Getting a job in Cyber Security can be incredibly frustrating, expensive and a lot of hassle. We are always reading that there’s a shortage of people in infosec, but yet every “entry level” role seems to require experience no graduate could possibly have or enterprise technologies a student could not possibly have had the chance to be exposed to (unless of course, you keep a data centre in your parents’ basement). The landscape is changing, having a degree is no longer enough. There are people who have taken other routes such as bootcamps or career changes who have more work experience trying to break through into cyber security.
But how can you get ahead of the curve, what can you do to show organisations that your University has prepared you for the world? I’ve put together resources I’ve found useful in my journey into the security world.
Practice makes perfect!
A key part of ‘experience’ people forget is teaching yourself counts as experience. Learning never stops! The same goes for the cybersecurity world when looking for roles and the same tools you’ve never heard of keep popping up and putting you off applying, learn about them. Utilise free resources like Oracle Virtual Box and start getting into the habit of managing your own virtual servers to test out tools. This will not only get you working more with Ubuntu, CentOS and Kali, it will also give you more in interviews to talk about. My current home setup includes a Raspberry Pi, MacBook Pro and a Windows Laptop which doubles as my Kali box and VM Server. Whenever I come across a new tool, I will always try and replicate the setup at home.
If something goes wrong, you get to troubleshoot and dive into the world of forums of people experiencing the same issues. This is something you can actually mention in an interview:
“Tried installing the ELK stack but I kept coming across the issue of…eventually I solved it by…after researching for X days.” is always a better answer than, “I’ve never come across it.”
This is a great way to show your willingness to learn new technologies and your determination to solve problems. If you are looking for industry standard tools to try out, I use DevOps Bookmarks as my resource for any tools I might be looking to install.
Keeping up-to-date with the going-ons of infosec is important. This is a great way to find new projects but also learn how organisations are dealing with situations.
1. Wired — I read Wired.co.uk every morning, usually has high-level posts on the mainstream stories in Cyber Security. You can add it as a feed to Apple News or Google News. This way any breaking news will be fed through straight to your phone and you can save articles to read at a later time.
2. SC Magazine — Once a week, I get Whitepapers for a more in-depth review of a security revelation. You need an account to access the Whitepapers but it is totally worth it. SC Magazine also offers news but if you are ever trying to get your head around a vulnerability, I always recommend checking SC Magazine to see if there is any papers on the exploits.
3. Malware Bytes Blog — This should’ve been first on my list, as the blog by Malware bytes has an amazing tagline, “We research, you level up!” and it is true on so many levels. For many tests where I may not have the resources to perform at home, Malware Bytes have it covered and will also drop so much information in their posts. A great place to keep up to date with threats. They also do a weekly post titled, “A week in Security” which is perfect to read as a catch up if you’re having a busy week.
4. /R/NetSec— If you ever need to find out what’s really going, R/Netsec is an excellent community to ask questions and find out what is going on within the community on Reddit.
An excellent read on graduate jobs that I recommend reading is by Careers blogger René on “What you should be looking for when looking for a graduate job.” In fact, you should check out her latest post on 5 Career lessons to bring into 2018.
Job hunting on LinkedIn lately seems like a Developer honeypot where every recruiter is looking for .Net, Ruby and Java developers. But somewhere in there, there are excellent recruiters who post regular roles in InfoSec. I’ve found messaging them for opportunities helps build relationships. If you are unsure where to find these people, start joining groups on LinkedIn. You can ask for advice or see recruiters posting roles.
Sending a polite message explaining the role you are looking for, and if they have any open vacancies that match your profile, you would be happy to discuss. This is how I first secured my infosec role, being proactive and communicating with companies.
Cyber Security Jobsite — Having an account here and setting up weekly emails is a great way to find out about roles matching your level. You will find big companies looking for Junior SOC Analysts, Threat Intelligence and sometimes Grad schemes. One of my lecturers told me about this site in my final year, and I’ve had a weekly alert setup since.
Indeed— The Google of all jobs! It crawls most major job boards and the UI is very user-friendly. You can search without making an account and you are also able to set up regular emails about new roles in your area.
Glassdoor — Utilising feedback platforms like Glassdoor during your job hunt is a good way to communicate back with a company and to also check what other people are saying about the company. If you interview for a company, you should give feedback, even if it’s not the desired outcome, it could help the next person. Sounds weird I know, helping someone else get the role you couldn’t get. Well, it’s a cycle, you’ll get to a point where you are researching a role, and stumble upon someone’s feedback that could calm your nerves or potentially tell you more about the company. You are able to research a company through their employee’s anonymous feedback and decide for yourself if you should apply. Some companies have excellent social media presence but when you read what the employees are really saying, it could put you off as some have a terrible work culture.
It is also worth utilising CV checking services offered by Universities and attending any interview seminars or events near you. Practice makes perfect, so any opportunity to improve your interview skills you should be making time for.
A free option worth noting is the Digital Cyber Academy — powered by Immersive Labs. They offer to full or part-time students in the UK, USA, Singapore and Australia free access to their browser-based cyber labs. Lab topics range from:
- Ethical hacking infrastructure
- Threat hunting
- Malware analysis
- Digital forensics & incident response (DFIR)
What makes this site unique is jobs can be unlocked by completing tasks. So the more tasks you complete, the more exposure you get to jobs whilst showcasing your talent through a high score board sorted by University, area and against everyone on the platform.
In 2017, I stumbled upon the awesome @HackerFantastic on Twitter. Co-Founder & Director of @myhackerhouse, a cybersecurity company providing offence security solutions & training. At the time there had an upcoming 4-day Hands-on Hacking course. I tried the practice module and it was really engaging so I got myself a ticket for the Manchester date. Topics covered included:
- Making use of data leaks and open source intelligence
- Identify and exploit widespread vulnerabilities
- Reviewing web applications to find vulnerabilities
- Make use of open-source tools to enhance your system security
- Crack passwords, steal data and understand how hackers target networks
- Hack into networks… ethically, without going to jail
- Learning the tools of the trade used by ethical hackers
7 months later and I am still using the skills learnt in the 4 days including the labs. Whenever I need a refresher course, I have all the material from the course and I can just set up the environment and get to work. 2018 is going to be a big year for them. They’ve recently announced 2 dates in the UK for their in-demand courses in London and I highly recommend students get in touch with the team as they may offer you a student price. Check out their training module and try it out, and if you’re available, try make some of their newest dates!
The tools above have really helped me in my job search but also having a support network of people to look up to and ask questions has really helped. I’m always happy to answer questions or offer advice to anyone looking to break into Cyber Security.