Cyber security entry level job advice
Discussion
Thank you in advance to anyone who can assist.
I'm hoping the PH hive mind has some people who are working in this space and can help me with some practical advice for a family member trying to break into what appears to be a fast paced and saturated market.
He is qualified to masters level in cyber security.
Any advice or tips on how they can cut though the noise would be greatfully appreciated.
I'm hoping the PH hive mind has some people who are working in this space and can help me with some practical advice for a family member trying to break into what appears to be a fast paced and saturated market.
He is qualified to masters level in cyber security.
Any advice or tips on how they can cut though the noise would be greatfully appreciated.
What does he want to do specifically? What has he tried so far, and what are his expectations?
It's a difficult industry to get into, mainly because of a combination of:
1) employers looking for superstars for buttons
2) candidates believing the hype about entry salaries
3) people being attracted to the industry because of perceived high salaries but no real passion for it, or unwillingness to work their way up
4) many jobs are given through word of mouth or self publicity at conferences
It's a difficult industry to get into, mainly because of a combination of:
1) employers looking for superstars for buttons
2) candidates believing the hype about entry salaries
3) people being attracted to the industry because of perceived high salaries but no real passion for it, or unwillingness to work their way up
4) many jobs are given through word of mouth or self publicity at conferences
Masters suggests a more mature student? We've certainly hired people with no experience but off their own bat have taken a decent qualification, one was a Mum returning to work after a long time out bringing up her kids, can't remember what quali it was though. We also have a programme to bring students in from local Unis.
I wasn't under the impression it was that hard an industry to get into, we're always struggling to recruit and we're now looking outside the UK to bolster our teams. We're also involved with NCSC CyberFirst to try and engage with some schools to get some interest going, we're not big enough for the full programme but we're doing bits as/when we can to try and increase the available talent.
No harm in spamming your cv out to some UK names.
I wasn't under the impression it was that hard an industry to get into, we're always struggling to recruit and we're now looking outside the UK to bolster our teams. We're also involved with NCSC CyberFirst to try and engage with some schools to get some interest going, we're not big enough for the full programme but we're doing bits as/when we can to try and increase the available talent.
No harm in spamming your cv out to some UK names.
yajeed said:
What does he want to do specifically? What has he tried so far, and what are his expectations?
Appreciate the response! So I believe SOC and NOC specifically but really I think it’s just going to be breaking into the industry for someone who is definitely passionate and willing to work their way up. He is super intelligent but is lacking confidence in what appears to be a daunting space, so really any advice would be great!The SOC is an interesting one. It's also a good introduction to technical cyber security as a gateway to more rewarding roles.
There are basically three types of roles - those with managed service providers (good introduction and training programmes, less likely to progress quickly), in house SOCs for large businesses (sometimes look for more experience, good chance of internal promotion into 2nd/3rd line roles) or a 'cyber do everything' role for a small company.
I'd look for roles in that order of preference.
The downside is unsociable hours - it's often shift work in 24x7 SOCs.
Edited to add: I've seen people walk into smaller MSP roles with no experience recently. They've often had more than one offer. They got into that position by being noisy on social media, attending conferences and being social, and directly approaching people and target companies on LinkedIn.
There are basically three types of roles - those with managed service providers (good introduction and training programmes, less likely to progress quickly), in house SOCs for large businesses (sometimes look for more experience, good chance of internal promotion into 2nd/3rd line roles) or a 'cyber do everything' role for a small company.
I'd look for roles in that order of preference.
The downside is unsociable hours - it's often shift work in 24x7 SOCs.
Edited to add: I've seen people walk into smaller MSP roles with no experience recently. They've often had more than one offer. They got into that position by being noisy on social media, attending conferences and being social, and directly approaching people and target companies on LinkedIn.
Edited by yajeed on Sunday 17th December 19:53
Try to get into a university IT dept. They have wide range of issues, nightmare culture and a terrible work ethic, but its quite easy to make a difference and he will learn a lot.
Then get out before he gets institutionalised and into private sector asap where things like effort, money and customers matter...
Then get out before he gets institutionalised and into private sector asap where things like effort, money and customers matter...
I've worked 25+ years in security. Including managing/building consulting departments, consultancy, and many senior roles in large companies and including lots of recruitment.
It's hard at the bottom of the ladder because the qualifications don't necessarily mean the candidate is any good. One of the worst candidates I ever had to interview had a Masters degree, CISSP and CISM, but seemingly no understanding of how things work.
I'd say the best way would be to be proactive in approaching lots of the largest companies, as they often have apprenticeship and graduate programmes for less experienced staff. Smaller companies often can't afford the overhead of unproductive staff.
Ultimately, if you can prove your skills and learn about how security fits into risk and the wider business then you can go far and earnings can be quite decent. The reality of the market is that exceptionally good people are few and far between and recruiting is a pain the arse. Getting piles of CVs in is quite easy, actually getting good candidates is hard. Made even harder by some employers wanting the exceptional people but not being willing to pay more than entry level rates.
I've offered junior roles to lots of people based on their personality, communication skills and demonstrating basic skills and a desire to learn.
That's been the bugbear of recruiting my whole career, finding people who can speak confidently to all levels of a large business, as well as understanding the technical, risk and process aspects. Geeks who can speak is what I want
It's hard at the bottom of the ladder because the qualifications don't necessarily mean the candidate is any good. One of the worst candidates I ever had to interview had a Masters degree, CISSP and CISM, but seemingly no understanding of how things work.
I'd say the best way would be to be proactive in approaching lots of the largest companies, as they often have apprenticeship and graduate programmes for less experienced staff. Smaller companies often can't afford the overhead of unproductive staff.
Ultimately, if you can prove your skills and learn about how security fits into risk and the wider business then you can go far and earnings can be quite decent. The reality of the market is that exceptionally good people are few and far between and recruiting is a pain the arse. Getting piles of CVs in is quite easy, actually getting good candidates is hard. Made even harder by some employers wanting the exceptional people but not being willing to pay more than entry level rates.
I've offered junior roles to lots of people based on their personality, communication skills and demonstrating basic skills and a desire to learn.
That's been the bugbear of recruiting my whole career, finding people who can speak confidently to all levels of a large business, as well as understanding the technical, risk and process aspects. Geeks who can speak is what I want
Puggit said:
There is a course and accreditation available. Something like CISSP. Not cheap but will open doors.
Is that the certification that requires 5 years experience to qualify?I’d personally start with sec+ or similar, mainly to show willingness to invest in yourself and to learn.
yajeed said:
Puggit said:
There is a course and accreditation available. Something like CISSP. Not cheap but will open doors.
Is that the certification that requires 5 years experience to qualify?I’d personally start with sec+ or similar, mainly to show willingness to invest in yourself and to learn.
Good luck OP. I had an interest in IT and when one of my contracts finished, paid for an online course which lead to an IT qualification. I was hoping to study the cyber security course but sadly my funds ran out and I had to get back to work!
After getting the qualification, I applied for entry level helpdesk jobs but got nowhere sadly as I had no experience in the field. I've been in account management and customer service for 20+ years.
I had the ability to deal with people but not the experience to even get started. It's a pity that the companies I applied for only took experience of the job and not people skills.
Hopefully your friend will have better luck!
After getting the qualification, I applied for entry level helpdesk jobs but got nowhere sadly as I had no experience in the field. I've been in account management and customer service for 20+ years.
I had the ability to deal with people but not the experience to even get started. It's a pity that the companies I applied for only took experience of the job and not people skills.
Hopefully your friend will have better luck!
Gassing Station | Jobs & Employment Matters | Top of Page | What's New | My Stuff