Why You Can't Break Into The Cybersecurity Field

?? Cybersecurity is not an easy career field, but changing careers is not impossible. I have met many people who say cybersecurity is the easiest path to making money and has a more accessible curriculum than a computer science major and other professions. Yes, to some extent, this is true. But I am here to corrupt your dreams. That is not true, and if you are up for the sacrifice, you may break into the field.

?? However, the difference between cybersecurity and software development and any other technology profession is you can develop your own experience based on the project-based software approach, whether in school or from coding boot camp. Many jobs outside cybersecurity do not value experience and emphasize your education and certificates and where you went to school for jobs such as a lawyer, doctor, certain technology professions, and teacher. However, that is different in the cybersecurity field.

1) To cope with budget constraints, many organizations have had to rely more on their existing staff, leading to increased workloads and pressure on current employees. According to ISC2, 71% of cybersecurity professionals reported an increased workload, which has affected their ability to respond to threats effectively.

??While it may seem straightforward to gather a few certificates, attend school, and take some classes, to break into the cybersecurity field… but it is far from easy. This field values experience over education, and you need to gain the experience to make your mark.?

??The reality is that cybersecurity is a complex and demanding field, and success requires more than just a strong academic background. You need to be the cream of the crop, especially in today’s job market. So, How do you break into the cybersecurity field without experience? Someone needs to hire me to get experience? You’re right, and that’s when we look at inflation and its effects on hiring new cybersecurity professionals.

2) Inflation has led to increased operational costs for many organizations, prompting budget constraints. This has resulted in some companies implementing hiring freezes, budget cuts, and even layoffs. In the cybersecurity sector, while the demand for skilled professionals remains high, these economic pressures have led to a more cautious approach to hiring and investment in staff development

?? When I enlisted in the Marine Corps, all Marines’ mentality relied on being competitive to earn the next promotion or rank. You needed to stay competitive to be selected from your peers. Yes, the pay increase was not crazy compared to many job promotions in the cybersecurity field. But one thing the Marine Corps taught me was the mindset of staying competitive, and that’s what I’m telling you as you read this article. But this is what helped me break into the cybersecurity field.

?? I’ll start off by saying I am far from an intelligent person. I had a 2.5 GPA in high school, and I needed an ASVAB waiver to join the military cause my score was so low. However, intelligence is not the name of the game when it comes to breaking into cyber security. Its persistence, eagerness to learn new things, competitiveness, and discipline.

So, How does someone stand out in the cybersecurity field?

?? I was mentoring someone this week, and they had so many cybersecurity certificates and no experience. As I was talking to them, they told me how complicated it was to get a cybersecurity job even with all these certificates. It felt impossible like there was a dent in their resume even though they had all these certificates and they looked good on paper.?

?? What am I doing wrong? First, I told this person that if I am hiring a manager looking for unique talent, all certificates show me that you are disciplined and good at answering multiple-choice questions. When a cybersecurity threat is trying to break into my network, the last thing I need is someone who got 89% on their CISSP attempting to protect my network and struggling while not providing technical skills to counter or mitigate the threat.

??I’ll be the first to tell you I broke into two cybersecurity jobs with just my CompTIA Security +. What I did was as soon as I got my CompTIA Security +, I used that certificate as a foundation for my knowledge and flipped it and got a return on my investment by looking for a part-time entry-level cybersecurity job that required Security +, which saved me time from studying another certificate for another year.

???But I had no fancy or advanced-level certificates and a list of eight different IT certificates. I had one skill that made me a unicorn besides my CompTIA Security + when it came to my peers. It has proved prosperous multiple times, especially against senior-level applicants and candidates with multiple advanced certificates.

?? If I were the hiring manager, let’s say I’m in charge of the security team, which includes security analysts, administrators, and technicians. We are constantly evolving new technology and looking for better ways to automate processes and security tasks. So, the company gave me the opportunity to onboard a new employee. After a few rounds of interviews, I had three candidates in mind.

Candidate A: Has about every IT certificate known to humankind. He is going to school for a B.S. degree in Cybersecurity and is eager and passionate about the field but has no work experience. His LinkedIn and personal brand do not speak much about his passion for the field, but he has been looking to break into the field for a long time and is in the middle of a career change.

Candidate B: He has a few advanced-level IT certificates and a bachelor’s degree in Cybersecurity. He has a few years of cybersecurity experience and meets most of the job qualifications I am looking for. He is still an eager candidate for the field. His personal brand and LinkedIn account show that he has a medium-sized network, is active in the community, and markets himself well.

Candidate C: Has one entry-level cybersecurity certificate and has already completed their bachelor’s degree in Cybersecurity. He does not have any experience I am looking for, but he has coding boot camp on his resume and understands how to write code in Python and automate system tasks. He has GitHub for all his Python projects and a few cybersecurity-related projects based on Python and can speak the Python language very well. The candidate has a medium-sized network, is active with the community, and markets himself very well.

?? In this case, the hiring manager can go for an easy hire with candidate B. He already has the experience needed for the job. However, the hiring manager knows that his team needs more programming/scripting knowledge, especially Python. For advanced automation tasks, they would eventually need to train the team. That takes a lot of time itself.?

?? In the worst-case scenario, the company would need to spend money on finding someone specifically with automation talent in the future. Yes, they could always use ChatGPT and AI, but it’s not the same as someone knowing how to write code and logically solve problems. It is easier to have that kind of technical skill on the team to help them in the future rather than relying on someone else from a different department. So, candidate C is hired. In this case, I was candidate C twice, breaking into Cybersecurity.

1) Python is one of the top programming languages for cybersecurity professionals. Its popularity stems from its simplicity and the extensive range of libraries available for various cybersecurity tasks, such as Scapy for network traffic analysis and Pandas for data manipulation.

2) In a survey by Cyber Insight, many cybersecurity professionals emphasize the necessity of Python for automating tasks, conducting penetration testing, and analyzing data. It is considered a must-have skill in the cybersecurity toolkit.

3) As cybersecurity threats evolve, staying updated with the latest Python libraries and techniques is essential. Engaging with online communities, attending workshops, and continuous practice can help maintain proficiency.

4) Python scripts can automate routine security tasks, such as log analysis, network scanning, and vulnerability assessment, reducing the time and effort required for manual processes.

?? The reality is that we get told you’re working in Cybersecurity; you dont need to learn coding that’s for developers. See, they’re wrong. Those are the people who will struggle to break into the field. If they do break in, they will not advance as quickly as someone who knows how to automate tasks in code. Knowing how to program, especially Python, is a technical skill that no certificate can overcome.

?? Why rely on third-party software and get approval to use that software when you could have a security analyst write code for a port scanner and complete the task in 5 minutes? Not only can we even automate it to run during the day, but being able to think half developer and half security professional and having both worlds tie together makes you a unicorn and elite in Cybersecurity. Automation is what everyone talks about in Cybersecurity, including AI. However, that skill can separate you from someone with work experience who only knows how to “use” the tools provided to them to perform their job. You, on the other hand, can write the code to build those tools.

References: https://blog.secureo.net/best-programming-languages-for-cybersecurity-professionals-in-2023-top-10-picks

References: https://cyberinsight.co/how-much-python-do-you-need-to-know-for-cyber-security/

References: https://www.isc2.org/Insights/2023/12/ISC2-Cybersecurity-Workforce-Study-Looking-Deeper-into-the-State-of-the-Workforce

References https://www.dice.com/career-advice/7-cybersecurity-trends-for-2023-to-watch-out-for

Follow Me: https://www.dhirubhai.net/in/michael-balsa/

?? Follow me for more in-depth content: https://medium.com/@jamesbalsa