NEWS + ADVICE
How to Support Your Cyber Security Job Search
We had the pleasure to attend a fantastic talk at DEF CON’s virtual Career Hacking Village, presented by Alyssa Miller, Application Security Advocate at Snyk. Here are some key insights from Alyssa’s discussion, diving into strategies to help you find a job in cyber security.
If you’ve spent any time looking at headlines in the security community, you’ve heard of the infamous cyber security talent shortage. While the industry continually reports a shortage of professionals to fill security jobs, cyber security job seekers often have trouble finding a job. Alyssa explores this disconnect, offering insight into the underlying challenges and shares what you can do as a job seeker to tackle them, especially if you’re trying to make the transition from another industry into cyber.
Job Search Challenges
On a mission to better understand this problem, Alyssa launched a pair of surveys at the beginning of the year – one targeted at people who had never worked in cyber security before but wanted to get their first job in security, and another targeted at people who are working in security and already have experience.
A key question she asked was, “If you’re searching for a job, how long have you been searching?” For those looking for their first security job, close to three-quarters were searching for three months or longer. And roughly 54% of those already in the industry also took three months or longer to find a job. So the question remains, if we have a talent shortage, why are people having such a hard time finding jobs?
Alyssa suggests, one of the core reasons we struggle to fill security roles comes down to job descriptions. She shared examples of job descriptions that deter job seekers from applying due to unrealistic requirements—for example, an intern level position that requires a degree, CISSP, and a minimum of seven years’ experience. Another area where things fall apart is in the screening process. People will sometimes apply to dozens of positions but never hear back from any.
So how can we improve our odds, get through that initial screening process, and ultimately land a job? Think about the skills you have that apply to the job in question. They may not be obvious, but there’s always a path. Alyssa reminds us that hiring managers, recruiters, and applicant tracking systems may not always see those connections.“It’s up to us as job seekers to help people see what those connections are and justify why it is that we’re coming to this industry to start a career,” says Alyssa. “And why it is that you want us to be your next hire.”
Preparing Your Job Search
Before you start working on your resume and applying to positions, let’s consider some key basics to job search success—knowing what you want to do and building your network.
KNOW WHAT YOU WANT TO DO
The first step to hacking the system and getting your next job starts with you—you need to understand yourself. “Self-analysis is probably one of the most crucial aspects of getting a job in cyber security,” suggests Alyssa. There are numerous opportunities and skillsets within cyber security. It’s not realistic to do it all. You need to self-analyze and understand what it is that interests you in security. So start by narrowing down your interests and determining what you want to do in the field.
BUILD YOUR NETWORK
Once you know what you want to do, it’s time to get out there and start building your network. Alyssa suggests interacting with people on social media if nowhere else—adding that it’s often easier to meet them online first and then find them at conferences later. Keep in mind, building a network isn’t just following a bunch of people on social media and trying to get followers, it’s interacting with them.
Alyssa urges you to get engaged in conversations, ask questions, and offer your own opinions. Twitter is a great place to do this in the security community. You can find the big names in the industry, follow them, and have conversations with them as they post things.
LinkedIn is another place you can engage. It’s not as active from a security perspective and it’s more formal, but it’s beneficial nonetheless. It’s a great resource to look for people in security roles who work at companies you’re interested in. The bottom line here is, be active. “As you start to engage with these people and build relationships, those are people that can help you find opportunities,” says Alyssa.
Writing and Refining Your Resume
As we move on to resumes, an important aspect to consider is applicant tracking systems (ATS). These systems are widely used in the initial screening process to rank resumes before a recruiter or hiring manager sees them. So how do you beat the ATS and avoid your resume being sucked into the ATS black hole? First and foremost, remember it’s a machine.
KEEP YOUR FORMAT SIMPLE
You may feel the urge to make your resume stand out by making it “pretty,” but don’t. Your resume needs to be simply formatted for the best ATS results. Use common fonts like Calibri or Times New Roman—ones that are easy to read. This helps those systems process your resume accurately. Beyond fonts, the format of your resume overall needs to be easy to read. Don’t put pictures or designs in there. Structure it using bullet points and things that an ATS will be able to easily process.
TAILOR YOUR RESUME
Alyssa emphasizes how crucial this next point is – you need to tailor your resume to the job you’re applying to if you’re trying to get hired. You should literally have a separate resume file for each job you apply to. Why? It’s because you need to be looking at keywords that appear in each job description.
What’s most important to them? Work those terms that are ranked highly in the requirements into your resume by mentioning those keywords. You can also look for variations on keywords. Alyssa gives the example of using both “penetration testing” and “ethical hacking” to make sure you’re ticking all of those boxes. Think about how the ATS will be ranking your resume and searching for keywords.
As you work to check those boxes, certifications are often one of them. And this brings up the question of which certification you should get. CISSP is very commonly asked for but Alyssa suggests, “You don’t have to have a CISSP to get a job, just get a cert.” This is important to keep in mind, especially considering there are very few certifications that you can get as an entry-level person.
Alyssa recommends considering the Security+, because it’s one of the cheapest to get, it’s attainable, and it covers a wide breadth of security knowledge without restricting you to one specific area. So get something general that you can check that box with. Having a Security+ more often than not will be looked at as a CISSP equivalent.
Once you’ve made it past the ATS and a recruiter is now looking at your resume, you need to inspire them to pass your resume on to the hiring manager. How? By being memorable. For instance, write a blog or record videos that talk about different security concepts, and link to it in your resume. It doesn’t matter how many people read or watch it—by creating it and putting it out there demonstrates you’re doing something in security, and it makes you memorable.
Think about what you can highlight that makes you unique. For Alyssa it’s the fact that she saved up her money in the late ‘80s to buy her first computer at age 12. She urges you to put those unique stories out there so that when a recruiter reads it, they want to know more about you.
REFINE YOUR RESUME
And finally, refine your resume to sell yourself. Try preparing a one to two minute elevator speech that tells somebody why they should hire you and how you can make their business better. Now go find those things in your resume. If you can’t find them, get revising to make your resume that much stronger.
Crossing the Finish Line
At this point in the process, we’ve moved beyond your resume – a recruiter is calling you! What do you do next?
If a recruiter contacts you and says they’d like to schedule a screening interview, respond back as quickly as you can. Alyssa recommends that you make sure you’re using an email that you check often, because nothing is more frustrating for a recruiter than when they see a candidate they want to bring in but they can’t get that person to return their calls or emails. When you do get that initial screening call be sure to tailor your conversation to the job’s requirements, just as you did in your resume.
WIN THEM OVER WITH PASSION
Then finally the recruiter passes you on to the hiring manager, and they want to know more about you. How do you win them over? Share your passion by being excited about the things you’re talking about. If you built that blog or created those videos, talk about it. Or if you engaged in labs or competitions, share that. It’s something voluntary that you chose to do and it shows your passion for security. So share those things when you talk with the hiring manager.
Job search isn’t easy, but don’t give up. Keep working, use your network, and foster relationships that will help you get there. “Every one of us has a very unique and very different story about how we got here,” says Alyssa. “Understand that concept, that no matter where you’re coming from, there’s a place for you here.”This entry was posted on Friday, September 04, 2020 8:25 pm