I was watching some VinWiki stories on YouTube when I came across a career nugget that I think is worth repeating on this sub. For every person who dreams of a job in cybersecurity, I think the way Ed lays out preparing for a dream job in this video is very applicable to the IT/Cyber space.
If you don’t want to watch the video, the summary follows:
When you have a dream job in mind, learn the specifics of that role and start building your resume to match that role. Your ability to gain your preferred job is likely going to be a lot more than accrue X amount of experience, have X job, or X educational background. It’ll come down to the practical experience you have that pertains to the job and the way you handle yourself as a person. You may have to take jobs you don’t care for to build that resume, but in the end you put yourself into the position of being the perfect candidate for the perfect job down the road.
Now, obviously, he’s talking about car careers (it’s a car channel), but I love how he talks about building your experience so you can fit the role that you want down the road.
With that said, I want to tackle a few common items that appear on this sub.
**Certs, Degrees, Networking or Experience?**
These totally depend on your unique situation, your unique network, and the unique dream that you have. Getting a certificate in penetration testing when you want to be in Risk and Compliance may not be as valuable. Getting your CISSP/CISM when you would rather be an individual contributor is not that beneficial. Getting a degree when you already have an in to build experience will have diminished returns. Not having a degree will make getting in the door to start very difficult and may be required if your life profile didn’t roll good networking and luck stats.
Personally, I avoided school because the thought of having thousands of dollars in debt scared the crap out of me. Due to some of the struggles I had between jobs, I still ended up with some debt to cover the bills when my employment couldn’t. I also lacked certificates, so I had to use the opportunities I was given at entry level IT jobs to build up general IT experience, development experience. My first IT job was a lab proctor for an energy company, my next was a technical support for a software development company.
Ultimately, it was my wife’s network which got me into an entry firewall engineer position at UHG which started my career. I am still thankful for all the wonderful people there who helped grow me into the person I am today. I did have to market myself, and was in fact turned down for the job originally. Later on, they came and offered me a contract to hire role because I could talk to them about the technology and I had the right soft skills for the role. Within six months of hire, they doubled my salary and converted me to full time leading their enterprise wide deployment of smart cards.
**How do I get into cyber security?**
This question is actually really irritating. It’s like asking “How do I get into politics?” without knowing anything about government structure, roles, and responsibilities. Cybersecurity is a HUGE and VARIED field. The types of job run from no-code governance roles to developing bleeding edge hardware/software systems around the world. What I highly recommend is that you ask a more specific question like “How did I get into this specific niche?” especially after you have done the appropriate research on what the specifics are of the job you want to have. Reddit cannot tell what you want to do with your life, we can only (at best) point you in the right direction when given a clear intention.
**How do you <basic concept of cybersecurity>?**
Most of these posts are low quality and indicate that the OP hasn’t put in the time to research their issue on their own. I would rather see a poster who lays out clearly what the issue is, what they’ve tried, and where they are specifically getting hung up. A better way to go about asking is “I googled <subject> and read this article and got confused about <topic>, can someone explain this better?” As someone who hires IT/Security staff regularly, it is a MASSIVE RED FLAG when someone wants to be in the field and can’t even figure out how to use google.
**I don’t want a help desk job, help!**
Job titles are very silly in practice, though helpful in theory. If I told you my job Title “Director of Product Development”, you’d probably not come close to guessing 80% of my workload. The reason titles are silly is that 1-5 words are unlikely to fully describe responsibilities, opportunities, skills, and culture. Rather than finding a job that has a pleasing title, find a job that allows you to grow in areas you want to grow, with a team that you can tolerate, and make the most of it. I’ve never worked within the scope of my job title and have been rewarded (mostly) for expanding beyond that scope time and time again.
~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ -~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ – ~ –
Finally, when it comes to your career, it’s about understanding your value, opportunities, and being able to make decisions. My dad was in IT for 20 years before I started my career, and I’ve pretty much done everything wrong based on the decision processes he follows for his path. He has been incredibly successful in his career, but so have I despite taking very different approaches. He worked his way up the chain of some good companies and took opportunities as they came. I sought out opportunities and was OK changing organizations and taking risks to get to my goals. We are both respective experts in our areas of operations and even have healthy debates (I’m in security, he’s in operations).
So keep dreaming and also start taking your opportunities today that will bring you to your dreams tomorrow. It might be days/months/years before your dream realizes, but it’ll come eons sooner than waiting for the dream to fall into your lap. Every opportunity that I have said yes to in the past, has made me uniquely qualified for the role I have today and I would not go back and say no to the experiences I had.