Inclusive Cyber - 5 Tips to Land a Cybersecurity Job Now! Artwork

Inclusive Cyber: Unlocking Innovation in Cybersecurity

Welcome to Inclusive Cyber: Unlocking Innovation in Cybersecurity, your front-row seat to understand how a diverse mix of voices is not just necessary but essential to defend our most sensitive computer networks and personal data. I’m your host Danny Magallanes, and through my podcast, we shine a spotlight on the heroes and the trailblazers from every corner of society who are redefining the Cultural Renaissance frontier. Every episode is a step toward a cyber community that's as varied as it is united, where everyone has the keys to unlock their potential and the power to protect our digital world. Join us on this journey, where every listen, every share, and every dialogue inches us closer to this new reality

All Episodes

Inclusive Cyber: Unlocking Innovation in Cybersecurity

Inclusive Cyber - 5 Tips to Land a Cybersecurity Job Now!

May 20, 2024 • Danny Magallanes • Season 1 • Episode 24

In this week's episode, I provides five actionable tips to increase your chances of landing a cybersecurity job based on my previous guests. I advise against blindly applying to jobs and highlight the disconnect in hiring practices. Instead, focus on networking, to build a supportive community. Continuous learning is emphasized as a key aspect of professional growth, with recommendations to utilize YouTube, online courses, and workshops. Finding a mentor is also highlighted as invaluable for career guidance and support. Lastly, we wrap up discussing the local government roles that are often bypassed but provide tremendous diverse role exposure, hands-on experience, and community impact.

ICS2 - Work Force Study - https://media.isc2.org/-/media/Project/ISC2/Main/Media/documents/research/ISC2-Cybersecurity-Workforce-Study-2022.pdf?rev=1bb9812a77c74e7c9042c3939678c196

Support the show

Support the Channel - Click the bell to have notifications, like & subscribe!
Buy Me Coffee - https://shorturl.at/jKMSX
Social Media – Follow us on:
TikTok
Facebook - https://www.facebook.com/profile.php?id=61554884934328
Instagram - https://www.instagram.com/inclusivecyberpodcast/
Audio:
Spotify - https://open.spotify.com/show/6HNQQVKvsCRo2J095Kyc8G
Apple - https://podcasts.apple.com/us/podcast/inclusive-cyber-unlocking-dei-in-cybersecurity/id1686041111
Website - https://www.buzzsprout.com/2183707
Amazon - https://music.amazon.com/podcasts/594cca7a-726d-43fe-b94e-36291566e9d8/inclusive-cyber-unlocking-dei-in-cybersecurityMusic: Music by Cryptochronica and Worlds Apart featuring Vtizzel; Song: Gunz Blazin' Music: Used with permission: Artist: Thunderwolf X Words Apart, Song: Cybernetix...

[00:00:00] Danny: Hey everyone, welcome back to the channel. Today, we're diving into five powerful tips to help you land that cybersecurity job you've been dreaming of, but first let's set the stage and address a few UpCode contextual points. And what I mean by upCode is factors that we might not consider in this case trying to land us a job in cybersecurity. These are just outside of our periphery, but we need to be cognizant that they're there. The following are just a couple of examples, there could be dozens of other items out there that might affect us trying to land that job.

Upcode 1 - Trust No One
---

[00:00:38] Danny: Okay, let's start with the first one. We need to question everything we see and hear online. Attention is the name of the game in social media these days. Many influencers post videos interviewing people about their jobs and salaries. Could they be legitimate? Maybe, but think critically, ask yourself, how can I verify this information? Is this influencer credible? What about the person that they're interviewing and giving these responses? If you can't answer these questions, They're likely just after your clicks and shouldn't be trusted.

Upcode 2 - Job Market is Hard
---

[00:01:13] Danny: The second point, the cybersecurity IT job market is saturated here in the U. S. So that means there is a lot of competition. Companies are laying off staff, over 83, 000 layoffs so far this year. If you add the layoffs in 2023 and 2022, then we're looking at north 400, 000 thousand people. And on the side note. I want to make a comment on something that our industry keeps perpetuating. There isn't a cybersecurity talent shortage. That's a myth. Right now, we have 400, 000 people with experience available right now. But for whatever reason, they aren't being hired. It's just not happening. We should start looking into the associated up code to give us some insight into that myth. But that's probably a whole separate video.

Upcode 3 - US Election Year
---

[00:02:02] Danny: The next factor is the upcoming U. S. elections in 2024 could bring about significant fear, uncertainty, and doubt, particularly impacting policy and government hiring. Changes in administration often lead to shifts in business hiring practices. Budget allocations and policy priorities, which can create a volatile job market.

This uncertainty environment underscores the importance of staying informed about political developments and being adaptable to change circumstances. So in this video, I want to share five actionable tips to increase the likelihood you'll get a cybersecurity job that I learned from talking to my guests. Slack channels that are IT and cybersecurity and my burgeoning network.

Tip #1 - Stop Applying!
---

[00:02:52] Danny: Okay, tip number one. Stop applying to jobs. Wait, what? Yes, you heard that right. Stop applying to jobs. I've talked to people who've sent out hundreds and even in one case over a thousand applications and only hearing back from a handful of companies. The return on investment in this case, your time, it's not worth it.

If you do have the opportunity to interview, you essentially have to build trust, confidence, and convey your competent to fill the gaps that they're looking for in roughly 30 to 60 minutes, a couple of factors, why there is a disconnect with the current hiring practices. Job descriptions are complete trash. Companies are looking for the unicorn and focus on candidates that can do everything associated within the cybersecurity domain, plus requiring executive level certifications and education. And interesting thing, according to the ICS 2, cybersecurity professionals value experience more than certifications and education.

Something is wrong. Next, hiring managers do not know what they want. If they did, then the job descriptions would reflect that. They're not prioritizing and pushing the accountability to someone else. And lastly, HR departments are severely understaffed. I've seen this firsthand where HR personnel is just one person and they have to process 20, 30, and even 50 job applications. So it's not sustainable. And that's why if you don't hear back from the companies, or if you get, um, a canned response, That could be the reason.

So at the end of the day, why I'm saying do not apply to jobs, it deals with a mental health and a wellbeing perspective. Think about it. After spending countless hours customizing your resume for each job, and maybe even sector plus crafting cover letters only to face that constant rejection. It's disheartening. And I'm super sympathetic for all the people that are going through this. This can take the toll on your mental health and motivation. And then you start questioning, well, I'm putting all this in. Maybe I'm the one that's deficient in X, Y, and Z. So I want to say that's not the case. It's not you. It's them, but it's all about refocusing your energy on more effective strategies.

Tips 2: Networking!
---

[00:05:32] Danny: The next one is networking. I know you've heard it all the time, just hear me out. What you want to do is start attending local meetups and volunteering at it or cybersecurity conferences in your own backyard, engaging in these activities, not only will increase your chances of connecting with peers that are going through the same process as you. But maybe even local hired managers. At the same time, you're developing that supportive community. Networking is a crucial aspect of professional growth, providing that opportunity to learn from others, share your own knowledge, and stay updated on industry trends.

Remember, you're not alone in this journey. By actively participating in these events, you'll expand your professional circle and gain that valuable insight that can propel your career forward. Think of it as little serendipitous events that you never know, as long as you're putting in the time and effort and an open mind to meet new people, then The sky's the limit.

Take for example, Kathryn she was on one of my previous episodes. She applied to 400 job applications when she said that. And I didn't know this beforehand. I was just shocked. And I think only seven responded. So she knew this was not sustainable. So she changed her tactic. She started attending local, um, cyber security events, volunteering, supporting her local community. She was able to build up her network. They were able to push their resume to the hiring manager. Fast forward, she has been employed, I want to say about three or four months, but if you want to listen to more of Catherine's story, take a look at the video posted here in the corner.

Another example from my previous guest, Rosales talked about losing her job during COVID, but then she picked herself up by joining the community and now she's in the driver's seat. Again, if you want to hear more about Yovana's incredible journey, click on the video here in the corner.

Tip #3 - Continous Learning
---

[00:07:52] Danny: Next up is number three, continuous learning. The cybersecurity field evolves rapidly and staying updated with the latest trends and technologies is crucial. Continuous learning is a key to maintaining your relevance and effectiveness as a cybersecurity professional. Here are some strategies to help you stay ahead.

YouTube is a wealth of information. I'll just use an example. I was paying a lot of money for the car mechanics to change my brakes. I'm like, that's a lot of money. And so I just Googled my year and make and car manufacturer found a video exactly on my car and saw somebody change the brakes.

And once I saw that, I'm like, Oh my God, this is so easy. So then I started doing that on my own. So now I will say saving several hundred dollars doing the breaks on my own. So that's just an example. that YouTube provides on whatever topic that you can even think of. So obviously cybersecurity, you first want to understand kind of, you know, what are the different domains or job roles within cybersecurity?

And if you want to do cyber threat intelligence, my specialty, then you can start focusing your search on Google for that particular thing. I also want to mention online courses. Always try to be agnostic when it comes to cybersecurity tools, and in this case, online courses as well. But I will name a couple of them.

So you have Coursera, edX, and Udacity offer specialized courses in various topics. Again, whether it's offensive security, governance, risk and compliance, etc. So you definitely want to use these resources. But I would probably do YouTube, First, because at the end of the day, it's free and there's a lot of wealth of information.

But additionally, as I mentioned before, you can't believe everything you see in here. And even some of these videos that are talking about different things, they might be missing the boat. Or they might be missing key aspects of whatever they're explaining. So you want to make sure you consume multiple sources.

If you really want to know about cloud security, uh, again cyber threat intelligence, CTI. You want to make sure that you're looking at videos that have that holistic picture when it comes to online courses.

The other thing that you want to do is attend workshop and conferences. Participating in workshops and conferences, again, local. You don't want to do the big ones right off the bat. Yes, they're fun, they're exciting but if you don't like crowds, if you don't like people, then you might want to do the local smaller venues or events,

And then the last piece, we can't have any video on cybersecurity IT without talking about AI. OpenAI released chat GPT. 4o now you can have a conversation with it. And just a funny example. One of my, uh, neighbor's kids was talking.

I think I asked, the typical question adults ask, kids, what are you going to be when you grow up? Which is bad. But, they answered, they gave me the response. I'm like, Hey, let's find some more information on that. I grabbed my phone and talked to ChatGPT and it was able to quickly come up with some ideas and tips and they weren't as surprised as I was because I think obviously they grew up with technology.

For me, it's just mind blowing. That information is at your fingertips. You should not be scared of this technology. We need to embrace it and understand its capabilities and of course limitations because I'm looking at it from the positive and the negative perspective, right? So you need to look at it as an opportunity. How can it help you in your job finding endeavors? There's multiple ways of doing that. For example, I'm using it to help me study for the CISSP. I'm asking it, Hey, come up with scenario based questions on this particular domain.

So they're the options and the different ways of using this phenomenal. On the flip side. How are adversaries going to use this now? Spear phishing emails? We can easily pick them out because they have bad grammar. Now, that's no longer the case. Here is when security tools need to step up the game to filter the emails because people will not be able to differentiate the good from the bad.

And then you look at voice. So now it can do translation. So that is, you know, maybe phone fraud is going to start increasing and targeting the elderly community. So we need to look at holistically this technology. It's magical. Seems like magic, but there's so many opportunities, but we need to be cognizant about the negative aspects as well. But at the end of the day, by consistently seeking out new knowledge and experience, you'll keep your skills sharp and stay ahead of the ever changing landscape in cybersecurity.

Tip #4 - Finind a Mentor!
---

[00:13:37] Danny: Okay, moving on to number 4 finding a mentor, connecting with experienced professionals who can guide you through your career path is invaluable. Mentors provide advice, feedback, and encouragement, help you navigate the complexities of cybersecurity field or any field for that matter.

Identify potential mentors. Look for mentors within your organization, professional networks and industry events. For example, you might connect with a senior security analyst at your company who has years of experience in threat intelligence. Additionally, you can also leverage LinkedIn to identify and reach out to potential mentors in the field.

How do you initiate this relationship? Approach the potential mentors with a clear idea of what you hope to gain from the relationship. If you want to get into cyber. You need to make sure you understand what aspect or what domain or what job function within cybersecurity you want to be in.

So then the mentor, whether if it's their speciality or if it's not, they can point you in the right direction. For example, "I'm looking to develop my skills in risk management. Would greatly appreciate your guidance based on your extensive and awesome experience in this area."

That's one way to reach out. But then the other one, we need to be respectful of their time. And one thing that I struggle with is how many times do I engage with them? Or try to engage. I send them one connection, primarily through LinkedIn. No response. Okay. Do I send another one?

Sherry Peng, one of my previous guests, she said, you should reach out a maximum of three times. . You want to reach out, do the introductions, understand what you want to get from them or what advice or resource that you want for the mentor. If they don't respond, you want to wait maybe about a week. And after that, again, if they don't respond, you might want to prolong it or shift to maybe two or three weeks would be your third one.

And then after that, if they don't respond, then either they're not as engaged in LinkedIn as you think they are, or they're super busy. So from there, you just shift. So you're always constantly looking for opportunities to identify mentors and help you and don't take it personal if they don't respond But I think three is that magic number.

And when you find your mentor, you want to have regular meetings and provide feedback. Establish these meetings via schedule to discuss your progress, challenges, and overall goals. For example, you might meet monthly to review your career development plan, receive feedback on your performance and discuss industry trends.

This is probably more if they actually work with you at your company, but you would have to tweak it a little bit. If you're reaching out to somebody on LinkedIn or maybe even a family member to help you navigate.

And then the other thing you could participate in professional associations, again, in your backyard. And as examples, I'm not advocating, I'm not promoting any of their services. But ICS2, ISACA are examples of cybersecurity professional associations that do offer mentorship programs where you can connect with seasoned professionals.

These associations often host events, webinars, forums that facilitate that mentorship and professional development. So it makes it a little bit easier and less awkward, um, instead of reaching out on LinkedIn , having a mentor can accelerate your career growth. That's something that I do

anywhere I start working, I always ask my employees, Do you have a mentor? If not, why? And I've gotten the full spectrum of answers. And one thing that I do also on LinkedIn that I forgot to mention that. You know, for me, I have, let's chat within my profile. So I'm dedicating a certain amount of time throughout the week to chat with people who want to learn more about the industry or seasoned professionals.

So you might want to look at that on LinkedIn as well to see who's given back to the community and ping them. They have their virtual door open, so to speak, as opposed to it being closed, if that makes sense.

Tip #5 - Local Government
---

[00:18:11] Danny: And the last thing, it's based on a story. So I met with a local county CISO and they mentioned, you know, one of the most underrated and undervalued job markets in this country, local governments. Yeah, local governments. I was kind of floored by that. So when you start your career in cybersecurity, it's easy to be drawn to the big tech firms or large corporations because they have these salaries, these benefits, et cetera.

However, local governments also offer valuable opportunity for cybersecurity talent. Working in local governments can provide unique benefits that are foundational for your career growth. Here are some things to consider concerning local government jobs. One, their diverse role exposure. Local governments often have smaller teams, meaning you'll have the chance to wear multiple hats.

And I know that might be scary for some, If you're in a big, large corporation, wearing multiple hats can be extremely stressful. But in this case, it's a bit different. So for example, you might handle network security, incident response, and policy development all within the same role. This broad exposure helps you develop a wide range of skills and holistic understanding in cybersecurity, something that you can never.

Get at a large corporation because they hired you for this role in this role only. If you're doing anything else, that's going to be frowned upon The other thing is hands on experience and local government setting, you may encounter fewer layers of bureaucracy compared to large companies. I kid you not.

I had to read the book titled how to hack your bureaucracy to really navigate the large corporations. There's so much inefficiencies and time wasted just due to bureaucracy. A local government perspective, this means you can often take on more responsibility and get again, hands on experience faster.

So for instance, you might be directly involved in developing and implementing security measures for your entire organization, giving your practical experience that can be invaluable as you progress in your career. Working for the local government allows you to contribute directly to the safety and security of your community by protecting local infrastructure, such as public services, schools, municipal system.

You're playing a crucial role in safeguarding the public's data and privacy. While it's true local government positions may offer lower salaries compared to large tech firms, the benefits of diverse roles, hands on experience, community impact, and professional development can be invaluable. These foundational experiences can set you up for a successful, fulfilling career in cybersecurity. So there you have it. Five actionable tips to increase your chances of landing a cybersecurity job. Remember, it's just not about sending out applications. It's about smart strategies and building a strong network.

If you found this video helpful, give a thumbs up and don't forget to subscribe for more tips and advice for my future guests. See you next time.