October is National Cybersecurity Awareness Month (NCSAM) and this week’s theme is The Internet Wants You: Consider a Career in Cybersecurity.
Naked Security asked me to explain what Sophos looks for in potential recruits and how it’s possible for somebody without security experience to break into a career in cybersecurity.
Demand for infosec professionals far exceeds the number of available, qualified people and that gap looks likely to grow bigger.
Unfortunately many people with a strong desire to work in the industry are put off by the extensive list of skills and qualifications they think are required.
Don’t be put off, everyone has had to start somewhere!
Computer security is full of ex-accountants, one time baristas, former homemakers and wannabe rock stars (as well as computer science graduates, obviously!) For a few examples, take a look at Naked Security’s Tweet asking people how they started their careers in IT!
There are a huge array of career options available within computer security and each one requires a different balance of skills.
Here are five things you can do to find work in one of the world’s fastest growing industries.
Teach yourself something
Passion and a desire to work in the industry is what we’re looking for, and the skill we value most in an entry level CV for any of our engineering, labs, security or IT roles is the desire to learn.
Candidates who can demonstrate their interest – perhaps by learning a programming language, studying towards a security qualification, contributing to an open source project or participating in meetups and other extra-curricular activities – are people we want to talk to.
Network
Speak to us and other security professionals online or face-to-face. You may have just the skills we’re looking for and not realise it!
Sophos staff are always attending industry events, career fairs, conferences, meetups etc. Come and chat to us about yourself or give our recruiters a call.
Remember that very few people started out from day one in a security career. We all started somewhere and we’re happy to talk to people interested in pursuing a career in our industry about the skills and experience we built up and how we found our way in. There are so many career paths and routes into security – you may have the “right” background and not realise.
Gain some general IT or development experience
Nothing beats experience, but your experience doesn’t need to come from working in computer security for your skill set to be attractive to us.
A strong grounding in IT or software development is a great first step. Take a look at roles which will help develop your basic skills and give you a strong grounding before pursuing your security career.
Volunteer or intern
Volunteering with a not-for-profit organisation or taking up an internship is a great way to gain some real world experience, and demonstrate to a potential employer that you have the passion and drive to go the extra mile.
Organisations of all types need help with their IT, even if they don’t realise it. Don’t be afraid to approach people and organisations that aren’t advertising and offer to help out.
Don’t be afraid to apply!
We all have a fear of failure and many of us worry about applying for a job that seems a little beyond our reach. Just remember that you’ll never get that job if you don’t apply for it so don’t rule yourself out before you’ve even started.
You’ll be surprised at the jobs people pivot into from apparently unrelated fields, and at what you can learn even if your application isn’t successful.
If you see a role that matches your skills but you don’t have industry experience you could still be just the sort of person we are looking for.
0Laf T Hairy
That might be how Sophos work but for most Information Security jobs you won’t get past the HR box ticking droid unless you are certified with CISSP or CISM as a minimum. And you can’t get them without 6 years exprience.
Plus in all honesty they’re practically worthless for actually doing the job. And I say that as a CISM with 15yr as a security officer.
Brian shorten
I agree with you regarding CISSP being a door opener now, but did you have CISM when you first started 15 years ago? How did you get your start?
Lloyd M. Brooks
Have CCENT CHFI ITIL Security+ and just passed CISSP in July and still cant get security job. Botomline in this industry its not what you know but who you know!
Cybergirl1937
I totally agree it is who you know. I’m a career changer. Networking, I have done conferences, joined associations and meet ups and I have had leads but have not been invited to an interview in months. I have a MS in Cyber Security, 2 years of volunteering and internship, and a Security+. Studying for my CISSP. This is the toughest career field to break into, but not allowing new ideas and perspectives is limiting the field ability to improve the security posture of many enterprises.
I met people at Black HAT and other conference who have an IT background and have been asked to Lead SOCs or develop a security programs, and express they did not have a clue about starting up a SOC or security program and was thrown into the positions.
Olubukola Fasasi
I am looking for IT software testing but I don’t have experience. I will like to learn more about the job by volunteering as apprentice.