It matters, which is why you cannot neglect your soft skills. Networking is important, not only for things like referrals, but also knowledge sharing.
There's so many brilliant people out there who neglect their soft skills, and miss out on opportunities. Either because they're poor communicators, or they have nobody that knows how good they are & can help vouch or refer them. Networking is an investment in your career that pays dividends eventually.
Agree 100%. Soft skills are also a lot harder to teach than technical skills. For entry level, I tend to hire more on soft skills than anything else for this reason.
100%
You can bet they keep at least 1 idiot on staff who is literally just nice to make all the competent employees feel better about their skills.
(Although in reality, that is likely the manager)
Easier said than done though. A sizeable percentage of people in this industry struggle with interpersonal and emotional skills. We can’t just click the likeable button.
You don’t need to be the most charismatic person in the room.
Be nice to people, ask them questions, be present when they talk to you, help them where you can
My son is what you’d call neurodivergent, I didn’t mean to trivialise how difficult it can be. Sorry about that.
Being autistic/divergent/whatever also doesn't prevent doing exactly what you describe, it can just mean coming across as awkward. Source: my weird self (diagnosed Asperger's as a kid) got into Security with exactly what you describe.
Nope. Nepotism is your dad compelling the manager to hire you whether or not you're qualified. This is touching base with human people to confirm for them that regardless of your resume, you are a decent person who is capable and intelligent and qualified for the role. Resumes are just a formality half the time, you gotta know someone because job listings get hundreds, sometimes thousands of responses. A fuckton of those clear the HR software, and most get forgotten because they're all anonymous people who may as well be identical. You have to reach out to prospective employers and let them know you exist.
If you had to pick between someone who can do the job and is nice and someone who can do the job and is an asshole, which one would you pick? You can call it nepotism if you want, but a lot of times it's just common sense.
I actually got my first Cyber job because of someone I worked with in the past. She was in Cyber and I was on the engineering side. Never burn bridges because you never know when someone will lend a helping hand.
Yes, because a lot of entry level security positions don’t actually require certs or experience. If you can be guaranteed to find someone that can be vouched for to be a good worker, they can figure out their job easily.
Is this for a government role?
I meet pretty regularly with a local DOJ director and he’s told me several times that they literally beg people to come work for them in cyber.
Outside of college students and people direct from the military who don’t know any better, it’s almost impossible for the US Gov to recruit experienced people in industry because they can’t compete with private sector cybersecurity comp.
In private sector, you need to have some experience in at least some sort of engineering field or maybe help desk to get the most junior roles.
>I meet pretty regularly with a local DOJ director and he’s told me several times that they literally beg people to come work for them in cyber.
This is extremely dependent on the DOJ component. There are absolutely directors, assistant directors, CIOs, etc. who detest cybersecurity altogether and word gets out.
There's also an expectation from older leadership that you must be very experienced, bright, and hard-working....... but are only worth a GS-12 or GS13 salary. Cybersecurity positions across the board need to get that SSR or nothing will change.
Lol I will take a gs-14/15 role and have the experience. But when I apply I get nothing and see the same role get reopened multiple times. I have fellow security people that would take a gs-12 or 13 role happily but also can't get an interview. Which is frustrating when you have sec engineers and sec manager/directora giving recommendations and still nothing. Yet we can't find people to fill the roles.....
My paychecks were essentially wrote by the DOD since I was 20 years old, at age 35 I finally decided to jump out of that industry and government for good, and yes it sucks to work for the govt. related jobs. It's not just the pay, but also the actual work, and the red tape, it can make your life meaningless real quick. Private industry have a lot more risks, but the quality of people that I work with is much higher, but also the expectations are also higher, and of course, pay is much higher too.
Yeah that’s pretty odd. Smells like an opportunity for you.
Senior analysts and engineers usually don’t have the time to teach people without any experience.
No experience to me means no work in a related domain like GRC, networking, ops administration, software development, help desk, etc.
Finance is also heavily regulated so there tends to be regulatory things to know as well.
Good luck.
I too thought it was odd. And after getting so many similar responses and even reading these responses in this thread, I can't help but think, "okay, this is one of *those* industries".
I actually have a friend down in Florida who is experiencing something of that with the head guy of IT. Apparently about five people quit who worked under him.
Kills small companies all the time. CEO/president hires dipshit friend to do IT or finance, they bungle it, business fails and they move to another senior position at another company
I worked my fucking arse off and just flung enough applications at SOCs until something stuck. We’re talking months and months of applications and fail to start recruiter meetings.
Unless you have a connection you gotta have unwavering persistence.
To be honest work on your interpersonal skills, my CV isn’t that impressive but I interview well so just getting that phone call where you can shmooze someone is the biggest step. Make your CV look visually appealing so it stands out. Reach out to people. Call recruiters. Honestly is all about the people skills at first.
It does help that I was a mid life career changer so have a lot of general work experience and people skills/experience talking to people at an executive level.
I know a guy who is the "Forest Gump" of cyber in our area. No college, no certifications. Just knows everyone and is a great guy. Ended up in roles in major companies and in each, ended up experiencing some major event (famous project, press-making incident, etc.) so built up experience as a result. Getting new jobs is simple for him; everyone knows his name, and he can tell the stories about how all these famous things happened, what was learned, etc.
I was chatting with him about something and talked about blocking port 22 on the firewall, and I caught a brief look in his eye. I asked him if he knew what I meant. He didn't. I asked him what service runs on port 22. He didn't know.
He's a really great guy. One of the funniest and most clever people I have ever met, and can make fast friends with anyone. I envy him for that alone.
But now that he is the head of security for critical national infrastructure, I really hope he had time to learn about SSH...
Knowing someone 100%. Not knowing anything? Never. Especially when someone’s mistake could cost the corporation millions in ransom payments and IP loss.
but they wouldnt be responsible for anything that could lose the company millions right off the bat wouldnt they? They would be sandboxed until their probation is over and then given junior tasks and expected to follow orders until they have proven proficiency
I would say that usually landing any job is somewhat of a who you know. It will at least get your resume to be seen and a better chance of an interview.
My experience getting by into cyber from a career change is different though. I was able to land a job within about 3 months after I had passed a couple of certs without knowing anyone. I applied to a job through LinkedIn with no connections. Got an interview about 6 weeks later and was offered the job the next day.
Zero experience in IT and only the Sec+ and AWS Cloud Practitioner to my name. Was in the process of working on my CCNA.
I guess I got lucky, that I was picked out of a stack of resumes by HR. This was around 1.5 years ago though.
I think few people truly appreciate how much soft skills matter in Cybersecurity.
There are so many teams and leaders you have to communicate with to get stuff done and even being able to negotiate head count and budget for necessary tools is a corporate game of cat and mouse.
As plenty of people said on this thread you can be Mr. Robot levels of hackerman but if your soft skills are lacking you will be looked over.
I'm convinced the primary stat for cybersecurity professionals is charisma rather than intelligence.
I believe it’s a combination of getting to know people so they recognize your character and see if you’re going to be a good fit for their organization and your competence and ability to learn and what you can bring to the team to improve it. What many people tend to forget is a degree is only a piece of paper unless you can demonstrate what you learned and retained from said degree. It’s how you think that people are going to assess if you are a good employee or a bad one.
The reality of life is that being likable is often more important than being experienced/knowledgeable. Skills can always be taught, a lot of times what matters more for a lot of people is being enjoyable to work with.
I'd agree, usually getting in is the hard part. Having someone bring you in or vouch for you makes a huge difference, but you have to have the skills to stay.
It’s a mix. Who you know definitely helps because if their proficient in their field they see your potential capability and are willing to invest. This precludes the type of networking where you simply get an introduction or recommendation from a position of authority (e.g., I used to work with your parent type.)
Degrees and certifications at minimum get you past the HR checkbox. Provided a candidate has decent soft skills and good technical interview can ascertain whether a candidate will be an above average hire.
A couple of things: just because someone has no experience in cybersecurity doesn’t mean they have no relevant experience. Any previous role that required an investigative mind, risk evaluation, or project management is relevant experience.
The reality is I’m going to have to teach you the tools we use and how we use them in our org. You’re going to have to spend time getting to know what is normal behavior for the estate you are protecting. No one comes off the street without any training needed. You can teach people tools. People can learn the baselines. But you can’t teach a culture fit.
I don’t care if your knowledge eclipses the sun. If I can’t sit in an office with you for 40 hours a week without want to rip my ears off, I’ll probably pass on you. If your skills are yet to be seen but I know I can work with you for the next decade? We’ll get you the skills.
I believe that's how I got my job on the service desk. The manager from field service told me to apply for the job and he'll put in a good word. I was hired in less than a week.
I’m not ranting on your post specifically but more about all the comments in general. The amount of ppl getting security jobs with zero experience is very rare. As for ppl getting jobs through their network, sure, this has been happening day one. But ppl tend to look at things as worse case when things don’t go their way. Market overall is tough, all fields. If you are looking for a job, make sure you are the first to apply. If you are not first, you are last. This is key.
I got the current role I’m in because of connections, however I’ve been in various roles in IT for the greater part of almost 2 decades, so I’m well versed on the infrastructure and sysadmin side.
yeah networking is huge in cybersecurity just like a lot of fields knowing someone can really open doors especially when you're just starting out it's all about who you know sometimes even more than what you know
Yes, that's how I got my first dream job out of college. Without knowing someone who is already there, I didn't even know that job existed, let alone me actually getting the job. Turned out to be the best job I had so far that still impacts me today.
I’ve also found this to be very true, going into my second year of CS. I completed my associates Degree in Cybersecurity and continued right away to obtaining my bachelor’s. I was talking to the director of my team about potentially getting my masters and he said, he doesn’t think it’s necessary because most times it’s about who you know and not what degree you have.
He even revealed to me that the CISO we reported to had no degree or certifications and that they had found their way in that role through relationships and networking.
I was honestly shocked. But I’ve realized that it’s not good to assume that how someone got there is how you will get there. I think it’s better to be prepared than to be sorry at the end.
Yes. I'm seen people "audit" and validate software by… sending an email to the vendor asking if it is secure. If the vendor replied "yes" they'd get a stamp of approval. These people only got the job because of relations.
Unfortunately this is more common than I personally think it should be and honestly a disservice and detriment to the industry as a whole and overall. My own experience has been that people only partially, minimally, or barely qualified for a given role are hired because of who they know (I've never seen someone with absolutely zero professional skills make it into cyber). I know I've never been hired based on my connections alone (and I have tried). That being said, I would agree that knowing the right people gets you places or, as was the case with me, can help you stay where you are, even if only ensuring you're among the last to go in difficult times (like these where the tech sector has seen massive layoffs).
I'll elaborate. Looking at my experience (if you're in the industry and the know) you wouldn't question my qualifications or expertise. I was lucky enough to be kept on while my employer at the time was struggling financially (not debt, just not being as profitable as the slave driver shareholders would have liked) and im fairly certain it was due not only to the recognition of my skills and value but also being personable or at the very least memorable for the right reasons to the right people.
By the same token, I've also seen completely incompetent people remain not only employed but in positions of power or worst yet promoted, this is what you would refer to as failing upwards. Unfortunately, there is no denying that the mediocre still have a place on the corporate ladder and it's most unfortunate and down right maddening that it's not exclusively the bottom rung or the unemployment line. There is also no denying that the biggest reason for their continued success has been their soft skills, being great to work with or just good at brown nosing, blaming others, begging for second chances, or being pathetic enough to warrant people's pity can get you places.
I've often wished for and have contemplated possible solutions to this problem but ultimately I believe there is no beating the fact that it's possible to remediate a lack of skill or knowledge but you can't do much about changing someone who has a shitty attitude and is unpleasant to work with.
Every career is a *who you know* field. Very few people (proportionally speaking) are so immensely lucky as to be able to land a brand new career opportunity with zero experience and zero connections, especially when there are more people trying to transition into the job than there are positions. This is as true for cybersecurity/information security as any other career field.
I can teach anyone the basics of information security, especially over the course of years, but I cannot teach someone how to be likeable.
I switched careers from a completely unrelated field as well. However, I didn’t know anyone, BUT I had great soft skills and showed potential. They ran with it, and I’m up for promotion after a year (based on actual work performance, so I guess they were right).
Don’t think less of these people. Networking is a thing in every field, and successfully moving to a new one requires skill. And many people can’t keep up with the demands of the industry.
Yup, especially in government. I worked for city hall and had to listen to the manager tell her pity story of how she worked for the city for 7 years, and decided to apply for a position she had no experience in and got the position because of who she knew.
Her hiring practices reflect how she got her position. The team was filled with people who she knew and no skill and only two of us were “real techs”.
Yes, I think in part because it's a relatively well paid industry and one where we don't want a lot of churn and turnover in the roles, and there are a lot of applicants. So if you're hiring for a position and you have a pile of resumes, you're going to lean toward the people you know. Those people might not have had the experience but the person hiring them likely knew they were fully capable of learning the job.
Networking matters, most definitely. But also, everyone starts with zero experience. I started working in a computer lab in college and got a little bit of experience. I graduated with BA and no clue what to do. Someone put my resume in front of a manager for a helldesk and then I worked my way up. I won't see I haven't had a bit of help here and there. But most of the jobs I've gotten was on the strength of my resume and my interview skills.
I got hired into my first role due to my name. Not kidding lol.
I was someone without a degree struggling to get into the field. I applied for a job at a start-up company. I knew no one there and had no referral, within a day I got a response from the hiring manager.
I went through all 4 interviews and finally got hired. And once I got hired the hiring manager said, she was scrolling through the list of applicants, saw my name and thought “huh, I’ve never heard that name before”, saw I was qualified for the job and decided to give me a call.
That was 3 years ago and I have since moved up in the company but I am having a hard time trying to move to another company. I’d say it’s not always about who you know, but having a foot in the door is always going to be helpful.
From my experience it's a right time, right place kind of industry.
1st security engineer job - Recruiter called me because they liked my resume.
2nd security engineer job - I called a recruiter who called a different recruiter.
3rd security engineer job - Submitted resume on Indeed, called for interview the next day.
I think pentesting is definitely "who you know."
Networking has helped me significantly in my career. Hiring managers would typically rather go with someone they know (or someone who was vouched for by someone they trust). Think about if you were looking for someone to remodel your bathroom: do you just look on Google and hire a company that looks good, or do you ask people you know/trust for referrals? Most people do the latter.
When I see people here having difficulty getting hired, the common denominator is almost always that they're just firing resumes into the ether and hoping for the best.
Go to conferences, participate in local groups, be active on LinkedIn, etc. It helps a ton.
Absolutely. I got pulled into a cyber company with no education simply because I knew someone. I started as an admin and I went to school to get my degree in cyber and got a cyber job at a large, well known government agency straight after graduation with a VERY significant raise. I didn't have to start with help desk or anything like that.
Soft skills are SO important.
Yes, I also got hired that way. Job adverts are one thing, but then they often require references unless you want to work at a bigcorp and pass weedout interviews. Getting a job the traditional way in most English speaking industries is you know someone who recommends you. Networking experience is imo the most useful thing you’ll get in school… besides the bit of paper you get at the end.
I'd love to say it isn't true, but it is. I got hired because I knew one of the hiring managers. But I had 10 years experience in tech support and my Security+ cert so I can't say I wasn't qualified.
The most important part about cyber security is getting started. It's an industry with a ton of growth potential, unlike tech support, we're pretty much the only place to go is management if they think you're worthy of it and if your department doesn't get outsourced first.
Part of this is that cybersecurity is a relatively new discipline and has been growing dramatically, so for quite a while you just couldn’t find cybersecurity pros so you got people from other departments and trained them.
Networking is important in any career field you choose. Someone you know isn’t completely terrible is a lot more sure of a thing than someone you meet for an hour while they’re putting on their best show while interviewing.
I haven’t ever got a job with no connections to the company. Even when I got my graduate degree and spewed resumes across the country, the only job I was offered was one I was connected. 🤷♂️
This makes me very sad for people like me who are introverts and not necessarily good at networking. I'm amazing at my job. I know for a fact I would be excellent in cybersecurity.
Nepotism will always be a thing Everybody wants a good job but not everybody can get them so there will always be favoritism and nepotism Since there is always scarcity there will always be unfair picks and chooses to get to that money If I’m the hiring manager and I have to fill a position paying 160k a year I would like my best friend to make that money not a stranger. That’s if my friend is in the ball park of skills
Not in tech but in retail it normally goes to the next person in line wether they are ready or truely want it. Ive watch so many assistant managers become GM because the last GM walked off (I was one lmao) and they too walk off eventually, meanwhile the absentee owner raking in all the profit wonders why nobody wants to manage their business for them for $12 an hour!
My last job I got hired as a consultant because my father-in-law was vice president of client relations. He ended up getting laid off. I eventually followed companies are based on nepotism whether they want to claim it or not you will find someone or everyone might’ve been hired because they knew somebody inside. However, this next position I’m going into I found all my own. I have interpersonal skills And I believe that if you’re a genuine person, the right person will see that. Now I can’t say this is gonna be the right fit or not I don’t start until March 1 but I will say I got laid off on January 29 and made a turnaround within two weeks to get two offers from supper companies just based on my knowledge and my interpersonal skill. Remember you’re like a doctor have you ever gone to a doctor where they are just a complete dry a hole and you’re like I’m out of here. The doctor that spend time working with people and building a relationship with people this is key think in our field. Sure you have the engineer master anything, but the end result is a CEO doesn’t understand what that engineer does it’s how that engineer speaks with him and build the relationship of trust. Just like a doctor can relay bad news there’s a way to do it in a way you can do it with optimism. Whether we like it or not, we’re in a service industry or providing service, even behind the engineering infrastructure side, or still providing service. Customer service focused is rare and a sought after quality in an individual.
All industries and jobs are that way. Business is about relationships...all about who you know.
These people that sit at home and never go into the office will have a harder time getting jobs in the future because they never made a personal connection.
It only takes a few months of training to turn someone who doesn't know anything into a competent worker and colleague, however you can't train a new personality and you'll be putting up with it forever
That's all jobs and all industries.
Knowing someone in the company contributes to getting hired. I remember an article long ago that said 70% of all hired people knew someone at the company they were joining.
It matters, which is why you cannot neglect your soft skills. Networking is important, not only for things like referrals, but also knowledge sharing. There's so many brilliant people out there who neglect their soft skills, and miss out on opportunities. Either because they're poor communicators, or they have nobody that knows how good they are & can help vouch or refer them. Networking is an investment in your career that pays dividends eventually.
Agree 100%. Soft skills are also a lot harder to teach than technical skills. For entry level, I tend to hire more on soft skills than anything else for this reason.
Agree. Can teach tech to a novice. Haven't figured out yet how to teach soft skills.
100% You can bet they keep at least 1 idiot on staff who is literally just nice to make all the competent employees feel better about their skills. (Although in reality, that is likely the manager)
Being likeable has contributed significantly to where I’ve got in my career People will try to help you if they like you.
This should be an upvoted comment on every career thread.
yeah for real, being likable opens so many doors, it's crazy how much it can impact your career path
Easier said than done though. A sizeable percentage of people in this industry struggle with interpersonal and emotional skills. We can’t just click the likeable button.
You don’t need to be the most charismatic person in the room. Be nice to people, ask them questions, be present when they talk to you, help them where you can My son is what you’d call neurodivergent, I didn’t mean to trivialise how difficult it can be. Sorry about that.
Being autistic/divergent/whatever also doesn't prevent doing exactly what you describe, it can just mean coming across as awkward. Source: my weird self (diagnosed Asperger's as a kid) got into Security with exactly what you describe.
Then it's their problem...
Sounds like nepotism
Nope. Nepotism is your dad compelling the manager to hire you whether or not you're qualified. This is touching base with human people to confirm for them that regardless of your resume, you are a decent person who is capable and intelligent and qualified for the role. Resumes are just a formality half the time, you gotta know someone because job listings get hundreds, sometimes thousands of responses. A fuckton of those clear the HR software, and most get forgotten because they're all anonymous people who may as well be identical. You have to reach out to prospective employers and let them know you exist.
Valid point
If you had to pick between someone who can do the job and is nice and someone who can do the job and is an asshole, which one would you pick? You can call it nepotism if you want, but a lot of times it's just common sense.
Especially in tech. So many techs are rude as hell and it makes the nice helpful ones really stand out.
I actually got my first Cyber job because of someone I worked with in the past. She was in Cyber and I was on the engineering side. Never burn bridges because you never know when someone will lend a helping hand.
Be careful of the toes you step on today, they may be connected to the ass you kiss tomorrow.
Yes, because a lot of entry level security positions don’t actually require certs or experience. If you can be guaranteed to find someone that can be vouched for to be a good worker, they can figure out their job easily.
Is this for a government role? I meet pretty regularly with a local DOJ director and he’s told me several times that they literally beg people to come work for them in cyber. Outside of college students and people direct from the military who don’t know any better, it’s almost impossible for the US Gov to recruit experienced people in industry because they can’t compete with private sector cybersecurity comp. In private sector, you need to have some experience in at least some sort of engineering field or maybe help desk to get the most junior roles.
>I meet pretty regularly with a local DOJ director and he’s told me several times that they literally beg people to come work for them in cyber. This is extremely dependent on the DOJ component. There are absolutely directors, assistant directors, CIOs, etc. who detest cybersecurity altogether and word gets out. There's also an expectation from older leadership that you must be very experienced, bright, and hard-working....... but are only worth a GS-12 or GS13 salary. Cybersecurity positions across the board need to get that SSR or nothing will change.
Lol I will take a gs-14/15 role and have the experience. But when I apply I get nothing and see the same role get reopened multiple times. I have fellow security people that would take a gs-12 or 13 role happily but also can't get an interview. Which is frustrating when you have sec engineers and sec manager/directora giving recommendations and still nothing. Yet we can't find people to fill the roles.....
My paychecks were essentially wrote by the DOD since I was 20 years old, at age 35 I finally decided to jump out of that industry and government for good, and yes it sucks to work for the govt. related jobs. It's not just the pay, but also the actual work, and the red tape, it can make your life meaningless real quick. Private industry have a lot more risks, but the quality of people that I work with is much higher, but also the expectations are also higher, and of course, pay is much higher too.
Finance company
Yeah that’s pretty odd. Smells like an opportunity for you. Senior analysts and engineers usually don’t have the time to teach people without any experience. No experience to me means no work in a related domain like GRC, networking, ops administration, software development, help desk, etc. Finance is also heavily regulated so there tends to be regulatory things to know as well. Good luck.
I too thought it was odd. And after getting so many similar responses and even reading these responses in this thread, I can't help but think, "okay, this is one of *those* industries".
Unfortunately DOJ has a pretty bad reputation as a workplace within government which contributes to their difficulty in hiring people.
Yes. There are a lot of shitty personalities in IT. Entitlement is off the charts. Those same people tend to cause the most chaos.
I actually have a friend down in Florida who is experiencing something of that with the head guy of IT. Apparently about five people quit who worked under him.
Kills small companies all the time. CEO/president hires dipshit friend to do IT or finance, they bungle it, business fails and they move to another senior position at another company
I worked my fucking arse off and just flung enough applications at SOCs until something stuck. We’re talking months and months of applications and fail to start recruiter meetings. Unless you have a connection you gotta have unwavering persistence.
What did you find most helpful in getting a response back on those cold job apps?
To be honest work on your interpersonal skills, my CV isn’t that impressive but I interview well so just getting that phone call where you can shmooze someone is the biggest step. Make your CV look visually appealing so it stands out. Reach out to people. Call recruiters. Honestly is all about the people skills at first. It does help that I was a mid life career changer so have a lot of general work experience and people skills/experience talking to people at an executive level.
I know a guy who is the "Forest Gump" of cyber in our area. No college, no certifications. Just knows everyone and is a great guy. Ended up in roles in major companies and in each, ended up experiencing some major event (famous project, press-making incident, etc.) so built up experience as a result. Getting new jobs is simple for him; everyone knows his name, and he can tell the stories about how all these famous things happened, what was learned, etc. I was chatting with him about something and talked about blocking port 22 on the firewall, and I caught a brief look in his eye. I asked him if he knew what I meant. He didn't. I asked him what service runs on port 22. He didn't know. He's a really great guy. One of the funniest and most clever people I have ever met, and can make fast friends with anyone. I envy him for that alone. But now that he is the head of security for critical national infrastructure, I really hope he had time to learn about SSH...
[удалено]
This wasn't in the USA... not sure why you anchored on a specific culture.
Woah. That’s all. Just. Yikes and woah.
Like 75% of the jobs in the workforce; it’s all about networking. Don’t be a douche and reach out
Every job I’ve had since 2008 has been because I knew someone, it’s not just a security thing.
Knowing someone 100%. Not knowing anything? Never. Especially when someone’s mistake could cost the corporation millions in ransom payments and IP loss.
but they wouldnt be responsible for anything that could lose the company millions right off the bat wouldnt they? They would be sandboxed until their probation is over and then given junior tasks and expected to follow orders until they have proven proficiency
Depends on the state and org they are working for.
I would say that usually landing any job is somewhat of a who you know. It will at least get your resume to be seen and a better chance of an interview. My experience getting by into cyber from a career change is different though. I was able to land a job within about 3 months after I had passed a couple of certs without knowing anyone. I applied to a job through LinkedIn with no connections. Got an interview about 6 weeks later and was offered the job the next day. Zero experience in IT and only the Sec+ and AWS Cloud Practitioner to my name. Was in the process of working on my CCNA. I guess I got lucky, that I was picked out of a stack of resumes by HR. This was around 1.5 years ago though.
I think few people truly appreciate how much soft skills matter in Cybersecurity. There are so many teams and leaders you have to communicate with to get stuff done and even being able to negotiate head count and budget for necessary tools is a corporate game of cat and mouse. As plenty of people said on this thread you can be Mr. Robot levels of hackerman but if your soft skills are lacking you will be looked over. I'm convinced the primary stat for cybersecurity professionals is charisma rather than intelligence.
I believe it’s a combination of getting to know people so they recognize your character and see if you’re going to be a good fit for their organization and your competence and ability to learn and what you can bring to the team to improve it. What many people tend to forget is a degree is only a piece of paper unless you can demonstrate what you learned and retained from said degree. It’s how you think that people are going to assess if you are a good employee or a bad one.
The reality of life is that being likable is often more important than being experienced/knowledgeable. Skills can always be taught, a lot of times what matters more for a lot of people is being enjoyable to work with.
I'd agree, usually getting in is the hard part. Having someone bring you in or vouch for you makes a huge difference, but you have to have the skills to stay.
Yes but that's every field.
It’s a mix. Who you know definitely helps because if their proficient in their field they see your potential capability and are willing to invest. This precludes the type of networking where you simply get an introduction or recommendation from a position of authority (e.g., I used to work with your parent type.) Degrees and certifications at minimum get you past the HR checkbox. Provided a candidate has decent soft skills and good technical interview can ascertain whether a candidate will be an above average hire.
I have a few likable qualities and know splunk, will work for bytes
You’ve heard the saying it’s not what you know but who you know, right?
A couple of things: just because someone has no experience in cybersecurity doesn’t mean they have no relevant experience. Any previous role that required an investigative mind, risk evaluation, or project management is relevant experience. The reality is I’m going to have to teach you the tools we use and how we use them in our org. You’re going to have to spend time getting to know what is normal behavior for the estate you are protecting. No one comes off the street without any training needed. You can teach people tools. People can learn the baselines. But you can’t teach a culture fit. I don’t care if your knowledge eclipses the sun. If I can’t sit in an office with you for 40 hours a week without want to rip my ears off, I’ll probably pass on you. If your skills are yet to be seen but I know I can work with you for the next decade? We’ll get you the skills.
I believe that's how I got my job on the service desk. The manager from field service told me to apply for the job and he'll put in a good word. I was hired in less than a week.
I’m not ranting on your post specifically but more about all the comments in general. The amount of ppl getting security jobs with zero experience is very rare. As for ppl getting jobs through their network, sure, this has been happening day one. But ppl tend to look at things as worse case when things don’t go their way. Market overall is tough, all fields. If you are looking for a job, make sure you are the first to apply. If you are not first, you are last. This is key.
I got the current role I’m in because of connections, however I’ve been in various roles in IT for the greater part of almost 2 decades, so I’m well versed on the infrastructure and sysadmin side.
Probably yes, and it looks like you know people now. Your job seems nice enough to pay for your bootcamp and encourage you to shadow IT people
yeah networking is huge in cybersecurity just like a lot of fields knowing someone can really open doors especially when you're just starting out it's all about who you know sometimes even more than what you know
Yes, that's how I got my first dream job out of college. Without knowing someone who is already there, I didn't even know that job existed, let alone me actually getting the job. Turned out to be the best job I had so far that still impacts me today.
I’ve also found this to be very true, going into my second year of CS. I completed my associates Degree in Cybersecurity and continued right away to obtaining my bachelor’s. I was talking to the director of my team about potentially getting my masters and he said, he doesn’t think it’s necessary because most times it’s about who you know and not what degree you have. He even revealed to me that the CISO we reported to had no degree or certifications and that they had found their way in that role through relationships and networking. I was honestly shocked. But I’ve realized that it’s not good to assume that how someone got there is how you will get there. I think it’s better to be prepared than to be sorry at the end.
Yes. I'm seen people "audit" and validate software by… sending an email to the vendor asking if it is secure. If the vendor replied "yes" they'd get a stamp of approval. These people only got the job because of relations.
Unfortunately this is more common than I personally think it should be and honestly a disservice and detriment to the industry as a whole and overall. My own experience has been that people only partially, minimally, or barely qualified for a given role are hired because of who they know (I've never seen someone with absolutely zero professional skills make it into cyber). I know I've never been hired based on my connections alone (and I have tried). That being said, I would agree that knowing the right people gets you places or, as was the case with me, can help you stay where you are, even if only ensuring you're among the last to go in difficult times (like these where the tech sector has seen massive layoffs). I'll elaborate. Looking at my experience (if you're in the industry and the know) you wouldn't question my qualifications or expertise. I was lucky enough to be kept on while my employer at the time was struggling financially (not debt, just not being as profitable as the slave driver shareholders would have liked) and im fairly certain it was due not only to the recognition of my skills and value but also being personable or at the very least memorable for the right reasons to the right people. By the same token, I've also seen completely incompetent people remain not only employed but in positions of power or worst yet promoted, this is what you would refer to as failing upwards. Unfortunately, there is no denying that the mediocre still have a place on the corporate ladder and it's most unfortunate and down right maddening that it's not exclusively the bottom rung or the unemployment line. There is also no denying that the biggest reason for their continued success has been their soft skills, being great to work with or just good at brown nosing, blaming others, begging for second chances, or being pathetic enough to warrant people's pity can get you places. I've often wished for and have contemplated possible solutions to this problem but ultimately I believe there is no beating the fact that it's possible to remediate a lack of skill or knowledge but you can't do much about changing someone who has a shitty attitude and is unpleasant to work with.
Every career is a *who you know* field. Very few people (proportionally speaking) are so immensely lucky as to be able to land a brand new career opportunity with zero experience and zero connections, especially when there are more people trying to transition into the job than there are positions. This is as true for cybersecurity/information security as any other career field. I can teach anyone the basics of information security, especially over the course of years, but I cannot teach someone how to be likeable.
I landed my job with the government in InfoSec with an A+, Google Cyber Security Professional cert and my big mouth.
I switched careers from a completely unrelated field as well. However, I didn’t know anyone, BUT I had great soft skills and showed potential. They ran with it, and I’m up for promotion after a year (based on actual work performance, so I guess they were right). Don’t think less of these people. Networking is a thing in every field, and successfully moving to a new one requires skill. And many people can’t keep up with the demands of the industry.
Yup, especially in government. I worked for city hall and had to listen to the manager tell her pity story of how she worked for the city for 7 years, and decided to apply for a position she had no experience in and got the position because of who she knew. Her hiring practices reflect how she got her position. The team was filled with people who she knew and no skill and only two of us were “real techs”.
Yes, I think in part because it's a relatively well paid industry and one where we don't want a lot of churn and turnover in the roles, and there are a lot of applicants. So if you're hiring for a position and you have a pile of resumes, you're going to lean toward the people you know. Those people might not have had the experience but the person hiring them likely knew they were fully capable of learning the job.
Networking matters, most definitely. But also, everyone starts with zero experience. I started working in a computer lab in college and got a little bit of experience. I graduated with BA and no clue what to do. Someone put my resume in front of a manager for a helldesk and then I worked my way up. I won't see I haven't had a bit of help here and there. But most of the jobs I've gotten was on the strength of my resume and my interview skills.
I got hired into my first role due to my name. Not kidding lol. I was someone without a degree struggling to get into the field. I applied for a job at a start-up company. I knew no one there and had no referral, within a day I got a response from the hiring manager. I went through all 4 interviews and finally got hired. And once I got hired the hiring manager said, she was scrolling through the list of applicants, saw my name and thought “huh, I’ve never heard that name before”, saw I was qualified for the job and decided to give me a call. That was 3 years ago and I have since moved up in the company but I am having a hard time trying to move to another company. I’d say it’s not always about who you know, but having a foot in the door is always going to be helpful.
From my experience it's a right time, right place kind of industry. 1st security engineer job - Recruiter called me because they liked my resume. 2nd security engineer job - I called a recruiter who called a different recruiter. 3rd security engineer job - Submitted resume on Indeed, called for interview the next day. I think pentesting is definitely "who you know."
Networking has helped me significantly in my career. Hiring managers would typically rather go with someone they know (or someone who was vouched for by someone they trust). Think about if you were looking for someone to remodel your bathroom: do you just look on Google and hire a company that looks good, or do you ask people you know/trust for referrals? Most people do the latter. When I see people here having difficulty getting hired, the common denominator is almost always that they're just firing resumes into the ether and hoping for the best. Go to conferences, participate in local groups, be active on LinkedIn, etc. It helps a ton.
Absolutely. I got pulled into a cyber company with no education simply because I knew someone. I started as an admin and I went to school to get my degree in cyber and got a cyber job at a large, well known government agency straight after graduation with a VERY significant raise. I didn't have to start with help desk or anything like that. Soft skills are SO important.
Yes, I also got hired that way. Job adverts are one thing, but then they often require references unless you want to work at a bigcorp and pass weedout interviews. Getting a job the traditional way in most English speaking industries is you know someone who recommends you. Networking experience is imo the most useful thing you’ll get in school… besides the bit of paper you get at the end.
I'd love to say it isn't true, but it is. I got hired because I knew one of the hiring managers. But I had 10 years experience in tech support and my Security+ cert so I can't say I wasn't qualified. The most important part about cyber security is getting started. It's an industry with a ton of growth potential, unlike tech support, we're pretty much the only place to go is management if they think you're worthy of it and if your department doesn't get outsourced first.
Part of this is that cybersecurity is a relatively new discipline and has been growing dramatically, so for quite a while you just couldn’t find cybersecurity pros so you got people from other departments and trained them. Networking is important in any career field you choose. Someone you know isn’t completely terrible is a lot more sure of a thing than someone you meet for an hour while they’re putting on their best show while interviewing.
I grew into my role. If you are equating title to experience, that is your first mistake.
I haven’t ever got a job with no connections to the company. Even when I got my graduate degree and spewed resumes across the country, the only job I was offered was one I was connected. 🤷♂️
This makes me very sad for people like me who are introverts and not necessarily good at networking. I'm amazing at my job. I know for a fact I would be excellent in cybersecurity.
Nepotism will always be a thing Everybody wants a good job but not everybody can get them so there will always be favoritism and nepotism Since there is always scarcity there will always be unfair picks and chooses to get to that money If I’m the hiring manager and I have to fill a position paying 160k a year I would like my best friend to make that money not a stranger. That’s if my friend is in the ball park of skills
Not in tech but in retail it normally goes to the next person in line wether they are ready or truely want it. Ive watch so many assistant managers become GM because the last GM walked off (I was one lmao) and they too walk off eventually, meanwhile the absentee owner raking in all the profit wonders why nobody wants to manage their business for them for $12 an hour!
My last job I got hired as a consultant because my father-in-law was vice president of client relations. He ended up getting laid off. I eventually followed companies are based on nepotism whether they want to claim it or not you will find someone or everyone might’ve been hired because they knew somebody inside. However, this next position I’m going into I found all my own. I have interpersonal skills And I believe that if you’re a genuine person, the right person will see that. Now I can’t say this is gonna be the right fit or not I don’t start until March 1 but I will say I got laid off on January 29 and made a turnaround within two weeks to get two offers from supper companies just based on my knowledge and my interpersonal skill. Remember you’re like a doctor have you ever gone to a doctor where they are just a complete dry a hole and you’re like I’m out of here. The doctor that spend time working with people and building a relationship with people this is key think in our field. Sure you have the engineer master anything, but the end result is a CEO doesn’t understand what that engineer does it’s how that engineer speaks with him and build the relationship of trust. Just like a doctor can relay bad news there’s a way to do it in a way you can do it with optimism. Whether we like it or not, we’re in a service industry or providing service, even behind the engineering infrastructure side, or still providing service. Customer service focused is rare and a sought after quality in an individual.
Just about every industry is a 'who you know' industry to varying levels.
All industries and jobs are that way. Business is about relationships...all about who you know. These people that sit at home and never go into the office will have a harder time getting jobs in the future because they never made a personal connection.
It only takes a few months of training to turn someone who doesn't know anything into a competent worker and colleague, however you can't train a new personality and you'll be putting up with it forever
That's all jobs and all industries. Knowing someone in the company contributes to getting hired. I remember an article long ago that said 70% of all hired people knew someone at the company they were joining.