I’ve hired a number of grads in my career, plus placed various contractors and perms, – so I often have various scenarios where people pick my brain for advice on how best to get into cyber security.
I therefore figured it would be best to write up some of my views and advice here, so more people who want to get into cyber security can make use of it:
A Passion For Cyber
For me, the main thing I look for when recruiting is if the applicant has a thirst for knowledge, and a genuine interest & passion for all things cyber.
It’s not just about the money or being in demand, but that they actually understand the relevance and importance of cyber security to protect individuals, families and business alike – especially as everything comes online and digital. Having good ethics and morals relating to cyber is obviously a must.
Being able to learn new skills – both technical and non-technical are key, so I’d always suggest trying out new technologies and getting hands on experience with a variety of tools and techniques. If you have some time, check out some of the tools and sites listed on my resources page.
I’ll often ask interview questions about what the applicant does in their spare time – so if they are hands on – then this is a plus. It’s also a worthwhile investment in getting your basic IT skills up to scratch, so ensure you are familiar with computer networking, plus read up Security+ or study NetSec topics to cover the basics. Analytical & problem solving skills are also attractive.
Finger on the cyber pulse
Keeping across cyber related news, big stories & scandals, related twitter updates, Linkedin articles etc will keep you updated and in the loop. This will also get you familiar with some of the issues and challenges we have to deal with more broadly as an industry.
It’s also not a good sign when you interview someone for a role and they have no idea about some big security event (vulnerability, breach etc.) that happened recently. So keep up to date with what’s happening – plus it will help you find areas of interest to you – so you can research / pursue in your own time.
Keeping up to date with what’s going on in cyber security is crucial. Get social at local meet ups and other cyber security related events.
Interact With The Cyber Community Online
I think it’s really important to share knowledge and useful info with others, and to connect with like minded people – plus it helps to build a positive profile online. So if you have a passion or specific interest within cyber, it’s really good to be actively involved online. This could be joining and interacting with a specific LinkedIn group, a Slack channel, Facebook group or any other way you can connect with other people with similar interests.
The majority of job hires or offers are usually through contacts online, who I already know within the industry, so it pays to build yourself an online profile, and use it wisely.
Certifications, Study & Work Experience
There’s always a mixed range of opinions when it comes to cyber security related certifications and qualifications. I know several people in the industry who have no degree or security certifications what-so-ever, but have still “made it” in cyber.
I completed my computing degree at uni and CISSP several years ago – and for me this was a good way to ensure I had a broad knowledge of various domains within security. Also, I enjoyed the challenge of learning about a broad range of topics, and wanted to demonstrate that I had taken things seriously enough to invest my time in obtaining my CISSP – which includes sitting a tiring 6 hour exam! For those new to the industry, having a CISSP will also get you through various HR search / filters so that you stand out from others who are also interested in security, but don’t have a certification.
Either way – it’s probably worth mentioning that I’ve seen a lot of awesome looking resumes with all sorts of certifications or qualifications, however this still won’t guarantee you a job. If the applicant has a true passion or interest in the specific cyber security domain the role is in, then there’s more likelihood that they will be suitable.
Pick Your Passion
Speak to people within cyber, and work out what role / domain interests you most. You might want to research what roles are sought after the most, and ideally if it’s something that you really enjoy then go for it.
The main piece of advice that I can give to people who are still studying is to get involved with the community, and then find something that you like, and put your focus into it. If you can use that to help shape your studies, great, but even if that sits alongside whatever area your university degree, TAFE certificate or other study focuses on, it should still help a lot.
Morals, Ethics and Paying It Forward
It’s a small cyber community in Australia – so it’s especially important to always do the right thing, respect each other, share and collaborate, and pay it forward when you can… I always believe in helping others out – and never expect anything back in return.
I’ll happily have a quick 30 min catch up with someone interested in cyber, so feel free to get in touch.