This is one of the difficult things for me when it comes to getting an entry-level position. Having a four-year degree in cyber security and over 10+ certifications all of which are sought after. On top of that I’m in the top 1% on try hack me, HOWEVER I can’t get hired because I have no real world experience and no hands on training which is what HR/recruiters want as well. I can display my knowledge to HR but they won’t understand unless I’m talking to someone within the IT or Cybersecurity department of that business/company but that hasn’t happened with me yet.
Thanks for the feedback and sorry for your experience even though you are top notch! Top 1% is crazy! I am only half through, finished degree but with no experience (and no extra degrees) it's really hard to find something. I'm looking since mid 2023. (sys admin/devops/networking)
Maybe consider stop getting certs and starting on the bottom of IT (Helpdesk). This is what most people dont get. Cybersecurity is not a entry level field. You NEED experience if not in Cyber at least in something adjacent (SysAdm, NetEng, Cloud Analyst...)
Gatekeeping issue is major. hopefully one day you can look into that, cyber security is filled with gatekeepers and the ppl in this industry gate-keep info who don’t want to see you succeed.
Which is actually trivial to solve, IF the employers are willing to spend resources in training. (they're not) Example: Provide the training for people to move to a new career. For "free". BUT, the person receiving the training signs a contract saying they have to stay at that job, say, for 3 years or refund the company. There, problem solved.
I have been working an IT helpdesk job for 2 years now (relaying infrastucture erros/alerts to corresponding engineers, opening incident tickets etc.). I do not solve the issue, maybe sometimes participate in the process. So the experience I get out of this position is mostly interaction with the different technologies on the infrastructure. I have a lab setup (firewall + VMs "SOC at home") to get hands-on experience, have completed Google's cybersecurity certificate and now working on taking the RHCSA exam. A SOC lv1 position should be easily acquired (generally speaking) but I do not want to transition from a shift job to another just to get into Cybersecurity. Since my "carrer goal" is to be an Incident Responder, I do believe a few years of experience as a (Linux) SysAdmin would be way more valuable in the long run than working as a SOC lv1 -> SOC lv2 analyst. Any thoughts?
As someone who has become increasingly interested in cyber security and pursuing schooling for it next year it is quite interesting to see where others are at. At 25 yrs old and work experience and a TS-SCI clearance i find that i think if you obtain a relevant or helpful work experience it can help push your resume further and more effectively!
Seems like all of the jobs are for senior roles. That’s where the shortage lies. I always say there aren’t (m)any “entry level” cybersecurity roles where people can get that experience. The requirements for those senior roles are a lot, so we HAVE to start networking and getting to know somebody who knows somebody. lol. That’s how I got my job. Word of mouth. Pretty much hired on the spot and been here almost 2.5 years now.
I think it is on company’s duty to consider candidates over the degrees or certifications obtained. It’s true that certifications work as a rapid filter to let certain people in, but it’s also necessary for people with technical knowledge to involve into the HR area and interviewing candidates with technical interviews. As psychology student who has knowledge in recruitment, I think HR people (from a psychological pov) should focus on the human aspects required for the job vacancy (personality, life style, cognitive ability, etc.), and let specialist do the rest of the technical interview to the candidate.
As I CISO - I will tell you the largest issue. People are coming out of college, with a few certs and are green, with no networking or system skills and expecting 100k plus. If you don’t know networking - you can’t be good at security. The problem is the expectation of candidates. I would rather take a 10 year network engineer that costs me 20k less.
This doesn’t at all describe everyone. Your argument is just a cop out. Edit: Btw if this really is the quality of EVERY candidate you come across, it actually speaks to you and your company’s lack of ability in sourcing talent. You should probably git gud
I came here to say basically the same exact thing as a CiSSP and seasoned cyber Architect. There is no such thing as an entry-level cybersecurity job other than maybe a beginner SOC analyst. To be good at security you need a wide array of experience in all aspects of IT, but network engineers with strong firewall or SDN tools experience that can visualize packets moving through a network and troubleshoot at that level make the best security engineers. Studying books and gaining certs helps, but there is no substitute for years of real world hands on experience. I worked in a NOC some years ago in my career, they would hire anyone with a CCNA, then I had to teach them what a network closest looked like and how cross connects work, etc.
Best I can do is do some firewall tweaking and getting switches to talk to each other, other times it's incident response if someone clicks on a fake email, updating workstations and other devices, or going in Mimecast and vetting mail on hold. Not many opportunities out here that can get me out of multi-hat support. It's what's been the common job out here. We do have SIEM that is Sentinel One, though much of that is automated. It's a nice monitoring/management tool though.
This is Hog Wash! As someone who’s been in the industry for 15 years, companies use this excuse as a way to justify their nepotism hiring practices. Tell me this, if everybody working in cyber is so experienced and informed, why are breaches at an all time high? Why are companies letting their customer’s data get stolen with no consequences of doing so? Meanwhile your customers are literally having their identities stolen and sold on the dark web. Maybe it’s time for a different approach and bring on some “inexperienced” people cause the “seasoned” so called experienced folks suck balls! Smh🤡
Grant, how hard is it to get into cybersecurity (ethical hacking, etc) without a degree in IT? There are a lot of online courses that promise you can transition from a different career, complete a course and pass the certificate and land one of those jobs. For instance, the CEH and also Google has their own certificate.
Sometimes it really comes down to who you know. Not to be mean, but a high GPA and the Comptia Trifecta and AZ900 isnt going to get anyone even a helpdesk job, if you arent personable. Some people ruin their opportunity before of their personalities, no one is owed anything in life and sometimes the truth is its who you know not who you are.
i'm about to finish high school this year and i have been researching about cybersecurity jobs because that's all i can think about doing after high school and that's why i see these articles that make me even more interested in this field. i'm still confused on which uni course i should pursue. Should i pursue a information Technology? Do i need to be good at math in order to IT in uni and that make it into Cybersecurity after having some experience in IT? I am from South Africa by the way
You do not need to be good at math, unless you want to specialize in the cryptography space or perhaps software engineering with an emphasis in security.
Get a job, then do online uni like WGU for the degree paper. You will learn very little during the degree. So minimize time spent on it. Take a year break to self learn and find a sysadmin or security job.
There is no real shortage in cyber security professionals but what there is is racism and that they do not want to hire black people so you have all these black people graduating from higher education institutions qualified with the certifications not being hired especially for supervisory positions that are open for long periods of time so you may have a point and what you’re saying I’m not saying you don’t have a point but what about the thousands of black individuals that are not being high because of the color of their skin.
What are you talking about? I’m black and just got hired as a security engineer. I think you mean black people expect to make $100k+ without having no experience in security
wtf so would a 20yr degree qualify job seekers? If a bachelors isn't good enough why do certificates which take far less time exist? If a bachelors isn't good enough then there should not be federally funded loans to put people into debt to get the bachelors. This whole video reeks of gatekeeping and moving the goalpost.
Almost everyone wants to be in cyber security, I had a conversation with a marketing specialist who jumped roles, she used the work relaxing and cyber security in the same sentence, She also has a lot of confidence and higher level process mapping skills. I'm not sure yet but is she going to survive in the cyber security field, will keep you up to date.
![ร้อยพ่อพันแม่ - WanMai [Official MV]](http://i.ytimg.com/vi/XY2pNYASEbg/mqdefault.jpg)
This is one of the difficult things for me when it comes to getting an entry-level position. Having a four-year degree in cyber security and over 10+ certifications all of which are sought after. On top of that I’m in the top 1% on try hack me, HOWEVER I can’t get hired because I have no real world experience and no hands on training which is what HR/recruiters want as well. I can display my knowledge to HR but they won’t understand unless I’m talking to someone within the IT or Cybersecurity department of that business/company but that hasn’t happened with me yet.
Thanks for the feedback and sorry for your experience even though you are top notch! Top 1% is crazy!
I am only half through, finished degree but with no experience (and no extra degrees) it's really hard to find something. I'm looking since mid 2023. (sys admin/devops/networking)
Maybe consider stop getting certs and starting on the bottom of IT (Helpdesk).
This is what most people dont get. Cybersecurity is not a entry level field. You NEED experience if not in Cyber at least in something adjacent (SysAdm, NetEng, Cloud Analyst...)
You should go to IT conferences and network with people as nowadays its about who you know
What’s the 10+ certs you have?
Did you have an internship? In person or online college?
I admire the humility in your videos, it's good to see that you're more concerned with helping people than making ad money off them with click bait
Gatekeeping issue is major. hopefully one day you can look into that, cyber security is filled with gatekeepers and the ppl in this industry gate-keep info who don’t want to see you succeed.
Preach brother.
Sad thing is, afaik, pretty much every industry has this problem with the disconnect between recruiters and applicants.
Which is actually trivial to solve, IF the employers are willing to spend resources in training. (they're not)
Example: Provide the training for people to move to a new career. For "free". BUT, the person receiving the training signs a contract saying they have to stay at that job, say, for 3 years or refund the company. There, problem solved.
so true even in other countries in it industry its so freaking hard to.find jobs because of the jobhunters and job seekers gap.
I have been working an IT helpdesk job for 2 years now (relaying infrastucture erros/alerts to corresponding engineers, opening incident tickets etc.). I do not solve the issue, maybe sometimes participate in the process. So the experience I get out of this position is mostly interaction with the different technologies on the infrastructure.
I have a lab setup (firewall + VMs "SOC at home") to get hands-on experience, have completed Google's cybersecurity certificate and now working on taking the RHCSA exam.
A SOC lv1 position should be easily acquired (generally speaking) but I do not want to transition from a shift job to another just to get into Cybersecurity. Since my "carrer goal" is to be an Incident Responder, I do believe a few years of experience as a (Linux) SysAdmin would be way more valuable in the long run than working as a SOC lv1 -> SOC lv2 analyst.
Any thoughts?
As someone who has become increasingly interested in cyber security and pursuing schooling for it next year it is quite interesting to see where others are at. At 25 yrs old and work experience and a TS-SCI clearance i find that i think if you obtain a relevant or helpful work experience it can help push your resume further and more effectively!
Seems like all of the jobs are for senior roles. That’s where the shortage lies. I always say there aren’t (m)any “entry level” cybersecurity roles where people can get that experience. The requirements for those senior roles are a lot, so we HAVE to start networking and getting to know somebody who knows somebody. lol. That’s how I got my job. Word of mouth. Pretty much hired on the spot and been here almost 2.5 years now.
that kinda sucks for a lot of us. basically having a backup or knowing someone has the higher chance to get the job.
I have discovered the same as well for senior roles.
Thank you Grant . Great content, as always!!
Good info. Thanks.
Grant , your not the only cynical / pessimistic person in this space, I am as well you are not alone
I think it is on company’s duty to consider candidates over the degrees or certifications obtained. It’s true that certifications work as a rapid filter to let certain people in, but it’s also necessary for people with technical knowledge to involve into the HR area and interviewing candidates with technical interviews.
As psychology student who has knowledge in recruitment, I think HR people (from a psychological pov) should focus on the human aspects required for the job vacancy (personality, life style, cognitive ability, etc.), and let specialist do the rest of the technical interview to the candidate.
Its all the companies fault. Back in the day companies used to offer training, they dont do that anymore.
As I CISO - I will tell you the largest issue. People are coming out of college, with a few certs and are green, with no networking or system skills and expecting 100k plus. If you don’t know networking - you can’t be good at security. The problem is the expectation of candidates. I would rather take a 10 year network engineer that costs me 20k less.
But not every candidate wants 100k some of us are just hungry to learn and for some reason everybody wants experience . How do we deal with this
This doesn’t at all describe everyone. Your argument is just a cop out.
Edit: Btw if this really is the quality of EVERY candidate you come across, it actually speaks to you and your company’s lack of ability in sourcing talent. You should probably git gud
I came here to say basically the same exact thing as a CiSSP and seasoned cyber Architect. There is no such thing as an entry-level cybersecurity job other than maybe a beginner SOC analyst. To be good at security you need a wide array of experience in all aspects of IT, but network engineers with strong firewall or SDN tools experience that can visualize packets moving through a network and troubleshoot at that level make the best security engineers. Studying books and gaining certs helps, but there is no substitute for years of real world hands on experience. I worked in a NOC some years ago in my career, they would hire anyone with a CCNA, then I had to teach them what a network closest looked like and how cross connects work, etc.
Best I can do is do some firewall tweaking and getting switches to talk to each other, other times it's incident response if someone clicks on a fake email, updating workstations and other devices, or going in Mimecast and vetting mail on hold. Not many opportunities out here that can get me out of multi-hat support. It's what's been the common job out here. We do have SIEM that is Sentinel One, though much of that is automated. It's a nice monitoring/management tool though.
This is Hog Wash! As someone who’s been in the industry for 15 years, companies use this excuse as a way to justify their nepotism hiring practices. Tell me this, if everybody working in cyber is so experienced and informed, why are breaches at an all time high? Why are companies letting their customer’s data get stolen with no consequences of doing so? Meanwhile your customers are literally having their identities stolen and sold on the dark web. Maybe it’s time for a different approach and bring on some “inexperienced” people cause the “seasoned” so called experienced folks suck balls! Smh🤡
This is more like an experience gap
Man your videos motivate us to grind in this real life world 😊
Thanks
Happy to help!
Grant, how hard is it to get into cybersecurity (ethical hacking, etc) without a degree in IT? There are a lot of online courses that promise you can transition from a different career, complete a course and pass the certificate and land one of those jobs. For instance, the CEH and also Google has their own certificate.
Certifications are useless
1:09 amoungus
Sometimes it really comes down to who you know. Not to be mean, but a high GPA and the Comptia Trifecta and AZ900 isnt going to get anyone even a helpdesk job, if you arent personable. Some people ruin their opportunity before of their personalities, no one is owed anything in life and sometimes the truth is its who you know not who you are.
i'm about to finish high school this year and i have been researching about cybersecurity jobs because that's all i can think about doing after high school and that's why i see these articles that make me even more interested in this field. i'm still confused on which uni course i should pursue.
Should i pursue a information Technology?
Do i need to be good at math in order to IT in uni and that make it into Cybersecurity after having some experience in IT?
I am from South Africa by the way
IT degree would be a good route bc u can always get the certs later and u can move around different fields. It also requires less math than CS.
I suck at math and recently became a security analyst at my company
The big IT companies in SA offer graduate programs, start applying now and you will get educated for free
You do not need to be good at math, unless you want to specialize in the cryptography space or perhaps software engineering with an emphasis in security.
Get a job, then do online uni like WGU for the degree paper. You will learn very little during the degree. So minimize time spent on it. Take a year break to self learn and find a sysadmin or security job.
I'm building my own skill
There is no real shortage in cyber security professionals but what there is is racism and that they do not want to hire black people so you have all these black people graduating from higher education institutions qualified with the certifications not being hired especially for supervisory positions that are open for long periods of time so you may have a point and what you’re saying I’m not saying you don’t have a point but what about the thousands of black individuals that are not being high because of the color of their skin.
What are you talking about? I’m black and just got hired as a security engineer. I think you mean black people expect to make $100k+ without having no experience in security
@@joelrobert4053 No, what they mean is Anti-Black bias in the tech industry is a real thing, which is backed up by the stats.
wtf so would a 20yr degree qualify job seekers? If a bachelors isn't good enough why do certificates which take far less time exist? If a bachelors isn't good enough then there should not be federally funded loans to put people into debt to get the bachelors. This whole video reeks of gatekeeping and moving the goalpost.
Almost everyone wants to be in cyber security, I had a conversation with a marketing specialist who jumped roles, she used the work relaxing and cyber security in the same sentence, She also has a lot of confidence and higher level process mapping skills. I'm not sure yet but is she going to survive in the cyber security field, will keep you up to date.