How to find a job in cybersecurity

In an industry still experiencing a talent shortage despite the pandemic, recruiters and observers offer advice on what job seekers should and should not do.

How to prevent unattended SSH connections from remaining connected
1:53

Before the COVID-19 pandemic there was a significant talent shortage, especially in the IT and cybersecurity industry. While there are an estimated 2.8 million cybersecurity professionals, "it would take a 145% increase in the number of these professionals in order to fill the current estimated need for 4.07 million cybersecurity professionals," according to the latest Cybersecurity Workforce Study from (ISC)2.
 
With cybersecurity threats increasing during the pandemic, there is still a pressing need for talent. Recently, security solutions integrator Optiv asked several recruiters what advice they would offer those interested in exploring security jobs.
 
SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic)
 
"Some of what they have to say is generic to all job searches and speaks to the lack of diligence with which some applicants approach the hunt," Optiv said in a blog post. "Detail-focus is critical in security environments, so mistake-ridden applications immediately call the candidate's suitability into question."
 
One recruiter noted that "the problem I'm seeing is an increase in individuals who may have the skill level/talent level we want, but they're failing on the basics,'' according to Optiv. "As a result, they get rejected before they ever get to the hiring manager."

Some advice from other recruiters Optiv spoke with:

  • Double, and even triple-check all communication for spelling and grammatical accuracy. If you leave errors unchecked, it raises questions about your ability to present and sell the organization you're applying for to their clients. This is also true for emails, social media posts, and any other written correspondence.
  • Candidates should do their research and tailor their résumés to the position they're applying for, being sure to highlight their experience relevant to that opportunity. Make sure you address the must-have skills listed in the posting. "It is critical to take the time to learn about the company with which you're applying. Also, if you get an interview, be sure to have a question or two prepared for the interviewer.

More industry-specific advice

All cybersecurity jobs require mastery of computer science, and for those interested in applying for a cybersecurity analyst position, it's not a hard requirement that you know every aspect of every enterprise system and its security features, according to Dice.

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

The field is constantly changing, and so have the requirements for positions like cybersecurity analyst. Because there weren't cybersecurity degree programs 20-some odd years ago, IT professionals were learning networking protocols before they learned how to secure networks, Sherrod DeGrippo, senior director of threat research and detection at security firm Proofpoint, told Dice. This makes it important to consider applicants beyond their direct cybersecurity experience. Personality is also a factor, DeGrippo said.

One recruiter advises job seekers to avoid acting out of a sense of urgency. While they might be eager to get their career back on track after a setback caused by the current pandemic, they should avoid over-applying to every role they think is a potential fit.

The recruiter advised that candidates research the company as well as the open position and speak with the people in their network to get some additional insights if possible. In this hiring environment it is highly likely candidates will encounter more competition, so make sure to be selective and focused on what your career goals are. This will also make a stronger impression with the prospective employer, the recruiter told Optiv.

Given the significant coronavirus-driven shift to remote work, another recruiter suggests that candidates may want to emphasize their work-from-home capabilities such as technology, office set-up, and past telework experience, as well as their flexibility to eventually return to an office environment.

Applicants who may have extra downtime during the quarantine should investigate security-related online courses, suggested another recruiter. There are many of them, and most are free. Taking courses allows job-seekers to earn specific security-focused skills and even industry certifications.

SEE:
Time for a new job? Check out 16 cybersecurity courses on the basics, SOC skills, and new privacy rules (TechRepublic)

The recruiters Optive spoke with also recommend that those interested in the cybersecurity industry, but who may lack the experience and qualifications needed right now, take a longer view. Many open jobs require experience and certifications, so someone who doesn't have one could focus on working toward what the job description is asking for.

"There are a host of career tracks in cybersecurity, and the more you know about them the better able you'll be to identify the area that interests you most and begin preparing for it,'' Optiv said. "Applicants who focus their efforts toward specific roles will have an advantage over those who haven't done this background work."

For those with less experience, Optiv noted that there are thousands of cybersecurity companies "and the industry talent gap has created an unusual set of opportunities for those with fewer directly applicable technical skills. Many cybersecurity pros come from non-technical industries, and some hiring experts emphasize the importance of solid work habits, soft skills, management ability, strategic business acumen, problem solving, and innovation in helping in getting started."

Also see

Man working on laptop computer keyboard with graphic user interface GUI hologram

Image: Blue Planet Studio, Getty Images/iStockphoto