• Cyber Pro Club
  • Posts
  • What to do if your security career isn’t taking off

What to do if your security career isn’t taking off

Six steps you can take today to turn things around

January 30, 2024

👋 Good morning!

Each week I provide an in-depth response to your questions about careers, building security teams, AI security, cloud security, and anything else you need support with. Send me your questions and I’ll do my best to provide actionable advice.

If you missed last week’s post, you can view it here: How to become a Security Unicorn.

Let’s dive in!

Q: I’ve been getting the recommended certifications and trying to get experience for a year now. What are my options if I’m struggling to break into cyber security?

First of all, I understand. It’s not easy spending countless hours of your life working towards something that doesn’t seem to be getting any closer. Especially when you scroll social media and it seems like everyone has a success story.

It’s hard to learn something new. It’s harder to learn something new and convince someone else to pay you for those new skills.

For this post I’m assuming you’ve done the learning, gained the skills and got some experience to qualify for the roles you’re applying for. The challenge I’m hoping to help with is turning all that good stuff into a job opportunity.

To help you break down that door I’ve created a list of six actions you can take today:

  1. Network with more people (actually do it)

  2. Change your target entry level role

  3. Improve your LinkedIn to get the word out to recruiters

  4. Review your CV

  5. Assess your interview approach

  6. Give it a bit more time - your time will come

Remember, many cyber security professionals have gone through what you’re going through now and have found a way. You can too.

1/ Network with more people (actually do it)

Networking provides you with two primary benefits. Firstly, it’s an opportunity for learning. When you’re starting out on your cyber security journey, or you’re looking to pivot into unchartered waters, there’s a lot you don’t know. Only by speaking with others can you illuminate a clear path for your journey. Secondly, it’s a chance to discover employment opportunities you would never have known existed.

The main challenge people face with networking is doing it authentically. The key is to talk to people that you’re genuinely excited to engage with and don’t lead with an ask. You must be curious and inquisitive. Only once you have found common ground and they ask probing questions about you and your goals should you share this information. Even then, take it slow and keep it brief… see if they seek to know more.

I strongly recommend you attend events, meet-ups, IRL hackathons and attempt to meet other security professionals. Be humble and honest: “Hi, I’m X. I’m from Y and I don’t know anyone here. What brings you here?’

Homework:

  • Attend 1-2 events per calendar month.

  • Practice a short, succinct introduction of yourself and a brief summary of your ambition.

2/ Change your target entry level role

There are many different roles people target when attempting to break into cyber security: security analyst, penetration tester, SOC analyst, or something different. Either way, you may not be having much success.

The issue you may be experiencing could be the result of overly narrowing your focus. You may have the perfect solution to a different person’s problem. Instead of trying to convince someone you’re ready to become a penetration tester, perhaps you could seek a security analyst role with a focus on testing responsibilities. This would allow you to gain years experience, build your skill set and expand your network.

An important distinction to make is between ‘Years’ experience and the ‘Right’ experience:

  • If you’re targeting an entry level role, you need ‘years’ experience in an IT or Security related position.

  • If you’re targeting a promotion in cyber security, you likely need the ‘right’ experience to open up that position.

Consider adding a stepping stone to your journey by considering another IT or Security related role and think long term.

3/ Improve your LinkedIn game

  • You may be the perfect candidate for a job posting, but if hiring managers can’t understand how you can help them based on a quick review of your LinkedIn, you’ll be thrown in the rejection pile.

  • LinkedIn is a critical factor in landing an interview.

Here are 4 posts to help you conquer it:

  1. Optimise your LinkedIn - Link

  2. Learn this tactic to land an interview - Link 

  3. Write a pro summary - Link 

  4. Help others to help yourself - Link

4/ Review your CV

  • Imagine that your CV is like a sales pitch, and you are the product you're trying to sell to potential employers.

  • To create a winning CV, you need to approach it as if you're convincing your audience (employers) that they absolutely need to "buy" into what you're offering – your skills, experiences, and potential as an employee.

  • To avoid the rejection pile, check out this guide on writing the perfect cyber security CV.

5/ Assess your interview approach

If you're getting interviews but not converting them into offers, chances are you need to up your interview game. Fortunately, this is something I’ve already written about!

Here’s the TLDR:

  • Typical first-round interview structure: 10% intro, 80% questions for you, 10% questions from you

  • Know yourself: tidy up socials, tailor your LinkedIn and study your CV.

  • Know your why: why do you want the role?

  • Know the role: map the job spec to your experiences.

  • Know the company (and industry): know why you want to work for this specific company and understand the challenges it faces in the industry.

  • Use the STAR framework: half the battle is delivering your responses effectively.

  • Practice, practice, practice: to avoid brain fog and build confidence, do mock interviews, or practise out loud.

  • Don’t memorise answers: hyper analyse your experiences so you can find the answer to any question within them.

  • Ask high signal questions: this is prime time to highlight you’ve done your homework on the business and its industry. Boast that genuine excitement you have to join the team.

  • You can read more here.

6/ Give it a bit more time - your time will come

  • The job market hasn’t been favourable throughout 2023 and the start of 2024. There have been huge layoffs and hiring freezes stopping security teams from hiring people they desperately need.

  • As hard as it is to hear, you need to be patient and believe that your time will come. Things will get better, budgets will be restored and capacity for expanding teams will return.

  • The best thing you can do is keep your foot on the gas, keep developing valuable skills, stay up to date with the latest developments, and consider the above 5 action items to position yourself as favourably as possible.

That’s a wrap!