Blog Post Heading
Blog Post Content
…But Beware of the Heat in the Kitchen
By Joe Peters
Senior Editor, MindEdge Learning
As the most recent wave of college graduates weighs its employment opportunities, it may find that the door is open to a job in cybersecurity—even if that door is a revolving one.
While the numbers vary a bit, the leading industry organizations all indicate a significant demand for cybersecurity professionals. One of the bellwether industry groups, the ISC2, estimates that there are currently almost four million unfilled cybersecurity jobs. The market is so strong that the ISC2 recently shifted its focus to entry-level professionals, unveiling the CC (Certified in Cybersecurity) credential.
However, those looking to enter cybersecurity may want to consider some other data points, as well. A 2023 Gartner report indicated that half of cybersecurity professionals will leave their current jobs due to stress levels, with a quarter of those individuals choosing to leave the field entirely. Other industry surveys have reported similar levels of job disillusionment.
The day-to-day grind of security jobs often doesn’t match the hype. If you imagine that a job in cybersecurity has all the glamor and excitement of, let’s say, an episode of Baywatch, the reality is closer to being the lifeguard at a kiddie pool. Still, as is pervasive throughout technology, the job can involve 24/7 pressure. Cyber infrastructure is mission-critical, which means it is always on and constantly under threat of outside attack or internal failure. And that can be a recipe for burnout.
And so, while cybersecurity postings on Indeed remain plentiful, behind the numbers there may be a game of musical chairs going on. Some of those many job openings are likely created by professionals making lateral moves to other companies, in the hope of securing better pay or working conditions and avoiding burnout. As a result, recent graduates should understand that when they step into an office or video conference for a job interview, they may well be going up against candidates with lengthier resumes.
To help even the odds a bit, here are four tips for standing out in a good way during a cybersecurity interview:
-
Know what you want to do
One of the things that brings a quiet chuckle from experienced professionals is a candidate who says, “I want to get into cybersecurity.” That’s like an athlete who says, “I want to get into sports.”
-
Value experience
The flip side of knowing what you want to do is having something to offer. Young candidates often lament that they just can’t get professional experience in technology or security—but that doesn’t mean it is hard to acquire volunteer experience. There are plenty of small worthwhile nonprofits that could benefit from someone who will organize their technology and draft good documentation. Such work can stand out in an interview because it shows the candidate has initiative and has worked under the pressure of having to get things right.
-
Develop “soft skills”
Buried in the stats regarding cybersecurity burnout is the failed communication between security professionals and the rest of the business. For cybersecurity professionals, good communication requires a modicum of business skills. Granted, business skills—such as budgeting and the ability to read financial statements—aren’t exactly “soft” skills, but they’re certainly softer than the ability to write a firewall rule or configure a VPN. And these skills are really valuable for cybersecurity professionals.
-
Get out from behind your screen
Communication is a skill that has to be practiced. As you are looking for a job, seek out user groups in your area. Join local chapters of ISSA or other associations and attend meetings to interact with other members. Learn how to speak and write peer-to-peer. Most important, practice distilling the complexity of cybersecurity into succinct, well-prioritized messages while on your feet.
Cybersecurity isn’t a distinct industry or discipline; it’s a measure of how well we do a lot of other things. Good security results from professionals who do their jobs right the first time. Smart companies seek employees who have a good foundation in technology and want to apply that knowledge in some specific way. Whether it is networking, development, physical security, or some other tech area, be sure you know your security focus when you walk into an interview.
By contrast, credential-hunters often dig a deep hole for themselves. There are some good, entry-level cybersecurity certifications: CompTIA’s Security+ has a strong track record, and there are some newer certifications on the block that are also gaining traction. But credentials alone are not enough: good credentials can qualify you for certain jobs and pay scales in the HR algorithm, but a lack of complementary experience says you are a risk. In cybersecurity, you often have to think quickly and under pressure—and that calls for a blend of humility, focus, and teamwork that no certification exam can mimic.
Developing some business skills will help you translate security objectives into something that other parts of the organization can understand. You need to talk about the big picture: If technology professionals are notorious for missing the forest for the trees, security professionals can miss the trees for the leaves.
For any business, the time to listen to a carpenter isn’t when you have a pile of discarded two-by-fours cut to the wrong length—it’s back when you should have measured twice before powering up the saw. In the same way, security professionals who understand the business and are good communicators can help organizations align operational efficiency with security.
Networking in this way can help you get good job leads. Security is all about trust—whether you are talking software, systems, or people. Maybe you haven’t met the manager you are interviewing with, but traveling in the same circles and attending the same meetings or conferences can create the rapport that will lead to trust—and, just maybe, a job.
For a complete listing of MindEdge’s course offerings on cyber security and CISSP®, click here.
Copyright © 2024 MindEdge, Inc.