So do you want to be the very best? Like no one ever was in... Cyber Security?
Or are you just really curious about one of the largest growing fields in Information Technology and career fields overall?
Great!
Whether you want to be Red Team, Blue Team, Purple Team, or whatever -
You are in the right place. Check out my "About me" if you are curious about who I am and
my background. Now let's get into how YOU can gain entry into the world of IT and Cyber Security.
My blog will always offer two things:
- A quick 5 minute read on Cyber Security Tips and Tricks on how to improve yourself and your resume to get a Cyber Security career.
- An in-depth blog, How to Master Yourself to get a Cyber Career
5 Minute Read: Cyber Security Tips and Tricks
1. No matter the experience or age, there is room for you in Cyber.
The key to this is understanding your experience levels within IT and Cyber. Whether you are just transitioning, entry-level, mid-level, senior, or executive. No matter what that level is I promise you that there is a position for you within the Cyber field if you are motivated!
2. Find a Cyber Mentor or Peer Group to assist you!
Very few people in the Cyber Security field got to where they are today on their own.
Find a mentor or peer group that works for you and your style. I joined VetSec (#2 on my InfoSec & Veteran Resources page). It was extremely helpful. They assisted me with resume reviews and thoughtful discussions on various Cyber Security work roles. The key takeaway: find a mentor or a group that works for you and your Cyber needs!
3. Get Your Resume reviewed as often as possible by Peers or Mentors.
Cyber Security is a unique field and it is important to have an on point resume.
No graphics, no excessive lines, and it needs to be thorough, yet easy to digest.
An excellent example resume I received from a fellow cyber professional can be found here. This resume style works because it does not break ATS software, which is used to process resumes before a human person ever reads it. If you need assistance with your resume, you can reach out to me, your mentor, or peer groups.
4. Research all the work roles in Cyber! Then pick one for YOU.
Cyber Security is a massive field, so you will need to figure out what you want to do in Cyber on your own. There are a lot more positions - more than you can even begin to imagine. Do your own research on the various work roles and ask your mentor or your peer group for more information on those positions. Look at job postings to compare what "Company A" calls their Cyber Security positions versus "Company B," etc. There is just too much to go over regarding the various Cyber Security positions so check out my full blog below when you have more time.
5. Cyber Security is about passion and drive, so always showcase this!
The best way to showcase this is to take up hobbies, projects, and more related to Cyber Security, e.g. TryHackMe, HackTheBox, RangeForce, Blue Team Labs Online,
or build custom home projects related to IT and Cyber!
Then PUT THEM ON YOUR RESUME!!
This is the end of the 5 Minute Read: Cyber Security Tips and Tricks
Continue reading below for even more in-depth answers.
How to Master Yourself to get a Cyber Career
Cyber Security is a very interesting and diverse field with a wide variety of work roles and levels of difficulty. So it is completely understandable that you would be interested in this field. There are unique challenges in Cyber that no other field has and it is the fastest growing field worldwide.
THAT BEING SAID: There are many things to accomplish to start applying for Cyber Security positions. This full blog will go more in-depth on the topics I previously discussed in my 5 Minute blog read.
1. No matter the experience or age, there is room for you in Cyber.
If you are new to Information Technology or Cyber, you may have heard of some troubling phrases like:
- Imposter Syndrome: feeling as if you do not belong or are not good enough to be in Cyber
- Gatekeeping: feeling like you are purposefully kept out of Cyber opportunities
- Gatekeepers: individuals who act pretentious around the Cyber Security field to keep others out by making them feel less than their worth.
- Paper Chaser: feeling targeted for getting education or certifications to qualify for jobs
Do not let what others say get to you. Anyone with the right passion and drive can get into Cyber. However, it is important to understand these terms so you can understand these feelings are commonplace, not just targeted towards those new to Cyber.
Do not be bogged down by Imposter Syndrome because (newsflash):
1. Imposter Syndrome is extremely common among IT and Cyber personnel.
2. Feeling like an imposter never goes away, you just have to keep working on yourself!
Do not waste time looking at what someone has or has done with their life and career. You just need to focus on yourself! Do what you think is best for you and understand that you will get better at Cyber Security.
Do not get bogged down by Gatekeeping and Gatekeepers. If you run into individuals (whether it be a company, recruiter, HR person, interviewer, or peer in Cyber) who act this way, simply cut them out of your life and move on. A company that gatekeeps a field is more likely not a company worth working for.
It is important to note that there is a difference between gatekeeping and not being qualified for a position. Suppose you apply to a Cyber Security position and do not get the job due to not having the right qualifications. In that case, this is not gatekeeping - it just means you need to work on yourself a bit more before going after that type of position. Or maybe you need to refocus your efforts towards positions that do not require as many complex qualifications. This is not gatekeeping. Gatekeeping is when you are being put down or kept from positions because SOMEONE ELSE believes YOU are less than your worth or they overvalue a work role you applied for.
A great example of general gatekeeping in Cyber is positioning that requires CISSP (or other highly rated, highly sought-after certifications) FOR ENTRY-LEVEL OR MID-LEVEL POSITIONS. In my opinion, this needs to change in the culture of IT and Cyber, but that is a rant for another blog. Additionally, see this hilarious meme below for another great example of gatekeeping.
The last point is the topic of "Paper Chasers" - those individuals who appear to collect a lot of IT and Cyber education or industry certifications just for the sake of collecting them or solely to "appear" qualified for a job when they may not be as qualified. This is simply another form of gatekeeping and bullying. The reality is in order to be successful in IT and Cyber you must do a lot whatever you can and continue to do as much of that thing as you can to increase your knowledge and talents. Whether that being education, IT certifications, TryHackMe, HackTheBox, RangeForce, Blue Team Labs, YouTube, Udemy, etc. whatever sources you use to increase your skills and understanding - it does not matter as long as YOU the learner are getting something out of that training.
There may be people out in the world that really are Paper Chasers that are just trying to fake it until they make, but so what? Either they will fail and face those consequences or they will continue to learn a lot of different things until they find their place in IT and Cyber. In both outcomes they will learn and continue to grow and that is their business. So the point is YOU as a future Cyber Security professional should focus on yourself, what learning works for you, and keep progressing because no matter how you learn, it will eventually pay off.
You need to understand that no matter what your understanding or experience levels are within IT and Cyber, whether you are just transitioning, entry-level, mid-level, senior, or executive - there is a place for you here in Cyber and do not let anyone else tell you otherwise!
2. Find a Cyber Mentor or Peer Group to assist you!
Very few people in the Cyber Security field got to where they are today on their own.
Cyber Security is a CHALLENGING FIELD. I am not trying to scare you, but it will take work and time if you are transitioning from another field - even another IT field. Getting help from others in the Cyber Security field will greatly increase your chances of landing a successful and fulfilling Cyber work role.
I joined VetSec and OperationCode (#2 and #3 on my InfoSec & Veteran Resources page). It was extremely helpful. They assisted me with resume reviews and thought discussions on various Cyber Security work roles. The communities are not just for resume help, but they can also assist you in your job search, help you understand the various Cyber work roles, and even tell you about various companies you are looking to apply to. If you are a Veteran, I highly encourage you to check out VetSec and OperationCode.
If you are not a veteran, but are making a career transition to Cyber, do not fret! There are a lot of resources and communities out there that can assist you. There are too many resources to just name them all. I will however post the links to some of the Discord channels I have joined and recommend:
INFOSEC PREP: https://discord.gg/RRgKaep
Infosec Prep is exactly what it sounds like and more! Offers preparation help and resources for all sorts of IT and Cyber content.
CERTIFICATION STATION: https://discord.gg/certstation
Certification Station is a great discord with an INSANE amount of rooms and content. Almost 19K people are collaborating to help each other!
UNOFFICIAL RANGEFORCE STATION: https://discord.gg/ZY4ty2QjkQ
RangeForce is one of the previous web-based, education and training platforms I mentioned earlier in this blog. It offers a wide variety of IT and Cyber challenges similar to capture the flag style or SANS NetWars events. They are real challenges for entry-level Cyber Professionals to the most hardcore hackers and blue teamers.
Rangeforce Link: https://www.rangeforce.com/
BLACK HILLS INFORMATION SECURITY: https://discord.gg/bhis
Black Hills Information Security is an American-based Cyber Security and Penetration testing company. They also host an outstanding Discord with a lot of great resources.
Black Hills Information Security: https://www.blackhillsinfosec.com/
CYBER MENTOR DOJO: https://discord.gg/Qvv9YYJb
Cyber Mentor Dojo is a website built to connect cyber professionals looking for mentorship from other Cyber Professionals. I am a little biased on this one as I am on Cyber Mentor Dojo as a mentor and you can even request me! Great community, and it is mostly UK based. Also my #1 resource on my InfoSec & Veteran Resources page. Go check it out!
KEY TAKEAWAY: I could go on but the point is.... find a mentor or a group that works for you and your Cyber needs!
3. Get your Resume reviewed as often as possible by Peers or Mentors.
Cyber Security is a unique field and it is important to have an on point resume.
No graphics, no excessive lines, and it needs to be thorough yet easy to digest.
To clarify this further, most resumes in Cyber follow a particular format to achieve the best readability and ease of processing when applying for jobs. An excellent example resume that I received can be found here.
The reason this resume style works is that it does not break ATS software used to process resumes before a human person ever reads it. It also uses very few lines, no graphics, and follows an organizational format that makes sense to the reader.
Specifically Cyber Professionals have come to an agreement on several key sections to include on a well-written Cyber Resume. The sections are as follows:
- Personal Information:
Your header with your Name, Location, Contact Info with LinkedIn, clearance (for military/federal), and availability date. I also recommend putting if you are interested in relocation.
- Professional Summary or Career Summary:
This section is essentially your "elevator pitch" that briefly describes you, your background, and what types of positions you are looking for.
- Technical Summary:
This is where you go in depth, albeit briefly, to DIRECTLY state what security tools you use, what programming languages you know, what operating systems and cloud environments you have worked with, etc. This showcases your technical skills and allows you to name all the products you know well enough that you can speak to if asked.
- Work Experience / Career Experience / Professional Experience, etc.:
This section contains all of your current and prior work experience, what jobs you have had, where and when you have these jobs, and a BRIEF description of that job. The key to this section is to avoid useless words and phrases like "responsible for," "managed," "led," or things of that nature because they do nothing to tell the reader what you actually did when you held that job. You can go into detail on impressive things that you did at that job while still keeping it brief or in bullet points. INCLUDE ALL JOBS even ones not related to IT or Cyber. Having at least some work history is significantly better than having no work history at all. If you are young with little or no work history, that is fine! You can skip the work experience section and focus on other sections.
- Education:
This section is straightforward and written similarly to your Work Experience section. You put all your education information here: what schools you attend, what degrees you achieved, number of credits or a statement that says "In Progress" if you are still attending that school, and the subject or field you are learning. KEEP IT BRIEF.
- Certifications & Trainings:
This is a unique section to IT and Cyber. I recommend separating it from Education because oftentimes certifications, bootcamps, and IT trainings carry more weight with recruiters and HR managers than traditional education. You specify the training or certification and you can include the date you earned that training or certification, but dates are not necessary.
- Projects & Additional Information
This is the final section and this is where you as the Cyber Professional and job seeker can have some fun! You get into describing the things you are passionate about, any IT or Cyber conventions you have attended, and any other extracurricular activities or home projects you like to do in your free time. Hiring managers, recruiters, and future employers really love this section and it allows you to not only shine, but make yourself feel more human to the reader.
And that is it! See the resume example here to understand in-depth what you should put in these sections and how to design your Cyber Resume. If you need assistance with your resume, you can reach out to me, your mentor, or peer groups.
4. Research all the work roles in Cyber! Then pick one for YOU.
Cyber Security is a massive field, so YOU will need to figure out what you want to do in Cyber on your own. There are a lot more positions than you can even begin to imagine. To make matters even more challenging, some organizations call their Cyber positions by different names even though they may be the same work role.
Here is a list based on my experience in the field, positions I have in the field, or directly worked with:
Cyber Security Analyst (CSA):
A Cyber Security Analyst is an individual who uses a variety of security tools, like IDS tools, IPS tools, Firewalls, or SIEMs, to protect an organization from Cyber Threats. The difference between a Cyber Security Analyst and a Security Operations Center (SOC) Analyst is the most popular question when you are investigating different Cyber positions. A Cyber Security Analyst may work for a small Cyber Security team, but typically is not a part of a SOC. This may be because the organization does not have a SOC in house and/or they outsource their security operations to a Managed Security Services Provider (MSSP). One key difference is a Cyber Security Analyst can be a contractor that works for an MSSP or a third party (like Deloitte or Perspecta, to name a few) and can assist many different organizations. One downside to being a Cyber Security Analyst is that if you are a contractor, you get called in to assist in Incident Response, but you may not get to participate in the entire process or even see the successful resolution to an incident. If you are a contractor, you are entirely at the discretion of the organization you work for. You may also do a lot of Risk Management, Incident Handling, and Incident Reporting, based on what you get called into work on.
Source: CompTIA and me, a prior CSA
Security Operations Center (SOC) Analyst:
A SOC Analyst is someone who works for the security operations center of their organization. They use various security tools like IDS tools, IPS tools, SIEMs, Firewalls, etc to defend their company and its assets from cyber threats - much like a Cyber Security Analyst. However a SOC Analyst has a dedicated operations center that is entirely focused on security. Often SOC Analysts will work in 8 or 12-hour shifts depending on the number of SOC Analysts and the organization's size. A SOC Analyst is what the majority of people think of when they think of Cyber Security work - hands deep in the nitty-gritty of investigating events to see if they are actually security incidents or if they are false positives from their tools. There are also three Tiers of SOC Analyst, with varying levels of responsibility for incident handling. SOC Tier I is triage, SOC II is investigation, SOC III is threat hunting, and above SOC III is a SOC Manager for the organization. THIS MAY VARY based on your organization.
Cyber Security Engineer (CSE):
A CSE is a subject matter expert (SME) when it comes to Cyber Security tools and deployment. They are already familiar with network and security concepts and probably spent a lot of time as a Cyber Security Analyst and/or Security Administrator. They will recommend what security tools to buy to use on networks and then assist in the tool's deployment. This position can go by different names depending on the organization's IT or Cyber structure. I have also seen these titles, but with the same responsibilities as a Cyber Security Engineer: Information Security Engineer, Security Architect, InfoSec Principal or Administrator.
Source: CyberSecurityOrg
Cyber Threat Hunter:
What do you do if you are afraid that your organization has been compromised, but you just have not found the incident yet OR WORSE your tools missed the malware? This is where a Cyber Threat Hunter comes in. They use similar security tools to Cyber Security Analysts and SOC Analysts. However their responsibilities are not dealing with current or ongoing incidents, but trying to track down artifacts and evidence that an incident or compromise that we do not know about yet has happened. Cyber Threat Intel Analysts often assist Cyber Threat Hunters in finding and using Indicators of Compromise (IOCs) to hunt for evidence of a compromise on an organizations' networks. Exciting field, Threat Hunters typically are also considered SMEs on the tools they use.
Source: crowdstrike, and Me, a prior Cyber Threat Hunter
Cyber Threat Intelligence (CTI) Analyst:
Cyber Security Analysts and Threat Hunters are fantastic to have, but what if your organization wants to plan even FURTHER ahead in their timelines or fiscal years for the potentiality of a major cyber attack? This is where CTI Analysts do their work. First, CTIs will perform extensive research on Advanced Persistent Threats (APTs), Threat Actors, Cyber Criminals, Malware, Attack Vectors, Vulnerabilities, and much more. Then CTIs will present all this intel to a variety of stakeholders in the organization. Cyber Threat Intel will directly support the other Cyber Teams, especially Threat Hunting, Vulnerability Management, and Incident Response teams. Cyber Threat Intel is typically categorized into Strategic (long term), Operational (Midterm), and Tactical (technical, short term).
Source: TheBalanceCareers, Me, since I am currently a CTI lol
Vulnerability Management (Vuln MGMT):
Vulnerability Management can be considered a traditional IT role or a Cyber role depending on the responsibilities, however Vuln MGMT is basically an engineer responsible for tracking Common Vulnerabilities and Exposures (CVEs) in a network and how to remediate that CVE in a reasonable and timely manner. In addition, they do extensive research on patch management and CVEs to stay up-to-date on their network.
Digital Forensics (DF):
Digital Forensics is the field of analyzing an incident, malware, or other artifacts following an incident. This analysis can be static or dynamic in nature and uses very specific tools, setups, and operating systems in order to safely analyze malware to learn more about what that software does. Digital Forensics is typically synonymous with eDiscovery and often works with the Incident Response process. However, Digital Forensics experts typically do more than the eDiscovery analysts. DF Experts will be responsible for directly analyzing the malware to understand it and provide deeper analysis. This role is sometimes simply called "DFIR."
Source: LBMC Blog
eDiscovery:
Unlike DF experts, eDiscovery analysts typically are more hands-on in the initial stages of collecting and processing the information that is gathered from an event or incident. Chain of Custody and the importance of getting the information to litigators for Cyber Crime is essential for eDiscovery analysts. They also work closely with DFIR teams.
Source: LBMC Blog
Incident Response (IR):
Incident Responders can be synonymous with Cyber Security Analysts or SOC Analysts as they often are using the same security tools. However their sole duty is assisting in responding to a cyber-attack. They do the reporting, documenting, collecting, and initial analysis. Then they hand off processing of the intel and incident to others like the DF teams.
Digital Forensics Incident Response (DFIR):
DFIR is the culmination of both work roles into one team to facilitate ease of collection and to reduce data and intel loss. Investigation, collection, and processing of incidents and malware is a collaborative effort.
Cyber Support Incident Response Team (CSIRT) and Computer Emergency Response Team (CERT):
These two acronyms are essential terms for Incident Response teams, depending on your organization. Government organizations will use these terms to describe their IR or DFIR Teams.
Cyber Threat Investigator / Handler:
A different kind of CTI than Cyber Threat Intelligence. A Cyber Threat Investigator is typically an outside consultant that is well-versed in DFIR and Threat Hunting. Usually, it is one person or a small team that comes in to assist organizations with cyber attack investigations.
Cyber Threat Investigators may also perform some basic eDiscovery and DFIR. They also often work with government agencies and law enforcement agencies.
RED TEAM ROLES
Penetration Tester (Pentester):
A red team role whose sole responsibility is to think like Threat Actors and attempt to penetrate networks. This is accomplished through legal work orders like Service Level Agreements (SLAs) or other work orders. The entire scope of the penetration test is laid out and practiced. A Pentester can be a consultant who works for an external organizations (e.g., Deloitte, Perspecta, Black Hills, and many more) or works directly for the organization they pentest in their Cyber Security department.
Red Teamer:
Another term synonymous with Pentester, a Red Teamer is a pentester who works with a team to do everything from pentests, vulnerability tests, physical security tests, OSINT and more.
Purple Teamer:
More often associated with Red Team, the Purple Teamer is the best of both Red and Blue team concepts. They will perform everything from pentests, vulnerability tests, physical security tests, OSINT like a red teamer to investigating incidents and writing reports on incidents like a Blue Teamer. They are SMEs on all things Red and Blue team.
THERE ARE SO MANY MORE POSITIONS I have not even covered. So, get out there, do your own research, and find something that interests you!
5. Cyber Security is about passion and drive, so always showcase this!
The two biggest challenges I have found when working with mentees new to Cyber or individuals transitioning from IT to Cyber are:
1. People underestimate their worth and strengths
2. People do not think things that they have accomplished are relevant to Cyber
To overcome the first obstacle of underestimating your worth, you have to evaluate your strengths and weaknesses in the Cyber field. It is okay to acknowledge that you may not know everything, but what you do not want to do is be self-deprecating. No one wants to listen to someone repeatedly say how inexperienced you are in the Cyber field - as long as your resume is accurate, it will reflect your strengths and weaknesses for you. Here are some more tips to improve your resume and interview process:
DO NOT OVERSHARE INFORMATION. Speak about what you have done, your experiences, and your strengths. Your weaknesses should be basically anything that is not on your resume. You should be speaking about what is in your resume, not going into detail about all the things you do not know. It makes you sound less qualified than you actually are and it makes you sound less confident in the things you are probably really good at.
If you cannot speak to something intelligently, then do not put it on your resume. This will allow you to focus on what you are good at, what you enjoy about Cyber, and what you are passionate about in this field. It does not hurt your chances on getting a Cyber position to focus your resume on your strengths. And if a recruiter, interviewer, or Human Resources manager wants to know something that is not on your resume, they will ask you directly about that topic.
To be clear ANY Information Technology experience, background, education, or certifications are a great way to jumpstart your Cyber Career. Whether you did IT in the Military, IT Helpdesk for the private sector, or you were a master at HTML on Myspace when you were 10 years old - any experience relevant to IT can be helpful when transitioning to Cyber. The key is being able to speak about your experiences and be confident. This can be a challenge for a lot of people. I am not a mental health professional, but what I have found that helps me is repetition for a given task. This includes talking about yourself whether it is your elevator pitch, speaking about your IT experience, or things you are passionate about. Repeating a task and training yourself to be able to speak about yourself in a way that does not sound aggressive or overconfident will greatly help you write your resume and during interviews.
The next bit of advice will seem extremely simple, but it may surprise you to know that not a lot of people do this - Put your Projects, Conventions you attended or presented at, and Hobbies on your resume!
The best way to showcase your passion in Cyber Security is to take up hobbies, IT projects, attend Cyber Conventions, and do training content related to Cyber Security (TryHackMe, HackTheBox, RangeForce, Blue Team Labs Online), and then PUT THEM ON YOUR RESUME!!
Everything you do in Cyber is relevant to your learning and growth. Future employers want to know what it is that you do to pursue your passion and continuing education in the field. So if it is relevant to Cyber, put it on your resume under the Projects and Additional Information section!
---------------------------------------------------------------------------------------------------------------------------
And that is it! If you made it this far in the blog, congratulations! You are well on your way to starting or boosting your Cyber Security career. As always, if you have any questions, feel free to reach out to me on my socials; I am available for Cyber Mentorship!
So, thanks for stopping and let me know if you have any questions!
Stay Safe, Stay Cyber!
Commenti