Beginner's Guide to Cyber: Certifications and Standing Out in Job Searches
I was listening to a Job Fair for IT and Cyber professionals yesterday (remember, the best time to find a job is when you have one) and a comment from a panelist caught my ear. A participant asked what the best way to stand out in the Cyber industry is and the panelist (a developer) started prattling off certifications like C|EH, CISSP, and some advanced cloud certifications. This irked me for two reasons:
A. The audience has almost no experience in Cybersecurity, mainly being transitioning service members.
B. These certifications are too advanced and too expensive for beginners to attempt just because.
So, I figured I would do my best to give my two cents as to what people should try to do to stand out when trying to get jobs. If you haven't seen my flowchart for getting into cybersecurity, look here, but this will be similar to that.
Education:
Most jobs will require a Bachelor's. I HIGHLY recommend getting one. There are ways to cut the costs of education and it will likely be a requirement for many of the jobs you will apply for.
Certifications:
Certifications are a great way to show knowledge in a certain aspect of security. Paul Jerimy has a great list of certifications for different subcategories of security and who their target audience is. For me, I would recommend certifications like BTL1, Security+, and Network+. These will give you a foundation of knowledge in security and networking as well as have some industry recognition without being outlandishly expensive.
Projects:
Having projects on your resume is a great way to show what you have been working on. If you dabble in TryHackMe or HackTheBox in your spare time, this is a great place to put it. List your current virtual machine setup and what you practice on. (Guide on setting up a cyber range coming soon) This tells recruiters that you do in fact care about security and are interested in learning more instead of just being a warm body to fill a chair for a solid paycheck. (We call this the "Give a shit factor")
Industry Involvement
Adding on to the "warm body" comment, being intertwined with the industry is a great way to help boost your recognition and help with your networking. List any groups you are a part of and your position (volunteer, attendee for events, etc). This helps tell recruiters that you invest time in learning more from others and probably aren't too shabby at representing the company at industry events. You can even add competitive events you have participated in like competitions. Some good ones would be your local DefCon chapter, any B-Sides attendance, or if you have a solid ranking in your local King of the Hill.
In summary, standing out in the cybersecurity industry isn’t about chasing the most prestigious certifications right off the bat. It’s about building a strong foundation, demonstrating your commitment through tangible projects, and actively engaging with the community. For those transitioning into the field, focus on gaining the right education, securing foundational certifications like Security+ and Network+, and showcasing your hands-on experience with personal projects. Remember, it's not just about what you know; it's about showing that you genuinely care about cybersecurity and are continually striving to learn and contribute to the field.
If you put in the effort to build these key areas, you'll be well on your way to standing out in a competitive industry. And don’t forget, the best time to look for a job is when you already have one. Stay proactive, stay involved, and good luck out there!