Playbook: How to Land Interviews and Get a Job in Cybersecurity

We have received thousands of applications at risk3sixty and done hundreds of interviews. Of those applicants, we hire less than 1%. Over time, we have seen the good and the bad. And after all of that experience we've learned a thing or two about what it takes to find a job in this industry.

So, what separates those that get the job versus those that don't? Who gets an interview and who doesn't? These are good questions. So, today, I want to use this newsletter to give you my best advice on how to land interviews and find a job in cybersecurity.

Here's what we are going to cover:

1. What's going on in the job market?
2. Eight Ways to be Marketable to an Employer
3. Five Tools for Networking and Outreach
4. Seven Tips for Interviewing
5. Four Things to Avoid
6. Three Actions to Take Now

What's Going On With the Job Market?

Have you read that article that said there are 4M jobs in cybersecurity? Yeah, a lot of us have. Yet, we are sitting here wondering: "Where are all these jobs?" and "What's going on in the job market right now?".

Well, we are living in different times right now. For the last 10 years we have been in times of unparalleled economic growth. Companies were investing heavily, hiring fast, and jobs were plentiful.

Unfortunately, the economy is in a very different place today. More than 150,000 people have been laid off. Companies are slower to hire. And you are looking for a job.

Here are five trends I'm seeing in the cybersecurity job market:

1. Companies Are More Conservative: Almost every CEO I speak with is more conservative than 24 months ago. They are investing slow and running lean while they see how the economy shakes out. As a result, they are hiring slow.
2. Less Investment Capital: VC funded and high growth tech companies are being mandated to get to profitability. That is a change from 18-24 months ago when it was grow at all cost. As a result, they are running lean or turning to vendors to execute.
3. More Supply: For the last 10 years wages have been going up AND we have been rapidly training new talent. That leaves us with more people on the market than we are accustomed to in the industry.
4. Specialist are Still in Demand: Folks who have skills like OffSec , FedRAMP, or PCI are doing great.
5. Offshoring to Reduce Cost: Companies are moving jobs and whole functions (like SOCs) off-shore to countries like India.

The Playbook: How to Get a Job in Cybersecurity

Please don't let this discourage you. Cybersecurity is still a fantastic place to launch a career. There are jobs out there. You just need to be strategic to land an interview and impress your future employer.

#1: How to Be Marketable to a Cybersecurity Employer

To get hired in this industry you need to be marketable. You need a demonstrable skill set and a track record of success that gives your future employer confidence that you will make a good team member.

Here are 8 things you can do to increase your marketability:

1. A College Degree - Get a college degree. This is an asset you will have the rest of your life. A college degree shows that you can stick with something long enough to complete the mission. It also implies that you have a baseline of knowledge and experience.
2. Get a Certification - Get one relevant certification. It shows that you care enough to pursue knowledge and helps build a track record of success. If you are brand new to the industry you can get the Security+ without prior work experience. Companies like Microsoft and Amazon also put out free training resources.
3. Free or inexpensive continuing education - Check out courses Udemy. Watch relevant YouTube channels. Listen to podcasts. Just immerse yourself in the industry. On paper, this will make you look good. In conversation, you will have a lot to talk about in an interview.
4. Polish your resume - Your resume is the first deliverable your future employer will be exposed to. They assume this is a reflection of your quality of work. Make it look nice. Here are a bunch of free resume templates.
5. Be easy to find on social media - Curate your social media presence to be something you would happily show an employer. My recommendation is to be easy to find. Have a professional headshot and curate your posts. Here's my LinkedIn profile as an example.
6. Build a portfolio - Start a blog. Build a home lab. Spin up a free AWS instance and learn the ropes. Do anything that shows you are passionate about the industry. This will separate you from 99% of other job applicants. (Fun Fact: Did you know that before risk3sixty was a company - it was my personal blog?)
7. A track record of success - Choose something, do it well, and stick to it. This could be a hobby, a volunteer activity, whatever. Just show that you know how to meet a commitment and that you know how to win.
8. Prepare letters of recommendation - Ask 3 people with good reputations to write you a letter of recommendation. This could simply be a recommendation of your good character. Keep them in your back pocket to share during the interview process.
9. Niches Get Riches - The people with the lowest unemployment in cybersecurity are specialist with in demand skills inside a specific niche. Examples include: Offensive Security, PCI QSAs, and FedRAMP. Obviously, if you are breaking into the industry this isn't very helpful. But I want you to have the data point for future career planning.

#2: Tools for Networking and Outreach in Cybersecurity

Cybersecurity is a competitive industry - especially if you are trying to break in for the first time. One thing that will greatly increase your odds of landing an interview and getting a job is to build relationships with people already in the industry.

If you have a strong network, it is not just you working for you - it is your whole network working for you. That is a powerful force in your favor. So, the question becomes: How do you build a network?

Here are five things that I have worked for me:

1. Cold Email - Reach out to hiring managers on teams you would like to join, especially if you have applied to a position on their team. This seems scary, but you would be surprised how many people are willing to help someone working hard to improve their life. Cold outreach will help you get your name of the stack of resumes and it might help you build advocates you never would have met otherwise. Here is an email template you can use to get started.
2. Warm Introductions - Warm introductions are better than cold outreach. Ask people in your network (friends, professors, family) for warm introductions to hiring managers in the industry. Now is the time to call in those favors.
3. University Resources - Ask professors to make introductions to hiring managers in the industry. Leverage your career center to make introductions. It is their job to help you. So ask for help! Bonus Pro Tip: My advice is to be very specific in your asks, rather than general. For example, say: Can you make 3 introductions to hiring managers at cybersecurity companies in the Atlanta area by the end of this week? Rather than something generic like: I need help finding a job.
4. Local Cybersecurity Events - Attend local cybersecurity events and talk to people. Be clear about what you are looking for and stay in touch with people you meet. A great place to start is local BSIDES events. They are often free or very inexpensive.
5. Engaging on Social Media - Identify and follow people on LinkedIn and twitter that you would like to work with and engage with their content. Leave a thoughtful comment, like their posts, share their content. Showing interest will get you noticed and make it more likely to get a response when you send them a cold email or make an ask. You can start by connecting with me.

#3: Tips for Interviewing for Cybersecurity Jobs

I understand that interviews can be nerve racking, but that's probably because you are hyping them up in your head. The reality is that almost all interviews are behavioral based and the interviewers want you to succeed.

The number one thing you can do is show up prepared, show that you want the job, and be respectful.

Here are six things that stand out when I interview candidates at risk3sixty:

1. Show your manners - Say please and thank you. Smile.
2. Dress to the level of management - Put in effort to be respectful and acknowledge the Company's existing culture. Trust me, it shows when you are put in the effort.
3. Prepare interesting personal stories - You will be asked about your background during the interview. And thats great, because you are an interesting person! Go ahead an prepare a few personal anecdotes you can share. A couple of stories to have ready are: 1) How you decided on the cybersecurity industry as a career and 2) A tough project you have worked on and how it turned out great. Keep the stories positive and upbeat.
4. Follow-up promptly - Show urgency and respect. One way you can do that is by sending a thank you note immediately following your interview. This simple sign of gratitude will set you apart from everyone else.
5. Become an expert in the company and their culture - A very easy way to show that you want the job is to do your research about the company you are interviewing. Read newsletters, the latest news, research the team. This will demonstrate your ability to prepare and that you want to be there.
6. Demonstrate a passion for the industry - Show that you are excited about the industry. You can do this by referencing specific industry events, podcasts, and trending topics that excite you.
7. Be yourself - Don't fake it. Faking it is not sustainable. Be yourself and get hired for yourself.

#4: Four Things to Avoid

I want to help you avoid the negative self talk, the fear, and the paralysis. You have to get started if you want to break into this industry.

Here are four things to avoid:

1. Inaction - Don't over-think it. Fear and insecurity lead to inaction. Inaction wont get you anywhere. Instead, I suggest that you take action. Even if those actions are sub-optimal. Connect with people, take courses, attend events, and develop the situation.
2. Applying to 100s of Jobs - Avoid applying to 100 jobs and hoping someone responds. Instead, follow the playbook above, apply to targeted jobs, reach out to hiring managers, and network as much as you can. Go deep instead of wide.
3. Imposter Syndrome - Everyone in this industry is worried that they aren't qualified for the job. Everyone in this industry also started out as a beginner and empathizes with where you are right now. Apply to jobs, network with people, and show passion. Dont let fear stop you.
4. Quitting - Don't quit. The thing that will separate you from everyone else is to keep at it. Do the work everyday. You can do it!

#5: Four Things to Do Now

You have read this article. That's great! Now is time to take action. Because it is all about action.

Here are four things you can do today:

1. Clean up your resume - Finish your resume today. Don't over-think it. You can always refine it over time. But get it done today. Here are a bunch of free resume templates.
2. Clean up your LinkedIn profile - Clean up your LinkedIn today. If you feel stuck, just copy someone else's format and make it your own. Here is a good guide on making your profile better. You can copy my profile format if you want.
3. Reach out to 3 people - Reach out to 3 LinkedIn connections today and ask for help. Again, don't over-think this. Just make the ask. You will be surprised by the results. Here is an email template you can use.
4. Apply to risk3sixty - Check out risk3sixtys career page and see if we are hiring. If there's a match, follow the playbook above and apply! Bonus points if you mention this article.