CYBERSECURITY JOB HUNTING GUIDE
use job descriptions
Author: Stefan Waldvogel
The your cybersecurity career via job descriptions
A good starting point about goals is a company you like. Companies will hire you if you meet their requirements. The focus is a company, nothing else. The first thing is to find a well-written job offer. If you see something with CISSP in combination with entry-level… forget it. The company does not know what they want, or HR didn't do their job.
It is hard to find well-written job offers. Suitable job ads want hands-on people. A degree or certifications are not required for a role, and the job ads are helpful and clear. To get such a job, you have to know what you are doing, and that is it.
I picked a "Security Advisor" role for the following example.
The role looks like this:
It is hard to find well-written job offers. Suitable job ads want hands-on people. A degree or certifications are not required for a role, and the job ads are helpful and clear. To get such a job, you have to know what you are doing, and that is it.
I picked a "Security Advisor" role for the following example.
The role looks like this:
Let us break this role/job offer into different pieces, but before we dive in, I give you this hint: Do this long before looking for a job. You are a freshman at a university… this is the right time to do it the first time. Repeat it every 3 to 6 months. Sometimes things change.
It would help if you focused on what is essential and not. Let us start:
No.1:
The first row answers many questions, and the most important one. The money question. You have a title and a level, and you can feed Glassdoor (or payscale) with it and you get a salary range.
It would help if you focused on what is essential and not. Let us start:
No.1:
The first row answers many questions, and the most important one. The money question. You have a title and a level, and you can feed Glassdoor (or payscale) with it and you get a salary range.
The value is $60K, but this is the average. If you get this job without IT or Cybersecurity related experience, you might get $50,000 or a bit more. This value is a reasonable entry-level salary for Cybersecurity. Too low?? I already see some comments, but we are not done with all the points.
No.2:
The sentence starts with: At,…. You see three brief sentences, but they are powerful. If you want to work for thios company, think about the deeper meaning. Your answers have to match what the company stands for if you get an interview. If you know how to use Nessus and bragging about it during the interview… you will not get the job and reread the two lines. Here, this company is looking for someone who sees the big picture and, if you apply, show you understand that. One example: You can talk about findings, but you can explain why a medium vulnerability is sometimes more important than a high one. Or why patching software without a test can be a terrible idea. Talk and think about consequences and business impact… this is an Advisor role.
This knowledge is something you cannot learn at a university… you need hands-on, or you have to talk to many people in the field. If you have a high vulnerability at a university, the solution is: patch it.. in reality, and it might be a horrible and expensive idea.
No.3:
This field goes hand in hand with No.2. The first thing is talking and understanding. It is a guess, but most likely, the first point is the most important one. The second is also about understanding.
If you are some months away from getting such a job, try to make the best out of it. If you study IT and maybe networks, try to understand it. A cert might ask you a question, but a job needs understanding.
Use your creativity and build a realistic home lab (https://www.youtube.com/watch?v=lS9Eulfpffg&list=PLLKT__MCUeiycd-_VvfM1xI9t4uEV0g8i ).
We have seven points, but only two of them are highly technical. The last point talks about trends. This point is valid for all Cybersecurity jobs…. Read every day for at least 5 minutes about the newest news. You can use Twitter, arstechnica, or something else.
No. 4:
Here, we have two primary fields: One part is hands-on, and the other is communication. Here you see things like IEEE 802.11. Do you know what it is and the entire family? If not, learn it. Grab a Kali, play with aircrack.ng and learn more about securing wifi. The job offer talks about “working” → you need hands-on. Secure your system at home and play with your router. Maybe you activated a security feature, but your mom lost access and was really upset… Significant experience… talk about that if you get an interview! CIA is a hint :)
Hands-on? Is it expensive? The good news is, it is free, at least for this level. INE offers the free Starter Pass (https://checkout.ine.com/starter-pass), RangeForce the free Community Edition (https://go.rangeforce.com/community-edition-registration) and TryHackMe has a lot of free rooms. You can use your things at home, too. Your router is a good thing, especially if you share the device. Remember, security is excellent, but do not lock yourself out.
What about the other requirements:
No.2:
The sentence starts with: At,…. You see three brief sentences, but they are powerful. If you want to work for thios company, think about the deeper meaning. Your answers have to match what the company stands for if you get an interview. If you know how to use Nessus and bragging about it during the interview… you will not get the job and reread the two lines. Here, this company is looking for someone who sees the big picture and, if you apply, show you understand that. One example: You can talk about findings, but you can explain why a medium vulnerability is sometimes more important than a high one. Or why patching software without a test can be a terrible idea. Talk and think about consequences and business impact… this is an Advisor role.
This knowledge is something you cannot learn at a university… you need hands-on, or you have to talk to many people in the field. If you have a high vulnerability at a university, the solution is: patch it.. in reality, and it might be a horrible and expensive idea.
No.3:
This field goes hand in hand with No.2. The first thing is talking and understanding. It is a guess, but most likely, the first point is the most important one. The second is also about understanding.
If you are some months away from getting such a job, try to make the best out of it. If you study IT and maybe networks, try to understand it. A cert might ask you a question, but a job needs understanding.
Use your creativity and build a realistic home lab (https://www.youtube.com/watch?v=lS9Eulfpffg&list=PLLKT__MCUeiycd-_VvfM1xI9t4uEV0g8i ).
We have seven points, but only two of them are highly technical. The last point talks about trends. This point is valid for all Cybersecurity jobs…. Read every day for at least 5 minutes about the newest news. You can use Twitter, arstechnica, or something else.
No. 4:
Here, we have two primary fields: One part is hands-on, and the other is communication. Here you see things like IEEE 802.11. Do you know what it is and the entire family? If not, learn it. Grab a Kali, play with aircrack.ng and learn more about securing wifi. The job offer talks about “working” → you need hands-on. Secure your system at home and play with your router. Maybe you activated a security feature, but your mom lost access and was really upset… Significant experience… talk about that if you get an interview! CIA is a hint :)
Hands-on? Is it expensive? The good news is, it is free, at least for this level. INE offers the free Starter Pass (https://checkout.ine.com/starter-pass), RangeForce the free Community Edition (https://go.rangeforce.com/community-edition-registration) and TryHackMe has a lot of free rooms. You can use your things at home, too. Your router is a good thing, especially if you share the device. Remember, security is excellent, but do not lock yourself out.
What about the other requirements:
You can learn the knowledge for under $50 or even for free! It would be best to have hundreds of hours to reach the wanted expertise, which is the most expensive thing.
No. 5:
Ability to travel. Sometimes you see a % number, but here you do not know. The point is, Cybersecurity is about taking care, and if you can talk to a customer, it is much better. Cybersecurity is about trust, and you have to meet people in person. Learn how to talk to people.
No. 6:
Remember the "low" salary… for this job; you do not need a degree! You can have a degree or a cert, but it is not a requirement. This company looks for the right people. If you have the knowledge and an outstanding personality, you can apply for this job.
The good news is, you can get the knowledge for free. You do not need high-end knowledge. This job is more about taking care and communicating.
If you start your career, learn all the technical things and understand what you are doing. Python, Powershell… watch some YouTube courses. You most likely do not have to write code, but you need the understanding. You need a starting point: https://www.youtube.com/watch?v=qlK174d_uu8&list=PLLKT__MCUeiwBa7d7F_vN1GUwz_2TmVQj and a different option are Geek's lessons (YouTube).
This job description is an example. Find your own goal, so you can add the wanted skills before you apply for a job. Find realistic job ads and ask people in the field.
No. 5:
Ability to travel. Sometimes you see a % number, but here you do not know. The point is, Cybersecurity is about taking care, and if you can talk to a customer, it is much better. Cybersecurity is about trust, and you have to meet people in person. Learn how to talk to people.
No. 6:
Remember the "low" salary… for this job; you do not need a degree! You can have a degree or a cert, but it is not a requirement. This company looks for the right people. If you have the knowledge and an outstanding personality, you can apply for this job.
The good news is, you can get the knowledge for free. You do not need high-end knowledge. This job is more about taking care and communicating.
If you start your career, learn all the technical things and understand what you are doing. Python, Powershell… watch some YouTube courses. You most likely do not have to write code, but you need the understanding. You need a starting point: https://www.youtube.com/watch?v=qlK174d_uu8&list=PLLKT__MCUeiwBa7d7F_vN1GUwz_2TmVQj and a different option are Geek's lessons (YouTube).
This job description is an example. Find your own goal, so you can add the wanted skills before you apply for a job. Find realistic job ads and ask people in the field.
© 2021. This work is licensed under a CC BY-SA 4.0 license