.png){kind=small}
Today's new recruits in the cyber security job market are finding it increasingly more difficult to get that first foot in the door. Some of the job postings I've seen in the last couple of months are asking for experience of over 3 years for an entry level position, which makes you think, "how is it even possible to get a job in cyber security?". Before I get to techniques on how to overcome this experience "requirement", I would like to discuss the topic of experience a little further.
Experience:
If you've ever watched any of my videos on YouTube or read any of my blogs on cybersecguidance.com, you would have heard me say "experience is king". It's a truth that I have to repeat often, as a lot of student's fresh out of college find it hard to find a job when all they have to show is a degree in computer science (or similar). We need to rewind a few years back to around 2010, when "Cyber Security" as an industry within IT first sort of started to show its teeth as an area outside of systems, networks and software development. Endpoint management, Email security, Firewalls and Layer 1 network security were starting to become hot topics and SIEM's starting to push through to the small to medium business markets as an affordable product. At this time, these businesses didn't have dedicated Cyber Security professionals, instead having either Systems Administrators or Network Engineers, or sometimes both Systems and Network Administrators all bundled together into one. For the hiring managers at these organisations (especially in Australia), shifting their mentality of hiring outside of these more traditional spaces is still a bit hard to understand, especially when there are still so many Network Engineers and Systems Administrators wanting to break into the Cyber Security industry by utilizing their years of professional work experience.
So, imagine that you're fresh out of university - bright eyed and bushy tailed - you're looking to prove yourself against the masses! Don't stress, there's this magical form of experience that you can do from the comfort of your own home - Home Labs!
Home Labs:
Creating your own home lab is an absolutely vital part in showcasing your skills. The way to go about proving these skills works similar to how the STAR methodology (Situation Task Action Result) works, and would be relayed to a hiring manager in an interview. Start with what it is you're creating this lab for, the problem it solves, then explain exactly how it was created, for example; "I have a blue team lab for analysing packets in my home network so I have a better understanding of what is going in and out of my network. I achieved this by creating a virtual firewall appliance that sits underneath my router. The logs from here export to a logging machine which I use {insert log analysing tool here} to inspect the traffic in an easy to manage way. I have specific types of packets setup with automatic notifications so I know exactly when something dodgy is going on. With this, I am able to achieve a better understanding of what is happening on my network and potentially stop any malicious activities from occurring, and have so far stopped {insert how many and which type of attack here} from breaking through to my devices on the network."
This might sound very simple and while it can be achieved with free tools, it showcases the very basic front-line layer of a Security Operations Center (SOC). Pretty cool huh?
There are other types of home labs that you can create which relate directly to the job you're apply for, and showing these skills off as experience on your resume followed up with huge amounts of passion and pride on your part will help to push you ahead in an interview.
Comments