Attained a couple certs, now what?

I am honestly at a loss. For the past several months, I have been studying my tail off because of some guidance I received that changing careers is tough but possible if you demonstrate a level of proficiency in IT aka "get some credentials." So I began my quest to develop my skills in IT security, and at the beginning of this year, I passed the (ISC)2 SSCP! Yay, but after apply to every junior system analyst job (to include internships) on Indeed, Monster, and Dice... nothing. Recruiters were saying that I needed to have Security+ because it carried more recognition as certifications go to potential employers. So for good measure, I studied another month and passed that exam a few weeks back. Since I have continued to apply and don't seem to be gaining any more traction. I realize I am changing careers but did I just waste my time and money or are these "the breaks" that Kurtis Blow was referring to way back when?

Has anyone else experienced this? What can I do to improve my chances at landing a role in IT security?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Infosec_Sam

If you're not even getting interviews, my first inclination would be that your resume has room for improvement. If you're changing careers, you're not going to have the explicit IT experience that many HR departments look for. What you can do instead is you can focus on the skills you have that these recruiters or HR departments are looking for. Things like creative problem solving or process implementation are good examples of industry-agnostic skills that also work very well in IT. Most importantly, ensure your resume is easy to read. I've heard from multiple recruiters that a well-put-together resume can make a difference between a phone interview and a straight denial. You may want to consider contacting a resume editor or even an IT staffing firm for help.

Other than that, I suppose you could consider applying for contract positions, or to lower level IT positions. For instance, you could hop into a service desk or sysadmin role while you continue your job search for a security position. Landing a security gig is tough, but it's far from impossible, especially with your credentials! We're rooting for you!

Johnhe0414

Infosec_Sam said:

Other than that, I suppose you could consider applying for contract positions, or to lower level IT positions. For instance, you could hop into a service desk or sysadmin role while you continue your job search for a security position. Landing a security gig is tough, but it's far from impossible, especially with your credentials! We're rooting for you!

In my case, when i switched careers from retail (late 90's) to IT this was a tough choice. I had 10 years vested in a union company and I was a supervisor. I had to take a pay cut, wake up earlier, drive an additional 35 miles to just get the experience. The company went under 9 months after I started. However, It was this choice that boosted my career. The next job I landed hired me because of the experience (and not the certs that i had).

I agree with Sam, you may want to start with lower level IT positions just to get you kick started in IT as you continue to look for a security position.

beads

Most security people have been drawn from traditional IT positions not starting out straight into security. Because of this you will run into a great deal of pushback from more experienced and skilled practitioners in the field. A person with say 5 years of solid networking or Windows administration skill and the same certifications will be far more attractive than the person with no experience.

InfoSec is very experienced and skill based while certifications are helpful, rarely the first thing HR, recruiters or hiring managers look for in a candidate as it difficult to tell what provable skills one has or does not have by a certificate.

- b/eads

rtaylor1174

Infosec_Sam said:

If you're not even getting interviews, my first inclination would be that your resume has room for improvement. If you're changing careers, you're not going to have the explicit IT experience that many HR departments look for. What you can do instead is you can focus on the skills you have that these recruiters or HR departments are looking for. Things like creative problem solving or process implementation are good examples of industry-agnostic skills that also work very well in IT. Most importantly, ensure your resume is easy to read. I've heard from multiple recruiters that a well-put-together resume can make a difference between a phone interview and a straight denial. You may want to consider contacting a resume editor or even an IT staffing firm for help.

Other than that, I suppose you could consider applying for contract positions, or to lower level IT positions. For instance, you could hop into a service desk or sysadmin role while you continue your job search for a security position. Landing a security gig is tough, but it's far from impossible, especially with your credentials! We're rooting for you!

Thanks, I will look at other IT roles. Should I consider Geek Squad or something like that to get started? Would employers see that as relevant experience for an infosec career?

Infosec_Sam

Geek Squad is certainly better than nothing, but there are going to be much better jobs out there that will be more valuable to have on your resume. For instance, a lot of IT pros get their start at an MSP doing level 1-2 help desk for while. Where there is value in troubleshooting consumer electronics at Best Buy, a traditional service desk role at an MSP would put you considerably closer to a security position down the road. They'll also pay a bit better than Geek Squad, so that's a plus.

beads

@Infosec_Sam Good point for the A+ exam. I put a cousin through that exam to get him a job a GeekSquad many years ago. Its a valid start for any IT analyst.

- b/eads

Johnhe0414

You may also want take a look at some government jobs at https://www.governmentjobs.com/ With smaller municipalities you have a better chance of more "hands on", however with bigger cities and county positions there is more opportunity for growth.

rtaylor1174

Infosec_Sam said:

If you're not even getting interviews, my first inclination would be that your resume has room for improvement.

To your point about improving my resume, although I have been working (military intelligence, security, instruction for the last 20+ years) with limited transferrable skills, would a one pager make more sense?

rtaylor1174

beads said:

@Infosec_Sam Good point for the A+ exam. I put a cousin through that exam to get him a job a GeekSquad many years ago. Its a valid start for any IT analyst.

- b/eads

I took the A+ college course last year but never tested. I felt it was going in the opposite direction of my interest. Guess I need to dusk off the books...

Infosec_Sam

rtaylor1174 said:
To your point about improving my resume, although I have been working (military intelligence, security, instruction for the last 20+ years) with limited transferrable skills, would a one pager make more sense?

I think ~2 pages is the sweet spot. A single page tends to imply that you're inexperienced (which you're clearly not) and 3+ tends to lend itself well to filler material that never gets looked at. I tend to gravitate towards resumes like this, just because they're super easy to read. Just list a couple skills on top, and then 4-8 bullets under each job you've had.

rtaylor1174

Johnhe0414 said:

You may also want take a look at some government jobs at {site}. With smaller municipalities you have a better chance of more "hands on", however with bigger cities and county positions there is more opportunity for growth.

Thanks for the assist.. I will check out this site. Wish me luck!

Infosec_Sam

We're rooting for you!

Here's another resource you might find useful in writing a better resume - from our very own forum!