I really wanted to make this website a proper goldmine of useful, tactical information - both on getting into the industry from a candidate standpoint but also from the people who get us hired.
Recruiters sometimes get a bad rep, but a lot of them will happily share their knowledge with you given the chance. Sean Hendon is a great guy who works for a company specialising in defence IT and infrastructure projects, CBSButler.
Well worth getting in touch with them if you're a recent UK HM Forces leaver, Sean himself specialising as a cybersecurity recruiter.
Niche yourself!
As a recruiter in the industry, I speak with a number of people at a variation of levels each week. A lot of my time is spent speaking with people who are trying to find their first job in the industry, Grads and ex-forces.
I’m always willing to help these people out and there is a massive need at the moment for new blood in the industry!
I don’t necessarily believe we have a skills shortage right now, but we may do in the future - these type of people aren’t being given the right opportunities, and simply just fall into a job that isn’t what they necessarily want to do.
But something has to pay the bills, right?
For a newbie coming into the industry, my advice would be to determine exactly what you want to do, be as specific as possible.
For example if you like Penetration Testing and believe you have the skill-sets for it then do your utmost to learn everything you need to be a good Pentester.
Editor's Note: This will pay dividends down the line - you can't learn everything, pick your shots and keep your workload manageable. To paraphrase the inimitable Ron Swanson, "Don't half-ass anything, whole-ass one thing at a time."
One thing I do see (more so with graduates) is that sometimes, they don’t know what type of career they want to pursue.
I appreciate finding your first opportunity is not always easy, so sometimes you may take what you can get. However, one thing you should be clear on is once you have that opportunity, what can you do to make sure you eventually have your perfect job?
Can your organisation offer you additional training?
Are there certifications you need?
Should you still be applying for other jobs?
You need to have a goal from day one of what it is you want and try and stick to that goal as much as possible.
If you have to take a job that’s not perfect to start with, then so be it, but don’t get lazy and fall back on that with no continued effort to chase your dream job!
As for employers, I think there can always be more opportunities available for ex-forces personnel and graduates. Its tough out there to find organisations that will take people with little experience.
Editor's Note: This is an important point - you will end up in the need experience for job <--> need job for experience paradox very quickly starting out. Your advantage is supply and demand in the cyber industry at the moment - someone out there needs guys badly enough that they'll give you a chance rather than have no-one.
Your job as a newbie is to find those people - they might require you to be more mobile than you'd like, or pay a little less - but a foot in the door is a foot in the door.
You can understand why, as 9 times out of 10 they have obligations to an end customer, and they need people who can do the job from day 1. I would like to see more organisations be willing to give people a chance.
People leaving the Forces have fantastic, relevant skill-sets as well as the high standards that are often required to carry out these jobs. There are training courses and apprentice schemes out there that are worth looking at and I have people within my network that can help you with this.
But going back to my main point: Whatever you do, whichever route you take, or background you are from, you need to be as niche as possible if you want to be the best at something.
You wouldn’t find a plumber applying for jobs as an electrician (Well maybe you would, I once had an ice cream man apply for a role as a Security Analyst - true story!) and if you did then why would they be considered for the role?
Nobody wants a jack of all trades to do a specific job. I completely appreciate and understand that sometimes there is going to be a crossover in certain roles, and you may work on a project that requires you to flex your skills a bit. However, my main advice would to be always try and find your niche and become the best at it that you can be!
The most in-demand skill-sets tend to depend on the sector in which you will be working in, but as a guide we at CBSButler tend to find the following hardest to source:
Penetration Testers / Ethical Hackers - CREST CRT/CPSA , CSTM , QSTM , OSCP etc. Demonstrable skill will help here, as most jobs will require passing a technical rig of some description
Analysts/Engineers – Particularly with SIEM skill-sets like Splunk, LogRythm & Huntsman
Threat Intelligence Specialists – SOC Analysts, Malware Analysts, Incident Response - CREST CRTIA/CRPIA helps here, as will any kind of demonstrable code experience.
Sean Hendon is a specialist Cybersecurity recruiter working at CBSButler, and will happily field good questions from those attempting to make a break into the industry, or just from those looking for a new challenge - find him on LinkedIn here.
Editor's Note: As we go forward, we'll start breaking down popular cybersecurity jobs and go through what the qualifications, mindset and compensation is like - but if you don't want to wait that long, check out the Cybersecurity Field Manual - it has a breakdown of popular roles and is a goldmine of useful information.
Comments