چگونه یک شغل مبتدی در امنیت سایبری پیدا کنیم

این پست پاسخی به دوستی است که در بازار بسیار چالش‌برانگیز به دنبال یک نقش امنیت سایبری است. با توجه به اینکه این روزها مشکل گسترده‌ای است, تصمیم گرفتم یک پست بنویسم به جای اینکه تنها یک نظر بگذارم.

آمارهای مختلف از منابع متعدد نشان می‌دهد که یک فاصله گسترده در نقش‌های امنیت سایبری وجود دارد, با میلیون‌ها شغل امنیت سایبری که منتظر پر شدن توسط استعدادهای جدید هستند. بوت‌کمپ‌ها اغلب از این اعداد برای تبلیغ محصولات خود استفاده می‌کنند. اگرچه چنین فاصله‌ای ممکن است وجود داشته باشد, کمبود استعداد معمولاً بیشتر در نقش‌های تخصصی مشهود است تا در بین داوطلبان عمومی که به دنبال موقعیت‌های سطح ابتدایی با تجربه محدود هستند.

Many applicants receive no response when applying for cybersecurity jobs even though there are supposedly millions of those opportunities available. Some may think they are not good enough or that something is inherently wrong with them for not receiving a callback. اما, in many cases their applications are simply not reviewed.

If you are looking to enter cybersecurity, know that you are aiming at one of the more lucrative fields in technology and fierce competition typically awaits entry level positions at well-known companies. به عنوان مثال, if you apply to reputable Fortune 500 companies for an entry-level role, each job opening might attract anywhere from 50 to 200 applications or even more. At this level even if you are highly capable and fully qualified, you might not be noticed.

Here are some key points you should consider before applying for these roles:

1. Be mindful of the location of your job search. The region where you reside may not have the largest cybersecurity job market. In contrast, areas such as the DMV (DC, Maryland, Virginia) have the highest number of job openings in cybersecurity. If there are not enough jobs available in your area, your chances of securing a position are reduced.

2. Visa sponsorship is limited. Most companies do not provide visa sponsorship. If you have a foreign sounding name (as I do) and require sponsorship, your opportunities may be even more limited. Conversely, if you do not need sponsorship, consider indicating your immigration status on your resume as clear as possible. I have been personally asked about my citizenship multiple times even though I clearly state that I am a U.S. citizen, implying that some candidates misrepresent their status only to later claim they need sponsorship. Be very clear about your immigration or citizenship status because obtaining sponsorship is not an easy task.

3. Watch out for fake job postings. Out of every 10 online job postings on platforms such as LinkedIn, around 4 may be fake, that is the jobs do not actually exist. You might apply for a posting for which you are fully qualified and receive no response, leaving you to wonder why you weren’t noticed when in fact the job was never real.

4. Many roles are not publicly advertised. For every 10 jobs posted online, there could be as many as 40 positions that are never publicly advertised. These opportunities are typically filled through networking or local channels. Look up local businesses in your area that hire for your role, reach out to them or check their websites. You might also consult lists like the Russell 2000 or Fortune 500 and leveraging AI tools may help you uncover positions that aren’t listed on LinkedIn.

5. Certifications matter but only if they are the right ones. I have a friend who usually pursues certifications first and then complains about their effectiveness. It is important to determine which certifications are valued by HR and pursue those rather than simply accumulating them only to lament that HR isn’t interested. Even the best qualifications won’t matter if employers are not seeking them. The certifications you hold or pursue might not be those most in demand. Refer to this link and choose your state, which shows job openings by required certification in each state. به عنوان مثال, in Missouri, all 30 SANS certifications combined account for roughly 500 openings, while the CISSP certification alone has over 1,200 openings, with Security+ following at around 1,100.

6. Beware of bias. There is a deep sense of distrust and bias against individuals from certain countries due to political tensions especially in sensitive industries. If you are originally from one of these countries, consider removing references to your foreign education or experience from your profile, although the final decision is yours. به عنوان مثال, if you are seeking an internship at a pharmaceutical company, your foreign education might not add value to your cybersecurity credentials or national security expertise.

Below are some steps you can take to improve your chances:

1. You need to follow common job-hunting practices. Common practices such as networking, participating in cybersecurity communities, enhancing your online presence, tailoring your resume, following up on job applications, and even sending a handwritten thank you letter (even if your handwriting is as bad as mine).

2. Consider de-emphasizing your background on your resume. If you are a U.S. citizen or a permanent resident, consider de-emphasizing your background on your resume if you are from a country that does not have a strong relationship with the United States, as this might reduce the likelihood of being viewed unfavorably. First impressions matter, و شما هرگز نمی‌دانید چه کسی رزومه شما را بررسی خواهد کرد.

3. رزومه خود را به طور ویژه برای موقعیت‌هایی که واجد شرایط آن هستید تهیه کنید. توصیف‌های شغلی را با دقت بخوانید تا اطمینان حاصل کنید که تمام الزامات فهرست شده در رزومه و نامه پوششی خود را برآورده می‌کنید یا از آن فراتر می‌روید. فقط داشتن صلاحیت تضمینی برای دریافت مصاحبه یا موقعیت شغلی نیست.

4. یک فهرست از آگهی‌های شغلی برای نقش‌ها تهیه کنید. یک فهرست از نقش‌هایی که تمایل دارید تهیه کنید, الزامات آن‌ها را یادداشت کرده و رزومه خود را مطابق با آن تنظیم کنید. با مرور چندین آگهی از شرکت‌های مختلف برای همان نقش, درک بهتری از آنچه صنعت از یک نامزد مبتدی انتظار دارد خواهید داشت.

5. در نظر بگیرید که به دنبال کارآموزی‌ها یا فرصت‌های داوطلبانه باشید. اگر نتوانستید بلافاصله شغلی پیدا کنید, در نظر بگیرید که به دنبال کارآموزی‌ها یا فرصت‌های داوطلبانه باشید. امنیت سایبری می‌تواند ورود به آن چالش‌برانگیز باشد. اگر نتوانید کارآموزی در یک شرکت برجسته پیدا کنید, به دنبال فرصت‌ها در کتابخانه‌های محلی یا سازمان‌های اجتماعی باشید. افزودن تجربه بیشتر به رزومه شما ممکن است مفیدتر از تنها تأکید بر پیشینه شما باشد.

6. در حوزه فناوری اطلاعات شروع کنید و سپس به امنیت سایبری منتقل شوید. اگر انتقال مستقیم به امنیت سایبری دشوار است, در نظر بگیرید که ابتدا در فناوری اطلاعات شروع کنید و بعداً به امنیت سایبری منتقل شوید. بهتر است این استراتژی را به کارفرمایان ذکر نکنید; در عوض, در حالی که در نقش فناوری اطلاعات مرتبط هستید روی انتقال خود کار کنید. پس از چند سال, شاید فرصت بسیار بهتری برای ورود به امنیت سایبری پیدا کنید.

7. به بالاترین سطح هدف بگیرید. در نهایت, یک گواهینامه که شما را متمایز می‌کند دنبال کنید. به عنوان مثال, consider aiming for the CISSP certification if you also have a education background. Granted, CISSP is not an entry-level certification and you cannot achieve full CISSP status without five years of experience! But you can become an associate CISSP almost immediately if you pass the difficult exam. It is hard for recruiters to dismiss a candidate with a CISSP (or Associate CISSP) certification. Even if your application is ultimately rejected, it will at least receive serious consideration. Pursuing the CISSP requires a significant commitment, but if you are prepared to send several hundred carefully tailored applications and cover letters and compete with several hundred other candidates, it could very well be worth the effort.