6 Tips for Your Early Career in Cybersecurity

I see a lot of the same questions appearing for those trying to ‘break in’ to cybersecurity and those in school or considering educational paths, so I thought I’d share some of my opinions on a few points.

1.      Degree (BS vs MS): There is a longer conversation on college vs none, so I’m skipping that. For Bachelors vs Masters; get your BS then get a job, after a few years of experience pursue your MS. 1. There isn’t much difference in your capabilities with a BS vs MS, a candidate with a BS & 4 years’ experience is going to be more appealing than an MS w/ no experience. Eventually an MS w/ 10 years of experience looks great. Also you’ll have time in the industry to decide what that Masters pursuit will look like, maybe an MBA or a InfoSec Mgmt vs Technical is right??...

2.      Get a job, any job in technology. If you are struggling to find the entry level cybersecurity role, find something in IT or adjacent (within your skills), dev roles, project management, or a specific industry experience will pay off in the long run. Eventually as you become more senior you’ll need to develop some of those skills anyway. Whatever role, let your business know you want to help with security, take on additional work in the security space. It’s easier to move internally at a company from say IT to Security than to be hired new into it.

3.      Learn how to network. Connect with people, interact with them, create your own content, converse & contribute. You cannot connect with someone and then immediately ask for a favor. Networking is a two-way street. If you network properly, you’ll begin to understand the industry and the types of businesses in it. This will help you formulate where you really want to work, the kind or role you want, who you want to work for and eventually you’ll be talking with people about creating a role for you to come work with/for them. This is part of the long game, and it’s best to start building your foundation now.

4.      Don’t blindly apply to jobs. Yes, this is hard in the beginning but as you grow this becomes more and more valuable. Network way sooner than you think you need to, (and often) so you have contacts inside the businesses you can speak to prior to applying. Candidates referred by employees have a much hire rate of getting interviewed and hired. Automated Talent Systems are pretty much crap and can take you out even if qualified. With this goes (what you should already know), don’t use the same resume for every job, if you really want the job, your resume needs to match the job description.

5.      Find mentors and coaches, they may come from school, relationships, networking, any number of places, and you will add and change them as you grow. Finding those to help you along the way and who have ‘been there done that’ are helpful. You don’t need to find a CISO just starting out, find someone who’s got some experience they can share and gone through what you are now.

6.      Know what you want to do!!!! When asked what kind of role you want don’t just say “anything.” That may be the case, but it shows you haven’t put any thought into your career and it doesn’t help talent/HR/recruiters/mentors. If you didn’t know cybersecurity is a very big area with varying skills depending on your focus. Look at all those areas, identify where you want to work now, and in the future. It’s ok to change your mind at some point, you are not committing to it, but you should always have a plan on your next move and how to get there, even if it changes.