Time to close it all down and personally deliver a message from me to you. This part will just cover my personal views on the industry and maybe provide you some words of encouragement as well as what can you do to help you land your first JOB in the field.

I want to first abolish some misconceptions or thoughts that some people might have about the industry that either prevents them from taking actions or maybe scares them to even take this direction.

  • You don’t need to be Gifted, Special or Unique to be in this field
  • You don’t need to know the OS like the back of your hand
  • You don’t need to understand every application, service or product in the world
  • You don’t need to know programming or some kind of unique skill that will separate you from everyone else.
  • You don’t need to have a degree or certification
  • You don’t need to have 10+ years of IT experience or any history of working in IT

Everything I mentioned above gives you LEVERAGE or CAN speed up the time and process of getting into Cybersecurity but doesn’t guarantee you a position. These things aren’t mandatory or even required.
Yes, some jobs or certain positions will recommend them or say they are mandatory but really if you are good at something and it can make someone money then chances are you will get hired. But again this really depends where you go because I am speaking specifically on Private Businesses or Major Corporations. Federal and Government stuff is a different ball park that follows a different set of rules and regulations so I won’t even dive into that. But really don’t let these misconceptions or rules or “need to know” stop you from getting into this field. I don’t gate keep, and as this industry continues to grow and I will always accept anyone who is driven and cares about Cybersecurity.

I want everyone to know while you have read the blog series, you have looked into the sites, and methods of learning. Remember this blog was supposed to be brief or short coverage of the topics because in the end its up to you to dive into it. My objective was to just feed you a bit of direction or provide a little guidance on where you should go. But we all take unique routes to our destination. How long does it take is totally up to you, but if this is something you really want to do. Time is irrelevant, this is my motivational approach. If you truly want something and I mean truly, then time is never going to matter because you have a goal or a dream to chase. I 110% believe if you never quit you can achieve anything.

I’m not a special human being, Im not someone who can read binary or someone like Dr.Dolittle (This character is able to talk to animals and communicate with animals) but for computers. I basically just liked the concept of Cybersecurity, learned myself, taught myself and just kept going. So even if I failed Cyber interviews, maybe didn’t understand a Cybersecurity topic or even just felt like “Damn I will never know how to do that”. I kept going, even to this day now. I try to learn malware analysis but Assembly is a horror show and reverse engineering without a strong background in programming is rough BUT I keep trying and I learn something all the time.

Brief History of how I got into Cybersecurity – I didn’t get into cybersecurity until almost 5 years of training, jobs and personal development. I was at a technical college that I never finished due to financial issues, worked at a MSP (Managed Service Provider) as an apprentice which eventually I got let go because I lacked technical knowledge. I got a Job at a local State county as a IT Support Specialist for major schools and administration offices which then eventually lead to me getting my first job in cybersecurity as a SOC Analyst in a Cybersecurity Firm.

Let’s discuss how you can land your first job or get a chance into cybersecurity industry. These things I recommend will help or either give you a shot at the interview just doesn’t guarantee it.

First: Important thing to know is your resume is very important. H.R or Recruiting Managers are the true gatekeepers of Cybersecurity. Remember H.R and most Recruiting Managers don’t have crazy technical knowledge or even know what your resume talks about BUT they look for keywords. People have written the science behind resumes or how to submit resumes so I suggest researching that as it can be very extensive. But it will help.

Second: Keep track of your lab times or modules you have completed aka Certificate of Completions. Use that as a conversation or on your resume, because saying “I know Windows and how to defend it” compared to “Yeah I have 3 Certificate of Completions and almost 200 hours of Lab time configuring, securing and deploying Windows Environments” helps tremendously. Even small projects, like setting up a physical or virtual firewall and using it to secure your own computer is relevant. Its real hands-on experience, how long it took you to configure or finish the project doesn’t matter. But the fact you did it matters and you tracked and you documented it.

Third: Get to know people which I can say is how I landed a job in cybersecurity. Go to your local CTF competitions, go to Cyber Conventions or Job Fairs, Join online communities of normal people who aren’t assholes, communicate with people on linkedin or social platforms that are either in cyber or have experience in cyber. Because word of mouth is much easier to hire compared to a random sheet or PDF document in the managers folder. Remember word of mouth can land you a shot, but you still have an important part. The actual interview (Unless your best friends with a friend whos dad is the CISO and the CISO says F it and Ill just have my team train you) but outside of that unless you know some powerful people in positions of actual power. The interview is where the kick in the balls happen.

Fourth: Google positions or Jobs in Cyber, Ignore all the crazy demands or technicals or jargon that is there ( *Don’t apply for a senior leadership role that requires you to run an entire department*). Which is weird to say because you are just getting into Cybersecurity and You don’t have any real cyber experience, but remember lab times and projects help with this. I have never worked with Splunk Enterprise in a professional setting but I have completed multiple and spent quite some hours and completed some challenges with Splunk Enterprise. So I could apply for SOC analyst roles that use splunk. I can make note of that on my resume that I have used Splunk in challenges, training modules and learned how to use it. Ignore the “years” of experience in a entry or novice role just mention you have used the technology.
But “I have never used this technology”, cool but you have done hands-on learning with Log Analysis, Learned how to detect the sketchy stuff or even what sketchy stuff looks like. Again, use this as your leverage or your way to say you know something at its core.

Fifth: This is the last one, during your interview. Don’t BS or try to lie during your interview. Be honest and straightforward. Because I learned from first hand, I got shown a picture of powershell executing random stuff (Base64 Encoding) but because I was nervous and didn’t know I tried to say “Oh its some kind of encryption potentially exfiltration through powershell” and the guy says “okay”, I didn’t get hired. What I should’ve said was “Im not too familiar and never seen this in a lab environment. But can you tell me what it is, so I can learn about it after the interview”. This shows the interviewer that you don’t know BUT you were curious and driven to learn. Which tells them you are teachable and have desirability to constantly learn. if you think you know it, you can answer with maybe some experience or reference seeing this but not knowing like “Oh I recall seeing something like this in a lab but I can’t remember what it was about. I just remember seeing it during a log analysis lab and It was a compromised device.”. Again you don’t know BUT you have seen it and maybe just can’t recall the information. The interviewer is a person and they can tell from your resume that you’re new.

Alright people, I have finally wrapped this up. I will do my best to continue to update the blogs and or links. Also don’t harass me or come at me if you disagree or don’t like my approach because it is what it is. Later and have a wonderful time getting into Cybersecurity!