In this article we want to take a closer look at getting into the cybersecurity industry at the bottom rung of the ladder. We’ll explore some of the concepts covered in this general guide in more detail in future posts. Let’s begin by examining the skills required for a junior job in IT security.
Before you begin down the route of brushing up your CV, you should consider that the IT Security industry isn’t suited to everyone, regardless of your IT experience. There are many soft skills required for a successful career in cybersecurity and these aren’t necessarily the same that you will find for roles in IT. Whilst some of these can be learnt, others some people will either have or not have.
Whilst there are a wide range of roles and careers to be found in the cybersecurity industry, there are some common skills that will put you in good stead for getting your foot in the door and landing that first job. These include:
• Interpersonal skills: Cybersecurity doesn’t exist in a silo in the same way many IT functions could be seen as doing. In large companies especially, candidates need to show that they can communicate diplomatically to departments or individuals within the organisation that may not see IT security in the same way as they do.
• Management skills: It’s inevitable that rising up the career ladder in an IT security role will eventually lead one to a managerial role. Succeeding in this requires candidates that are as good with people as they are with code.
• Practical skills: IT security is a fast moving and constantly evolving field, with new threats and challenges frequently presenting themselves. If candidates are to succeed in their career, they must be able to think outside the box and develop new approaches and strategies. Not every IT security threat can be beaten through tried and tested technological methods alone and may require adopting new approaches that factor in people and process.
• Forensic attention to detail: Almost all junior IT security jobs will require a candidate to have a forensic attention to detail. Most competent coders will have this in abundance but there are many other academic and career paths outside of traditional IT where these traits can be found such as law, maths and physics.
• Well organised: Even the most junior of IT security roles will involve taking on many responsibilities that require meeting deadlines, often under pressure. Good time management and organisational skills are therefore a must, as is the ability to work independently.
As much as skills are important to getting a junior cybersecurity job, you still need the right qualifications to get on the bottom rung of the ladder. There are many different training pathways into IT security so let’s look at some of them now.
I could devote an entire article to the various qualifications and certification that will be applicable to candidates looking to start their career in IT security (something I will endeavour to do soon on these pages) but for now let’s give an overview of some of the more common and useful qualifications you should think about.
There are many jobs in the field of cybersecurity field but to make it easier, I’m using a junior cybersecurity analyst as an example, as it is a common entrance point into the industry.
• Relevant Degree: Although there several academic institutions in the UK that now run higher education courses degrees in cybersecurity, a degree in IT, computer science, network engineering or other STEM subjects like physics and maths are all valid pathways into your first IT security job.
• CompTIA Qualifications: The Computing Technology Industry Association run two courses that act as very good entry points into cybersecurity – the CompTIA Security+ qualification and the CompTIA Advanced Security Practitioner (CASP).
• Certificate in Information Security Management Principles (CISM): The ISACA Certified Information Security Manager (CISM) is an internationally renowned qualification and suitable for candidates with five years or more experience looking to make the step up to a more senior role.
• Certified Information Systems Security Professional (CISSP): The (ISC)² Certified Information Systems Security Professional (CISSP) certification is suitable to candidates with five or more years’ experience and is more suited to those looking to branch into information security audit and IT governance management.
Qualifications are one thing but don’t underestimate the power of genuine experience. Being able to demonstrate real world examples can help to highlight your skills and aptitude for a job in cybersecurity whilst also showing dedication and commitment to your chosen career. Cyber Security Challenge UK run a number of challenges that test individual’s skills in tasks related to cybersecurity and critical thinking. Whilst it is not a qualification itself, it can act as an entry point for those looking for a route into cybersecurity.
You might also want to think about setting up a testing environment yourself so you can start to get hands on experience of network security and hacking, all within the safe confines of an isolated environment.
If you have the qualifications, skills and experience required to apply for your first job in IT security then it’s time to start thinking about the application process and that starts with a great CV.
There may be a growing cybersecurity recruitment crisis but that doesn’t mean that landing a job in this industry will be easy. You may well have the qualifications but employers will be ruthless when it comes to assessing CVs and the interview process will scrutinise your temperament and aptitude as well as your skills and experience.
When it comes to writing up your CV, it is an absolute essential that you check, check and check again for spelling mistakes and poor grammar. In a job that demands high attention to detail, letting a typo slip through the net is not sending out a good message. Your CV should cover your education and all relevant training, qualification and experience you have. It pays to customise and tweak your CV to the job you are applying for. You may also want to read our tips on getting a job in the cyber security industry post to further enhance your chance of landing that dream job.
Once it comes to the interview it’s important to project confidence but never try to stretch the truth when it comes to experience and expertise as any half decent employer will see straight through it in no time. It’s also important to remember that practical skills and personality are just as important as qualifications. Technical know how is only one side of the coin and employers will be trying to ascertain how well candidates deal with unpredictable situations, as well as people and processes.
Employers also want to know that you are committed and dedicated to your chosen profession. They may ask you topical questions related to the IT security industry more generally. Being able to demonstrate an enthusiasm and passion cybersecurity can set candidates apart, so make sure you are well read and up to date on your field, whether it’s information assurance, confidentiality and the GDPR or encryption and penetration testing.