How to get into what we used to do...

This is a quick post I co-wrote with Indy Neogy, with insightful advice on how to make the kind of career moves we made:

I am Nick Drage , an experienced Cyber Security Consultant, with great advice about getting into the Penetration Testering profession:

• Make the most of your connections. Interpersonal relationships are the best way to hear about new positions, you might even be able to apply for them before they’re public.
• Don’t worry about qualifications, there’s relatively few people looking for this kind of work, and qualifications are few and far between. The ability to learn is more important than what you know now.
• Penetration testing employers and internal teams will be able to give you time to learn, so don’t worry if your individual abilities aren’t “joined up” yet.
• The work is relatively solitary, or in small teams, so while your inter-personal skills are useful they’re not something employers seek, and they’re not really something you can demonstrate.
• The entire field of knowledge is relatively small, so you’ll be able to enter as a generalist, and remain a generalist - or at least maintain several specialisms simultaneously.

I’m Indy Neogy , and from having a consulting firm, this is how I got into university teaching:

• Build up some specialist knowledge and crucially practical experience, that relates to a field students learn about, in my case intercultural communication.?
• Get to know some people who work in the area and then meet some of the ones who do some teaching as well, probably via the professional bodies for the field.
• Have some kind of related qualification - in my case Masters level helps, but full qualifications are not essential. It doesn’t need to be directly related, mine wasn’t.
• Show the desire to teach. You don’t need to become a full-blown academic, research doesn’t have to be your thing. There are places where teaching is the priority. So long as you are happy to learn new things as well as what you already know and read around so you aren’t left behind by new developments.
• Some institutions will be happy to help you learn on the job and support your development as a teacher.

Also the other thing you’ll need is Time Travel. Our advice is based on our experience, which is based on our relative situations ten to twenty years ago.

Do you have a time travel machine? You don’t? Then the main take-away from this piece is to be mindful of what time period the advice you read applies to. If well-meaning veterans are telling you what worked for them, their experience is probably out of date.

For penetration testing, while the security community is still important, penetration testing qualifications are far more important for entry level positions now than they were for Nick.

For university level teaching, while practical knowledge can still get you a foot in the door at times, a PhD and research portfolio have become more and more common requirements even at institutions that used to emphasise teaching.

So the one point you should take from us is that, when looking for advice on how to get into an industry, don’t speak to the “seasoned veterans”, speak to the people with slightly more experience than you.

Among other roles, Nick is now a Cyber Security Strategist, do contact him if you want a sounding board for thinking about your bigger decisions in the cyber domain. Or if you want to discuss about how to use professional wargames for decision rehearsal.

Among other roles/skills, Indy is now a Executive Coach, do contact him if you want to improve your strategic mindset. He is also available to teach intercultural communication and international business.