CYBERSECURITY JOB HUNTING GUIDE
How to find a new career path
Author: Stefan Waldvogel
Use LinkedIn to find a new Cybersecurity career (IAM Engineer)
Cybersecurity is vast and offers a lot of different jobs
Most know typical jobs like SOC Analyst and Penetration Tester. What if you want a different Cybersecurity job? If you think about the current job situation, this is a brilliant idea.
-> You want to go into a less competitive area, and you want to increase your chance to get a job in Cybersecurity.
In this article, I show you how you learn more about a new field. I will use IAM Engineer and LinkedIn for this example, but you can use the strategy for any other jobs. Cybersecurity or not, it does not matter.
Strategy:
Let us think about the main goals. We want to know:
Most know typical jobs like SOC Analyst and Penetration Tester. What if you want a different Cybersecurity job? If you think about the current job situation, this is a brilliant idea.
-> You want to go into a less competitive area, and you want to increase your chance to get a job in Cybersecurity.
In this article, I show you how you learn more about a new field. I will use IAM Engineer and LinkedIn for this example, but you can use the strategy for any other jobs. Cybersecurity or not, it does not matter.
Strategy:
Let us think about the main goals. We want to know:
- How can you find exciting job fields?
- What is the job about? -> job duties.
- Can we do the job?
- What is the salary? -> Is it worth it?
- Available jobs
- Competition
Let us do an example: IAM Engineer
Find new job fields:
IAM means Identity and Access Management, and most companies have such a role. Maybe you discovered this area on Jerimy's roadmap (pauljerimy.com/security-certification-roadmap/) or his career roadmap (pauljerimy.com/it-career-roadmap/), it sounds fantastic, and you want to know more about this field.
Find new job fields:
IAM means Identity and Access Management, and most companies have such a role. Maybe you discovered this area on Jerimy's roadmap (pauljerimy.com/security-certification-roadmap/) or his career roadmap (pauljerimy.com/it-career-roadmap/), it sounds fantastic, and you want to know more about this field.
source: https://pauljerimy.com/it-career-roadmap/
Job duties or responsibilities:
This section is straightforward. We can use LinkedIn and search for jobs. Look at least at 20 different companies to get a feeling, and you can watch some YouTube videos. For this example, I pick this job ad: www.linkedin.com/jobs/view/2545859088. It looks like this:
Job duties or responsibilities:
This section is straightforward. We can use LinkedIn and search for jobs. Look at least at 20 different companies to get a feeling, and you can watch some YouTube videos. For this example, I pick this job ad: www.linkedin.com/jobs/view/2545859088. It looks like this:
The job has a lot to do with Cloud and Active Directory. It is about managing, configuring, and troubleshooting solutions and includes a support role (on the weekend).
This job looks quite fair. I worked in a similar role, and it is very close to a real job and close to something I did. Without experience, it might be hard to see which job description is good and badly worded.
Matching skills
Step1:
Here, you need the Responsibility section and the Qualification section. Compare each sentence with your skills. There are four different levels of knowledge:
You can use different colors to highlight or create an excel sheet with your skills and the matching level. It could look like this:
This job looks quite fair. I worked in a similar role, and it is very close to a real job and close to something I did. Without experience, it might be hard to see which job description is good and badly worded.
Matching skills
Step1:
Here, you need the Responsibility section and the Qualification section. Compare each sentence with your skills. There are four different levels of knowledge:
- none
- Knowledge of/with -> I have heard of it
- Proficient in -> I use it on a daily base
- Expert in -> I know it so well I could teach it
You can use different colors to highlight or create an excel sheet with your skills and the matching level. It could look like this:
Step 2:
The red and orange are areas where you can improve. One thing to know: If you know and have 100% of the requirements, you are most likely overqualified. You can apply if you have about 70% of the wanted skills.
Here we need:
- Cloud -> AWS (looks like main), Azure and Azure AD, IAM
- Powershell
- Splunk
-SAFe
Now you want to add the knowledge for the lowest price. In the cloud, this is very simple because Microsoft and Amazon offer free classes, and the training platform is free. A training account is free, too.
PowerShell is not hard to learn. There are a ton of excellent courses on YouTube.
Splunk, we have free knowledge available because the course for Splunk basic is free.
SAFe -> This is special, I saw it many times in different ads, but I do not know what it is. YouTube has a ton of courses because it is a world-leading platform. We could learn it at least to level: "Knowledge" or a bit higher. If you want to work in IAM, I guess you need to know it.
Step 3:
This section is about networking and asking people. You do this for two reasons: First, you want to know what you are doing on a daily basis. What is the actual job? Job ads are not very good at showing the actual workload. Second, you do networking. This helps a lot because most careers in Cybersecurity are based on trust. If you know a company for a longer time and maybe a team leader, he or she might prefer you over someone that is a bit more qualified. Trust and knowing people are essential.
If you can, look for a mentor and ask intelligent questions. Set specific learning goals and learn as much as you can.
Salary
The salary question is essential. If you change your career, you have to think about costs, and you want to know if it is worth it. Can you afford a career change? We look at a particular job in this example, and many job ads give us this information.
The red and orange are areas where you can improve. One thing to know: If you know and have 100% of the requirements, you are most likely overqualified. You can apply if you have about 70% of the wanted skills.
Here we need:
- Cloud -> AWS (looks like main), Azure and Azure AD, IAM
- Powershell
- Splunk
-SAFe
Now you want to add the knowledge for the lowest price. In the cloud, this is very simple because Microsoft and Amazon offer free classes, and the training platform is free. A training account is free, too.
PowerShell is not hard to learn. There are a ton of excellent courses on YouTube.
Splunk, we have free knowledge available because the course for Splunk basic is free.
SAFe -> This is special, I saw it many times in different ads, but I do not know what it is. YouTube has a ton of courses because it is a world-leading platform. We could learn it at least to level: "Knowledge" or a bit higher. If you want to work in IAM, I guess you need to know it.
Step 3:
This section is about networking and asking people. You do this for two reasons: First, you want to know what you are doing on a daily basis. What is the actual job? Job ads are not very good at showing the actual workload. Second, you do networking. This helps a lot because most careers in Cybersecurity are based on trust. If you know a company for a longer time and maybe a team leader, he or she might prefer you over someone that is a bit more qualified. Trust and knowing people are essential.
If you can, look for a mentor and ask intelligent questions. Set specific learning goals and learn as much as you can.
Salary
The salary question is essential. If you change your career, you have to think about costs, and you want to know if it is worth it. Can you afford a career change? We look at a particular job in this example, and many job ads give us this information.
If you start this career, you look at $70K and more. Usually, salaries are not very accurate, but you get the bigger idea. Additionally, you can use Robert Half's salary report (www.roberthalf.com/salary-guide) to get a number with city modifiers.
Most technical jobs have an awesome packet. Some offer 38 holidays, stock programs, and other perks. Include all of these extra things in your calculation. You often find this information on the company's website or other platforms.
Whole Foods Market pays well in our example, but the benefits are not the best, and the website does not give out specific numbers. You have to negotiate your packet.
Available jobs
This is a crucial question: Does your city offer you such a job? If not, can we do it remotely? LinkedIn, Indeed and other platforms give us this information. Right now (May 2021), we have 8,200 positions in the US. This list includes everything with IAM. The reason is, job descriptions are flexible. A job description looks for a Security Engineer, but the wanted skills are IAM Engineer. It is somewhat tricky. If we look for "IAM Engineer" (in quotes as one word) we get about 200 results, and it sounds little, but companies use other names like:
Most technical jobs have an awesome packet. Some offer 38 holidays, stock programs, and other perks. Include all of these extra things in your calculation. You often find this information on the company's website or other platforms.
Whole Foods Market pays well in our example, but the benefits are not the best, and the website does not give out specific numbers. You have to negotiate your packet.
Available jobs
This is a crucial question: Does your city offer you such a job? If not, can we do it remotely? LinkedIn, Indeed and other platforms give us this information. Right now (May 2021), we have 8,200 positions in the US. This list includes everything with IAM. The reason is, job descriptions are flexible. A job description looks for a Security Engineer, but the wanted skills are IAM Engineer. It is somewhat tricky. If we look for "IAM Engineer" (in quotes as one word) we get about 200 results, and it sounds little, but companies use other names like:
- IAM Specialist
- IAM Security Specialist
- IAM Security Analyst
- Information Security Engineer -> this is the big keyword for most jobs
- Identity Access Management Engineer
- Cybersecurity - Access Management Engineer
Competition
This question resides in how long you have to wait for a job and how many skills you need. If you have one job with 200 applicants, an employer is very picky and selects the best of the best. A job with 5 to 10 applicants is much easier to get, primarily if you target everything.
Let us look at IAM Engineer, and I am picking a 100% remote role.
This question resides in how long you have to wait for a job and how many skills you need. If you have one job with 200 applicants, an employer is very picky and selects the best of the best. A job with 5 to 10 applicants is much easier to get, primarily if you target everything.
Let us look at IAM Engineer, and I am picking a 100% remote role.
The average is 0 to 5 applicants, and it is an employee market. We, as applicants, can dictate the rules. Few people have the skills to do this job or, more likely, and few want such a job. Is it worth it to target such a job?
A big yes! It is hard to get the wanted knowledge, and the salary perspective is excellent. I have over ten years of work experience, and I could quickly get such a job with a decent salary.
Conclusion
Finding new fields is significant if you want a job in Cybersecurity. I wrote this article to help someone, and I didn't even know I am qualified for such a role. If I had known this earlier, I might have chosen a different path. It is hard to get the wanted knowledge for a Pentester or an Incident Handler, but this path is much easier with my background, and the salary is much higher.
A big yes! It is hard to get the wanted knowledge, and the salary perspective is excellent. I have over ten years of work experience, and I could quickly get such a job with a decent salary.
Conclusion
Finding new fields is significant if you want a job in Cybersecurity. I wrote this article to help someone, and I didn't even know I am qualified for such a role. If I had known this earlier, I might have chosen a different path. It is hard to get the wanted knowledge for a Pentester or an Incident Handler, but this path is much easier with my background, and the salary is much higher.
© 2021. This work is licensed under a CC BY-SA 4.0 license