By Brian “Mario” Maye
Imagine that you’ve just graduated from college with a degree in cybersecurity, or maybe you’ve just passed your first cybersecurity certification. Now it is time to find that great job that all of the commercials talk about. You update your resume, apply for a position and actually get called for an interview.
You’re feeling great about yourself and your decision to break into this in-demand field. You say to yourself, “What could go wrong? I am educated and motivated and there is a shortage of cybersecurity professionals.”
After your interview with the HR department, and possibly the project manager, you are asked back for a technical interview. You keep a poker face, but inside you’re feeling a bit nervous. In the end, you are told that you were not selected for the job because the hiring manager was looking for someone with more experience.
You may wonder, “What happened? I thought there was a shortage of cyber professionals!” That’s exactly what I thought when this happened to me, many years before I became a senior cybersecurity engineer for TAPE. I discovered that the real shortage is in the labor pool for experienced cybersecurity professionals.
It’s the age-old challenge in many professions – no one will hire you without experience, but you can’t get experience if no one will hire you. Is there a way around this? Absolutely! Let me share the strategy I used to secure my first job in cybersecurity.
- Investigate the variety of competencies that make up the field of cybersecurity. Once you’ve chosen the one that interests you, complete whatever certifications are required for that competency. In the cybersecurity field, a college degree is a huge asset, but certification is a must.
- Prepare for the technical interview by learning and practicing the skill sets needed for your competency. I’m sure you were hoping for a quick fix, but my strategy is good old-fashioned practice. Years ago, I developed a method of training, “Bridging The Gap,” that offers real-life tasks that bridge the gap between certification and actual experience. Here are two examples:
- If you have the designation of CISSP (Certified Information Systems Security Professional), practice writing security policies and procedures, e.g., for NIST Pub 800-53 Rev. 3. Ask professionals in the field to review what you wrote and offer suggestions. Revise your draft and get more feedback until you have a clean, accurate product. This will give you something tangible to bring to your interview, as well as the knowledge you gained through the process.
- If you have the designation of CEH (Certified Ethical Hacker), I recommend that you read The Basics Of Hacking and Penetration Testing by Patrick Engebretson. This book will take you step by step through some of the basics of hacking. Practicing those basics will give you plenty of experience for your technical interview.
You can add this hands-on training to your resume in the capabilities section. Best of all, during the technical interview your experience will become evident in your answers. This is crucial, because employers in the cybersecurity world are looking for knowledge more than anything else.
This post was originally published in October 2013.