods to make the process smoother and ultimately help you break into the industry.
Cybersecurity is a massive field with many facets, from GRC to IoT Penetration testing; the number of roles and career paths are mind-boggling. In addition, some roles are more competitive than others which may make it difficult to get a foot in the door in that particular area, and an alternative route may be advisable.
Investigate & Research
This element is essential; it gives context to the rest of your efforts, be sure to spend a reasonable amount of time researching. Each position will require different skills, abilities, and knowledge to perform expected duties and succeed. You must understand the underlying requirements of your desired role. The research will require job descriptions, job websites and other resources to understand the needs. Based on this, you can understand what certifications may be required to fulfil the HR requirements and ultimately teach yourself the knowledge necessary to succeed.
With all this said, finding your passion will help you align your studies, job-hunting efforts, courses, and certifications, which will ultimately make the challenge of finding a role less abrasive.
To help the jobseeker investigate these different roles, a few websites below can help increase your understanding of the available roles and be a starting point for the rest of your research.
- CyberSeek Pathways
- UK Cybersecurity council career map
- 50 Cybersecurity Titles That Every Job Seeker Should Know About.
Upon completing research, you will know what route you would like to take. To achieve this logically and comprehensively, you must build a structured plan towards your goal. Planning must cover the requirements of a role and break down your studies into manageable sections.
A popular method is using a Kanban board with swim lanes to help you track your daily, weekly, and monthly tasks. Using this kind of method will add an element of accountability.
Goal orientated tasks
The created tasks must align to a particular purpose in some shape or form; with time being limited; you cannot afford to break away from your studies; this is where good research comes into the picture. Is your task applicable to your goal?
Set tasks must have a dedicated time frame, do not make them too tight otherwise, you risk creating skills gaps, do not make them too long; otherwise, you risk becoming complacent.
During your tasking, you may include certifications; these can be used as points of proof during your studies as a point in time measurement of your knowledge; these are also useful for getting visibility to your profile.
Many applications allow you to build a task management board; however, Notion comes highly recommended. It will enable you to use it as a note-taking application; however, this is not one size fits all, so it is wise to research other alternatives to find which one works for you.
The Foundation & The Study
Like every great building, there is an even more excellent well-structured foundation. This is the same for a promising career. The foundation needs to be solid. Cybersecurity Is NOT an entry-level field, and you will need solid technical foundations before you can enter the area. Otherwise, you will fail at almost every hurdle. But how do you build this?
Simple, hard work, dedication, and guidance, you will need to put the time and effort into building this foundation. There is no silver bullet degree or certification. Instead, you will need to put the hours into understanding the conceptual foundations of technology through academic studies to help you know it. Make sure you are learning Networking, Linux, Windows, Technical Security, Cyber security threats and a bit of GRC. This way, you will be more holistic when applying for roles.
This includes but is not limited to the topics below,
- Networking technologies
- Network security
- Information Security
- Linux administration
- Windows administration
- Knowledge of regulations that may impact cybersecurity
- Understanding of different frameworks businesses may use
Regardless of what role you choose to pursue, your foundations need to be strong as they will most likely be tested at an interview and will be required to execute your daily responsibilities in your role.
If you rush, you will fail
If you rush to try and get into the industry, you will soon realise that you know nothing. The skills gaps will trip you up at every hurdle. as above, make sure you are learning enough to understand the foundation to apply and articulate it; this even means in an interview
Get practical, but not too much
Everyone wants to hack. Does everyone want to jump on practical learning? Of course, but everyone seems to take it too far and leave the academics behind, which is very bad. Anyone can learn the tool; that is the easy part. However, not everyone can understand the different scenarios and translate the reasons for using the means to an audience because they don’t know. So don’t be a tool monkey! Instead, dedicate your time to understanding your craft. Otherwise, you will be a junior for life.
Build a study plan
When you understand your desired role, you should understand the requirements, research certifications, skills and required knowledge to succeed in that position. Remember, Cybersecurity is not an entry-level field, it is an advanced technical field with entry-level jobs, and these still require experience or a strong foundation. Strong foundations allow for a robust proverbial career skyscraper. This should align with both the research and planning phase.
Connecting with the industry
You are a fair distance through your studies, and now you want to start looking for that role? Easy right? Unfortunately not, in the past, using your CV and sending it to different companies would have been an excellent way to find a role, but now it is much less effective.
The most critical step for job-seeking is getting yourself connected with the industry, being seen by hiring managers, showing the industry the value you bring. This is not something that happens overnight, so you will need to focus a bit of time on doing this, but it will pay off.
The vast majority of roles are found by networking with the industry, and this will give you the best chance of finding a role over simply firing your CV everywhere.
LinkedIn is a social media platform for professionals, and a substantial portion of cyber security professionals and companies use LinkedIn. In addition, companies, recruiters, and hiring managers also used LinkedIn to find candidates.
LinkedIn is also a place where you can stand out as a professional and show your skills to the industry. Commonly hiring managers and recruiters will look at your LinkedIn as a supplement to your CV to see what you have been doing; this is an excellent place to show passion for the industry.
Build your profile
Your profile should include as much relevant information as possible, including; skills, experience, certifications and courses. Remember that your profile acts as a shop window to you as a professional, be sure to show your potential value.
Banner & Picture
Your profile should include a suitable profile picture and a banner that tells the reader straight away what kind of professional you are and maybe a couple of critical skills. Your profile cannot afford to be ambiguous.
You need to engage more to get visibility and show the industry your passion and skill. This can include but is not limited to posting your articles, commenting on relevant posts, connecting with professionals, connecting with recruiters, and posting helpful content.
Discord is commonly used as a communication platform for gamers. However, it is now being used for communities in different industries; they are called “servers”. Many other servers exist but can become overwhelming if you join all of them.
With that in mind, here is a link to the CyberMentorDoJo Discord & CyberJobsHunting to get you started.
Repeated failure, excessive studying, long hours can all lead to burnout and feelings of inadequacy, impostor syndrome and motivation loss; however, this can be managed with an intelligent and stoic approach to this challenging endeavour.
Failure is a harsh lesson
When we fail, we fall short, that’s all, and with failure, we need to analyse what went wrong, what was missing and what needs doing to rectify this. Feedback is essential, so be sure to seek it where you can to highlight what happened.
Failure is much better than quitting. It is a reminder that we are trying, moving forward, taking that shot, and although we missed, we tried. Someone who failed is ten times more of a person than someone who quit because at least they tried. So seek the lesson inside failure to learn from it; I fell more times than I remember. Failure breeds success if you let it.
Manage your time, manage your life
Don’t let study and your career absorb your energy. Instead, make time for hobbies, family and friends; it is important both physically and mentally that we are active and not falling into introverted ways. Time management is crucial, allocate reasonable time for your goals and save time for your life.
The brain is a sponge, do not drown it
There is no glory in pulling late nights and long hours studying; your brain can only absorb so much daily before it runs out of energy and nothing else is retained. So be sure to look after your number one tool, the brain, with proper time management, good diet, rest and plenty of water.
Do what works for you
We all learn differently, try different styles to help you know, but make sure it is balanced because there is still a lot of theory and academic study required to be an excellent professional. For example, I used videos and reading apps to help me study. Forcing yourself to learn in a way that does not work for you is counterproductive and should be avoided where possible.
Remove negativity and toxicity
There is much negativity and toxicity online, which can passively take away our energy and sometimes our time; if you find yourself in an environment like this, it is best to remove yourself from it and try not to engage with it. Likewise, if you encounter someone negative and abrasive about your goals and journey, it is best to remove them to focus on yourself. Invest your time and energy in your goals, the return on investment will be much greater.
Know when to seek help
Seeking help is one of the best tips available, but knowing when to seek help is a hard thing to do. However, it is recommended. Below are some excellent reads, be sure to look after yourself.
Other useful material
The following resources will be helpful when trying to break into the industry
SOC Analyst study guide
Below is a study guide created for Security Operation Centre analysts. However, many resources, mainly the technical foundations, apply to many different roles in cyber security.
Also included in the guide are links to helpful youtube channels and articles that can help you on your journey. The guide is also FREE and can be duplicated and saved in your Notion so you can retrofit it to your career path and goals.
The SOC Analyst Study guide
Content created by Gerald Auger, this website includes some comprehensive videos on cybersecurity skills, CVs & Resumes, breaking into the industry, tools and more. It is recommended that you use these videos to help you with your approach to breaking into the industry.
The sole purpose of this is to inform the reader on how to best approach their job search; it is a very competitive industry, and the shotgun apply approach is very ineffective. Also, not using your network is a disservice to yourself and your efforts.
If you need a mentor or believe you can mentor someone trying to break into the industry or improve themselves, sign up to CyberMentorDoJo Today and begin that process.