I have joined several LinkedIn and Facebook groups that are focused on cybersecurity, and very frequently there is a post from a newcomer asking the question “How do I get a job in cybersecurity?” The actual question can vary, from “what certifications are best, where can I look for a job, should I get a college degree, what college has the best cybersecurity program, how do I get promoted from the IT job I have to the cybersecurity job I want. So today I am answering those questions. You don’t have to do it my way. But you can expect to do most of this stuff “your way.”
Currently, I am a cybersecurity professional, and for the last two and a half years, I have been working as an instructor, teaching IT and cybersecurity certification courses. On Monday, I started working for Infosec as a Senior Instructor. So how did this happen?
I liked computers and got pretty good at being a computer user. I became good enough to be the “go to” guy, the computer guy, in my various work groups. Not officially “IT”, but sort of a computer know-it-all. People came to me for help and advice. I was working in sales for technology and telecommunications companies. I got to the point where I wanted to work with these technology products. I wanted to run the machines, not sell them.
I took a year long, twice a week evening IT certification class through Dakota County Technical College, the first of many. The old style MCSE (Microsoft Certified System Engineer). Doing some quick math, 3 hours an evening, twice a week, for a year meant I spend about 306 hours in the classroom. Plus who knows how many hours reading and studying for the 6 exams. It did take me a total of two and a half years take the class and to pass all six exams, which was 3 months of exam cramming per exam.
I purchased a good practice exam from Transcenders, and worked the questions until I could score 90%, then took an exam. I may have had to take one exam twice.
In the meanwhile, I secured a new job as a Sales Engineer for a telecommunications and Internet company. Sales engineer was half-way between the sales job I’d left, and the technical job I really wanted. It was a start. I lost that job during a recession, and took the opportunity to start my own business. I put out the word out that I was providing computer support, and took in computers to repair for anyone I could find. For marketing, I went to lots of chamber of commerce and other business networking events. I bought a $25 box of business cards and started passing them out. I taught myself how to build a website for the computer business. I also developed two computer classes I could teach for the local school district in their adult community education programs. Those classes were Do-it Yourself Web Site Design, and Cybersecurity. In these classes people got to know me, and when they had computer problems they called me.
The recession ended and I was able to land a real entry level IT job with a major international supply company. There were a couple hundred people in various IT roles. I got into the repair depot, and then moved to the help desk. If you really expect to get into IT, plan to spend some time in one or more of these entry-level IT jobs.
I ended up going back into business for myself. Around that same time I pushed my interest in cybersecurity into my second certification, the CEH (Certified Ethical Hacker.) Probably not the best security cert to start with, but I passed. I started providing cybersecurity services to my existing clients, and new clients.
A few years later, I got hired to create a cybersecurity practice area for a local managed service provider who provided IT support to about 500 business clients. During that experience I earned a CISSP certification, and got a lot of experience doing Cybersecurity Awareness Training, Compliance Audits, Vulnerability Assessments, and other cybersecurity tasks.
For the last two and a half years, I have been an Instructor, and I acquired many more certifications, mostly so I would be qualified to teach those certification courses.
Here are some questions answered.
When should I start my IT training? Start as soon as you know this is what you want to do. I was 43. There were signs earlier in my life that I failed to recognize and act on. IT can be a mid-life career change if you make a commitment to yourself. Your first certifications should be the CompTIA A+, Network+, and Security+. You can self study for those using the excellent free video training available from Professor Messer. This way you will get a good grounding in basic IT repair and support, networking, and security.
On the other hand, you could start when you are in high school. Maybe your school has an IT track. In any event, if you can graduate with these three certifications (A+, Net+, Sec+), you can probably get hired in an IT Position straight out of high school, that pays $17 to $25 an hour or more.
Should I get a college degree? NO. Not until you are employed, and have an employer with an educational benefit. No point to acquiring $40,000 or more in student loan debt. Most college degree programs are woefully behind the times. Many still offer something called Computer Science, which is programming. If you don’t want to program, this is a waste of time. If you are determined to go to college, find a technical school with a good IT associate degree program, and be done in two years instead of 4.
What certifications should I take? It depends on your interests, but if it is cybersecurity, after the three fundamental certifications I already mentioned (A+, Net+, Sec+), CompTIA also has Penetration Testing+ (Pentest+) and Cybersecurity Analyst + (CySA+). Save the CISSP for after you have some experience. CISSP is a management level course, if you are not interested in becoming a manager, try the CompTIA Advanced Security Practitioner (CASP+) certification.
If you are attracted to the Red Team, CEH Certified Ethical Hacker or OSCP Offensive Security Certified Practitioner are good choices.
You don’t “need” certifications to work in cybersecurity, or IT, but they do serve to indicate to an employer that you are well-acquainted with a certain body of knowledge. The main thing is to make a commitment to yourself, and just start. Read the books, and there is a ton of free video content on YouTube.
What can I do to find a job? You could create a job. You could do what I did, and just start fixing computers as a self-employed freelancer. Information Technology is still an easy business to start, compared to others. It is certainly something you could be doing why you look, that would provide much needed experience. Here are two things you MUST do if you are seriously searching for that first IT job.
- Create/Update Your LinkedIn Profile. I have a LinkedIn profile that I keep up-to-date. I do not look for jobs, jobs look for me. Or more accurately, LinkedIn is a huge database of people with skills that employers are looking for, and they are looking on LinkedIn. My best and most lucrative employment and contractor opportunities happened when someone found my LinkedIn profile, and contacted me about an opportunity. This can happen to you as well. While your resume should be limited to two pages, your LinkedIn profile should be a very complete story of your professional life. Collect some testimonials and recommendations. Be exhaustive when describing your work experience. Look at job postings you are interested in and find the key words and search terms recruiters are using in those posts. Make sure to use the same terms when describing your experience. LinkedIn also has job postings you can search and apply for.
- Join Professional Groups to Learn and Network. This has worked for me in both my IT career and in my earlier sales career. Find relevant professional associations, join them, and go to the meetings. During the Pandemic, meetings are still being held online. Not quite as helpful as face-to-face, but still workable. Meet other professionals in your desired industry. This can be accomplished through the online platforms Meetup.com or Eventbrite.com. Most of these organizations are run by volunteers, so volunteering for a leadership role is another great way to put your name in front of people who may be in a position to recommend you to their boss for a job. Once you have a certification, you will need to accumulate Continuing Education Units (CEU) to keep your certification valid, and these kinds of meeting are worth 1 CEU per hour. Activity on a board is worth 40 credits per year.
If you have any questions or comments for me, you can add them below the story, or send an email to firstname.lastname@example.org. I have links below that will get you to related articles in my blog. It may take time, and then it may not, but you MUST remain committed to you goal, and never give up. There is still a huge demand for IT professionals, and 15% of cybersecurity jobs go unfilled for lack of suitable candidates. Plan to start on the help desk, in a repair facility, or in desk-side (in-person) support. Move up to field service tech or Network Operations Center (NOC). Then start looking for that transition into cybersecurity, as a security analyst, security operations center tech (SOC). A lot of companies are starting internal Red Teams or pen-testing groups. There is plenty of work for you.
Good luck and stay safe.
- Experience, Certifications, or Degrees – What Matters Most? Part 1
Are you looking to break into a career in Information Technology or Cybersecurity? I have been working as an instructor in this field for several years, and I have trained many people, and helped them study for professional certifications so they could do just that. There is a huge demand for IT a…
- Experience, Certifications, or Degrees – What Matters Most? Part 2
If you are looking for that first job in IT, you can expect to begin on a telephone (remote) support help desk, or in desk side (in person) support, or in a hardware repair facility. If you are coming to your first job with certifications or degrees, but little or no experience, this will be where…
- Experience, Certifications, or Degrees – What Matters Most? Part 3
We live in a society that places an unwarranted importance on college education. If you are in a STEM education track, a college degree may be worthwhile. If you are in Business Administration, probably less so. The world is awash in business administration and MBA candidates who can’t fin…
- My Interview with a High School Senior – Part 1
- My Interview with a High School Senior – Part 2
Are you thinking about a career in cybersecurity? Read on. Know a high-schooler who is considering the career? Please share this with them. What do you spend most of your time doing as a Cybersecurity Analyst? Currently, …
- Need a Job? Start Your Own Business
I have wanted to have my own business since I was quite young. I started my first business while going to the University of Minnesota back in 1973. I started two other businesses before I finally started WyzGuys Computer and Network Support in 2001. 2001, for those of you who remem…
Two days after I wrote this article on July 22, Brian Krebs posted a similar article on his blog. So I got scooped by Brian Krebs. For me, that’s like high praise. Anyway, when you are finished with my article and the other articles I linked to, check out what Brian has to say.Share