Community Manager at Infosec!
Who we are | What we do
[Video] Your first year in IT | Cyber Career Forum - Jason Dion
Infosec_Sam
Admin Posts: 527 Admin
What is the fastest way to get an entry-level job in cybersecurity? How do I get started?
In this week's episode, Infosec Skills author Jason Dion sets out to answer that question. He talks about how he helped new cybersecurity professionals through the first year of their new careers with certification-based learning goals and real world experience. If you like the video, be sure to check out the rest of the playlist, and be on the lookout for more guests coming soon!
If you have a question you'd like answered in a future episode, comment below and I'll be sure to feature it at a later date!
Comments
-
MrsWilliams Member Posts: 192 ■■■■□□□□□□With the upmost respect,
I don't feel that getting A+, Network+, Security+, and CCNA magically gives someone the qualifications to become a SOC Analyst. That is especially in the Washington DC/DMV area, where I've personally worked for years.
If he didn't mention an area where I've lived and worked, I just might have not logged in and responded.
What he failed to mention is the vast majority of the SOC Analyst jobs in the District of Columbia, require experience.
https://www.indeed.com/jobs?q=SOC Analyst&l=Washington, DC&vjk=b1a88d6bf6604ecd
What he also failed to mention is that the vast majority of the jobs, especially "Cyber" jobs (in DC) require a clearance.
You thought I was done, no I am not.
What he also failed to mention is that (some) entry level positions require a degree and or equivalent experience. It's more than one organization that prefers GIAC exams. Degree and/or experience means that you can supplement the degree requirement for experience, but you have to bring one of the two to the table.
https://careers-foxholetechnology.icims.com/jobs/1240/(ed)-soc-analyst-jr./job?mobile=false&width=962&height=500&bga=true&needsRedirect=false&jan1offset=-300&jun1offset=-240
What he also fails to mention is the very competitive market in the DC area. For instance, 15 years ago half of the schools that offer *cyber-specific* degrees didn't have these degrees listed in the curriculum. You used to maybe get a cyber name in a minor but not your major. That if a fact. Now every school in the world offers some sort of cyber degree in some way.
What I do agree with is that those certifications are a foundation, a foundation that must be built upon. But, I know people who don't have half of the certifications he mentioned (yes they have other certifications) and have high level great paying jobs. So, not having any one of those certs he mentioned isn't a deal breaker. Does it help, yes. Does it hurt, no.
It's just hard for me to believe someone got or can get A+, Network+, Security+, and CCNA who was doing accounting and recruiters (and the biggest companies in the world that have offices in DC), were kicking down his/her door trying to set up an interview.
I think this route in the video, can give someone unrealistic goals. Truth be told, what he is saying has been preached for years. Get this cert and you'll get a high paying job. Get CCNA and you're golden. CCNA is the cert that opens doors. I am sure it's a get a CCNA and magically get hired rumor/post on here somewhere. We have all heard it. What I tell people and it's been stated 1,000 times. You can have CCNA or any certification knowledge, without having the exam credentials. I know great programmers or linux admins that don't have a programming certification or Linux+ (LOL)
As an add on, it is other organizations (if I am going to loosely use the word) offering similar training/bootcamp, certification and job guarantee, so to speak. Earlier on in life I looked into it. My brother did one. It was a, let me get all this money (or your Veterans Benefits) for (unnecessary extended) IT training that you can self-study for and get a certification for 15% of the cost.
All-in-all, some companies (although very little) will take a chance on someone not fully qualified, I just feel that it's a tiny percentage of companies in the DC area because a lot of people have high level clearances, prestigious degrees, experience, and certifications.
Hypothetically speaking, if I were a hiring manager I would almost always hire someone with experience over someone who didn't have experience. It's less training involved with experienced personnel. If I am looking for someone I have to train for a month, I would hire an intern.
Here is the problem with the intern route, when you've up in age and transitioning careers... Pay attention my friends....
-A late bloomer, someone who is transitioning to "Cyber" at 30-X years old, can't pay bills, take care of kids, and survive most places, Especially in DC making $18 bucks an hour, part or full time, with no *guarantee* of a full time role once the internship is over. I've worked a 6 mont contract to hire before. You know what interns and 6 month contract to hire means? That means I have a big deliverable, a CCRI inspection in 6 months I need to pass, or this that and the third government compliance/assessment that I need help in preparing for in 6 months or less. Guess what happens after they've passed or whatever? They let you go. If a company needed someone for X position, they would hire for it, that means a full time role. Interns and those temp to (maybe) perm positions are the worst ones. I know from experience-
**For the record, I watched about 86% of the video. I had to click out of it after that. So, if he mentioned any of the above I said he failed to mention, please forgive me. I couldn't watch the whole video** -
Infosec_Sam Admin Posts: 527 AdminI think those are some good points! It's pretty important to not set unrealistic goals, since that first year in the industry is going to be primarily a time of learning and building your skills for future roles. While these certs alone may not be enough to land you a job as a SOC analyst, pairing them with some T1/2 service desk experience would definitely give your resume a healthy boost.
@MrsWilliams What advice would you give to a new IT pro on how to spend their first 12 months in the industry? I'd love to hear your input - that's what Cyber Career Forum is all about! -
MrsWilliams Member Posts: 192 ■■■■□□□□□□Infosec_Sam said:I think those are some good points! It's pretty important to not set unrealistic goals, since that first year in the industry is going to be primarily a time of learning and building your skills for future roles. While these certs alone may not be enough to land you a job as a SOC analyst, pairing them with some T1/2 service desk experience would definitely give your resume a healthy boost.
@MrsWilliams What advice would you give to a new IT pro on how to spend their first 12 months in the industry? I'd love to hear your input - that's what Cyber Career Forum is all about!
Mr. Dion talks about getting an entry level job in cyber security. I think the From: Insert Non-IT related job To: Cyber Security is really only what I disagree with only in DC.
If you were already IN the cyber field, that would have been a totally different topic.
It's numerous posts and success stories of people that have transitioned into *cyber*. It's also numerous posts about people who can't get a job, who have IT experience already. So, I am not going to beat a dead horse. I think uncleared areas as in not in Washington DC, Maryland, Northern Virginia (DMV) aren't where I would (or suggest anyone) submit a resume (with no IT experience). People always say Northern Virginia, Northern Virginia, and Northern Virginia. It's probably 10 military bases in Hampton Roads, and that is not Northern Virginia. Langley Air Force Base is in Hampton, Norfolk, Portsmouth, Virginia Beach, Suffolk..all of these cities have military bases. If you are going to plug in your SIPR Token, to a classified machine..you have some level of a clearance, which proves my original post. So, it is uncleared roles in the DMV. I have just not come across any uncleared cyber roles in DC. I am not saying none exist because I am sure some do. The majority, will require some level of some type of background (clearance) investigation.
To make a long story as short as possible because I have to go. If they watch the video @JDMurray did about learning as much as possible, they'll be alright.
All-in-All the qualifications, certifications, and certifications can be bypassed if you know the right person. Some companies will give you X number of months to obtain a (mandatory) certification. I can't deny that.
BUT, the clearance requirements can't be bypassed.
If I am in a Sensitive Compartmented Information Facility (SCIF), I am 110% sure everyone in there has a minimal level of clearance OR if it's a "visitor" I am sure everyone will know before they enter.
A lot of job posting requirements can be bypassed, the mandatory clearance requirements can't.