So by now hopefully you have an industry relevant CV and LinkedIn profile, its time to start your hunt for a role. Most people think that applying for roles through job boards is the best way to go about finding yourself a role. I would say if you have a strong, highly relevant work history and are already working in the role you are applying for this may be the case but not if your looking to enter a new career space. Unfortunately when you apply through job boards, you are competing against people with relevant experience which pits you at a disadvantage. Be honest with your self and ask the the question, if I was the hiring manager why would I choose an individual who will require ground up training and is unproven in the industry over someone who has industry experience and knows the role? The reality is that's what your facing and why some people apply for literally hundreds of roles before being successful. It is up to you to convince hiring managers and recruiters to take that gamble on you and your unlikely to be able to do that through a CV when they get too quickly screened these days and more often than not through an automated process. What you want to do is get yourself into a position where you're physically interacting with the hiring manager or recruiter. Once you have done this you stand a fighting chance of standing out. The best way to do this is to integrate yourself into the Cyber Security community as best you can and get talking to people either directly over the phone or through messaging.
Understanding Your Aims
Whilst I definitely appreciate it feels a daunting task to try and integrate into a community you know little about, I genuinely think this is the area you are most likely to get success when looking for that ever elusive first role. The majority of my conversations and opportunities came from talking to industry professionals and leaders, and getting people to understand that I was a diamond in the rough. You need to understand if a company is looking for ready made your not going to be it. You shouldn't take that personally it just means their looking for a quick fix. The people you need to find are those who work for or lead a company who are thinking about the long game. What I mean by that is they are looking for someone with aptitude for the topic (you have likely already ticked this box through certification), passion and drive, and in return they will get someone who is highly grateful for the opportunity and more likely to be loyal. This is why its important to get to talk to people. You will hear me use the words "cyber community" regularly throughout this article, and that is simply because it is the best phrase to use based on how I have found communicating with people within LinkedIn. There are a lot of people out there who will want to welcome you so don't fear putting yourself out there.
So now you're ready and understand how important those human connections are, how do you go about it? Here are a few things to think about.
Making Connections
I have to say the cyber security community really surprised me with how accepting and willing to help people it is. You won't get responses from every person you reach out to, and why should you, everyone has their own priorities. There are a lot of people out there though who want to help individuals gain entry into cyber security roles and see the industry as being behind most others in relation to attracting talent. The first thing you want to do is reach out to try and find people who are willing to help you. Trust me they are out there, some are even very vocal about it. Look for people on LinkedIn who are highly active in the Cyber community, people who have successful careers as well as those who have only recently entered the industry. At this point your not necessarily directly looking for a role as such. What you want to do is grow your network and gain advice on best approach to find a role. The more you grow your network the more likely you are to reach someone who can directly help you get a role. There are a few ways you can do this:-
1) Directly request a connection. When you do this I strongly advise you add a short message to the request just highlighting who you are and why you are looking to connect. Change this up to suit your connection, for example if someone has recently started in cyber security ask what it was like and how did they achieve it? If you are reaching out to someone senior within an organisation you may want to know about what it is like to work in the industry or at the company they lead?
2) Post content yourself. This may seem daunting for some but you want to be considered a ready made cyber professional and the best way to do this is to try and contribute to the community. This could be motivational posts, sharing industry updates or news with your own views added or try and and be creative and brave. My most successful post to date was my new role announcement. I wanted to do something a little different and ended up massively exceeding any posts I had put out prior just by being a little creative. Another type of post I have seen that appeared successful was an informational video just of someone directly talking to camera, who in about 2 minutes outlining who they were and what they were looking for. The response to this was phenomenal and they were inundated with people wanting to connect or try and help.
3) Commenting on others content. The more you interact with people within the industry the more connections you will be able to make. It shows you are able to add value and will ultimately lead to you engaging in conversation with more and more people. This doesn't matter if it is someone else who is training or looking to enter Cyber Security, a seasoned professional or a LinkedIn influencer. Every piece of interaction counts.
4) Connect to recruiters or hiring managers that your applying for roles with or recruit in the industry. Recruiters are a highly useful resource if they are open to connect or even better offer advice and guidance. I always aimed to reach out to every recruiter I had applications with via job boards to try and get into conversation with them rather than being a faceless application. This allowed me to engage with them so I could better communicate what I can bring to the table other than the certifications I had gained and inform them directly of how I was going about bridging the experience gaps that I may have on paper. I also thought of this as a long term investment as I built connections for the future. I spoke to many recruiters who didn't have an appropriate role for me at the time but who contacted me weeks or even months later when something did become available. These are hopefully connections for your working life also. If and when you eventually look for future roles you have contacts who know you that you can reach out to with confidence.
5) Join Webinars and Video Podcasts and interact with the people there. In the same way that commenting on others posts and content allows you to make new connections and get into conversation with professionals, webinars and podcasts are another good way to achieve this. As these are live conversations you may find these more natural to engage in but the aim is the same. The added benefit is you will also come out of these sessions having increased your knowledge on whatever the topic of discussion may be. There are some great webinars and podcasts out there that cover all sorts of subjects including how to enter cyber security (I recommend Renee Small and Christophe Foulon's Breaking into Cyber Security weekly podcasts), Information Security, new vulnerabilities and frameworks and other key industry topics.
6) Find a mentor. There is nobody better placed to offer you guidance and advice than people who work in the industry and actively go out of their way to help and guide potential new cyber security candidates. Whilst not everyone is going to be willing to give up their time to help you, if you come across someone who openly offers you advice and is willing to help guide you through the search, utilise them and ensure you maximise their effort by matching or exceeding it with your own. Be humble and take on as much of that guidance and advice as you feel you can. There is some great resource out there to help you on your way, and one I highly recommend is Jay Jay Davey's Noxcyber website (https://noxcyber.co.uk) which is packed with training links, industry topics, recruiters advice and podcast and channel suggestions. Again, we come back to it but these people will also be able to help you make the right connections and potentially can direct you to resources that may prove useful.
Outside of Networking
One thing I also worked on outside of networking was contacting companies I wanted to work for direct. I started contacting a mixed bag of company types and sizes but through trial and error I found that I was more successful with the smaller companies, for example start-ups. There are less people to navigate through before you get to have a conversation with hiring managers or internal recruiters. These type of companies I found are more willing to listen to what you have to say and are as a result more likely to consider you for upcoming positions. They typically have smaller or more restricted recruitment budgets than larger Cyber Security companies so if you can put yourself in their thoughts about current or upcoming roles then you potentially could be saving them money by avoiding agency fees. You will also find that the approach is well respected as well. This helps to show that you are confident and passionate about gaining a role and are willing to think outside of the box in order to find the right one.
The Proof..
Ultimately by networking and through the help of others I managed to secure my first role by doing all of the above. Simply my role came from having a conversation with a highly respected professional who offered me advice and then created a post in order to help me start building my connections. From one of those connections came some conversations about a potential upcoming position, which then led to some volunteer work experience then being offered a full time position and I couldn't be happier. I now work for a growing company who have some great expertise and are committed to my development.
The opportunity is out there for you, whether that is starting within IT and then building a career into Cyber Security or whether that is entering direct. Along the way you have to answer only a few simple questions - "Am I committed to this? Am I willing to work hard towards my goals? Am I willing and humble enough to take on advice and run with it?". If the answer to these questions is yes then there is a career ready and waiting out there for you. Fight for it.