It’s rough for the newbies - the catch being once you are in it’s easier to progress up the ladder. Hot take - if you can learn a side skill adjacent to information security. For example, being a data analyst can down the road let you learn skills to ingest data from vulnerability scanners for c level executives. Just my 2 cents. Good luck to all the people applying 👍🏼
do you recommend data analyst for someone who never been in tech but wants to get into it. Im working in a retail store rn and honestly I just want to learn something that I can do online and I heard I can learn certificates. Just want to learn something and get a real job, would you recommend to learn it?
i am studying cyber in uni, I have a microsoft pl-300 power bi cert, I have all the skills required for a data analyst role yet I am not even getting any interviews. I even have a lot of cloud knowledge. is it bec im 16?@@R3MMY
@@R3MMY all tech fields are hard to get into but look at the requirements for the jobs, gain those skills and build a good resume exemplifying those skills whether its on projects or internships or real work experience and apply to jobs everyday. If youre still not getting any interviews try to make your projects better and go more into depth with skills used on projects
Then once you get into data analyst field get all your security certs and build a good cyber sec resume and attempt to switch over whether its within the same company or at a new position
I imagine this would be the case in most industries. My current industry is arguably harder to be successful in the beginning than cybersecurity and I probably wouldn’t have been able to in without my brother who is already in said industry. There are way more free materials and relevant industry knowledge online in cyber than most others
@@bobsam5982 OP is simply just talking about the nature of RUclips videos in general. Not the actual industry. There's a real need for cybersecurity professionals. Grow up.
4:55 I cannot vouch for this strongly enough. In my last year of my Cybersecurity bachelor's degree, I joined my university's cyber club. One year with them taught me arguably more about cybersecurity than 3 previous years in classrooms, and I'm kicking myself for not joining sooner. It may be different for other universities, but my university's club served as a gateway to various CTFs and competitions like NCCDC, NCL, and MANY others. Being in there also helped me make some of the closest friends I have to date. To any freshman/sophomore cyber students reading this, PLEASE take advantage of this. You're not going to learn nearly as much as you need to just by getting A's in curriculum classes. You'll be putting yourself leaps and bounds ahead of the competition by getting hands on experience through experience like that which I described.
Our college unfortunately does not have an active cyber club. Are there any forums or online communities that anyone could recommend that would be helpful for Cyber security beginners?
This is what is wrong with the thinking of all markets these days though: They only want to hire the best. Well, guess what? Not everyone can be the best. The MAJORITY of people within a field, are not the best. Are they better than the CEO or anyone else in the company though? Can they do the job? Probably.
I think what is often overlooked is, that your entry level IT job should be at an organization that actually has to do with IT. I recently started my first job as an IT Support at a firm that administrates several hundred client networks. During the interview I expressed my strong interest in cybersecurity and they are pretty open to let me explore the other positions in the company. Because of this I can learn stuff about cybersecurity, even though it’s not my “official” job title. Contrary to this many people start at any Helpdesk they can, at firms that basically have nothing to do with IT and only let you fix tickets that have very few to do with actual cybersecurity.
Even in larger IT firms delegation of security tasks tends to be a rather firm process, and even more rare to have an entry-level employee take part in the process.
Thumbs up. 80 percent of our cyber security analyst were former help desk or desktop analysts. It's easy to certify someone the company trusts than to trusts someone external that is certified. Use the ladder.
@@dylancounte1448 kind of agree with that one. Its sometimes overlooked how skilled even "mid-tier" IT people are, compared to the average other departments. We know this beforehand though. You gotta love to learn and work hard. Otherwhise this field isnt for you.
exactly.. cybersecurity isnt an entry level job and its sickening to see so many influencers trying to convince people about entry level anything with cybersecurity.. an entry level cybersec job is helpdesk/IT support and from there you go to systems admin, systems engineering, security, network engineering, etc
Excuse me whilst I giggle a bit at the fact that I'm over here watching cybersecurity videos as an aspiring soc analyst and army and here's JK's face in the comment section. It's giving pied piper, bangtan is everywhere vibes lmao. I'm here for it. Loving the pfp, I'm a JK bias as well. Army is everywhere. Just wanted to say hi! 👀💜
It is. Back in the day, people got jobs they had no clue about, and simply got on the job training. Then, a new generation of laws, restrictions and employment fees came into place for the job market, forcing employers to be more scared about risk and cost, so they started looking for people with years of experience. Nowadays, they look for people not only with experience, but "the best". The problem is of course, that the majority of people in field, are not "the best". Are they more than good enough though? Surely. A good example is my ex father in law. He was a chemist at a paper factory. He didn't even have a high school diploma when he got the job in the 70s. Today, they require a masters at least, and 4 years of experience, for his position. Everything he did, was repetitive and could easily be taught to anyone on the job. The example is not good for being a lawyer, of course, although the fears and unrealistic expectations employers have, are, and they seem to be universal across all markets.
i love the ending "just.... yeah... have a good day and keep applying." bro isnt a robot, speaks from real world experience as he's in the struggle with us. i appreciate you bro because im doing a cybersecurity course and when it comes to doing projects, i get this random anxiety. the quizzes? im a God send. Mini test? easy af. Actually putting the pen to paper on a self paced project............ i appreciate you being so transparent and showing us that YOU as well dont have all the answers. thank you for helping people such as myself push through to have a better future/career. good luck on your journey brother!
COVID killed events and meetups. Virtual/online isn't the same since you want to meet face to face with hiring managers. They can dismiss an email or text chat. It's no wonder ghosting is so prevalent.
A good opportunity to look for would be a getting a job at a startup or relatively small company, but start out by doing something different such as being a software tester (or something tech related). Then when the company expands they will most likely need to create a security team, in which they could look internally first so you can progress, if they know you are interested (depending on the company, of course). This is what I did. I went from IT apprenticeship > software tester > information security officer > infrastructure and security engineer over the course of 10 years and I don't have a degree. These opportunities can be hard to come by, sometimes it's just luck in my experience.
Awesome video! I recently graduated with a degree in Cybersecurity a few months back. While I have had roughly 2 interviews per month since I graduated (near a large city), I have been unable to break past the second interview (had 2 second interviews). The technical interviews, often as the second interview, were difficult for me. I understand these concepts but had a hard time recalling important information such as TCP/IP stack, port numbers, encryption, DNS, etc. Once I refreshed and overviewed what I recall from the interview, I understood it after some quick review. I was humbled and since then, I have been studying like crazy, taking on projects, running CTF exercises, and attending a conference. I already feel way more comfortable and confident to any following interviews I get.
I like how you emphasize adaptability, I can relate to the necessity of a change in strategy. I spent 6 months applying with a “bulletproof” resume according to career services, only to run it through an ATS and realize it was probably filtered out almost immediately. I had to adapt, rewrite with professional help, and am building out a blog/content site for pentest writeups from HTB. Great content, the market is difficult but your perspective is motivating and refreshing 💻
@@deebee201 When it comes to the ATS, it hates formatting errors. I adjusted margins to maximize words per page, and got rid of ALL special characters, lines separating sections, headers, and footers. The simpler the format, the better. Following that I refined my content to be more relevant and highlight my projects over my work experience. I am switching from an unrelated industry straight into cyber, so I blame a majority of my shortcomings on that, but if most of my resume is projects that depict relevant experience, the ATS AND the recruiter have no choice but to see them. I am still coming close to landing a role, but no dice quite yet. I had an interview for a help desk role that was so entry level they didn't even ask me any technical questions. On the third interview, the IT manager asked me, "If you have all this security experience, how come you aren't applying to one of these big name companies? You'd be a shoe in." I was awestruck, and unfortunately didn't get selected (my guess is my desire for a security role was a liability to them). Long story short, use the free ATS checkers and AI to see what keywords and experience get pulled from your resume. Simplify format, and condense irrelevant information. Keep it as a highlight reel for your skills in the role you want, not what you've already done. After I changed my format, I at least got more contact with hiring staff and I consider that a huge push in the right direction.
I’ve applied to hundreds of cybersecurity jobs and haven’t gotten an interview. I’m working an IT job currently, pursuing my Security+, and graduated college with a BAS in cybersecurity. My professor told me and I quote “landing a job in cybersecurity will be like throwing a dart at a dartboard: as long as you apply, you’ll land somewhere”. THEN WHY IS IT SO HARD? IS THIS FIELD NOT IN DEMAND? Entry level positions ask for like 5 years of experience…this is rough…
It's because cyber security is an advanced path. BS in cyber security shouldn't even be offered, it's a scam. Cyber security should be available as an MS with prereq of a BS in CS (or related degree). Be like a doctor getting a 4 year degree, having never gone to med school, or done residency, and being like "WHY THE HELL CAN'T I GET HIRED AS A DOCTOR... I HAVE A 4-YEAR DEGREE?!!?!?!?" lol....
@@Johnny-io8mwI’m late this to this threat, but the best case scenario is if that cs (or related) degree comes with a cerificate of security. That’s what one of the Universities I’m going to offers, and I think it looks better on paper and for being able to hop out of cyber if needed.
It’s interesting Cybersecurity is so hard to get into because every other day I see an article about how there’s a bajillion unfilled cybersecurity jobs…. Especially for the government which sometimes has even stricter requirements….
Yes because the government doesnt pay very well. And you dont want to waste your time with hustle bros just learning this topic because you can make a Ton of Money at this Job. I have no problem to train somebody but this is a Passion topic. If its just a Nine to Five Job for you you are wasting my time. I worked countless Nights because i read a cve or found a Tool which is interesting noticed its morning and started the day business, if its just a Job for you stop wasting my time. And rarely you find somebody with this Passion. Im not your typical nerd, i do sports in my free time, have a girlfriend and a dog, can be Social which is important in this Job as well but i have no Problem to do some nightshifts for my Company.
I think you're also neglecting the fact that young people have woken up to the idea of breaking your body, mind, and soul for a corporation that will drop you on the dime, is just not worth it. @@martinfurstenberg2281
only reason theres gaps in Cyber sec jobs is because they DONT HIRE ANYBODY! they want literal GODS to work with them, they dont want 10 year experienced veteran hackers.
It's long learning curve. I caught the cybersecurity bug & thought about switching careers. Glad I didn't. The learning is constant. I want a life outside of my job. The competition is too high & every entry level job has 200+ applications. Imagine the skills others have & you're going against.
So are you still working in cyber security? And are you saying you want a life outside of your job because you dont currently have it or are you saying you do have that it was just a reason why you did choose cyber security?
I would recommend working on interpersonal skills and other professional skills outside of technical to boost your resume. That's it if the box and makes you unique compared to other candidates. I've learned that technical skills only get you so far. The interview is more about getting to know you as a holistic worker, not just regurgitating info
Im 40 years old, work full time in a non related IT field and am studying my masters in cyber security at night after work. Its extremly tough on me and i have had to sacrifice so much. I dont have time to build a home lab or do comptia. I cant afford to quit my job and do an internship and then be unemployed. To be honest its a bit insulting getting told by people to "do more" or "try harder".
I'm sorry about the struggles you're dealing with. I'm in a similar boat but 20 years younger. Perhaps there's a way to adjust the load you're dealing with? A way to free up some time on your masters into time for a lab - such that you're not doing *more* but doing *different*?
It is absolutely NOT just entry level cybersecurity jobs that are hard to get (not to suggest that you asserted otherwise). I’ve been in cybersecurity, ethical hacking, and infosec for years and it was a beast getting my latest job.
It's going to be almost impossible to get into cyber security right now with no experience in IT. You're competing with everyone. First get ANY IT job. Then learn everything you can about Cyber, build projects, etc. Don't hold out for a Cyber position. You're competing against guys with 10+years of sys eng, net eng, etc. experience.
We have mandatory conscription in Sweden, and one of the placements you can be assigned for military service is in fact the government IT security department. Even though it's kind of forced on you if you get enlisted, it's still a great opportunity, especially since they fully educate you from the ground up (with the stipulation that you'll only be placed there if you express interest in and prior knowledge of the field). Can't get much more entry level than that.
The reality is that you need an IT job first….Like helpdesk, sys admins, or being a Jr. network engineer. Gotta work with systems first before diving into security.
@@kekef3620 Things must have changed a lot my first job in IT doing help desk required nothing much, bear in mind I have been using computers since I was 5 and know my sht. I get 6 figure job offers now and I am not even looking. My first real role that was all IT sec was I was moved over to a new dept. because my boss know I was interested. It sucked as it was grunt work and had other offers to move straight in to leadership role over IT sec people that had more education then me as I was actually in IT and know how sht works.
Always keep learning! Depending on your skill level, you might want to build a strong foundation in fundamental IT skills first. Finding a mentor in the industry with a lot of experience can be extremely beneficial. Getting certifications is important too. Despite what you might hear on RUclips, I know many senior professionals who hold numerous certifications; they are part of the package, though practical experience and networking are crucial as well. Many IT jobs include some security aspects, especially at higher levels. To connect with IT professionals, consider joining relevant groups or networking with colleagues in your current job who work in IT-you already have a commonality with them, working for the same employer.
Great suggestions: I have been in the tech industry for 35 years on the sales side. People have to remember that success takes time. I was self employed for 10 years before I started making real money. You always have to be improving by reading and studying.
Thanks for providing us the suggestions on how you would overcome those common hurdles cyber entry level job seekers tend to face. It's all about solutions.
I’m literally going through this Catch 22 right now. Got a 4 year cybersecurity degree and over a dozen certifications most of them being from CompTia but no Real world experience yet which is what most employers seem to want the most. Whereas a degree and/or certifications is more of just a thing to check off their list of many checkboxes. Even entry level positions like helpdesk and IT support technician want at least 1-3 years hands-on experience. Can’t get experience unless I have experience to sum it up.
Where is your home lab or home cyber range? Have you configured pfSense firewall device or a managed switch to protect your LAN? Have you setup and configured free, Open Source xcitium EDR? Have you segmented your home lan? Have you built a DNS Pi Hole? Have you put a Honey Net or Honey Pot on your home LAN? Have you setup and configured free Splunk trial or ELK SIEMs on your home LAN? Experience is just laying around out there for free or for low cost. All you have to do is got pick it up and start learned. Presto. You set up an MDR in your house. Now the movement to a MSSP is lateral.
@@xCheddarB0b42xthese are all great suggestions but from my personal experience Home Labs won’t land you an interview. Once you get to the interview talking about your personal projects can get you the job but since the recruitment process is so automated nowadays you won’t get past the filter without work experience. This is the Catch22.
I second what @ChedderChunguska has said here. Continue to build out your homelab and find opportunities to learn where you can. Sometimes it's a matter of persistence and luck, as generic as it sounds. Keep at it 💪
@@collinsinfosec it is 80% persistence and 20% getting the hands-on and Level of Knowledge. This ratio should be familiar to readers. You are trying for a security role. They will not hire people who give up. Never give up! Never! Never! Never! /rant
I graduated with a CS degree, no internships, no work experience besides a data entry job for a semester. After graduation I applied (not kidding) to over 500 jobs. 80% of which I feel like I was qualified for. Mostly beginner SOC Analyst positions (fed and private). I had experience in Cyber sec applications, and could talk my way through interviews, but no job offers. I randomly applied to one GRC position, and landed it within 2 weeks. Just transitioned over to a new company, and got a 60% raise. In 3 more years Ill apply to a company an old coworker moved to and hopefully double my salary there. In my experience most people yell and yell about having some help desk experience, or networking background, which NO DOUBT helps, I just refused to do so, because I like cyber sec, and I hate networking/help desk. Oh, I also had the Sec+. The GRC job I got hired into had a requirement for 4 year degree, and 0 years of work experience. The pay was WAY below industry standard as well, it was just my way in.
@@skweejee I just believe your comment was written in a way to make yourself look better than it helping others. "Oh I also had the sec+" and "I just refused to do so because I like cyber sec and I hate networking/help desk" these quotes are examples of your ego rather than providing help for the rest that will read you pointless comment. Not everyone will have access to those resources like you do, so they rely on networking and help desk experience. You state your opinion about it instead of stating the benefits. So please, try again...buddy
@@alienboogieman Alright brainlet. Stating publicly that I had to apply to over 500 jobs to land one does not pump my ego. Stating I have a sec+ is important information as it helped me get my job. I do not see how stating my hatred for raw networking and helpdesk "shows my ego" its simple a statement lmao. If someone does not have access to the 300 dollars to take the sec+ maybe they should be looking for a job period, and not focusing on security, because they broke af and I dont care about them or their future. If they have to rely and helpdesk or networking work, once again I do not care, as it does not pertain to my situation. I simply stated my experience breaking into the field and showed that it is possible. Take your 60 IQ elsewhere and get out of my replies pal.
Well all I can say is cograts! I'm happy for you and what you have been able to accomplish in your cyber journey thus far. I'm hoping to land my 1st GRC related role as soon as possible. Did you use LinkedIn at all during the process thus far? How did you make yourself stand out from the crowd of other potential applicants especially assuming that you didn't have GRC experience? Any additional info is greatly appreciated.
It would be nice to also do a follow-up video discussing what I call the “Nightmare” scenario. Which is way too common in Cybersecurity right now. We have plenty of early career IT professionals who have 2-5 years of technical work experience doing Networking, Sys Admin, or Helpdesk. They have degrees and certifications. they apply to 100/200+ cybersecurity jobs and still can land a role because they don’t have “Cybersecurity” experience. This is what happened to me. I went to a job fair and was complimented on how good my resume was but once I mentioned I was interested in a Cybersecurity role I was told they wanted people with security experience 😅.
People are always told to get a help desk position to break into the cyber security field. Then we find out that is not the case after years of working a crappy job and never getting an interview for the job we actually want. It's soul crushing.
That's true. Recruiters are in search of experience. Experience > anything. Sometimes it's a matter of luck and a company giving you a chance. With your previous experience in IT / sys admin work, I believe you could find a job opportunity. The job market is difficult right now though. It's a dilemma.
@@collinsinfosec I found something in Risk Management but I know I would do much better returning to the technical side of IT. I plan on applying next year to technical roles again. Hopefully this time I'll be successful.
I might go through the same, I have 3 years of Web development experience, I have a degree in CS and now I have decided to switch my career to Ethical hacking and cyber security, and I really hope that I get a job in this, as I am putting all of my part time in learning this, it will take me more than a year to learn and practice everything and even after all that I am not sure if i can land a job
It’s not really an entry level career, it’s more of a specialization of IT. Get IT experience first, get your certs, then maybe apply for entry level SOC positions. You can also get experience without a job by doing bug bounty programs.
I’m an appliance repair technician who also did A/V home theater systems for many years, running wires setting up A/V racks. Those are two random fields but somehow found myself in those career paths. I’m currently just starting my cyber security career, starting out with google cybersecurity cert and plan on doing comptia sec +, I love how you mention setting yourself apart. I know for me, it will be tough and I have a long road ahead and likely insurmountable odds when compared to other candidates, I hope that being customer facing among with other skills in my line of work will help. Very accustomed to diagnosing, troubleshooting and identifying issues. I’m finding cyber security to fit me like a glove this far. Excited to learn and grow, thank you for this video. I kind of went on a rant but I find this to be very informative and realistic.
Another way worth considering as I've seen great success from people around me is go for an entry level service desk/helpdesk job whilst developing your cyber security skills. That demonstrates to employers that you have real-world experience in an IT role and would make it much easier to move within the company or elsewhere to a cyber sec position
Maybe within the company but it would be harder to move elsewhere for a cyber position as employers want cyber experience. There are people who been in help desk for many years and they can’t get a cyber position because they don’t have the cyber experience
I gradated with an associate's in Systems security and gave up after a year of fruitless job searching. I am now a municipal custodian and I am extremely content with how things turned out. I have little tolerance for people and am allergic to regular schedules, I wouldn't have lasted long in any cybersec job anyways.
@@collinsinfosec It's almost certainly not going to be a forever thing, but while I'm figuring out what I'm going to do with myself, I'm pretty happy doing this. I mean, I've got government health insurance, dental coverage, 22$ an hour (in the midwest), matched retirement input, 2 weeks pto, 2 weeks paid sick leave, I set my own schedule, and I can listen to audiobooks or youtube videos the whole time. I could be doing a hell of a lot worse. I'll probably end up retraining into Network or Server Admin. Network Infrastructure was the class I most enjoyed in college. I probably should've figured out then that I needed to reassess my path. I only ever really enjoyed learning cybersec at the hobbyist level, doing TryHackMe classes and such, so I should've just left it as a hobby. But the pandemic hit and I wasn't able to get in touch with my counselor when I first started having doubts, so I just stuck with it and finished my program. It is what it is.
I would tell anybody looking to break into cybersecurity to apply for a GRC position. It might not be everyone’s cup of tea, but the pay is pretty good and there aren’t too many hard skills to know. Do a year or two there, have them pay for a degree/cert, and pivot out.
That’s what I’m doing right now. I manage a large variety of IT policies. My previous job was an IT network administrator and honestly if it wasn’t for the fact that my new job pays better I kind of miss being technical.😂 I tried getting a cybersecurity job but I get hearing “you don’t have experience”. 😭
@@keyballa governance, risk, and compliance. It’s not too technical, but you still need to have technical knowledge. Think of the cross between business and IT.
It's not exactly easy, but joining the military can be a path in. One, you get technical training and experience while getting paid (but not much at first). Second, you get a security clearance. Third, if you want to get into a federal job, you get an advantage in the hiring process. I am not a recruiter, just speaking from experience as a veteran. If you already have a degree, you may be eligible to be an officer which brings much better pay and often some student loan forgiveness. I'm not as familiar with that side though.
only 200 applications? 😅I think one of the contributing factors is IT was a very small field for a long time compared to other industries. Think about how longer System Admins have existed vs Salespeople. The demand was much smaller, so there were very few people in the field overall, and not much happened when the world was offline. So when the booms started hitting and everyone started to hear the word 'cyber' in the news it was because attacks became common place. Everyone in the field already had a solid 5, 10 ,15 years so it became the norm to have loads of experience. Now they can't keep up, still need people with that experience, but they just do not exist. I absolute love you sharing your experience! It is rough out here which is going to foster a whole new wave of creative thinking and work ethic that the industry will see as the norm, then the next generation will have all their own problems.
Figured I’d send this message for any career transitioners like me hoping to break into an entry level cyber job: I’m currently working as a full time doctor of physical therapy in the states and have been looking to make a career change for a while now. I fortunately stumbled upon cybersecurity and enjoy learning so much about this field. Currently taking Google’s Cybersecurity Professional Certificate and have been going through the 8 courses through Coursera. This video was very helpful Grant. It showed me that I should also be trying to diversity my portfolio as I’m taking the time to learn. I’m going to dig into CTFs and blogging as I have so much to say about this transition so far. For anybody coming from a different career like me pursuing cyber, keep pushing, it’s going to be hard but just remember your why!
From my experience in various fields I would strongly suggest to invest in a job path only if you have a connection to get you in. If not then don’t bother and try to do something that can make you some income and plan your way from there for something more profitable. If you’re passionate about it then it can’t be helped. Just be prepared for a long fight.
How are you supposed to gain experience if no one hires you LOL. I say that to every employer I put my application for when they say you have no experience because that sentence is very true.
I really appreciate your honesty 🙏. I faced lots of problems in finding job at Cybersecurity, most companies need experience, 5 years minimum, if anyone lucky then they got hired. Later i changed my decisions because of the rejection i got. I moved to HVAC, and happily enjoying this field. I'm not graduate student but now im doing my graduation after 4 years 😄. But once a hacker, always be hacker ❤.
Absolutely THIS! The best way in is to invest yourself with a company that you know will have future cybersecurity opportunities and work your way up as an internal hire. Wayyyyy less competition and higher chance of success.
Thank you for the information, awesome videos 👍🏾 my advice to you is join a gym brother. Not only for health benefits but it’s a great place to talk and meet people from all walks of life. That’s how I got introduced to cyber security. Stay blessed
long shot but I’m in the DMV area looking to get into IT in general have background in automotive technology looking to pivot into it. what contractor are you talking about? I have AAS degree in cyber Defense and sec + looking to get into a Soc role.
I think expecting to go straight into a security position right out of college with no experience is a lofty ambition. It's possible but they aren't "entry". Entry is a relative term here. Im currently a network admin and went through the experience ladder (Helpdesk then Desktop then network) and I can tell anyone right now that college isn't enough by itself. Ive worked with graduates on all levels that aren't great at adaptability or applying knowledge. Call me old-school but going through the early positions like I did is the best way to show you can get into the higher level positions through the experience.
Okay, we gotta get you off the screen and outside and hang out with people! On the other note, thanks so much for your input, your videos are very helpful 🎉
Right? it's extremely discouraging. No other industry is like this. Almost feels not worth it to put in all the effort, with no certainties. Who wants to go through that?
@@Adixon5passion. My view on it is, the way up the ladder will get rid of the people that aren’t truly passionate about it and just want the money out of it. Just my 2cents.
I think too much focus in cyber security entry levels jobs is on the technical side. I would encourage getting a risk management specialist job first. It’s what I did. In the job I did risk management work but reported to the CISO and got access to all the security tools where I could spend time getting experience with them. I then applied for my first Security Analyst job which was more on the technical side. I would consider this as a stepping stone for others too. Your first entry level job doesn’t have to necessarily technical.
I would also mention that some Co-ops and internships hire recent graduates, not just college students. This is a good way to get some of that experience before landing that full-time position.
Took my company 6 months to find an "ok" candidate where 3/4 people didn't like him but we were so short staffed we hired him anyway. He lasted two weeks and then left. The amount of people applying and then don't even know the general overview (very basic) of NIST CSF or 800-61 or even 800-53 is pretty mind blowing
I cant even land an entry lvl helpdesk role even with google it support cert, sec+ and a completed network engineering course at a technical trade school. Not sure what I'm doing wrong.
It seems like many industries are like this. I’ve changed careers a few times and it’s always like this. Entry level requires 5 years experience, and labour demand is for people who already have like 10+ years experience. They want people who are veterans to just materialize from thin air. And HR people write the most ridiculous job requirements. Meanwhile the few who are actually experienced have so many job offers thrown their way they can’t keep up.
Basically its pretty easy to land a Job in Cybersecurity even as a sideliner with no formal qualification. If you really like IT and its your Hobby you Start to get to know a lot of people and if you are looking for a Job you have a wast network, you gain experience by Just Setting up a Server, use a old machine without data put in online and See how Long until this machine gehts pwned. After it start analyzing why you where pwned. Fix the Problem and Repeat, you dont get pwned anymore? Start attacking the Server by yourself there are Million tools for this reason. But if you dont want to spend your free time why should i hire you? Why should i hier you for a high salary if you basically have no Skills? Most people who are complaining Not getting a Job are people studied computerscience for the Money while have no idea what they are doing.
Network within cyber communities/careers ppl & evidence your learning via labs. That’s how I did it with 6 months self learning, landed a cyber analyst role.
It’s all fun and games into young engineers and cybersecurity analysts starts to take job offers from the enemy. Think it’s impossible better ask England why they’re retired vets was training Chinese pilots.
security clearance is one of the issues for foreigner probably not an entry level issue but i have around 2.5 years in SOC but not in europe also built my own SIEM lab at home configured AD DC, DHCP ... but hardly landing a job second issue is the french language i have C1 most they ask for is C2 and security clearance, idid some certificates net+ sec+, API pentesting, Trend micro ICIP, 1 soc internship, 1 AI internship and 1.5 in current SOC position for company outside europe, also 7 months data analyst (ik its irrelevant for cybersecurity)
It appears you are on a great track. You are actively building a homelab, have completed two internships, and have some entry-level experience in security. A security clearance would be helpful if you are trying to land an opportunity in the United States.
sorry if i failed to mention but i am currently in France and the plan is to stay in France until i obtain the passport because my current passport doesn't get me anywhere i need visas to everywhere and mostly rejected. So i am searching in France not USA here they require Security clearance for Airbus, telecom, some banks... this is where i am struggling and honestly i will start searching for either internships or help desk position not security because i need to build experience in europe/France because they dontrecognize experience in Asio/Africa/MEA @@collinsinfosec
Thanks man, this video really helped me with insights and motivation. I am currently applying for entry level roles and finding it difficult to stand out, trying to network and meet people, but i'm transitioning from the financial industry into Cybersecurity, so it's all very fresh for me. Just subbed to ya, keep up the great content.
For me living in NYC it’s hard trying to find the time to engage in anything cybersecurity while maintaining a full time job. And studying for certifications seems impossible. While a online masters program held solidify foundational knowledge, I’m finding that it is challenging attempting to enter this industry.
Im at a similar situation as well . I have my associates degree in IT from laguardia. Just recently got my a+ certification. Took me about 4.5 months. Because it's 2 part exam at the same I work full time as a commercial cleaner and I work security some weekends or just Saturdays. It's tough dude its really about just making use of your time. Mta commute is the best time to do everything..then at home I'd study for 1 to 2 hrs 4 to 5 times a week
i'll say the same thing i say to all newbies, most of this field isnt entry-level you will do so much better long term by starting off in a role outside of full time security that benefits what you want to do long term.
It seems the misconception is that being an IT admin or help desk will help get you a cyberops/sec job because they have “tech experience”. I feel many other jobs not in tech have skills more comparable to the cyber security industry, you just have to learn the specific domain knowledge and technical skills.
Been down this road. I had to start as a junior network administrator. Could not land a cybersecurity job right out of school. I got lucky landing even a network admin job right out of school. A lot of the guys i know had to start with a help desk position.
its the same argument. i need a job to get experience, but you need experience to get a job. companies need to do better for onboarding new employees, and watch the retention rate soar.
Currently, have my Sec+ and Net+. Trying to get a SOC Analysis job or something where I can just monitor a SIEM or something basic for my first gig, and it feels IMPOSSIBLE to land something. Am I aiming too high? Do I need to just throw myself into a help desk position until I can get my PenTest+ too, or what?
I'm studying for Masters of Science in Cyber Security cause was told by counselor that it is "in demand" but it doesn't sound like it hearing you say the cyber security job market is a dilemma...should I stop studying for this degree and go for another career instead?
I think the issue is not bachelor or master degree in Cybersecurity or certs, projects, internship etc...these are good things to have and if you have someone who knows someone you can get a job in cybersecurity. However, the big picture is how broken the system is in America. Department of Education should never allow any university/college to function without having a mandatory internship for students in any field they are pursuing. The reason why employers do not want fresh grads, degrees, certs, projects and poor internship is that they believe a new grad is poorly trained to work in Cybersecurity because most university/colleges do not have mandatory internship that will resolve the practical skills students need to be ready to go after college/university is done. What do colleges have? They help you obtain security + plus or other certs, is that enough to convince an employer to give you a job in cybersecurity? Why not 3 years internship while you are in college for Cybesecurity in a real company and using tools like SIEM, EDR, Rapid 7, Nessus etc..? Instead the new grad finishes college/universities with bunch of theories and they are unable to put those theories into practice. if the system was not broken, bachelor or master degree in Cybersecurity would be worth it but it is not due to the system. Then we have bootcamps, some bootcamps that are really good,, they are doing the job that universities/colleges lack. Some bootcamps will give you the hands on practice you need that college was supposed to give you that is why some companies accept candidates coming from bootcamps and they ignore guys with degrees. who is fault is that? that is the system in America that is broken. The military will train you well in any profession you want but colleges/university will not, why is that? it is the system in America that is broken. Your Cybersecurity degree and certs are worthless and if you want a job you need to find a good boot camp to give you hands on experience and bootcamps will take your money. So, you as an applicant will be spending lots of money until you find your cybersecurity job, you will pay CompTiA for their trash certs, you will pay bootcamp to give you hands on , why all this when you spent four years pursuing a degree in Cybersecurity? One more time , it is the system that is totally broken allowing students to graduate without any relevant hands on experience in what they choose to study but they will train you well if you join the military and companies will be after you because the military trained you well.
you need to invest in yourself, pay for certs, take courses, and meet up with people and network! Once you get you will be happy that it isnt easy to get in otherwise you could be replaced
It feels like lie a little bit on the resume. To get a foot in the door. Isn't a bad idea. I've been searching for a job for 2 years and no luck. I have my degree but with a little actual experience.
So, I am transitioning out of the US Army and I am part of a program that allows me time to get a Google cert. I have a few days to lock in my decision. Should I choose the cybersecurity cert or go for another career path? This video seems very doom and gloom on the opportunity to get a job. They have IT, Project Management, etc
Cybersecurity certification from Google alone won’t be enough for you. That cert is just a preparation for the CompTIA Securiity+ certification which is the real deal when it comes to cyber security. If you are willing to put in some extra effort and do a few more things here and there after the Google cert including getting the CompTIA cert, then you should go for cybersecurity cert.
@thoughtyfalcon3991 thank you very much for the reply. I do plan on getting my Sec+ from CompTIA after the Google cert. From there I will start applying for jobs and build my project portfolio. During the job search I'll also be looking to try and get a Net+ or CCNA cert just to help more if necessary. Thank you for responding.
@@V3n0m151 it’s a good path. And there’s always the option of opting for something networking related if you can’t get into cybersecurity. Keep it up and work smart. I’m also doing my Google cert after which I’ll be getting the CompTIA network and security certs. I’m also thinking of doing the OSCP after those while also doing my bachelors in CS.
My hopes are to not make the security industry seem like it's impossible to get into. Although I can see how it is. My advice, I would highly recommend starting out by defining your end goal. What is your goal and which type of position are you looking to get into? From there, I recommend looking at the skill requirements for position. If you already know the fundamentals of I.T., I highly recommend taking a look at position requirements. Then develop an action plan to learn those skills. For example, maybe the position requirements including scripting, basic understanding of network security, and knowledge of SIEM. Develop a plan to learn each of these skills through dedicated studying. This could include 1-month solely dedicated to learning about the networking basics, then 1-month to scripting, and finally 1-month for SIEM. Take extensive notes, quiz yourself on the foundational concepts of each skill, and build a homelab.
Just starting my bachelor's in Cyber Ops at Dakota State. Trying to figure out what things I should be doing outside of my degree to try and launch my career ASAP. I've heard so many different arguments. I've definitely heard to partake in CTF's or building a home lab. The issue is I don't have that prerequisite knowledge yet and so I feel I can't do those things yet. The other question is what type of home lab or what type of CTF's would I do? I've also heard that I should be studying for something like the A+ and NET+ to then get some sort of generic IT job and then transition into cybersecurity once I graduate. The problem there is how can I focus both on my degree and those certs and home life all at the same time? Another problem I'm facing is the industry being extremely vast and not feeling the pressure to know exactly what I need to do so I can build out a plan, focus on doing things so I can specialize and don't waste massive amounts of time or getting pigeon-holed into an area. Can you tell I'm just a bit stressed and lost?
I think the main thing muddying the waters in this discussion is nobody being on the same page as to what "entry-level" means. A first year resident Doctor and a McDonald's cashier are both "entry level" in those respective fields, but they require drastically different skill levels to get that job. Cybersecurity is not entry level in the same sense as a cashier is. You're not going to turn up with absolutely zero knowledge, skill, or experience and just be trained 100% on the job. But it CAN be entry level in the sense of being someone's first IT job. You just need to put in the requisite time and effort into some combination of school, self-study, certifications, homelabs, CTFs, etc.
The problem is businesses dont want to put in the effort or money to train anyone anymore even as they make record amounts. They want "entry" level folks to be dialed in but acknowledge college doesnt fully cement you knowledge base
@@Chaddeusthundercock I agree, but I also think there's a limit to that though. Again, you don't apply to be a first year associate at a law firm without going to law school and passing the bar exam first. I think companies need to invest in entry level people, but I also think people need to attempt to gain some knowledge and skill before trying to jump into something like cybersecurity. I see some people with no degree and no experience saying "I got my Sec+ but can't find a level 1 SOC role what's wrong with this industry??"... like come on we can put in some more effort than that.
This was a much needed video. I am one of those people struggling to break into the field. Another catch 22 of the situation is the practice. I know their are some sites that you can use to harness these skills but a lot of people do not. How do you practice something that is illeagal in order to be able to legally use those skills? I'm sure there are others like me who don't even know which certification would be best or what the next step is after a degree.I think the industy is missing a key opportunity to help create people with the skills they want.
At the point you said "and really trained how to approach cybersecurity from a business perspective using both their soft skills and their hard skills", it validated why I left the industry. These cyber security companies are not there to help you. They want you to be attacked so they can sell services and cyber attack insurance. It won't be long until using your personal computer is like driving your car. If it's not insured, then you are in trouble. Cyber security experts claim the new recruits are fighting a war against evil - yet they are simply trained to boot USB drives, run 3rd party programs, and basically fall in line.
Entry cyber needs to just be renamed to cyber security jobs. There is no such thing as entry cyber. Just like there is no such thing as entry networking. Both those jobs take skills from the lower levels that you need to know to execute. Cyber is started on the back of 4-5 years in a specialty of knowing how something actually works. Same with networking, same with sys admin. They require experience from lower positions. So tired of hearing 'oh i cant get a entry job as a cyber after i got my sec+' Yeah because you dont know how anything else works. If you have 5 years experince youd have no problem because you know how stuff works.
In my second year of uni i got a job in cybersecurity. I applied for an internship and on the interview i told them that im here to learn and they dont have to pay me anything, they accepted me. You need to understand that the company will not earn any profit on you in the first months they need to invest a half year salary and they wont get much in return for that.
Yeah, that’s some thing that I’ve noticed as well. Unless you’re working for a company where cyber security is their product they have little to no incentive to actually train you. That’s why I plan on moving next year to an area where they are a ton of government contractors who have a reputation of hiring entry-level talent, they actually have invested interest in training the next generation of security professionals because that’s their business.
Thats not a feasible strategy for people who actually have real liabilities such as paying for rent and food. People like yourself are enabling corporations to abuse workers, youre part of the problem
@@thomasbrown3356 Thats what everyone will say about DFW TX and the San Jose area. But when you look all the jobs go to immigrants and contractors. I work for a massive corporation and very few IT job are not contractor.
I've got 20+ years experience in cyber security as well as CISSP, CISM, CISA and SSCP and I'm getting declined for entry level "Cyber Security Analyst" roles without even making it to interviews. I feel sorry for anyone trying to do this straight out of school.
@@anshul2000punk Honestly, the job market right now is horrible. I read stories like this all the time of people who have the certs and experience and they too can't land an interview. That's why networking is key.
Weird in a good way. It is what it is! This is motivation for each of us to push harder and prove that we are the best candidate. I'm definitely willing to do these tips in the video and any others that come up that make sense.
thank goodness im already in one, I just hope this does not take long to climb up the ladder, im currently taking up multiple certification trainings too
The economy is really not that great right now. There have been massive layoffs and most companies are trying to not hire period. When the economy improves and the number of jobs increases it will be easier but that will take patience.
Hack a company to get their attention. Leave your resume on their server.
hahahaha brilliant
You deserve more likes
😂😂😂
this had me rooling
@@AM-vn4ccyes hacking a company without consent is illegal
It’s rough for the newbies - the catch being once you are in it’s easier to progress up the ladder. Hot take - if you can learn a side skill adjacent to information security. For example, being a data analyst can down the road let you learn skills to ingest data from vulnerability scanners for c level executives. Just my 2 cents. Good luck to all the people applying 👍🏼
do you recommend data analyst for someone who never been in tech but wants to get into it. Im working in a retail store rn and honestly I just want to learn something that I can do online and I heard I can learn certificates. Just want to learn something and get a real job, would you recommend to learn it?
@@R3MMYyes, that's my most recommended, it's a remote kind of job
i am studying cyber in uni, I have a microsoft pl-300 power bi cert, I have all the skills required for a data analyst role yet I am not even getting any interviews. I even have a lot of cloud knowledge. is it bec im 16?@@R3MMY
@@R3MMY all tech fields are hard to get into but look at the requirements for the jobs, gain those skills and build a good resume exemplifying those skills whether its on projects or internships or real work experience and apply to jobs everyday. If youre still not getting any interviews try to make your projects better and go more into depth with skills used on projects
Then once you get into data analyst field get all your security certs and build a good cyber sec resume and attempt to switch over whether its within the same company or at a new position
Don't be afraid to accept short temporary contract jobs that are not exactly what you want. It gives you experience and builds your resume.
finally a youtube that admits its hard to get in. theres a lot of gatekeeping in the cyber industry but learning stuff associated with cyber is a must
I imagine this would be the case in most industries. My current industry is arguably harder to be successful in the beginning than cybersecurity and I probably wouldn’t have been able to in without my brother who is already in said industry. There are way more free materials and relevant industry knowledge online in cyber than most others
i agree@@Father-klovkoski
What is this field you re in ?
Not gate keeping lol. They just want people who know what they are doing. It's called real life. Yeah sorry for all you nerds real life work is scary
@@bobsam5982 OP is simply just talking about the nature of RUclips videos in general. Not the actual industry. There's a real need for cybersecurity professionals. Grow up.
4:55 I cannot vouch for this strongly enough. In my last year of my Cybersecurity bachelor's degree, I joined my university's cyber club. One year with them taught me arguably more about cybersecurity than 3 previous years in classrooms, and I'm kicking myself for not joining sooner. It may be different for other universities, but my university's club served as a gateway to various CTFs and competitions like NCCDC, NCL, and MANY others. Being in there also helped me make some of the closest friends I have to date. To any freshman/sophomore cyber students reading this, PLEASE take advantage of this. You're not going to learn nearly as much as you need to just by getting A's in curriculum classes. You'll be putting yourself leaps and bounds ahead of the competition by getting hands on experience through experience like that which I described.
Cybersecurity is a notorious idiot trap, just do a normal CS degree and pick up infosec in optional classes or just on the side
Our college unfortunately does not have an active cyber club. Are there any forums or online communities that anyone could recommend that would be helpful for Cyber security beginners?
@@anniespoorthi3064 start it then, that what im trying and I'm almost there i hope
I join a bootcamp for cybersecurity, also I don't know if they have a club.
This is what is wrong with the thinking of all markets these days though: They only want to hire the best. Well, guess what? Not everyone can be the best. The MAJORITY of people within a field, are not the best. Are they better than the CEO or anyone else in the company though? Can they do the job? Probably.
I think what is often overlooked is, that your entry level IT job should be at an organization that actually has to do with IT. I recently started my first job as an IT Support at a firm that administrates several hundred client networks. During the interview I expressed my strong interest in cybersecurity and they are pretty open to let me explore the other positions in the company. Because of this I can learn stuff about cybersecurity, even though it’s not my “official” job title. Contrary to this many people start at any Helpdesk they can, at firms that basically have nothing to do with IT and only let you fix tickets that have very few to do with actual cybersecurity.
Even in larger IT firms delegation of security tasks tends to be a rather firm process, and even more rare to have an entry-level employee take part in the process.
Thumbs up. 80 percent of our cyber security analyst were former help desk or desktop analysts. It's easy to certify someone the company trusts than to trusts someone external that is certified. Use the ladder.
@@JM-gg8ko mind you though that ladder only has so many rungs, not to get too caught up on your company when others value you more
@@dylancounte1448 kind of agree with that one. Its sometimes overlooked how skilled even "mid-tier" IT people are, compared to the average other departments. We know this beforehand though. You gotta love to learn and work hard. Otherwhise this field isnt for you.
exactly.. cybersecurity isnt an entry level job and its sickening to see so many influencers trying to convince people about entry level anything with cybersecurity.. an entry level cybersec job is helpdesk/IT support and from there you go to systems admin, systems engineering, security, network engineering, etc
Not only cybersecurity is hard, I'm a lawyer and getting my first job was terrible hard. I think is like that, sadly, in all fields
Excuse me whilst I giggle a bit at the fact that I'm over here watching cybersecurity videos as an aspiring soc analyst and army and here's JK's face in the comment section. It's giving pied piper, bangtan is everywhere vibes lmao. I'm here for it. Loving the pfp, I'm a JK bias as well. Army is everywhere. Just wanted to say hi! 👀💜
It is. Back in the day, people got jobs they had no clue about, and simply got on the job training. Then, a new generation of laws, restrictions and employment fees came into place for the job market, forcing employers to be more scared about risk and cost, so they started looking for people with years of experience. Nowadays, they look for people not only with experience, but "the best". The problem is of course, that the majority of people in field, are not "the best". Are they more than good enough though? Surely. A good example is my ex father in law. He was a chemist at a paper factory. He didn't even have a high school diploma when he got the job in the 70s. Today, they require a masters at least, and 4 years of experience, for his position. Everything he did, was repetitive and could easily be taught to anyone on the job. The example is not good for being a lawyer, of course, although the fears and unrealistic expectations employers have, are, and they seem to be universal across all markets.
i love the ending "just.... yeah... have a good day and keep applying." bro isnt a robot, speaks from real world experience as he's in the struggle with us. i appreciate you bro because im doing a cybersecurity course and when it comes to doing projects, i get this random anxiety. the quizzes? im a God send. Mini test? easy af. Actually putting the pen to paper on a self paced project............ i appreciate you being so transparent and showing us that YOU as well dont have all the answers. thank you for helping people such as myself push through to have a better future/career. good luck on your journey brother!
I hear you on the networking and going to events front! Haven't been to any events since 2020
COVID killed events and meetups. Virtual/online isn't the same since you want to meet face to face with hiring managers. They can dismiss an email or text chat. It's no wonder ghosting is so prevalent.
But Boyd Lewis promised me 100k salary after 60 days of training in his academy.
😂😂
😂😂😂😂😂
😂😂
that guy, lol I was going to go with his company. But my intuition said NO....
A good opportunity to look for would be a getting a job at a startup or relatively small company, but start out by doing something different such as being a software tester (or something tech related). Then when the company expands they will most likely need to create a security team, in which they could look internally first so you can progress, if they know you are interested (depending on the company, of course). This is what I did. I went from IT apprenticeship > software tester > information security officer > infrastructure and security engineer over the course of 10 years and I don't have a degree. These opportunities can be hard to come by, sometimes it's just luck in my experience.
Awesome video!
I recently graduated with a degree in Cybersecurity a few months back. While I have had roughly 2 interviews per month since I graduated (near a large city), I have been unable to break past the second interview (had 2 second interviews).
The technical interviews, often as the second interview, were difficult for me. I understand these concepts but had a hard time recalling important information such as TCP/IP stack, port numbers, encryption, DNS, etc. Once I refreshed and overviewed what I recall from the interview, I understood it after some quick review. I was humbled and since then, I have been studying like crazy, taking on projects, running CTF exercises, and attending a conference. I already feel way more comfortable and confident to any following interviews I get.
I like how you emphasize adaptability, I can relate to the necessity of a change in strategy. I spent 6 months applying with a “bulletproof” resume according to career services, only to run it through an ATS and realize it was probably filtered out almost immediately. I had to adapt, rewrite with professional help, and am building out a blog/content site for pentest writeups from HTB.
Great content, the market is difficult but your perspective is motivating and refreshing 💻
OK. I like what you posted, but what specifically did you do with your resume that made the difference?
@@deebee201 When it comes to the ATS, it hates formatting errors. I adjusted margins to maximize words per page, and got rid of ALL special characters, lines separating sections, headers, and footers. The simpler the format, the better. Following that I refined my content to be more relevant and highlight my projects over my work experience. I am switching from an unrelated industry straight into cyber, so I blame a majority of my shortcomings on that, but if most of my resume is projects that depict relevant experience, the ATS AND the recruiter have no choice but to see them.
I am still coming close to landing a role, but no dice quite yet. I had an interview for a help desk role that was so entry level they didn't even ask me any technical questions. On the third interview, the IT manager asked me, "If you have all this security experience, how come you aren't applying to one of these big name companies? You'd be a shoe in." I was awestruck, and unfortunately didn't get selected (my guess is my desire for a security role was a liability to them).
Long story short, use the free ATS checkers and AI to see what keywords and experience get pulled from your resume. Simplify format, and condense irrelevant information. Keep it as a highlight reel for your skills in the role you want, not what you've already done. After I changed my format, I at least got more contact with hiring staff and I consider that a huge push in the right direction.
I’ve applied to hundreds of cybersecurity jobs and haven’t gotten an interview. I’m working an IT job currently, pursuing my Security+, and graduated college with a BAS in cybersecurity. My professor told me and I quote “landing a job in cybersecurity will be like throwing a dart at a dartboard: as long as you apply, you’ll land somewhere”. THEN WHY IS IT SO HARD? IS THIS FIELD NOT IN DEMAND? Entry level positions ask for like 5 years of experience…this is rough…
It's because cyber security is an advanced path. BS in cyber security shouldn't even be offered, it's a scam. Cyber security should be available as an MS with prereq of a BS in CS (or related degree).
Be like a doctor getting a 4 year degree, having never gone to med school, or done residency, and being like "WHY THE HELL CAN'T I GET HIRED AS A DOCTOR... I HAVE A 4-YEAR DEGREE?!!?!?!?" lol....
@@Johnny-io8mwI’m late this to this threat, but the best case scenario is if that cs (or related) degree comes with a cerificate of security. That’s what one of the Universities I’m going to offers, and I think it looks better on paper and for being able to hop out of cyber if needed.
It’s interesting Cybersecurity is so hard to get into because every other day I see an article about how there’s a bajillion unfilled cybersecurity jobs…. Especially for the government which sometimes has even stricter requirements….
I have a video coming out about the 'Cybersecurity Skills Shortage Gap' soon.
Yes because the government doesnt pay very well. And you dont want to waste your time with hustle bros just learning this topic because you can make a Ton of Money at this Job. I have no problem to train somebody but this is a Passion topic. If its just a Nine to Five Job for you you are wasting my time. I worked countless Nights because i read a cve or found a Tool which is interesting noticed its morning and started the day business, if its just a Job for you stop wasting my time. And rarely you find somebody with this Passion. Im not your typical nerd, i do sports in my free time, have a girlfriend and a dog, can be Social which is important in this Job as well but i have no Problem to do some nightshifts for my Company.
I think you're also neglecting the fact that young people have woken up to the idea of breaking your body, mind, and soul for a corporation that will drop you on the dime, is just not worth it.
@@martinfurstenberg2281
only reason theres gaps in Cyber sec jobs is because they DONT HIRE ANYBODY!
they want literal GODS to work with them, they dont want 10 year experienced veteran hackers.
@@martinfurstenberg2281same as long as I’m getting compensated it’s easy to get into personally
It's long learning curve. I caught the cybersecurity bug & thought about switching careers. Glad I didn't. The learning is constant. I want a life outside of my job. The competition is too high & every entry level job has 200+ applications. Imagine the skills others have & you're going against.
So are you still working in cyber security? And are you saying you want a life outside of your job because you dont currently have it or are you saying you do have that it was just a reason why you did choose cyber security?
I would recommend working on interpersonal skills and other professional skills outside of technical to boost your resume. That's it if the box and makes you unique compared to other candidates. I've learned that technical skills only get you so far. The interview is more about getting to know you as a holistic worker, not just regurgitating info
Im 40 years old, work full time in a non related IT field and am studying my masters in cyber security at night after work. Its extremly tough on me and i have had to sacrifice so much. I dont have time to build a home lab or do comptia. I cant afford to quit my job and do an internship and then be unemployed.
To be honest its a bit insulting getting told by people to "do more" or "try harder".
I'm sorry about the struggles you're dealing with. I'm in a similar boat but 20 years younger. Perhaps there's a way to adjust the load you're dealing with? A way to free up some time on your masters into time for a lab - such that you're not doing *more* but doing *different*?
It is absolutely NOT just entry level cybersecurity jobs that are hard to get (not to suggest that you asserted otherwise). I’ve been in cybersecurity, ethical hacking, and infosec for years and it was a beast getting my latest job.
It's going to be almost impossible to get into cyber security right now with no experience in IT. You're competing with everyone. First get ANY IT job. Then learn everything you can about Cyber, build projects, etc. Don't hold out for a Cyber position. You're competing against guys with 10+years of sys eng, net eng, etc. experience.
We have mandatory conscription in Sweden, and one of the placements you can be assigned for military service is in fact the government IT security department. Even though it's kind of forced on you if you get enlisted, it's still a great opportunity, especially since they fully educate you from the ground up (with the stipulation that you'll only be placed there if you express interest in and prior knowledge of the field). Can't get much more entry level than that.
It's rough for any entry level job let's be real. Best bet is to network. Networking is a Newbie's best friend. Exposure is king. Expose yourself.
The reality is that you need an IT job first….Like helpdesk, sys admins, or being a Jr. network engineer. Gotta work with systems first before diving into security.
Even those jobs are getting hard to get. They are asking for 3-5 years experience and Certs for entry level help desk in my area. Smh.
help desk is being automated by chat bot and AI now
I'm a serviceDesk analyst with 6 month exp. Should I go for MSC in cybersecurity keeping in mind job aspects
@@kekef3620 Things must have changed a lot my first job in IT doing help desk required nothing much, bear in mind I have been using computers since I was 5 and know my sht. I get 6 figure job offers now and I am not even looking. My first real role that was all IT sec was I was moved over to a new dept. because my boss know I was interested. It sucked as it was grunt work and had other offers to move straight in to leadership role over IT sec people that had more education then me as I was actually in IT and know how sht works.
Always keep learning! Depending on your skill level, you might want to build a strong foundation in fundamental IT skills first. Finding a mentor in the industry with a lot of experience can be extremely beneficial. Getting certifications is important too. Despite what you might hear on RUclips, I know many senior professionals who hold numerous certifications; they are part of the package, though practical experience and networking are crucial as well. Many IT jobs include some security aspects, especially at higher levels. To connect with IT professionals, consider joining relevant groups or networking with colleagues in your current job who work in IT-you already have a commonality with them, working for the same employer.
Great suggestions: I have been in the tech industry for 35 years on the sales side. People have to remember that success takes time. I was self employed for 10 years before I started making real money. You always have to be improving by reading and studying.
Thanks for providing us the suggestions on how you would overcome those common hurdles cyber entry level job seekers tend to face. It's all about solutions.
I’m literally going through this Catch 22 right now. Got a 4 year cybersecurity degree and over a dozen certifications most of them being from CompTia but no Real world experience yet which is what most employers seem to want the most. Whereas a degree and/or certifications is more of just a thing to check off their list of many checkboxes. Even entry level positions like helpdesk and IT support technician want at least 1-3 years hands-on experience. Can’t get experience unless I have experience to sum it up.
Where is your home lab or home cyber range?
Have you configured pfSense firewall device or a managed switch to protect your LAN? Have you setup and configured free, Open Source xcitium EDR? Have you segmented your home lan? Have you built a DNS Pi Hole? Have you put a Honey Net or Honey Pot on your home LAN? Have you setup and configured free Splunk trial or ELK SIEMs on your home LAN?
Experience is just laying around out there for free or for low cost. All you have to do is got pick it up and start learned. Presto. You set up an MDR in your house. Now the movement to a MSSP is lateral.
@@xCheddarB0b42xthese are all great suggestions but from my personal experience Home Labs won’t land you an interview. Once you get to the interview talking about your personal projects can get you the job but since the recruitment process is so automated nowadays you won’t get past the filter without work experience. This is the Catch22.
I second what @ChedderChunguska has said here.
Continue to build out your homelab and find opportunities to learn where you can. Sometimes it's a matter of persistence and luck, as generic as it sounds. Keep at it 💪
@@collinsinfosec it is 80% persistence and 20% getting the hands-on and Level of Knowledge. This ratio should be familiar to readers. You are trying for a security role. They will not hire people who give up. Never give up! Never! Never! Never! /rant
I am on the same boat as you are. I have a IT degree and two certs and only 6 months internship experience and I can't even land a tech support job.
I graduated with a CS degree, no internships, no work experience besides a data entry job for a semester. After graduation I applied (not kidding) to over 500 jobs. 80% of which I feel like I was qualified for. Mostly beginner SOC Analyst positions (fed and private). I had experience in Cyber sec applications, and could talk my way through interviews, but no job offers. I randomly applied to one GRC position, and landed it within 2 weeks. Just transitioned over to a new company, and got a 60% raise. In 3 more years Ill apply to a company an old coworker moved to and hopefully double my salary there. In my experience most people yell and yell about having some help desk experience, or networking background, which NO DOUBT helps, I just refused to do so, because I like cyber sec, and I hate networking/help desk.
Oh, I also had the Sec+. The GRC job I got hired into had a requirement for 4 year degree, and 0 years of work experience. The pay was WAY below industry standard as well, it was just my way in.
No one cares
@@alienboogieman stay mad buddy. The more information and more real experiences out there the better. Lets people know what can be normal or not
@@skweejee I just believe your comment was written in a way to make yourself look better than it helping others. "Oh I also had the sec+" and "I just refused to do so because I like cyber sec and I hate networking/help desk" these quotes are examples of your ego rather than providing help for the rest that will read you pointless comment. Not everyone will have access to those resources like you do, so they rely on networking and help desk experience. You state your opinion about it instead of stating the benefits. So please, try again...buddy
@@alienboogieman Alright brainlet. Stating publicly that I had to apply to over 500 jobs to land one does not pump my ego. Stating I have a sec+ is important information as it helped me get my job. I do not see how stating my hatred for raw networking and helpdesk "shows my ego" its simple a statement lmao. If someone does not have access to the 300 dollars to take the sec+ maybe they should be looking for a job period, and not focusing on security, because they broke af and I dont care about them or their future. If they have to rely and helpdesk or networking work, once again I do not care, as it does not pertain to my situation. I simply stated my experience breaking into the field and showed that it is possible. Take your 60 IQ elsewhere and get out of my replies pal.
Well all I can say is cograts! I'm happy for you and what you have been able to accomplish in your cyber journey thus far. I'm hoping to land my 1st GRC related role as soon as possible. Did you use LinkedIn at all during the process thus far? How did you make yourself stand out from the crowd of other potential applicants especially assuming that you didn't have GRC experience? Any additional info is greatly appreciated.
It would be nice to also do a follow-up video discussing what I call the “Nightmare” scenario. Which is way too common in Cybersecurity right now. We have plenty of early career IT professionals who have 2-5 years of technical work experience doing Networking, Sys Admin, or Helpdesk. They have degrees and certifications. they apply to 100/200+ cybersecurity jobs and still can land a role because they don’t have “Cybersecurity” experience. This is what happened to me. I went to a job fair and was complimented on how good my resume was but once I mentioned I was interested in a Cybersecurity role I was told they wanted people with security experience 😅.
People are always told to get a help desk position to break into the cyber security field. Then we find out that is not the case after years of working a crappy job and never getting an interview for the job we actually want. It's soul crushing.
That's true. Recruiters are in search of experience. Experience > anything. Sometimes it's a matter of luck and a company giving you a chance. With your previous experience in IT / sys admin work, I believe you could find a job opportunity. The job market is difficult right now though. It's a dilemma.
@@collinsinfosec I found something in Risk Management but I know I would do much better returning to the technical side of IT. I plan on applying next year to technical roles again. Hopefully this time I'll be successful.
@@ukeleleiguana Yeah I was told the same thing, those people are losers, don't listen to them
I might go through the same, I have 3 years of Web development experience, I have a degree in CS and now I have decided to switch my career to Ethical hacking and cyber security, and I really hope that I get a job in this, as I am putting all of my part time in learning this, it will take me more than a year to learn and practice everything and even after all that I am not sure if i can land a job
It’s not really an entry level career, it’s more of a specialization of IT. Get IT experience first, get your certs, then maybe apply for entry level SOC positions. You can also get experience without a job by doing bug bounty programs.
Instead of getting a degree in cyber security, get your degree in computer science and do internships. Get your certifications as well.
I’m an appliance repair technician who also did A/V home theater systems for many years, running wires setting up A/V racks. Those are two random fields but somehow found myself in those career paths. I’m currently just starting my cyber security career, starting out with google cybersecurity cert and plan on doing comptia sec +, I love how you mention setting yourself apart. I know for me, it will be tough and I have a long road ahead and likely insurmountable odds when compared to other candidates, I hope that being customer facing among with other skills in my line of work will help. Very accustomed to diagnosing, troubleshooting and identifying issues. I’m finding cyber security to fit me like a glove this far. Excited to learn and grow, thank you for this video. I kind of went on a rant but I find this to be very informative and realistic.
Another way worth considering as I've seen great success from people around me is go for an entry level service desk/helpdesk job whilst developing your cyber security skills.
That demonstrates to employers that you have real-world experience in an IT role and would make it much easier to move within the company or elsewhere to a cyber sec position
Maybe within the company but it would be harder to move elsewhere for a cyber position as employers want cyber experience. There are people who been in help desk for many years and they can’t get a cyber position because they don’t have the cyber experience
Some larger companies will sometimes post jobs to show investors that they are growing... Not because they actually need to hire anyone.
I gradated with an associate's in Systems security and gave up after a year of fruitless job searching. I am now a municipal custodian and I am extremely content with how things turned out. I have little tolerance for people and am allergic to regular schedules, I wouldn't have lasted long in any cybersec job anyways.
Happy to hear you were able to land something where you feel fulfilled! That's what matters most.
Thought this was a meme?
New Copypasta?
With San Francisco paying $30-$36+/hr, whether or not it's a joke, it's true 🤷
@@collinsinfosec It's almost certainly not going to be a forever thing, but while I'm figuring out what I'm going to do with myself, I'm pretty happy doing this.
I mean, I've got government health insurance, dental coverage, 22$ an hour (in the midwest), matched retirement input, 2 weeks pto, 2 weeks paid sick leave, I set my own schedule, and I can listen to audiobooks or youtube videos the whole time. I could be doing a hell of a lot worse.
I'll probably end up retraining into Network or Server Admin. Network Infrastructure was the class I most enjoyed in college. I probably should've figured out then that I needed to reassess my path. I only ever really enjoyed learning cybersec at the hobbyist level, doing TryHackMe classes and such, so I should've just left it as a hobby. But the pandemic hit and I wasn't able to get in touch with my counselor when I first started having doubts, so I just stuck with it and finished my program. It is what it is.
I would tell anybody looking to break into cybersecurity to apply for a GRC position. It might not be everyone’s cup of tea, but the pay is pretty good and there aren’t too many hard skills to know. Do a year or two there, have them pay for a degree/cert, and pivot out.
Good points!
That’s what I’m doing right now. I manage a large variety of IT policies. My previous job was an IT network administrator and honestly if it wasn’t for the fact that my new job pays better I kind of miss being technical.😂 I tried getting a cybersecurity job but I get hearing “you don’t have experience”. 😭
What is GRC?
@@keyballa governance, risk, and compliance. It’s not too technical, but you still need to have technical knowledge. Think of the cross between business and IT.
@@Carsia got it. Thanks
It's not exactly easy, but joining the military can be a path in. One, you get technical training and experience while getting paid (but not much at first). Second, you get a security clearance. Third, if you want to get into a federal job, you get an advantage in the hiring process. I am not a recruiter, just speaking from experience as a veteran. If you already have a degree, you may be eligible to be an officer which brings much better pay and often some student loan forgiveness. I'm not as familiar with that side though.
only 200 applications? 😅I think one of the contributing factors is IT was a very small field for a long time compared to other industries. Think about how longer System Admins have existed vs Salespeople. The demand was much smaller, so there were very few people in the field overall, and not much happened when the world was offline. So when the booms started hitting and everyone started to hear the word 'cyber' in the news it was because attacks became common place. Everyone in the field already had a solid 5, 10 ,15 years so it became the norm to have loads of experience. Now they can't keep up, still need people with that experience, but they just do not exist. I absolute love you sharing your experience! It is rough out here which is going to foster a whole new wave of creative thinking and work ethic that the industry will see as the norm, then the next generation will have all their own problems.
Figured I’d send this message for any career transitioners like me hoping to break into an entry level cyber job: I’m currently working as a full time doctor of physical therapy in the states and have been looking to make a career change for a while now. I fortunately stumbled upon cybersecurity and enjoy learning so much about this field. Currently taking Google’s Cybersecurity Professional Certificate and have been going through the 8 courses through Coursera. This video was very helpful Grant. It showed me that I should also be trying to diversity my portfolio as I’m taking the time to learn. I’m going to dig into CTFs and blogging as I have so much to say about this transition so far. For anybody coming from a different career like me pursuing cyber, keep pushing, it’s going to be hard but just remember your why!
Hi, I am in a similar situation , can you tell me what new projects you worked on for your portfolio?
From my experience in various fields I would strongly suggest to invest in a job path only if you have a connection to get you in. If not then don’t bother and try to do something that can make you some income and plan your way from there for something more profitable. If you’re passionate about it then it can’t be helped. Just be prepared for a long fight.
Another great video Grant! Thanks buddy!!
How are you supposed to gain experience if no one hires you LOL. I say that to every employer I put my application for when they say you have no experience because that sentence is very true.
I really appreciate your honesty 🙏. I faced lots of problems in finding job at Cybersecurity, most companies need experience, 5 years minimum, if anyone lucky then they got hired. Later i changed my decisions because of the rejection i got. I moved to HVAC, and happily enjoying this field.
I'm not graduate student but now im doing my graduation after 4 years 😄.
But once a hacker, always be hacker ❤.
i want to learn cyber security but afraid of same issues, do you think its impossible to get in?
Most of the people I know switch from IT or networking to cybersecurity within the same company after they show their capabilities
Absolutely THIS! The best way in is to invest yourself with a company that you know will have future cybersecurity opportunities and work your way up as an internal hire. Wayyyyy less competition and higher chance of success.
I’m going through this transition right now at my company
Thank you for the information, awesome videos 👍🏾 my advice to you is join a gym brother. Not only for health benefits but it’s a great place to talk and meet people from all walks of life. That’s how I got introduced to cyber security. Stay blessed
If you have a TS clearance and Security + you can get a job with defense contractors with little effort, especially if you live in the DMV area
Even if you do not have any experience?
@@brianabellamy6176Yes, but that’s specifically related to gov’t contract positions
long shot but I’m in the DMV area looking to get into IT in general have background in automotive technology looking to pivot into it. what contractor are you talking about? I have AAS degree in cyber Defense and sec + looking to get into a Soc role.
That’s somewhat true I have a TS with Sec+,Net+ and Cysa+ and still get rejected cause I don’t have at least 5 years experience
I think expecting to go straight into a security position right out of college with no experience is a lofty ambition. It's possible but they aren't "entry". Entry is a relative term here. Im currently a network admin and went through the experience ladder (Helpdesk then Desktop then network) and I can tell anyone right now that college isn't enough by itself. Ive worked with graduates on all levels that aren't great at adaptability or applying knowledge. Call me old-school but going through the early positions like I did is the best way to show you can get into the higher level positions through the experience.
You keep trying to mate, we all appreciate your efforts in making this video
Cybersecurity is hard harder than people say it.
Okay, we gotta get you off the screen and outside and hang out with people! On the other note, thanks so much for your input, your videos are very helpful 🎉
I hope the best for you mate. ♥
Much appreciated! To you as well.
The fact that you have to do all of this to obtain to get an entry level job is ridiculous.
One could say it is not in fact an entry level position lol
It's a challenge.
Right? it's extremely discouraging. No other industry is like this. Almost feels not worth it to put in all the effort, with no certainties. Who wants to go through that?
@@Adixon5software engineers roles is extremely difficult as well.
@@Adixon5passion. My view on it is, the way up the ladder will get rid of the people that aren’t truly passionate about it and just want the money out of it. Just my 2cents.
So it's a good representative of the overall market. Employers act like we can't learn anything. They expect 5 years experience out of college.
sounds exactly like the industrial industry . experience will get you there but eventually it all boils down to who you know.
Stopped watching the moment he suggested people start a blog to get noticed
LMAOOOOO
Shxt is ridiculous
I think too much focus in cyber security entry levels jobs is on the technical side. I would encourage getting a risk management specialist job first. It’s what I did. In the job I did risk management work but reported to the CISO and got access to all the security tools where I could spend time getting experience with them. I then applied for my first Security Analyst job which was more on the technical side. I would consider this as a stepping stone for others too. Your first entry level job doesn’t have to necessarily technical.
I would also mention that some Co-ops and internships hire recent graduates, not just college students. This is a good way to get some of that experience before landing that full-time position.
Took my company 6 months to find an "ok" candidate where 3/4 people didn't like him but we were so short staffed we hired him anyway. He lasted two weeks and then left. The amount of people applying and then don't even know the general overview (very basic) of NIST CSF or 800-61 or even 800-53 is pretty mind blowing
I cant even land an entry lvl helpdesk role even with google it support cert, sec+ and a completed network engineering course at a technical trade school. Not sure what I'm doing wrong.
Same! I thought it was just my area where entry level help desk is asking for 3+ years experience and certs.
@@kekef3620what area are you in?
Start networking with people in the IT industry
It seems like many industries are like this. I’ve changed careers a few times and it’s always like this. Entry level requires 5 years experience, and labour demand is for people who already have like 10+ years experience. They want people who are veterans to just materialize from thin air. And HR people write the most ridiculous job requirements. Meanwhile the few who are actually experienced have so many job offers thrown their way they can’t keep up.
Basically its pretty easy to land a Job in Cybersecurity even as a sideliner with no formal qualification. If you really like IT and its your Hobby you Start to get to know a lot of people and if you are looking for a Job you have a wast network, you gain experience by Just Setting up a Server, use a old machine without data put in online and See how Long until this machine gehts pwned. After it start analyzing why you where pwned. Fix the Problem and Repeat, you dont get pwned anymore? Start attacking the Server by yourself there are Million tools for this reason. But if you dont want to spend your free time why should i hire you? Why should i hier you for a high salary if you basically have no Skills? Most people who are complaining Not getting a Job are people studied computerscience for the Money while have no idea what they are doing.
Network within cyber communities/careers ppl & evidence your learning via labs. That’s how I did it with 6 months self learning, landed a cyber analyst role.
Can I get a list of the cyber community that you had used?
bruh i have a MBA and like 5 certs. i cant get a 13 dollar an hour helpdesk job. im at over 600 applications. what am i doing wrong?
Your way over qualified for a help desk job
It’s all fun and games into young engineers and cybersecurity analysts starts to take job offers from the enemy. Think it’s impossible better ask England why they’re retired vets was training Chinese pilots.
It’s gotten to a point where you need years of experience for an internship. Shit is ridiculous 🤦🏾♂️
security clearance is one of the issues for foreigner probably not an entry level issue but i have around 2.5 years in SOC but not in europe also built my own SIEM lab at home configured AD DC, DHCP ... but hardly landing a job second issue is the french language i have C1 most they ask for is C2 and security clearance, idid some certificates net+ sec+, API pentesting, Trend micro
ICIP, 1 soc internship, 1 AI internship and 1.5 in current SOC position for company outside europe, also 7 months data analyst (ik its irrelevant for cybersecurity)
It appears you are on a great track. You are actively building a homelab, have completed two internships, and have some entry-level experience in security. A security clearance would be helpful if you are trying to land an opportunity in the United States.
sorry if i failed to mention but i am currently in France and the plan is to stay in France until i obtain the passport because my current passport doesn't get me anywhere i need visas to everywhere and mostly rejected. So i am searching in France not USA here they require Security clearance for Airbus, telecom, some banks... this is where i am struggling and honestly i will start searching for either internships or help desk position not security because i need to build experience in europe/France because they dontrecognize experience in Asio/Africa/MEA @@collinsinfosec
It's tough if it isn't already a hobby or genuine interest.
Thanks man, this video really helped me with insights and motivation. I am currently applying for entry level roles and finding it difficult to stand out, trying to network and meet people, but i'm transitioning from the financial industry into Cybersecurity, so it's all very fresh for me. Just subbed to ya, keep up the great content.
For me living in NYC it’s hard trying to find the time to engage in anything cybersecurity while maintaining a full time job. And studying for certifications seems impossible. While a online masters program held solidify foundational knowledge, I’m finding that it is challenging attempting to enter this industry.
Im at a similar situation as well . I have my associates degree in IT from laguardia. Just recently got my a+ certification. Took me about 4.5 months. Because it's 2 part exam at the same I work full time as a commercial cleaner and I work security some weekends or just Saturdays. It's tough dude its really about just making use of your time. Mta commute is the best time to do everything..then at home I'd study for 1 to 2 hrs 4 to 5 times a week
i'll say the same thing i say to all newbies, most of this field isnt entry-level you will do so much better long term by starting off in a role outside of full time security that benefits what you want to do long term.
It seems the misconception is that being an IT admin or help desk will help get you a cyberops/sec job because they have “tech experience”. I feel many other jobs not in tech have skills more comparable to the cyber security industry, you just have to learn the specific domain knowledge and technical skills.
What are those other jobs?
Been down this road. I had to start as a junior network administrator. Could not land a cybersecurity job right out of school. I got lucky landing even a network admin job right out of school. A lot of the guys i know had to start with a help desk position.
For someone on the outside interested in the CS field, I'm trying to figure out a game plan. This was a good video to experience.
Thanks Grant. We can do it.
That's exactly it!! We can.
It’s a lot easier when the love for IT, networks and technology is inside of you
its the same argument. i need a job to get experience, but you need experience to get a job. companies need to do better for onboarding new employees, and watch the retention rate soar.
Currently, have my Sec+ and Net+. Trying to get a SOC Analysis job or something where I can just monitor a SIEM or something basic for my first gig, and it feels IMPOSSIBLE to land something.
Am I aiming too high? Do I need to just throw myself into a help desk position until I can get my PenTest+ too, or what?
Certificates mean absolutely nothing unless you have experience.
I'm studying for Masters of Science in Cyber Security cause was told by counselor that it is "in demand" but it doesn't sound like it hearing you say the cyber security job market is a dilemma...should I stop studying for this degree and go for another career instead?
I wouldn’t take advice from any counselor unless they have specific experience in the cybersecurity industry
How far along are you? Do you have an IT background?
Required 2 -3 yrs experience minimum with certificate such as ceh cissp security+😅
I think the issue is not bachelor or master degree in Cybersecurity or certs, projects, internship etc...these are good things to have and if you have someone who knows someone you can get a job in cybersecurity. However, the big picture is how broken the system is in America. Department of Education should never allow any university/college to function without having a mandatory internship for students in any field they are pursuing. The reason why employers do not want fresh grads, degrees, certs, projects and poor internship is that they believe a new grad is poorly trained to work in Cybersecurity because most university/colleges do not have mandatory internship that will resolve the practical skills students need to be ready to go after college/university is done. What do colleges have? They help you obtain security + plus or other certs, is that enough to convince an employer to give you a job in cybersecurity? Why not 3 years internship while you are in college for Cybesecurity in a real company and using tools like SIEM, EDR, Rapid 7, Nessus etc..? Instead the new grad finishes college/universities with bunch of theories and they are unable to put those theories into practice. if the system was not broken, bachelor or master degree in Cybersecurity would be worth it but it is not due to the system. Then we have bootcamps, some bootcamps that are really good,, they are doing the job that universities/colleges lack. Some bootcamps will give you the hands on practice you need that college was supposed to give you that is why some companies accept candidates coming from bootcamps and they ignore guys with degrees. who is fault is that? that is the system in America that is broken. The military will train you well in any profession you want but colleges/university will not, why is that? it is the system in America that is broken. Your Cybersecurity degree and certs are worthless and if you want a job you need to find a good boot camp to give you hands on experience and bootcamps will take your money. So, you as an applicant will be spending lots of money until you find your cybersecurity job, you will pay CompTiA for their trash certs, you will pay bootcamp to give you hands on , why all this when you spent four years pursuing a degree in Cybersecurity? One more time , it is the system that is totally broken allowing students to graduate without any relevant hands on experience in what they choose to study but they will train you well if you join the military and companies will be after you because the military trained you well.
you need to invest in yourself, pay for certs, take courses, and meet up with people and network!
Once you get you will be happy that it isnt easy to get in otherwise you could be replaced
Thank you sir. Starting my cyber security journey in January and this video made me feel better
What about creating a shell company and faking the experience part?
It feels like lie a little bit on the resume. To get a foot in the door. Isn't a bad idea. I've been searching for a job for 2 years and no luck. I have my degree but with a little actual experience.
It's like this everywhere in tech. Not just cybersecurity.
So, I am transitioning out of the US Army and I am part of a program that allows me time to get a Google cert. I have a few days to lock in my decision. Should I choose the cybersecurity cert or go for another career path? This video seems very doom and gloom on the opportunity to get a job. They have IT, Project Management, etc
Cybersecurity certification from Google alone won’t be enough for you. That cert is just a preparation for the CompTIA Securiity+ certification which is the real deal when it comes to cyber security. If you are willing to put in some extra effort and do a few more things here and there after the Google cert including getting the CompTIA cert, then you should go for cybersecurity cert.
@thoughtyfalcon3991 thank you very much for the reply. I do plan on getting my Sec+ from CompTIA after the Google cert. From there I will start applying for jobs and build my project portfolio. During the job search I'll also be looking to try and get a Net+ or CCNA cert just to help more if necessary. Thank you for responding.
@@V3n0m151 it’s a good path. And there’s always the option of opting for something networking related if you can’t get into cybersecurity. Keep it up and work smart. I’m also doing my Google cert after which I’ll be getting the CompTIA network and security certs. I’m also thinking of doing the OSCP after those while also doing my bachelors in CS.
My hopes are to not make the security industry seem like it's impossible to get into. Although I can see how it is. My advice, I would highly recommend starting out by defining your end goal. What is your goal and which type of position are you looking to get into? From there, I recommend looking at the skill requirements for position. If you already know the fundamentals of I.T., I highly recommend taking a look at position requirements. Then develop an action plan to learn those skills. For example, maybe the position requirements including scripting, basic understanding of network security, and knowledge of SIEM. Develop a plan to learn each of these skills through dedicated studying. This could include 1-month solely dedicated to learning about the networking basics, then 1-month to scripting, and finally 1-month for SIEM. Take extensive notes, quiz yourself on the foundational concepts of each skill, and build a homelab.
Just starting my bachelor's in Cyber Ops at Dakota State. Trying to figure out what things I should be doing outside of my degree to try and launch my career ASAP. I've heard so many different arguments. I've definitely heard to partake in CTF's or building a home lab. The issue is I don't have that prerequisite knowledge yet and so I feel I can't do those things yet. The other question is what type of home lab or what type of CTF's would I do?
I've also heard that I should be studying for something like the A+ and NET+ to then get some sort of generic IT job and then transition into cybersecurity once I graduate. The problem there is how can I focus both on my degree and those certs and home life all at the same time?
Another problem I'm facing is the industry being extremely vast and not feeling the pressure to know exactly what I need to do so I can build out a plan, focus on doing things so I can specialize and don't waste massive amounts of time or getting pigeon-holed into an area.
Can you tell I'm just a bit stressed and lost?
I think the main thing muddying the waters in this discussion is nobody being on the same page as to what "entry-level" means. A first year resident Doctor and a McDonald's cashier are both "entry level" in those respective fields, but they require drastically different skill levels to get that job. Cybersecurity is not entry level in the same sense as a cashier is. You're not going to turn up with absolutely zero knowledge, skill, or experience and just be trained 100% on the job. But it CAN be entry level in the sense of being someone's first IT job. You just need to put in the requisite time and effort into some combination of school, self-study, certifications, homelabs, CTFs, etc.
The problem is businesses dont want to put in the effort or money to train anyone anymore even as they make record amounts. They want "entry" level folks to be dialed in but acknowledge college doesnt fully cement you knowledge base
@@Chaddeusthundercock I agree, but I also think there's a limit to that though. Again, you don't apply to be a first year associate at a law firm without going to law school and passing the bar exam first. I think companies need to invest in entry level people, but I also think people need to attempt to gain some knowledge and skill before trying to jump into something like cybersecurity. I see some people with no degree and no experience saying "I got my Sec+ but can't find a level 1 SOC role what's wrong with this industry??"... like come on we can put in some more effort than that.
This was a much needed video. I am one of those people struggling to break into the field. Another catch 22 of the situation is the practice. I know their are some sites that you can use to harness these skills but a lot of people do not. How do you practice something that is illeagal in order to be able to legally use those skills? I'm sure there are others like me who don't even know which certification would be best or what the next step is after a degree.I think the industy is missing a key opportunity to help create people with the skills they want.
At the point you said "and really trained how to approach cybersecurity from a business perspective using both their soft skills and their hard skills", it validated why I left the industry. These cyber security companies are not there to help you. They want you to be attacked so they can sell services and cyber attack insurance. It won't be long until using your personal computer is like driving your car. If it's not insured, then you are in trouble.
Cyber security experts claim the new recruits are fighting a war against evil - yet they are simply trained to boot USB drives, run 3rd party programs, and basically fall in line.
Entry cyber needs to just be renamed to cyber security jobs. There is no such thing as entry cyber. Just like there is no such thing as entry networking. Both those jobs take skills from the lower levels that you need to know to execute. Cyber is started on the back of 4-5 years in a specialty of knowing how something actually works. Same with networking, same with sys admin. They require experience from lower positions.
So tired of hearing 'oh i cant get a entry job as a cyber after i got my sec+' Yeah because you dont know how anything else works. If you have 5 years experince youd have no problem because you know how stuff works.
Facts
In my second year of uni i got a job in cybersecurity. I applied for an internship and on the interview i told them that im here to learn and they dont have to pay me anything, they accepted me.
You need to understand that the company will not earn any profit on you in the first months they need to invest a half year salary and they wont get much in return for that.
Yeah, that’s some thing that I’ve noticed as well. Unless you’re working for a company where cyber security is their product they have little to no incentive to actually train you. That’s why I plan on moving next year to an area where they are a ton of government contractors who have a reputation of hiring entry-level talent, they actually have invested interest in training the next generation of security professionals because that’s their business.
@@pkagent14what area is that?
@@ebenymitchell7872 DMV "DC, Maryland, and Virginia" specifically areas near DC. There are a ton of gov't contractors who are hiring.
Thats not a feasible strategy for people who actually have real liabilities such as paying for rent and food. People like yourself are enabling corporations to abuse workers, youre part of the problem
Its the same with IT. Most IT jobs are just low paying contract jobs with no benefits.
Not where I live. The market has plenty of IT jobs, and the salaries, benefits are solid.
@@thomasbrown3356 Thats what everyone will say about DFW TX and the San Jose area. But when you look all the jobs go to immigrants and contractors. I work for a massive corporation and very few IT job are not contractor.
I've got 20+ years experience in cyber security as well as CISSP, CISM, CISA and SSCP and I'm getting declined for entry level "Cyber Security Analyst" roles without even making it to interviews. I feel sorry for anyone trying to do this straight out of school.
There’s no hope for us then
@@anshul2000punk Honestly, the job market right now is horrible. I read stories like this all the time of people who have the certs and experience and they too can't land an interview. That's why networking is key.
@@pkagent14networking means connection with people bro??
@@nahidsarker69 yes social networkig 😂
Because you don’t know your shit or just a paper cybersecurity analyst
yes its hard. I see it as a motivation to get better idk maybe im just weird. It pushes me to prove that I am the best and still have a long way to go
Weird in a good way. It is what it is! This is motivation for each of us to push harder and prove that we are the best candidate. I'm definitely willing to do these tips in the video and any others that come up that make sense.
I think I needed to hear this. Thanks.
Keep at it 💪
thank goodness im already in one, I just hope this does not take long to climb up the ladder, im currently taking up multiple certification trainings too
4:53 bro what was that ? LOL
Ha! Someone's got a good eye. Just trying to add some hints / humor 👀
@@collinsinfosec is the hint “join the Illuminati”? 😮
Wow, I missed that the 1st time around. That's wild.
2 classes away form graduating, 60 apps sent out, over hald rejected. I spray at everything bound to land something
The economy is really not that great right now. There have been massive layoffs and most companies are trying to not hire period. When the economy improves and the number of jobs increases it will be easier but that will take patience.