Tips on how to land your next Cybersecurity Job


by Mark Aiello, President, CyberSN

Hey Cybersecurity Professional. We’ve got something to share with you. With an estimated 500,000 open cybersecurity jobs, you would expect to be able to find the job of your dreams. You can, although it’s not as easy as you think. You are in demand but you still need to tread carefully. If you want to be in control and Pwn Your Career, take our advice on some of the pitfalls along the way so you end up with a job that you love.

#1 Complacency

You owe it to yourself to love where you work and love what you do. You don’t need to follow Johnny Paycheck’s advice about what to do with your current job. Just make a commitment to yourself that you can be happy and love where you work. There are millions of people who love what they do and where they work. You can be one of them. Avoid complacency by answering these questions: What’s my passion? What drives me? What type of culture and team do I want to be a part of? What type of work will excite me every day? Then take the next step and make a commitment to yourself to begin the job search.

#2 Solely relying on today’s job boards

Today’s job boards are completely inefficient and mostly ineffective. Job descriptions are generally misleading, inaccurate, and poorly written. You’ll receive 20 bad search results for every one that looks promising. Don’t put your trust in secret algorithms that only return what they think you want. Search for companies that appear to be a good fit for you and proactively reach out to their security leaders. Don’t rely on just one method of finding a job. Take control of your career by actively seeking out opportunities that are interesting to you.

#3 Going it alone

Don’t solely rely on job ads. Haven’t you heard about the secret menu items at In-N-Out Burger? Same is true for jobs. There are a lot more job openings than what you can find in a Google search. Look for companies that are growing, just received funding, or in the news (sometimes because of a breach). Many high-growth companies are moving faster than their talent acquisition team can keep up. Connect with their security leaders and let them know you are interested should they find themselves in need of someone with your particular set of skills. Join local security organizations and network with the people you meet. Develop a relationship with a recruiting firm that specializes in cybersecurity and can make you aware of opportunities before they become posted job ads.

#4 Not applying because you can’t check all the boxes

So you skipped numbers 2 and 3 above and you found a job that looks promising. Except for one minor detail – you don’t have all the skills that are listed as required. Don’t let it stop you. Apply anyway. Most job descriptions are an amalgam of previous job descriptions. Nobody likes to write job descriptions and most people do a poor job when they do. Many times it is a group effort with everyone adding their specific requirements. Chances are unicorn-ishly slim that there is a perfect candidate for the role. So take a shot and present yourself as a candidate.

#5 Assuming they have to play by your rules.

Applying for a job can be like running an obstacle course. Some companies throw too many challenges at cybersecurity candidates which can be a turn-off. Multiple interviews (video and in-person), proficiency and personality tests, challenges, and just taking their sweet time. Don’t be fooled to think that you shouldn’t have to follow their process because you are in such demand. Play the game and be prepared. Ask prospective employers about their process. Prepare yourself for it and the new interview experiences that you might encounter. Ask with whom you will be interviewing and do some homework. Chart the uncharted territory and when you get hired, if you want, you can change it from the inside.

Take control of your career. Find and do work that feeds your passion, grows your rewards and satisfaction, and meets your career and personal goals. Educate yourself on career paths, job types, and compensation and industry data. Find jobs that are interesting to you and that you are qualified for and engage the right opportunities at the time you see fit. Empower yourself to let your talent, skills and desires lead the way to your best career and reap the rewards of your profession. Know your worth. Find your fit. Plan your path. Pwn Your Career.


This article first appeared in Cyber Security Magazine - October 21, 2021


Provider Exchange Partner Spotlight: SANS Cyber Immersion Academies

Applicants wanted to upskill and reskill in VA and MD for #cyberjobs


Hi friends,

A new year is upon us and many people have been asking for my insight into the 2019 cybersecurity job market. Unfortunately, talent acquisition and retention statistics did not improve in 2018 and I do not see them improving in 2019. Job searching is broken and our industry lacks succession planning. We will not see these statistics change until these two problems are solved. 2019 will bring significant uptick in the types of roles detailed below. Remember to put agency staffing dollars in your budgets, you will not find these people on your own.

  1. AI will influence Threat Intelligence roles – AI utilization is increasing by defenders and attackers. Attackers are leveraging AI for targeted attack reconnaissance, exploit discovery, attack automation and potentially attacking AI defense. Defenders are utilizing AI simulated attacks and data to better understand environments, attack avenues and threat profiles. Threat Intelligence roles will play a significant part in the AI intelligence validation, threat discovery iterations and risk management measures.
  2. IAM roles will have significant impact to organizations – The continuation of high-profile, data-rich breaches in 2018 exposed over 22 million user credentials. Two-factor authentication and enhanced authentication mechanisms are the default configuration in 2019. Managing Identity and Access to accelerate business operations in the hybrid on-prem/cloud data, services and application model will be business critical role in 2019.
  3. IoT and OT roles are becoming more critical – The number of IoT and OT technologies in enterprises is likely to outnumber traditional IT assets. Insert the adoption of 5G capable IoT/OT in the workplace increases attack surface, data volume and privacy issues. Roles focusing on IoT/OT DevSecOps, security architectures and threat detection will be an in demand expertise in all critical infrastructures.
  4. Increase in Managed Detection and Response (MDR) and Endpoint Detection and Response (EDR) continues to grow in 2019 – Organizations are lacking the resources to provide the necessary prevention, detection, analysis, response and complete security hygiene for the endpoint. The gap in cyber endpoint expertise is needed in the across all industries and by the managed service providers companies are turning to for 24/7 cybersecurity coverage.
  5. Existing cybersecurity regulations will have impact, new regulations and legislative activity are on the horizon – 2018 marked the effective date for the EU’s GDPR and served as a final push for compliance at many companies or the beginning of a compliance journey for others. 2019 will increase the focus on regulatory compliance as industries and C-level executives react to GDPR penalties resulting from complaints filed in 2018, the California Consumer Privacy Act becomes effective in 2020, and the introduction of a senate bill titled Consumer Data Protection Act includes strong penalties if privacy violations occur.

Happy New Year and thanks you for all your love and support,

Deidre Diamond aka The Wise Owl

Hello, cybersecurity friends. I have learned from talking with you that all too often, as job seekers, you are finding yourselves in conversations with hiring managers and recruiters—internal or external—who say they will get back to you, but never do! According to what CyberSN hears from job seekers, 60% of these conversations end in ambiguity and without resolution.

However, job seekers can ask questions too—not just recruiters and hiring managers. Use my model below to get in the driver’s seat and significantly lower your percentage of conversations with recruiters/hiring managers that end with ambiguity.

Every time you speak to someone about a job possibility, be sure to ask the following questions. Gathering these answers will help you determine why you may not get a call back, or if you even want one.

Question for recruiters only:

  1. Do you have signed contracts with the company you are recruiting for? Are they actively seeing your candidates?

You will often find that the recruiter you are speaking with doesn’t actually have signed contracts with the company they are talking to you about. Ask the recruiter if they have signed contracts and are actively showing candidates to the client. Knowing this information will diminish uncertainty about why you aren’t getting feedback. Also, ask if the recruiter has successfully placed anyone with the client.

Questions for both recruiters and hiring managers:

  1. Is this position approved and budgeted?

Find out if the job you are discussing is approved, because it might not be. Yes—this happens all the time; people talk to job seekers about jobs that aren’t yet approved or budgeted.

  1. Who does the position report to directly?

If a recruiter doesn’t know this information, they don’t have a relationship with the hiring manager and they probably won’t be able to get you an interview. If you are speaking to a technical manager, also ask who the position directly reports to. This will give you insight.

  1. How long has the position been open?

What have the challenges been in filling the position?

  1. Why is the position open?

Is the position due to growth? Replacement?

  1. Are you close to making an offer to anyone?

If yes, will you still be interviewing more people now?

  1. Do you think I am qualified for the position? Why? What could potentially make me not qualified?

If you aren’t right for the position, some recruiters/hiring managers will not want to tell you. It’s really silly that recruiters/hiring managers can’t be honest, but the reality is, most people avoid confrontation even when it’s positive confrontation. So, ask recruiters/hiring managers if they think you are a good fit for the job, and most importantly, WHY? Do you agree with their answer? If not, engage in conversation until you both, the job seeker and the recruiter/hiring manager, agree on whether or not you are a good fit for feedback. If you both agree that there is no need, because you’re not a fit, that’s fine too. You lead this decision

Overall, my friends—if you are waiting for feedback and you aren’t getting any, you aren’t in the driver’s seat during these conversations. If you have the above questions available for your conversations with recruiters and hiring managers, you will see a significant difference in your understanding of the level of probability that you will be getting a call back or want a call back.


Keep in mind that even with these answers, you will always be dealing with the human element of job searching and there will always be some uncertainty, but when you implement these Wise Owl Tips you can reduce the ambiguity from 60% down to 20%

Love Deidre, Wise Owl and CyberSN CEO