How to break into Cybersecurity [Complete Beginner Guide]
In today's newsletter, we'll learn what it takes to get a Job into Cybersecurity industry for a complete fresher.
This issue will help you with practical techniques and approaches to kickstart a career in Cybersecurity.
If you’re a graduate or worked in the Non-IT industry and want to kickstart a career in Cybersecurity then this guide will help you with a step-by-step approach confidently.
Unfortunately many spend a lot of their time and energy on something which is irrelevant to get a Job in the Cybersecurity Industry and end up getting frustrated and dropping the plan.
Why do people fail?
I talk to thousands of freshers every month and these are some top 3 reasons:
Distraction: Most of the time people start with learning Windows hacking, Android hacking, CCTV hacking, etc but in the real world, this is usually not expected from Cybersecurity professionals and they don’t even get qualified.
Wrong Mindset: Most of the freshers have an incorrect mindset such as
hacking skills are enough to get a Job in Cybersecurity!
Certifications such as CEH(Certified Ethical Hacking) are enough to get discovered by recruiters!
Hacking and Cybersecurity are the same! But in reality, they are all incorrect and they get distracted.
Improper Resume: Due to the lack of visibility of Cybersecurity career, you end up writing a resume with incorrect keywords, as a result, you don't even get qualified for the screening Interview.
Interview Rejection: Cybersecurity Interview is just like any other Interview but it requires you to go through more behavioral and case-based questions. Those who are not prepared for this, tend to get rejected.
Good News is I have a framework that will help you guide with a practical approach. Here’s how step by step:
Step 1: Find an Appropriate Entry-point
Cybersecurity is a big industry and there are several ways to get into it. You can find more than 50 Job roles within Cybersecurity however, I want you to focus only on an Entry level Job:
1. SOC Analyst
Security Operation Center (SOC) Analyst works as the first line of defense in the security team. This is the most in-demand 🚀Job in Cybersecurity.
They are responsible to detect threats and secure the organizations using a wide range of enterprise-grade tools.
Their main tools to detect and remediate the threats are: Security Incident & Event Management(SIEM)Tools, Endpoint Detection and Response(EDR) tools, Incident Management Tools, etc
2. Application Security Analyst
Also known as Information Security Analyst.
They are responsible to run vulnerability scanning, calculating risk, and preparing reports. In some organizations, they might also be responsible for performing Security Testing using several automated tools and performing penetration testing.
3. Network Security Engineer
Also known as Firewall engineer.
Technically, it’s not a Cybersecurity engineer role, however, most of the tools and process overlaps with each other. It’s a huge plus if you’ve worked in Network security before applying for Cybersecurity roles like SOC analyst.
They are responsible for managing firewall security rules and troubleshooting any issues with firewall traffic. They also access SIEM to check logs to break-fix any issue.
Step 2: Adopt a Pro Mindset
Here comes the difficult part.
No one want to hire a Complete Fresher for Cybersecurity roles.
Does it mean this story is over😢? You can’t do anything?
Not really! I have a solution for you.
Instead of looking to get a job directly, you should look for Security Internship or any IT Job such as
IT Network Engineer
System Admin
Software Tester
Application Support
Although these jobs have no direct relation to Cybersecurity, they will help you with:
An IT Experience that you can leverage while applying for Cybersecurity roles after 6-12 months.
Enterprise Process: You’ll understand different enterprise processes such as Incident management, Problem management, and change management.
Enterprise Tools: You can get your hands dirty with enterprise tools such as
Incident Management Tools: ServiceNow, HP, ManageEngine, etc
Project Management Tools: JIRA, Monday, Asana, etc
My final thought is — Get Security Internship or a general IT experience first for 6 months to 2 years then jump to a Cybersecurity role. Your success is guaranteed!👍🏻
Step 3: Absorb the right Knowledge and Skills
Let me list down all the relevant skills required to get a Job in the Cybersecurity space.
Networking and Linux Skills: Skill in DNS, DHCP, NAT, IP Addressing, OSI Models, ARP, Routers, Switches, etc
Security Fundamentals and tools: PKI, SSL Certificates, TLS, FIrewall, IPS, IDS, Wireshark, TCPDUMP, etc
Security Operation Center(SOC): Learn about Cyber threats, Email Phishing attacks, SIEM Tools(Splunk, IBM QRadar, AllienVault OSSIM), Cyber Threat Intelligence, etc
Vulnerability and Patch Management: Skills in performing Vulnerability scanning, CVE, CVSS, Vulnerability assessment, Patch management, etc
Web App Penetration Testing: Knowledge of Web Application frameworks, OWASP Top 10 Vulnerabilities, Web Application vulnerabilities and Exploits, Hands-on with tools such as Burp-Suite, OWASP ZAP, etc
Web App Security Testing: OWASP Top 10 Vulnerabilities, Static Testing, Dynamic Testing, Secure Code review, hands-on with tools such as Checkmarx, Solarcube, etc
Communication Skill: Both written and verbal communication play a key part in the Cybersecurity role. As a Cybersecurity engineer, you may need to coordinate with Customers, Server admins, Software developers, and project managers and also need to prepare an incident report in a concise and clean manner.
Critical Thinking: As you grow in your role, you might have to take high-stakes decisions about organization’s security about ransomware protection, Disaster Recovery, DDoS attack protection, etc
Step 4: Rework your Linkedin Profile
I’ve reviewed Linkedin profiles of several cybersecurity beginners and experienced professionals but unfortunately, most of them don’t leverage the power of Linkedin completely.
Write an appealing headline such as ComTIA+ | Seeking a Security Analyst opportunity, CEH | Seeking a Security/Penetration Tester opportunity
Write a clear About section: I’ve prepared a template for you.
Write a bit biased Experience: Write everything about current roles and responsibilities. If you got a chance to work around security-related projects, tasks, or incidents during your current regular IT role, try to elaborate more.
License and Certifications: If your budget allows, prepare for ComTIA Security+ or CEH or eJPT however there're several free cybersecurity certifications available as well.
Skills: Add enough security skills such as Linux, Enterprise Network Security, Security Patch management, Information security, Web Application security, Malware analysis, Kali Linux, Digital Forensics, Vulnerability Management, Security Incident & Event Management, Infrastructure security, Penetration Testing, Network security, IT Security Operations, Vulnerability Scanning, etc
Projects: Write about some of your home-based projects such as Deployment of Malware Sandbox Analysis, Open Source SOC using Kibana, MISPm Shuffle Automation - Home Lab, Penetration Testing -Home Lab
Honors and Awards: List down every award you received from your past organizations. You can even join Catch the Flag(CTF) competitions such TryHackme or HackTheBox, etc
Step 5: Build a Rock Solid Resume
Recruiters/HR Managers look for relevant keywords and total experience whereas Interviewers check for Certifications, Projects, and Awards in your resume.
Core Skills: You need to have all relevant keywords including platform, protocols, security platform, open-source tools, etc
Past Experience/Internship: You need to write all your past experiences or Internship. If your past experience was in regular IT, then try to add some security flavors to it.
Certifications: Refer Step 3
Awards: Refer Step 3
Projects: Refer Step 3
Step 6: Reach out for Opportunities
Today, there're several ways to grab a Job but we'll talk about some of the most effective methods:
Job Portal: This is one of the traditional methods but still effective. You can opt for your regional Job portals such as Indeed, Simplyhired, Dice, Naukri(India), Shine(India).
Linkedin Jobs: Many organizations and even Cybersecurity service companies post a job opening on Linkedin Job. It gives them direct access to your LinkedIn account. Set your preference here → https://www.linkedin.com/jobs/
Linkedin Connections: This step requires you to stay focussed and stay positive as sometime it might take a longer significant amount of time however, it’s also one of the most effective ways.
Instead of waiting for someone calls after you resume submission, reaching out to Linkedin connection can be a 10x faster approach to landing your job. You can utilize different methods such as
Reaching out to Recruiters for the Job you already applied
Inquiring Recruiter/ HR Manager for an opening
Reaching out to Senior Manager/Project Lead for any opportunities
Step 7: Prepare for the Interview
There are several types of interviews that you might encounter when applying for a job in cybersecurity. The most common types of interviews are experience-based, technical, and case-based.
But before we dig deep into interview question types, let me uncover five core concepts to prepare for Cybersecurity.
Research the Company you’re Interviewing for
What kind of Interviews should you expect?
What types of questions will potential employers ask?
What kind of questions you should ask at the end?
Rehearse the entire Interview
Let me share with you some example interview questions
What is CIA Triad?
What are OWASP Top 10 Vulnerabilities?
What is Brute force attack?
What is DDoS attack? How to you mitigate it?
What are the different practical phases in Penetration Testing?
What is the difference between IPS and IDS?
What is the difference between encryption and hashing?
How do you keep yourself updated with information security news?
What was the recent incident you worked on and how did you handle that?
What was the most challenging project you completed yourself and did you encounter any challenged? Also, What did you do to overcome those challenges?
Conclusion
Getting a job as a Fresher is never easy in any Industry however, with a proper practically proven approach and guidance, you can definitely concur with this obstacle. Many students and freshers have personally shared their successful journey after implementing this framework.
If you’ve any question or queries, you can always connect me on Linkedin, I’ll do my best to answer you.
