Starting Out in Security
Opinions expressed are solely my own and do not express the views or opinions of my employer
I was recently challenged to give a talk on how people can make a start in security aimed at entry level people, so I decided to spend a couple of hours putting my thoughts down to paper.
My hope is that at least one person finds it either useful in starting out or it inspires an established security leader to similarly do something to benefit or grow the broader security community. I thought I would probably have a little more reach through LinkedIn than standing on my soapbox in the garden.
Why security?
An obvious first question to answer is why would you even want to work in security? I would hope this would be pretty obvious to most people reading this article. There are hundreds of reasons why people gravitate towards security as a career, and rightfully so. It should be a career of choice for so many — but sadly it isn’t yet.
If you have a deep love of technology or a desire to fix things including laws and international cooperation or maybe a knack for figuring out a way past controls, then you’re already half way to making this a career. That passion (particularly for improving the status quo) will be the one thing you find in common with pretty much everyone in security. Some of the most passionate people in an organization are hidden in the security team — So passionate that they end up inspiring the next door neighbors kids to dress up as identity thieves for Halloween (true story from one of the most inspiring women in cybersecurity I’ve met).
If you’re still looking for a reason to work in security, perhaps it is worthwhile remembering that this is is also one of the few careers, where the financial rewards are multiplied exponentially by the benefit that you can give back to society. It’s really a simple equation in the end:
So hopefully if you needed a little extra convincing to look for a (new) career in security, you’ve just found it and are eager to read the rest of my humble advice and pursue security as a career of choice.
Act like you own it
You’ve probably heard this sage bit of advice before. The premise being that an owner will always act in their own best interests, and put in the extra effort to take care of things. So the question is why wouldn’t you want to do this with your career? So if you want to work in security, then act like you already do. This probably sounds simplistic, but it describes so much. It means taking your own and your own families security seriously and spending time to secure your own home network and technology. It means thinking about security in your current role and doing a little more each day to be secure in your practices. It means getting out into the security community and getting along to meetups and meeting other security professionals. It means that you are what you make of yourself.
Own it!
Don’t be afraid to get help though
You’re probably concerned that even with all this effort on your part, that great role won’t just land in your lap. You’re probably half right, but if you’re getting out in the security community, then you’re making some of the most important connections of your career. So don’t be afraid to reach out to people you meet.
Not only can they help guide you to that next role, but they can be your biggest advocate and help shortcut some of the automated AI/ML recruitment bias that is used to filter your resume.
Don’t forget — you can’t know everything and will need mentors throughout your career, so get used to asking for help now.
Finally — be resilient
Sadly you’re still going to hear NO an awful lot. This isn’t your fault and doesn’t mean you couldn’t do that job. It just means that that job wasn’t right for you. Too often hiring managers are focused on experience and not talent or capability. They may have forgotten that they started somewhere and someone gave them a shot to make their name.
And that’s the type of person you want to work for — someone who will take a chance on your talent, be interested in you as a person and invest in your development. Until then, it’s ok to be told No — because it wasn’t right for you anyway. So keep looking. Be strong.
So good luck and thanks for all the phish…
Seriously though, hope this was useful guidance to those starting out in their security careers. Don’t be afraid to reach out to me personally if I can help out in anyway.
