Landing Your First InfoSec Job
Introduction:
Hey! This is a checklist along with an insight of my experiences and my suggestions in securing your first job in cyber security. This contains few tips along the way which I believe can motivate others who want to step into the field of Infosec or is already on the lookout for a job. I know landing the first job is tough but believe me, with a few workarounds anyone can do it easily.
Background:
Going back a few years ago, I opted to do engineering which is kind of like the go-to degree if you have completed your Higher Secondary, in India specifically. I got admission for BTech in Information Technology in a well-known University in Kerala, India. Honestly during my first two years of the course I was just going with the flow, had zero passion towards anything, just wanted to get the course over and done with and get a job in any field that paid well. During my 5th semester, Google Developers group caught my attention, soon enough I decided to join them, mainly for the goodies and free cool stuff. Didn’t take me much time to be drawn into Android application development, along the way I took few crash courses online and made sure I attended every Google Developer meets which frequently happened in my area. I was really slow with learning Android fundamentals, I realized that I wasn’t getting anywhere; and it was hard hitting when I realized of how much more the people I know from the developer group were earning by doing freelance works while I am here sitting and making “Calculator apps”. I met my high school senior on the next GDG meetup, he was at that time working as an Android Developer in a well-known company. Quick chat with him made me realize that if you’re getting nowhere or confused with something, take a break, take time to learn the basics thoroughly. Still if you are having no passion towards it, maybe it’s not the right thing for you.
Now don’t get me wrong here, I don’t intend to demotivate you but if you’re drawn into infosec purely due to the intention to be termed as a “hacker” then maybe, maybe it’s not the right thing for you.
I remember being totally lost in the process of finding which field I’m passionate about. I have a close friend who is a pure-bred Privacy advocate. He suggested me to try out a few courses related to the basics of Computer Security. I didn’t take much time to visit cybrary.it and enrolled for Penetration Testing and Ethical Hacking. Fired up my local Kali VM, tried out some things I learned during the course: jumped to Udemy, enrolled for ‘Ethical hacking from scratch’ by Zaid. This course was really good for me back then because it made me get the whole idea of hacking and securing networks, web applications, it even covered Wi-Fi pen-testing.
Since I was fairly confident of the basics, I decided to take on CEH certification. CEH certification course had practical sessions which further improved my understanding.
Tip 1: Take a beginner level certification CEH, Security + from CompTia or which is considered in the league of beginner level certifications. You will get a better understanding of the basics in security. Make sure you absorb everything from the course and materials. Enroll for everything that’s free, gain knowledge from anything that comes into your vicinity.
Tip 2: Take part in local meetups, book a slot in security conferences like NullCon, OWASP Seasides, Bsides etc. Trust me it’s a part of HR filter.
Application Process:
My college didn’t have placement opportunities for Cyber Security based companies, at least during my placement period. Resume prep is really important. Make a resume that’s clean, nothing fancy and none of those colorful stuff. Keep it professional, be on point, mention anything you have learned or have contributed which is related to computer security, mention the meets you have attended (TIP 2). Don’t be afraid to elaborate on the key points, Eg: if you have taken any certificates, let’s take CEH for reference, mention that during the course you have familiarized with tools like Hydra, Netcat, Wireshark – you name it. Your resume should be such that it points out the juicy stuff you have achieved with respect to cyber security. I personally would suggest you create your resume with latex. Here’s an example of a good latex resume template
https://www.overleaf.com/latex/templates/deedy-cv/bjryvfsjdyxz
Tip 3: Don’t be afraid to apply for jobs you’re unqualified for. Don’t be afraid to send your resumes to the top InfoSec companies. Don’t be afraid of getting rejected, worst thing that can happen is that the employer doesn’t interview you.
Send your resumes to as many infosec companies you find, be it a multinational or a startup. Fire up your resume and send them!
The Interview:
Prepare yourself for the interview, brush up the basics. What your employer expects from you as a fresher is to know the basics; Basics as in understand what’s an exploit, payload, vulnerability, OWASP top 10 (you get the point). Be professional, your language and the way you communicate should be top quality. Make few points to yourself that is not mentioned in your resume, keep those saved for the interview, make your employer impressed that you have more stuff that defines your skill.
Tip 4: Be willing to admit you don’t know – The worst mistake during an interview, according to me, is answering a question that you have no idea of and then that turning out be an answer that undoes all the right answers you said so far.
Tip 5: Be willing to improve yourself – Be clear with the answers you say along with that confidently say that you are willing to improve yourself with the experience that you’ll be earning from the job. Majority of the employers are willing to take a chance on someone, they know everyone must start somewhere.
Tip 6: Keep your social accounts clean. Your employer could do a background check on you: checking your posts online could be one. To be on the safer side keep your political views to yourself. If you find any sensitive topics on your social media, make sure you hide them.
Never lose hope, you might get rejected many times, don’t stop sending resumes until you land on that job you wanted!
Closing Advice:
Always set your goal and stay focused – Set yourself a goal, be it the next big certification you’ve been wanting to earn for a long time, choose a date, start your preparation. No knowledge in this field is invaluable. Whatever you’re learning on the way through your experience will be proven to be valuable somewhere in the future.
Surround yourself with likeminded people – By likeminded people I mean people who share the same passion and interest for security as you. Join a InfoSec community you like, give knowledge to take knowledge.
It’s never too late to transition to InfoSec field if you’re truly passionate about it – One of the questions I was asked a couple of times is “Is now too late to start or switch to InfoSec”. I believe knowledge is gained through your years of experience but more than that I strongly believe your choice to be an infosec professional is what matters the most, want to try make a change to infosec? Take a leap!