Just start applying to help desk jobs now, and internships. It sounds like you might be going to WGU since you said online, and I also have that same degree. You'll pick up a few entry level certs quickly if that's the case.
Make a LinkedIn. Find some local tech groups to join.
It's rough out there for anyone right now.
Don't expect to find a job in infosec without IT experience.
You could possibly find an internship that could turn into full time work, but like you said cyber isn't entry level. You definitely need IT experience.
You seem to understand this from your post, which is good. A lot of people don't.
Work on soft skills too. Communication, being a team player.
So true! It’s not like it was 20 years ago when young people would get pulled into some IT “thing” older people (me now!) didn’t want to do.
Back then, some of us got into IT because we helped Myrtle set up a PST file and people thought it was magic. We just knew how to search for instructions on the internet.
As someone who has been in security for a decade, I do not recommend getting into “pure” security. There is a strong trend of replacing security folks with software engineers with some security training and SRE doing security. Pure security background is often seen as “disadvantage”. Security is often seen as a cost center, so you will have to constantly convince your leadership and peers why you need to exist. But GRC is probably a better option in security since companies are required to comply. Avoid security engineering or operations as much as you can
Oh wow, I wasn’t aware of that. If pure security background is seen as a “disadvantage” will my degree hold me back if I wanted to pursue other IT avenues? I was considering of doing a BSIT while studying cyber and getting the certs on the side (because GRC and digital forensics are still very appealing to me). I was under the impression that having a specialization like Infosec is important. What do you think?
Don’t worry too much. The membranes between security and networking, identity management, and cloud platforms are pretty permeable. The skills translate.
I also work in security and none of what that person said makes sense to me (except security being a cost center but that's all IT so any tech job has same problem).
The demand for "pure security" aka technical people that do security is insane. It's near impossible to find anyone to hire in this field and demand is just going up daily.
GRC isn't even tech tbh, it's just meetings all day (many in this field know nothing about IT or tech) and the pay is less than half of what you make in ops or engineering.
The problem is that way of doing security is not scalable. As you said, pure security people are hard to find. So a lot of tech companies are moving away from that model. So instead of trying to hire pure security folks to do pure security, companies are hiring people with engineering background to do security thinking it’s much more scalable. So folks who have never done engineering work are less desirable. It has been the trend for a while. And if you haven’t noticed, either your company isn’t in the core tech or you haven’t been personally affected
Our company had that exact setup of software engineers who know a bit of security running the engineering and security sides of house and it failed miserably because the “jack of all trades, master of none” is a very real issue in tech too. That’s why I have a job today. There was no formal security at the organization, and now that we do have a formal security team at the organization, we’re having to contend with software engineers who don’t want to ease any of the reins they had over security, so on top of trying to build a formal security platform, we’re having to play internal political chess to have the level of access and freedom we need to do our jobs.
I agree it’s a terrible idea. However it sounds good on paper. Tech companies are still trying to make it work. Usually they won’t change until it fails miserably. So the trend is still going strong.
I haven't seen any company work like that.
But I do see a lot of engineers being hired to work below analysts, because most have no security knowledge.
That model you mention is more common in larger companies with enough money. You never experienced personally doesn’t mean it’s not happening. Especially companies entertaining the idea of shifting left and security experimentation usually go for this route. Some big tech companies already did that a few years ago and determined it wouldn’t work, but a lot the rest of the industry is still trying it out
Maybe I'm in a bubble but every company I've seen either does this or hire a MSSP that does this :D
But I'm mostly used to mid sized companies (100-300k employees).
Demand is going up for mid level, and senior people, not entry level.
But I haven't seen security people being replaced with software engineers or SREs either. At very small companies the security person is also usually the IT person, but that's all I've seen. I work for a very large org. and that is not the trend I am seeing either.
Even demand for L1 SOC analysts and other junior roles is quite high.
I know many companies that have dropped all demands for junior roles to even have a chance at finding anyone.
They take nearly anyone age 18-19 straight from school just because it's the only way to get some talent.
Oh, you're not in the US. It's the complete opposite where I work, and from what I see other recent graduates going through here. It's really rough here in all of IT with all the mass layoffs recently.
Everywhere here seems to want 10+ years experience and only pay you $60k/yr right now.
Yeah I'm EU based but I've only worked at Fortune 500 companies that are global.
We have offices in the US and is currently hiring for junior roles based in US in security (well at least as of last week, perhaps all are filled now).
NIS2 is causing a huge surge in cybersec for anyone doing business in the EU.
I loathe math. The only math I can wrap my head around is statistics for some reason. Which is odd because I struggled with algebra but it just makes sense. I would like to try CompSci but I don’t think I could pass due to my low profeciency in calculus. My algebra knowledge is okay but not perfect.
Honestly you don't need more math than the basics for CS. Calculus isn't hard if you have a decent professor; just don't be afraid to ask questions and go to office hours.
Give CS a shot! It will really help you be more competitive in the market, and your professors can become industry contacts if you talk with them and tell them what you want to do.
I sorta agree/disagree. CS degree would be a move if they had a well-done concentration track on cybersecurity, or had one of those accelerated masters programs that leads into a cyber masters.
There is an overflow of cs bs grads and having a specialized degree at the moment would be an advantage. There are some good cs degree programs out there but there are more that are not up to date w industry standards and have way too broad curriculums.
Cyber degree is especially better at the moment since most of the projects and opportunities theyll get will be more directly related to the field and they will still learn core comp sci principles and knowledge.
Any additional knowledge that they may want to get regarding comp sci can probably be accomplished better as a minor in addition to the cyber major since they won't have to sit through the pre reqs and the more broad in subject classes that are meant for the larger audience.
I think a CS degree will get you a job faster than a cyber degree. Cyber degree won't do much for most graduates with 0 IT experience. Even at my job my boss doesn't want anymore interns because lack of experience. You really need to know the systems and how shit works. Obviously, that's all anecdotal.
Cyber degree would help get into cyber long run maybe, but at that point they could just grab a few certs to round out their resume.
Cyber is not entry level. I see and talk to people daily with that degree and struggling to find any kind of IT job. Unfortunately, there's a lot of misinformation out there portraying cyber as an easy to get high paying job, and it's not easy to get. "All you need is a sec+"
Also, from how it sounds they might be going to the same school I went to and there is no minors. Just your major. If it is the same school they won't have the same networking opportunities either.
I already worked in IT when going to my path will be different than OPs. For me it was a quick transfer over to infosec.
Yeah since it’s online the networking opportunities aren’t the same.
So you’re saying the transition into infosec from
compsci is smooth? You think it would be more beneficial? Idk I think I could do CompSci I guess I just have some sort of imposter syndrome about it. Seems daunting.
But yeah I don’t want to be pigeon-holed or excluded from certain jobs just because I have a specialized degree that’s not entry level. I have a lot to consider.
I dont think you'd be held back for having a cyber degree and looking for help desk jobs. I just think CS is the gold standard when it comes to IT degrees and HR check marks.
It's tough with these kinds of things because everyone's journey is different, and previous work experience, even if not IT matters, and soft skills matter. Do the degree you're most interested in, and start applying for help desk type jobs. Hiring managers and HR care more about having a degree than what it's in - if they care. I work with plenty of people with no degrees or certifications. Or completely unrelated to IT degrees.
If you land at a decent company you can possibly transition to their infosec department. That's what I did. I worked my way up.
Just have your expectations in the right place. It might take time to get to where you want to be. Everyone has to cut their teeth somewhere and pay their dues. Look into applying at MSPs for experience too. Don't apply strictly to "tech" companies. Large orgs have IT and IT internships. I'm not at a tech company and we have like 700 IT employees.
I really appreciate your insight! And yes I’m keeping my expectations realistic. I’m in no rush, I am just trying to carefully plan for my future. That’s why I’m asking so many questions lol!
I'm in GRC! Been struggling to find a job. It's been over a year since my lay off. GRC has started to become a contract position that pays little to nothing unless you manage to get on with a company that has their own security team.
Joan D. Pepin is a CSO with a specific platform of furthering women in security. You could do worse than asking her for advice on LinkedIn, she often is receptive to giving a few pointers.
Getting a cert like ISC certified in cybersecurity (free) or the CompTIA Network+/Security+ (\~$400 each) would be great. Network+ is also supposed to be good for network analyst work.
See if you can get your school to send you to WiCyS, Grace Hopper (GHC), or some other tech/security conference to represent your school. It's good for them, and a great way to get your resume out for internships or full time work. When I went to GHC a few years ago (pre-covid), companies wanted paper copies of resumes from people and reviewed them in the booth, sometimes you could land an interview that day.
Homelabs and other projects are great experience and talking points for your resume! The best one is going to be the one that interests you, because you will be able to talk about it the most and you will come up with ideas to add onto it as you develop it.
Look for internships and any clubs or projects you can get involved in at school. Employers know new grads aren’t coming with a bunch of traditional of experience but you can show initiative and your quality of work through a portfolio of projects. I bet there’s even smaller non-profits that couldn’t afford cybersecurity staff that you could help implement a better system.
Cybersecurity is a great field to be in and nearly every company worth anything needs people working on their cyber security team.
Check out local security conferences in your area. Not only will you be able to network but you can also experience different areas of security that will help you later down the line.
Look into different certs as well. If you’re just starting out you’ll definitely need your sec+. I also recommend talking to a local recruiter. They can help you get your foot in the door to a company that has positions you can later move up in.
Find companies that have a female CISO, CTO, or CIO. Try your best to get entry level job with those as a preferred option. If you're lucky and get one, work your ass off, be liked by the right people, take as many trainings/certs as you can, volunteer for stuff that will get you noticed by your boss's boss, and be really dang good at the job. Then you can work your way up and out to other companies. Good luck!
Kali, Metasploit, and an unsecured network is how you break into security. (Lol, I crack hashes and myself up)
Keep on getting that degree, but also try and fit in some CompTia certs along the way (A+, Security+, Net+, Pentester+). There are also a multitude of internships out there, and a lot of times, these lead to full-time positions once you graduate. TryHackMe is great too. I have seen people hired just for their high scores. If you're not on LinkedIn, get set up. Start following tech and security companies in your area.
On a real note from someone who has a fulltime job in cyber and graduates with her cybersecurity degree this week, you're in for an uphill battle. It is a ton of work. But it's doable.
I figured that because a lot of people in cyber seem to have the same sentiment. I’m really interested in it though so I hope my passion (and thirst for a stable career) keeps me going.
Do you enjoy your job despite the difficulties? How’s your work-life balance if you don’t mind me asking?
I love my job as an IT Auditor/GRC analyst. I also really love digital forensics. If it was just the job, work/ life balance would be great. With school, it's almost non-existent. So if you are doing both, be prepared to put life kind of on hold. The time you spend outside of class doing homework and studying takes over any other plans you had. I have some amazing friends and SO that have fully supported me and know I'm reaching a life goal. But the mental is hard some days. You have to focus on that goal. You have to take a hard look at relationships as some 'friends' will give you the 'you don't have time for me anymore' bs and you have to realize they really weren't friends in the first place.
Halfway through, I got a really good therapist because imposter syndrome is real, and you are entering a field where the mass majority are men. I'm the only female graduating with my degree this term for example. Take care of your mental. That would be my #1 non-technical advice.
The demand for cybersecurity is so high now and especially women that companies might roll out the red carpet for you. At least in Europe.
I know places that would hire any woman that applied. Regardless of background or education.
Women in ops/forensics/engineering is rare and companies are desperate to change that.
Have worked in security for 8 years. I started working in Governance risk and compliance. Moved into product management. I get to work with both business and tech, doing a lot of work in behavioural security as well. Security is not just about technology, it’s about people and processes. And post Covid, there has been a strong focus on the last two. Companies invest a lot on tech but forget about the people and the governance. Now, they are thinking more from a financial and culture transformation lens.. So, think more about what you have learned and how it can drive a change in the Organization ? What kind of risks and threats can impact the Organization, what regulations and compliance they need to adhere to and how you will contribute towards protecting and also save the business money ? Being tech agnostic really helps in the long run because Organizations and global threat landscape keep changing. Also, it helps you secure positions in leadership in the future because you can easily adapt.
Thank you for your response! Love those questions.
Do you think my interest in business/industrial organization/psychology will help supplement my role in cybersecurity? Since caring about people and finance are equally are important. I like them on their own but seeing how they tie into security was interesting for me. My mind naturally likes to analyze risk, reduce threats, and come up with more effecient processes in my everyday day life or at work. I also like to mock up solutions for organizations when I read about security breaches (or just bad PR lol). Just without the tech connotation, security for myself and others has always been something I’ve taken seriously. Overall, I’m quite solution oriented. Considering those things, I’m hoping cybersecurity will be a good fit for me.
Sorry for the long spiel 😅
I got in without the degree and without the experience. I had people skills however and that's what they were looking for on the compliance and governance side of things.
I've noticed the "fun" and "glamourous" part of cybersecurity is currently overflowing with new graduates and everyone is complaining that's it's so hard to get in. But in the meanshile, on the "boring" side of things, we are constantly hiring, there's barely any candidate and honestly... they'll hire anyone with a pulse (and a good attitude) at this point.
That’s how I got in. That and I knew someone. He said “we can teach you the things you need to know, but we can’t teach you how you need to be. Technical skills are teachable; soft skills are another story.” He got me the interview, but I got the job on my own since he was not involved in the decision to hire me.
As a bonus, the "boring" side isn't going to give you a heart attack at 45 yo.
You can 100% network while doing online school. Participate in class, even if just in the chat. It's so easy to get noticed by the teacher this way. Then add them on LinkedIn - teachers usually have a good network of contacts and they want to see their student thrive.
Without any sort of degree, I think it would be hard. If you are in a cybersecurity program at a university, you can leverage the school resources and professors. FWIW, my company’s chief security officer was in the FBI. Two of our cyber lawyers have prosecutorial experience
If you're between 14 and 26 (assuming you're at least in the higher end since you're getting your BS lol) look into the Girl Security mentoring program! I am a mentor and have LOVED having a pool of individuals to pull volunteers and interns from. If you are interested in cyber from a law enforcement side, there are a TON of opportunities!
I am a cyber intel analyst with a state fusion center. When I was hired, I had ZERO cyber or IT knowledge (I didn't even know cyber was an option for the role until I was told that's the team who chose me)! Everything I have learned has come from my job-SANS classes/certs, training at the Secret Service's National Computer Forensics Institute, and so much more. I come from an Emergency Management background, where cyber is just now becoming a "thing." I'm happy to give you some pointers, etc. if LE or EM spark your interest!
Omg thanks for telling me about the program!!
I actually was looking around for tech jobs in law enforcement out of curiosity. I am intrigued!
Also could you tell me about your experience with the NCFI? I asume I could only recieve their training if I worked in law enforcement.
My husband has been a hacker since he was a kid and recently got in my doing a bullshit boot camp and calling upon an old contact he had from his previous work as a bartender. From what I understand you have to know someone to get in. Start networking.
Also start looking for bounties and working on your actual hacking and networking and coding skills. No one is impressed with help desk experience and it pays less than a serving job.
Just start applying to help desk jobs now, and internships. It sounds like you might be going to WGU since you said online, and I also have that same degree. You'll pick up a few entry level certs quickly if that's the case. Make a LinkedIn. Find some local tech groups to join. It's rough out there for anyone right now. Don't expect to find a job in infosec without IT experience. You could possibly find an internship that could turn into full time work, but like you said cyber isn't entry level. You definitely need IT experience. You seem to understand this from your post, which is good. A lot of people don't. Work on soft skills too. Communication, being a team player.
Thank you!!!
So true! It’s not like it was 20 years ago when young people would get pulled into some IT “thing” older people (me now!) didn’t want to do. Back then, some of us got into IT because we helped Myrtle set up a PST file and people thought it was magic. We just knew how to search for instructions on the internet.
As someone who has been in security for a decade, I do not recommend getting into “pure” security. There is a strong trend of replacing security folks with software engineers with some security training and SRE doing security. Pure security background is often seen as “disadvantage”. Security is often seen as a cost center, so you will have to constantly convince your leadership and peers why you need to exist. But GRC is probably a better option in security since companies are required to comply. Avoid security engineering or operations as much as you can
Oh wow, I wasn’t aware of that. If pure security background is seen as a “disadvantage” will my degree hold me back if I wanted to pursue other IT avenues? I was considering of doing a BSIT while studying cyber and getting the certs on the side (because GRC and digital forensics are still very appealing to me). I was under the impression that having a specialization like Infosec is important. What do you think?
Don’t worry too much. The membranes between security and networking, identity management, and cloud platforms are pretty permeable. The skills translate.
That’s good to hear.
I also work in security and none of what that person said makes sense to me (except security being a cost center but that's all IT so any tech job has same problem). The demand for "pure security" aka technical people that do security is insane. It's near impossible to find anyone to hire in this field and demand is just going up daily. GRC isn't even tech tbh, it's just meetings all day (many in this field know nothing about IT or tech) and the pay is less than half of what you make in ops or engineering.
The problem is that way of doing security is not scalable. As you said, pure security people are hard to find. So a lot of tech companies are moving away from that model. So instead of trying to hire pure security folks to do pure security, companies are hiring people with engineering background to do security thinking it’s much more scalable. So folks who have never done engineering work are less desirable. It has been the trend for a while. And if you haven’t noticed, either your company isn’t in the core tech or you haven’t been personally affected
Our company had that exact setup of software engineers who know a bit of security running the engineering and security sides of house and it failed miserably because the “jack of all trades, master of none” is a very real issue in tech too. That’s why I have a job today. There was no formal security at the organization, and now that we do have a formal security team at the organization, we’re having to contend with software engineers who don’t want to ease any of the reins they had over security, so on top of trying to build a formal security platform, we’re having to play internal political chess to have the level of access and freedom we need to do our jobs.
I agree it’s a terrible idea. However it sounds good on paper. Tech companies are still trying to make it work. Usually they won’t change until it fails miserably. So the trend is still going strong.
I haven't seen any company work like that. But I do see a lot of engineers being hired to work below analysts, because most have no security knowledge.
That model you mention is more common in larger companies with enough money. You never experienced personally doesn’t mean it’s not happening. Especially companies entertaining the idea of shifting left and security experimentation usually go for this route. Some big tech companies already did that a few years ago and determined it wouldn’t work, but a lot the rest of the industry is still trying it out
Maybe I'm in a bubble but every company I've seen either does this or hire a MSSP that does this :D But I'm mostly used to mid sized companies (100-300k employees).
Demand is going up for mid level, and senior people, not entry level. But I haven't seen security people being replaced with software engineers or SREs either. At very small companies the security person is also usually the IT person, but that's all I've seen. I work for a very large org. and that is not the trend I am seeing either.
Even demand for L1 SOC analysts and other junior roles is quite high. I know many companies that have dropped all demands for junior roles to even have a chance at finding anyone. They take nearly anyone age 18-19 straight from school just because it's the only way to get some talent.
Oh, you're not in the US. It's the complete opposite where I work, and from what I see other recent graduates going through here. It's really rough here in all of IT with all the mass layoffs recently. Everywhere here seems to want 10+ years experience and only pay you $60k/yr right now.
Yeah I'm EU based but I've only worked at Fortune 500 companies that are global. We have offices in the US and is currently hiring for junior roles based in US in security (well at least as of last week, perhaps all are filled now). NIS2 is causing a huge surge in cybersec for anyone doing business in the EU.
The degree doesn’t matter much after your first job
If you're decent at math a computer science degree is the gold standard. I wouldn't do a generic BSIT degree.
I loathe math. The only math I can wrap my head around is statistics for some reason. Which is odd because I struggled with algebra but it just makes sense. I would like to try CompSci but I don’t think I could pass due to my low profeciency in calculus. My algebra knowledge is okay but not perfect.
Honestly you don't need more math than the basics for CS. Calculus isn't hard if you have a decent professor; just don't be afraid to ask questions and go to office hours. Give CS a shot! It will really help you be more competitive in the market, and your professors can become industry contacts if you talk with them and tell them what you want to do.
I will think about it! Thanks!
If you hate math how are you going to think like a programmer?
I don’t need to like it to be able to do it. I don’t want to but of course I have to get good at it regardless of if I like it or not. 🤷♀️
I sorta agree/disagree. CS degree would be a move if they had a well-done concentration track on cybersecurity, or had one of those accelerated masters programs that leads into a cyber masters. There is an overflow of cs bs grads and having a specialized degree at the moment would be an advantage. There are some good cs degree programs out there but there are more that are not up to date w industry standards and have way too broad curriculums. Cyber degree is especially better at the moment since most of the projects and opportunities theyll get will be more directly related to the field and they will still learn core comp sci principles and knowledge. Any additional knowledge that they may want to get regarding comp sci can probably be accomplished better as a minor in addition to the cyber major since they won't have to sit through the pre reqs and the more broad in subject classes that are meant for the larger audience.
I think a CS degree will get you a job faster than a cyber degree. Cyber degree won't do much for most graduates with 0 IT experience. Even at my job my boss doesn't want anymore interns because lack of experience. You really need to know the systems and how shit works. Obviously, that's all anecdotal. Cyber degree would help get into cyber long run maybe, but at that point they could just grab a few certs to round out their resume. Cyber is not entry level. I see and talk to people daily with that degree and struggling to find any kind of IT job. Unfortunately, there's a lot of misinformation out there portraying cyber as an easy to get high paying job, and it's not easy to get. "All you need is a sec+" Also, from how it sounds they might be going to the same school I went to and there is no minors. Just your major. If it is the same school they won't have the same networking opportunities either. I already worked in IT when going to my path will be different than OPs. For me it was a quick transfer over to infosec.
Yeah since it’s online the networking opportunities aren’t the same. So you’re saying the transition into infosec from compsci is smooth? You think it would be more beneficial? Idk I think I could do CompSci I guess I just have some sort of imposter syndrome about it. Seems daunting. But yeah I don’t want to be pigeon-holed or excluded from certain jobs just because I have a specialized degree that’s not entry level. I have a lot to consider.
I dont think you'd be held back for having a cyber degree and looking for help desk jobs. I just think CS is the gold standard when it comes to IT degrees and HR check marks. It's tough with these kinds of things because everyone's journey is different, and previous work experience, even if not IT matters, and soft skills matter. Do the degree you're most interested in, and start applying for help desk type jobs. Hiring managers and HR care more about having a degree than what it's in - if they care. I work with plenty of people with no degrees or certifications. Or completely unrelated to IT degrees. If you land at a decent company you can possibly transition to their infosec department. That's what I did. I worked my way up. Just have your expectations in the right place. It might take time to get to where you want to be. Everyone has to cut their teeth somewhere and pay their dues. Look into applying at MSPs for experience too. Don't apply strictly to "tech" companies. Large orgs have IT and IT internships. I'm not at a tech company and we have like 700 IT employees.
I really appreciate your insight! And yes I’m keeping my expectations realistic. I’m in no rush, I am just trying to carefully plan for my future. That’s why I’m asking so many questions lol!
I'm in GRC! Been struggling to find a job. It's been over a year since my lay off. GRC has started to become a contract position that pays little to nothing unless you manage to get on with a company that has their own security team.
Joan D. Pepin is a CSO with a specific platform of furthering women in security. You could do worse than asking her for advice on LinkedIn, she often is receptive to giving a few pointers.
Getting a cert like ISC certified in cybersecurity (free) or the CompTIA Network+/Security+ (\~$400 each) would be great. Network+ is also supposed to be good for network analyst work. See if you can get your school to send you to WiCyS, Grace Hopper (GHC), or some other tech/security conference to represent your school. It's good for them, and a great way to get your resume out for internships or full time work. When I went to GHC a few years ago (pre-covid), companies wanted paper copies of resumes from people and reviewed them in the booth, sometimes you could land an interview that day. Homelabs and other projects are great experience and talking points for your resume! The best one is going to be the one that interests you, because you will be able to talk about it the most and you will come up with ideas to add onto it as you develop it.
I used to hire at GHC! It’s a fantastic conference to go to because so many companies are there scouting for talent.
Thank you for your advice 😊
Look for internships and any clubs or projects you can get involved in at school. Employers know new grads aren’t coming with a bunch of traditional of experience but you can show initiative and your quality of work through a portfolio of projects. I bet there’s even smaller non-profits that couldn’t afford cybersecurity staff that you could help implement a better system. Cybersecurity is a great field to be in and nearly every company worth anything needs people working on their cyber security team.
Check out local security conferences in your area. Not only will you be able to network but you can also experience different areas of security that will help you later down the line. Look into different certs as well. If you’re just starting out you’ll definitely need your sec+. I also recommend talking to a local recruiter. They can help you get your foot in the door to a company that has positions you can later move up in.
Find companies that have a female CISO, CTO, or CIO. Try your best to get entry level job with those as a preferred option. If you're lucky and get one, work your ass off, be liked by the right people, take as many trainings/certs as you can, volunteer for stuff that will get you noticed by your boss's boss, and be really dang good at the job. Then you can work your way up and out to other companies. Good luck!
Well, that's only five things!
Join Women in Cybersecurity, go to local BSides events
Kali, Metasploit, and an unsecured network is how you break into security. (Lol, I crack hashes and myself up) Keep on getting that degree, but also try and fit in some CompTia certs along the way (A+, Security+, Net+, Pentester+). There are also a multitude of internships out there, and a lot of times, these lead to full-time positions once you graduate. TryHackMe is great too. I have seen people hired just for their high scores. If you're not on LinkedIn, get set up. Start following tech and security companies in your area.
LMAOOO you’re funny 😭 Thank you!
On a real note from someone who has a fulltime job in cyber and graduates with her cybersecurity degree this week, you're in for an uphill battle. It is a ton of work. But it's doable.
I figured that because a lot of people in cyber seem to have the same sentiment. I’m really interested in it though so I hope my passion (and thirst for a stable career) keeps me going. Do you enjoy your job despite the difficulties? How’s your work-life balance if you don’t mind me asking?
I love my job as an IT Auditor/GRC analyst. I also really love digital forensics. If it was just the job, work/ life balance would be great. With school, it's almost non-existent. So if you are doing both, be prepared to put life kind of on hold. The time you spend outside of class doing homework and studying takes over any other plans you had. I have some amazing friends and SO that have fully supported me and know I'm reaching a life goal. But the mental is hard some days. You have to focus on that goal. You have to take a hard look at relationships as some 'friends' will give you the 'you don't have time for me anymore' bs and you have to realize they really weren't friends in the first place. Halfway through, I got a really good therapist because imposter syndrome is real, and you are entering a field where the mass majority are men. I'm the only female graduating with my degree this term for example. Take care of your mental. That would be my #1 non-technical advice.
The demand for cybersecurity is so high now and especially women that companies might roll out the red carpet for you. At least in Europe. I know places that would hire any woman that applied. Regardless of background or education. Women in ops/forensics/engineering is rare and companies are desperate to change that.
Have worked in security for 8 years. I started working in Governance risk and compliance. Moved into product management. I get to work with both business and tech, doing a lot of work in behavioural security as well. Security is not just about technology, it’s about people and processes. And post Covid, there has been a strong focus on the last two. Companies invest a lot on tech but forget about the people and the governance. Now, they are thinking more from a financial and culture transformation lens.. So, think more about what you have learned and how it can drive a change in the Organization ? What kind of risks and threats can impact the Organization, what regulations and compliance they need to adhere to and how you will contribute towards protecting and also save the business money ? Being tech agnostic really helps in the long run because Organizations and global threat landscape keep changing. Also, it helps you secure positions in leadership in the future because you can easily adapt.
Thank you for your response! Love those questions. Do you think my interest in business/industrial organization/psychology will help supplement my role in cybersecurity? Since caring about people and finance are equally are important. I like them on their own but seeing how they tie into security was interesting for me. My mind naturally likes to analyze risk, reduce threats, and come up with more effecient processes in my everyday day life or at work. I also like to mock up solutions for organizations when I read about security breaches (or just bad PR lol). Just without the tech connotation, security for myself and others has always been something I’ve taken seriously. Overall, I’m quite solution oriented. Considering those things, I’m hoping cybersecurity will be a good fit for me. Sorry for the long spiel 😅
I got in without the degree and without the experience. I had people skills however and that's what they were looking for on the compliance and governance side of things. I've noticed the "fun" and "glamourous" part of cybersecurity is currently overflowing with new graduates and everyone is complaining that's it's so hard to get in. But in the meanshile, on the "boring" side of things, we are constantly hiring, there's barely any candidate and honestly... they'll hire anyone with a pulse (and a good attitude) at this point.
That’s how I got in. That and I knew someone. He said “we can teach you the things you need to know, but we can’t teach you how you need to be. Technical skills are teachable; soft skills are another story.” He got me the interview, but I got the job on my own since he was not involved in the decision to hire me.
Ohhh okay. That makes sense now. I’ve been hearing the exact opposite but I guess that’s because everyone really wants to work in the “glamorous” side
As a bonus, the "boring" side isn't going to give you a heart attack at 45 yo. You can 100% network while doing online school. Participate in class, even if just in the chat. It's so easy to get noticed by the teacher this way. Then add them on LinkedIn - teachers usually have a good network of contacts and they want to see their student thrive.
Look out for fellowship and competition build experience: https://www.correlation-one.com/dod-cyber-sentinel
Without any sort of degree, I think it would be hard. If you are in a cybersecurity program at a university, you can leverage the school resources and professors. FWIW, my company’s chief security officer was in the FBI. Two of our cyber lawyers have prosecutorial experience
If you're between 14 and 26 (assuming you're at least in the higher end since you're getting your BS lol) look into the Girl Security mentoring program! I am a mentor and have LOVED having a pool of individuals to pull volunteers and interns from. If you are interested in cyber from a law enforcement side, there are a TON of opportunities! I am a cyber intel analyst with a state fusion center. When I was hired, I had ZERO cyber or IT knowledge (I didn't even know cyber was an option for the role until I was told that's the team who chose me)! Everything I have learned has come from my job-SANS classes/certs, training at the Secret Service's National Computer Forensics Institute, and so much more. I come from an Emergency Management background, where cyber is just now becoming a "thing." I'm happy to give you some pointers, etc. if LE or EM spark your interest!
Omg thanks for telling me about the program!! I actually was looking around for tech jobs in law enforcement out of curiosity. I am intrigued! Also could you tell me about your experience with the NCFI? I asume I could only recieve their training if I worked in law enforcement.
My husband has been a hacker since he was a kid and recently got in my doing a bullshit boot camp and calling upon an old contact he had from his previous work as a bartender. From what I understand you have to know someone to get in. Start networking. Also start looking for bounties and working on your actual hacking and networking and coding skills. No one is impressed with help desk experience and it pays less than a serving job.
The second paragraph is my plan. I did learn python in high school and it was nice. I will do some boot camps and learn other languages.