How to "Break into" Cybersecurity

Getting a job is difficult. It is even more difficult when you get your first job, and even more so when there are concerns that you are unqualified. This is why it is so difficult for freshmen to get co-ops and internships. If they do, they tend to be at smaller companies. Yet, I managed to work for Cisco as a freshman, and I know other people who worked at big names in the security field. It is possible, and in this post, I hope to share my experience to help you.

Disclaimer

I am writing this post with the intention to offer some opinions based on my personal experience.

Ultimately, ever scenario is unique, and so you should make decisions with the support of people who know your specific situation.

I personally have given people advice that is inconsistent with some of the advice I offer in this article, due to their situation.

Getting to the Interview: Quantity, Quality, and Visibility

My biggest hurdle has been getting to the interview stage. Based on personal experience, and discussions with hiring managers, it is clear that four things matter to get to the interview stage:

  • Quantity: How many positions you apply to
  • Quality: How prepared are you for the job
  • Personality: How good of a fit are you for the team
  • Visibility: How likely is someone in a hiring position to see your resume

Quantity

You will get rejected, a lot. One of the best things that you can do is submit a bunch of high-quality, tailored applications. There is a lot of randomness, especially for high-demand entry-level positions. This is why I try to apply to 100 places minimum over a given academic year.

Vary where you apply. Try different regions, different sizes, different notariety. Make sure to apply to places that may not be as competitive. If you are only applying to FAANG companies as a freshman, you have very little chance of success.

Quality

There is an assumption that freshmen do not have the skills necessary to get an internship. While a generalization, that is not entirely wrong. At most universities, your first year will be very basic. This is to allow everyone to catch up to the same point.

Most of the people that I knew who had freshman internships had a strong grasp on security and had demonstrated their skills through competitions, research, and projects. Demonstrated skills are good for multiple reasons:

  • A person reviewing your resume can see that you have experience (rather than saying you have experience)
  • You have something to talk about during interviews
  • You show desirable traits, such as drive, independence, and a desire to go above-and-beyond

"Entry-Level" Jobs

I see a lot of comments on LinkedIn and in person, that "entry level jobs are not entry level." I don't have any opinion on the broad assertion across industries, and I have seen some positions with unreasonable requirements. However, here is how I have generally seen positions work within cybersecurity internships.

A cybersecurity internship usually does not require prior paid work experience, but it does require prior experience.

It would be unreasonable to expect an employer to take a chance on you if you have never showcased your skills before. Unfortunately, for virtually every position, you will be competing against people with demonstrated experience. So, if you want to get selected, you need to make sure that you are competitive.

There are many ways to get experience. Competitions are fantastic. Research, or doing work with a school (such as a TA) is another good way. I personally did work during my spring semester freshman year with my school's executive education department, which I talk about frequently during interviews. Individual projects are another fantastic way. I know people who have written a C2, and gotten significant interest from employers because of their C2. If you can't showcase your skills, you have a low chance of getting hired. If you can showcase your skills, you are more likely to get to the interview round.

Programming Experience

This is a contentious topic in cybersecurity, but I would generally recommend that people become confident with software engineering and programming. Software is a core component of security and an easy way to build the side projects that differentiate you. Many of the places that I have gone required HackerRank (or similar) challenges and programming has almost always come up in technical interviews. If you do not have programming experience, or are not a confident programmer, it will put you behind candidates who do have that experience.

Personality

For entry-level and internship positions, companies often times are looking for good personalities, not just good technical background. A strong technical background tends to be an indication of good personality, but it is more than that.

Companies often look for people who are dedicated and passionate for their work. They want people who go above-and-beyond what is asked of them and require little direct guidance. They want people who work well and communicate well. There are countless desirable traits that a hiring manager will look for, and I imagine you know (at least in theory) what a good employee looks like.

Now, ask yourself, how can I demonstrate these positive personality traits on my resume. Anyone can say that they are dedicated, but it is much more difficult to show it. While my resume is far from perfect, I try to show positive traits through my work:

  • Communication through research presentations and my blog
  • Dedication through independent projects and high school FIRST robotics
  • Leadership through RITSEC and FIRST Robotics

Visibility

Visibility is what I struggle most with, but I slowly seem to be increasing it. You want recruiters to see your resume and know your name. There are ways to increase your visibility within the industry:

  • Networking and referrals
  • A strong LinkedIn and online presence
  • Presentations at conferences
  • "Big name" companies

If you play your cards right, recruiters may reach out to you, rather than the other way around, even for internships. Personally, every interview I have had so far was either initiated by direct contact from a recruiter or a referral from a connection. Thus, I am working hard this year to increase my visibility both through in-person networking and online.

There is a reason why I am beginning a blog this year.

The Interview

Interview processes vary by company, and you can find a lot of tips online on interviews. I have not had a lot of interviews, so I cannot make broad generalizations of how interviews go. However, I have encountered the following types of interviews so far:

  • Phone Screening
  • Informational Interview
  • HackerRank
  • Software Engineering Technical
  • Cybersecurity Technical
  • Video Technical

During general interviews (phone screening, informational interviews), I try to keep things pretty high level and elaborate in line with the questioning. The STAR (Situation, Task, Action, Result) is my go-to for answering questions, and I really like telling stories about the projects that I have done. I generally find that stories resonate the best.

During technical interviews, I really try to showcase my thought process. Even if I am not 100% technically prepared for the role, I want to show that I can learn and that I have a strong understanding of the fundamentals. The person on the other end of the line wants to see how you think, and it is your job to communicate that as clearly as possible.

The Offer

If you have an offer, take a little bit of time to think about it. Does it align with your career goals? Can you logistically make it work?

Usually, I recommend being more flexible with your first position. It is very difficult to get a company to take a chance on you when you don't have prior experience, and you are better off with a suboptimal position than no position at all. Your second time, if you are seeing interest from multiple companies, you can be more selective. Ultimately, that decision is for you to make based on your circumstance.

Should I Negotiate?

This is a contentious issue across industries. Generally, I think it is a good idea to try to know your worth and decide based on that. There is no significant harm in negotiation but decide before you start if you will take the offer if they refuse to do so. Personally, I was thrilled with the offer I had as a freshman, so I decided not to negotiate, but I would be more likely to this time around.

Accepting a Return Offer

I have included an article from my friend, Olivia, about accepting a return offer. I originally did not believe it to be true (I expected my second time to be as hard as my first time) and while it is still rough, your second job is generally easier to get than your first.

Switching Companies: Internship Return Offers - Olivia A. Gallucci
Switching companies can be scary for people who struggled to get an internship offer: it’s like, will I get another offer?

A Career. Delivered.

Sign up for my email list to get emails whenever I write posts.

Sign Up Now