by Mark Aiello, President, CyberSN
Hey Cybersecurity Professional. We’ve got something to share with you. With an estimated 500,000 open cybersecurity jobs, you would expect to be able to find the job of your dreams. You can, although it’s not as easy as you think. You are in demand but you still need to tread carefully. If you want to be in control and Pwn Your Career, take our advice on some of the pitfalls along the way so you end up with a job that you love.
You owe it to yourself to love where you work and love what you do. You don’t need to follow Johnny Paycheck’s advice about what to do with your current job. Just make a commitment to yourself that you can be happy and love where you work. There are millions of people who love what they do and where they work. You can be one of them. Avoid complacency by answering these questions: What’s my passion? What drives me? What type of culture and team do I want to be a part of? What type of work will excite me every day? Then take the next step and make a commitment to yourself to begin the job search.
Today’s job boards are completely inefficient and mostly ineffective. Job descriptions are generally misleading, inaccurate, and poorly written. You’ll receive 20 bad search results for every one that looks promising. Don’t put your trust in secret algorithms that only return what they think you want. Search for companies that appear to be a good fit for you and proactively reach out to their security leaders. Don’t rely on just one method of finding a job. Take control of your career by actively seeking out opportunities that are interesting to you.
Don’t solely rely on job ads. Haven’t you heard about the secret menu items at In-N-Out Burger? Same is true for jobs. There are a lot more job openings than what you can find in a Google search. Look for companies that are growing, just received funding, or in the news (sometimes because of a breach). Many high-growth companies are moving faster than their talent acquisition team can keep up. Connect with their security leaders and let them know you are interested should they find themselves in need of someone with your particular set of skills. Join local security organizations and network with the people you meet. Develop a relationship with a recruiting firm that specializes in cybersecurity and can make you aware of opportunities before they become posted job ads.
So you skipped numbers 2 and 3 above and you found a job that looks promising. Except for one minor detail – you don’t have all the skills that are listed as required. Don’t let it stop you. Apply anyway. Most job descriptions are an amalgam of previous job descriptions. Nobody likes to write job descriptions and most people do a poor job when they do. Many times it is a group effort with everyone adding their specific requirements. Chances are unicorn-ishly slim that there is a perfect candidate for the role. So take a shot and present yourself as a candidate.
Applying for a job can be like running an obstacle course. Some companies throw too many challenges at cybersecurity candidates which can be a turn-off. Multiple interviews (video and in-person), proficiency and personality tests, challenges, and just taking their sweet time. Don’t be fooled to think that you shouldn’t have to follow their process because you are in such demand. Play the game and be prepared. Ask prospective employers about their process. Prepare yourself for it and the new interview experiences that you might encounter. Ask with whom you will be interviewing and do some homework. Chart the uncharted territory and when you get hired, if you want, you can change it from the inside.
Take control of your career. Find and do work that feeds your passion, grows your rewards and satisfaction, and meets your career and personal goals. Educate yourself on career paths, job types, and compensation and industry data. Find jobs that are interesting to you and that you are qualified for and engage the right opportunities at the time you see fit. Empower yourself to let your talent, skills and desires lead the way to your best career and reap the rewards of your profession. Know your worth. Find your fit. Plan your path. Pwn Your Career.
This article first appeared in Cyber Security Magazine - October 21, 2021
If you’re searching for a cybersecurity job, things have certainly changed in 2020. Some companies may have increased needs or shifted priorities with more employees working remotely. The hiring process has largely gone remote too, with many companies hiring new employees without ever meeting them in person. Other job seekers worry if uncertainty in the economy also means uncertainty at the company to which they are applying.
If you’ve just begun your job search, or want advice on how to nail an upcoming virtual interview, we’ve got 11 tips you can use to make a good impression and highlight the skills you bring.
Before diving into our tips, it’s important to address why so many cyber professionals are worrying—is changing jobs the right decision during a pandemic? Even with uncertainty in the economy, we’ve found many industries are thriving, such as technology, health care, manufacturing, consulting firms, financial services, and other services organizations. When conducting your search, focus on the industries that are growing. Keep in mind some sectors have been harder hit than others, such as hospitality, transportation, and retail. These are the industries where we’ve seen the majority of layoffs.
In addition, certain cybersecurity roles, such as product security and application security, have shown more resilience and job security than other jobs within organizations. Deidre Diamond, CEO and Founder of CyberSN, recently spoke about the impact of Covid-19 on cybersecurity jobs and best practices for job searching virtually. Even with some downsizing, which has remained below 3% in the cyber sector, she said there are many opportunities out there today.
“Overall the folks who were laid off will find work,” Diamond said.
Watch this video to get Diamond's insights on the state of the cybersecurity job market and virtual job searches.
With a shortage of cybersecurity professionals actively seeking work, cybersecurity professionals should feel confident exploring their options. Of course, you’ll want to make the best impression possible in any interview, so here are our tips for landing your next cybersecurity job.
This tried-and-true resume tip is still important today. Companies want to not only see the skills you have, but how those skills were applied to get results.
Keywords are the terms and phrases employers will use to weed out unqualified candidates and narrow down their search. Many companies today use software for this process, making keywords essential to making that first cut. Use terms that describe your skills, your area of expertise, as well as platforms, software, and applications you’ve used throughout the description of your role at each employer.
This goes against most resume writing advice, largely because of the way most employers write their cybersecurity job descriptions.
“You don’t want to be changing your resume for each position,” said Diamond. “Almost everybody is cutting and pasting job descriptions. They aren’t their real job description.”
Why waste your time crafting a resume to a job description that’s overly vague or not even accurate? It’s better to use your resume as an honest snapshot of your skills.
“Your resume is your story. Put out what experience you’ve had on what types of projects and what types of tasks,” Diamond said.
Because of the competitive cybersecurity job market, recruiters are likely reaching out to you already with roles they want to fill. By having an updated resume, you’re less likely to forget mentioning people you’ve worked with, projects you’ve worked on, and skills you’ve learned. It also reduces the stress level when an opportunity does arise to have a resume at the ready.
It’s reasonable for someone with 10 years of experience or more to have a three-page resume. Those with less experience will want to keep it around two pages. Anything over three pages and your most important skills and experience will get lost.
Recognize that a lot of tracking systems are only going to pick up standard fonts and text. Pictures and colors will not register with the system, either. Instead, focus on making it easier to understand who you are by telling the story of how you’ve grown and developed in your career.
When you get a call for an interview, it’s likely going to be via video. Good interviewing etiquette is as important as ever—making eye contact, greeting everyone on the call, asking thoughtful questions, saying thank you, and mentioning people by name.
To do these things well, you must give some thought to how you look on camera—and where you should be looking.
“Looking at the camera is important,” said Diamond. “I encourage you to know your camera position. I understand we have monitors, but if you’re looking at the monitor and not your camera, you’re not going to make a connection.”
If the company wants to schedule a phone call for the initial interview, request a video interview instead. Making a connection, even with a junior-level employee or recruiter, can benefit you . Even if you’re not a good fit for that job, making a good impression can lead to a referral to a different department or a different company.
We know there are some people who hate being on camera. It can be tough to focus on looking someone in the eye when they are looking at you on a computer screen. It’s even more difficult when you can see your own face in the corner of the screen. If this is a barrier for you, consider practicing with friends on Zoom calls. Switch the view so you no longer see yourself on the screen. Experiment and practice until you feel at ease and confident on video calls.
You can help yourself look at ease by getting to the interview early. There’s nothing worse than logging into a video call and having technical difficulties. Make sure your audio sounds clear, your camera is at the right level, and the video conferencing platform works with your computer.
Find a quiet place to take the interview and create a professional and neutral background. You don’t want anything happening in the background, either audibly or visually, that will take away from the things you have to say.
“You want to make it as if you are in the office,” said Diamond, even if that office is your bedroom.
Just like an in-person interview, dressing well shows you take this opportunity seriously. You can still wear yoga pants or shorts, but from the waist up your look should be professional.
Don’t assume that because the interview is a junior member of the team that you don’t need to prepare thoroughly. Treat each step as the most important interview yet.
“Come prepared to present yourself in a way that gives you the opportunity to choose and decide where you want to work,” said Diamond.
Use the video format to your advantage. Jot down key talking points you want to mention and keep those just off camera where you can reference them throughout the interview. While the format may seem more casual, you want to give the impression you are taking this as seriously as if you were in their office.
Even with the highly publicized shortage in cybersecurity professionals, landing the cyber job you want still requires a good resume and great interviewing skills. Whether it’s your initial interview or the final call back before the company makes its decision, come to the video interview early, looking professional, and prepared. By using these tips, you’ll not only be better prepared to talk to a potential future employer, you’ll feel more comfortable and will be more likely to make a great first impression.
In today’s competitive cybersecurity job market, being comfortable having conversations with employers about compensation gives you an advantage. Cyber pros are in high demand, so understanding what to ask for, as well as how various compensation packages are structured, will help you get the best possible offer.
Cybersecurity salaries vary depending on company, industry, and the city where the job is located. With more companies making positions permanently remote today, there are far more opportunities for cyber pros looking to up their salary and if you're experienced, you're in luck—experience is one factor that employers look at more than education or superlatives.
When talking about money, make sure the conversation is about what your total compensation will be. The job may seem to be a good fit culturally, but if you don’t understand the full compensation package, you have no way of knowing if the job truly is the right fit for you.
Salaries for cybersecurity jobs are going to vary, but knowing the roles that have the most potential for higher earnings can provide direction for your career path. Like most industries, jobs that require more skills, experience, and responsibility are going to pay more. Someone who is starting a new role as a penetration tester with only a few years of cyber experience is going to be paid less than a cybersecurity engineer with an extensive background in the computer science field.
Leadership roles, from security manager to CISO, are going to be the top of the pay scale, both in salary and bonuses. But what about mid-level roles? Here are some cybersecurity jobs that are earning the most in compensation right now, many earning $150,000 annually and more.
While the role and responsibilities are a large determining factor in salary, salary surveys in the cyber industry indicate that skills and experience are most important.
The Cynet 2020 Cybersecurity Salary Survey found that experience matters far more than the degree you hold. According to the survey results, salaries were similar for both those with and without computer science-related degrees. Even more important than experience when determining salary, the survey found, was quality of work. “Surprisingly, across all analyzed positions, we have found both individuals with little experience at the top of the payment curve and seasoned veterans at its bottom,” the survey reported.
Large metropolitan areas and tech hubs promise the most opportunities for on-site cybersecurity positions, including Washington, D.C., New York City, and Los Angeles. However, there are cybersecurity jobs available across the country, some in high-growth areas, that are offering generous compensation packages to entice workers.
According to Infosec, New York offers the best compensation, California has the highest number of jobs, while Texas and Colorado are the states with the most growth potential. What does this mean for job seekers? While compensation is going to be the highest in New York, it’s also one of the most expensive cities on the planet. Cost of living, quality of life, and the structure of your compensation will all be important factors to consider.
Take Colorado, where the cost of living is lower than most major East or West coast metro areas. The quality of living is very high, with natural beauty and many outdoor activities to enjoy. Although people don’t immediately think of Colorado as a tech hub, it’s fifth in the nation in concentration of tech workers and compensation tends to be competitive.
For those looking for fully remote work, this opens a range of possibilities, some offering great compensation packages. Understand that, for example, West Coast tech companies may offer lower salaries but higher bonuses and stock options, will help you negotiate the best deal.
As we mentioned, some industries and companies prefer to offer different types of compensation beyond salary. Ask about what an expected annual bonus might look like. What is the percentage given? Is it company based, performance based, or do both factor into the total bonus package? Knowing the bonus has a base percentage of 1.5% with potential for an additional 1% based on company performance, for example, helps you calculate what you will receive.
Stock options can be a game changer when it comes to your overall income. This is often something you’ll find in compensation packages at companies on the West Coast, in the tech industry, or at a startup. Companies will often offer stock options to employees because it increases an employee’s compensation without impacting profit. By including stock options and restricted stock units (RSUs) in total compensation structures, Silicon Valley and West Coast companies are paying significantly more than everyone else.
Do your research. Find out what that position typically gets in your city and use that as a starting point. Think about cost of living and how this salary compares to what you’re making now. Also, consider what the demands of the job will be and if the salary is fair. Is this a fast-paced job where you’ll be putting in 60 hours each week and are expected to be on call 24-7? If so, the pay should reflect this.
Once you’ve researched typical salaries and evaluated what you want, come up with a firm number at the top of the salary range for your area. This way, you can open the salary negotiations talking about what you’re worth, not what you’re willing to take.
Next, focus on experience and skills, not degrees and high-profile names. While it may be impressive to some you have three years at a top tech company, it’s not nearly as impressive if you didn’t grow, show leadership, or improved your skills while there.
Some people may be shy about revealing past experience if not directly related to cyber, but they shouldn’t be. All employment experience helps shape your career, even if outside the field. For example, the Cynet survey found that people with IT backgrounds have on average higher salaries than people who started in cyber. Employers seem to value this variety in experience.
Finally, be transparent about what you make now and what kind of compensation you’d like to get. You can get more information about negotiating tactics in this previous blog post, but essentially you will want to open the salary conversation by describing you compensation.
Today my compensation looks like this: my base salary is X, my bonus is X amount paid X times a year, and my next raise is going to be X amount on X date. My stock is X and my vacation days are X. I receive X in health benefits for X amount of people to be insured in my family, I have X for 401k, (name any/all retirement plans worth if you stay), and here is everything and anything else that my current employer spends on me.
Few people take a new job for the same or less total compensation, so laying these facts on the table helps the interviewing employer understand your expectations. When it comes to asking for a dollar amount, don’t cheat yourself or them by giving a number that you don’t want to accept.
Shifting roles within the cybersecurity industry can be extremely difficult—job seekers are faced with a variety of frustrating hurdles they must overcome in order to find a great career fit. From firms underestimating the importance of cybersecurity roles, to nonsensical job descriptions, to outlandish job requirements, it can take an exhausting amount of effort searching cybersecurity jobs or even find an opening that’s worth applying to.
As a job seeker, you may have already encountered similar red flags while applying to positions. So the question is, how can you find the right fit in an industry with so many hiring and retention problems? There is a deep disconnect between hiring managers and cybersecurity professionals, and it can be difficult for anyone on their own to bridge that gap. Luckily, that’s where expert recruiters step in and take the lead, helping to match professionals with great job opportunities that allow for personal and career growth. Here are some of the many ways that cybersecurity recruiters function to help you land your dream job.
Too often, hiring managers in charge of adding cybersecurity professionals to their team have no real understanding or insight into the job openings they’re posting about. As a result, you’ll find plenty of work experience requirements that do not match the role described in a listing. Other times you might come across a job description very clearly written by someone with zero knowledge of cybersecurity. Recruiters at CyberSN, however, take the time to work with hiring managers to ensure that job descriptions are as accurate as possible, so you know exactly what you’re applying for.
While there are cybersecurity hiring and retention issues in nearly every single department of businesses, the most glaring problem is created inadvertently by hiring managers. Rather than focus their energy on building an effective team of cybersecurity professionals with diverse experience and expertise, they instead spend all their time looking for one single candidate who can fill the shoes of multiple people. We all know that this is an impossible task, but still happens all the time. CyberSN aims to reduce this crisis by helping hiring managers understand what talent their team needs to be as effective and efficient as possible.
There’s a lot more to salary than just a number on a piece of paper. Besides an annual salary, cybersecurity professionals also want to know how they’ll be compensated with bonuses, annual raises, stock options, health benefits, retirement savings, paid time off, and everything else that we need to support ourselves. Recruiters can help you understand what your total compensation will be for a specific job role, and encourage you to vouch for yourself to get the best possible deal.
For many cybersecurity professionals, job hunting can become a part-time job in itself. Between trying to sift through the nonsensical postings to fruitless interviews, you could end up spending months searching for a new job only to be unsuccessful. CyberSN’s professional recruiters understand that your time is valuable, especially when you’re looking for a job. Our expertise in the recruiting field combined with our knowledge of cybersecurity puts us in a unique position to cut through the noise and present you with openings that best match your abilities and values.
When it comes time to explore a new career, your first thought should be to work with a recruiter to help you find the perfect job. A good fit is the difference between a successful, rewarding career and a job that you leave after only several months. Recruiters can take the guessing games out of the application process and steer you toward the best roles for you.
