How to get your first job in cybersecurity

1Password Team

19 days ago

Cybersecurity can be a fascinating and fulfilling career path. But it’s also an industry many aspiring professionals find difficult to break into. What’s the best way to approach job hunting? How can you develop the skill set to find and secure your first promising opportunity?

On this week’s episode of Random But Memorable, cybersecurity expert Heath Adams, also known as “The Cyber Mentor,” provides many insights on how to make it in cybersecurity. Adams is the CEO and founder of TCM Security, a veteran-owned cybersecurity company that offers hands-on, affordable training and penetration testing services. As a prominent cybersecurity educator, he also knows a lot about building a career in the field.

In a free-ranging conversation with 1Password’s own Michael Fey, Adams covers the foundational skills you should focus on first, practical ways to get started, and the importance of networking and authenticity to build your career.

Enjoyed this podcast episode? Share your thoughts in our forum thread!

Tip #1: Start with the basics

Don’t skip ahead and dive into complex cybersecurity topics before you’ve mastered the fundamentals.

“There are some foundations to cybersecurity,” Adams explains. “In my opinion, those are help desk skills (or your A+ certification-type equivalent), computer networking, some Linux and programming, and then your general security knowledge.”

You’ll build your cybersecurity career on top of these foundational pillars. Understanding how networks and computer systems function and how programming turns human intent into the apps we use daily will give you the context needed to think critically about cybersecurity.

You’ll then be ready to hone more specific cybersecurity skills, such as how to defend -- or attack -- these systems.

Learning resources

Tip #2: Take advantage of free resources

Heath emphasizes the importance of using free resources. “Today, there are lots of training resources,” he says. “There are great YouTube content creators and just a wealth of information out there”.

Cybersecurity used to be an almost entirely self-taught discipline. But today, “you’ve got universities teaching cybersecurity, and various resources from completely free to paid that you can use to find your path in,” Heath explains.

Don’t forget to include 1Password’s Random But Memorable podcast on your list of free resources! Episodes include expert interviews and educational Crash Course segments on foundational cybersecurity concepts.

Learning resources

Tip# 3: Build your lab

As you learn more about cybersecurity concepts, you may wonder how they work in practice. What’s it like to sign in to a server from the command line, or perform a more complex maneuver, like exploiting an Active Directory vulnerability to gain access to an environment?

The best way to progress is by “labbing”. You can simulate various scenarios and practice practical skills using virtual machines, inexpensive hardware, or older devices that you might have lying around the house. Building a “home lab” gives you a safe space to experiment and build confidence before starting your first job.

“When I was going through my networking classes and learning about computer networks, I bought some really cheap Cisco switches and just learned how to put those together,” Heath says.” I learned how to make a network run and operate. There are lots of things you can virtualize with virtual machines and networks too, so you don’t have to spend money on equipment.”

He adds, “If you want to work in offensive security, I recommend building out an attack lab. For example, you could build an active directory domain with a couple of workstations. So it’s kind of like you’re, simulating a work environment. And then you can just play different attack roles.”

Learning resources

VMWare Workstation (free)
Parallels (paid subscription)

Tip #4: Network, network, network

Get involved with the cybersecurity community to increase your hiring chances. Reaching out and meeting people already in the industry will help you encounter someone hiring for entry-level positions.

“A lot of big cities have meetups for cybersecurity,” says Heath. “So go to those and go to local conferences. Just putting your name and your face out there is really beneficial. Join communities on Discord, Slack, and LinkedIn. Just making sure that your name is known helps a lot.”

For example, in Toronto, Canada (home to 1Password HQ), local information security professionals attend SecTor, BSides, and monthly meetups like TASK. Search for similar meetups in your city — you never know what you might find!

Learning resources

Tip #5: Perfect your resume

A messy, hard-to-follow resume will encourage recruiters to dismiss your job applications. Heath recommends “having a clean resume”. In particular, he explains, you want “something that is concise. Keep it to one or two pages.” This will make it easier for hiring managers to identify that you’ve got the right skills and experience.

“I shouldn’t have to look for your certifications on the bottom of page two,” says Heath. “Put them on page one where I can see them. Same thing with your education and your most relevant job experience. That should all be on the first page.”

Learning resources

Crafting a Winning Cybersecurity Resume: 8 Tips and Tricks (TCM Security)

Tip #6: Run your own race

Many people are affected by imposter syndrome. It’s normal to feel like you don’t “belong” in cybersecurity, or haven’t accumulated enough experience yet. Remember: your career is a journey, and it’s better to focus on progress than perfection.

As Heath notes, knowing everything about cybersecurity is virtually impossible because the field is dynamic. As technology evolves, attackers invent new techniques, and defenders devise fresh strategies to counter them. The constant change is both challenging and part of the appeal of cybersecurity.

Imposter syndrome is “something that we all go through,” Heath says. “And it’s something that never fully goes away, especially with social media.” However, “as long as you’re better tomorrow than you were today, and you continue to work towards being a better you, that’s all that matters. You can’t compare your success to somebody else’s success. It’s not linear.”

So keep learning, keep practicing, and keep sharing your work with others. If you show the right passion and dedication to the craft, you'll likely make progress and find a job in the cybersecurity community.