How to land an entry level cybersecurity job

This post is a response to a friend who is seeking a cybersecurity role in an extremely challenging market. Given that this is a widespread issue these days, I decided to write a post rather than simply leaving a comment.

Various statistics from multiple sources suggest that there is a wide gap in cybersecurity roles, with millions of cybersecurity jobs waiting to be filled by new talent. Boot camps often use these numbers to promote their products. Although such a gap might exist, the talent shortage is usually most evident in specialized roles rather than among general candidates seeking entry level positions with limited experience.

Many applicants receive no response when applying for cybersecurity jobs even though there are supposedly millions of those opportunities available. Some may think they are not good enough or that something is inherently wrong with them for not receiving a callback. However, in many cases their applications are simply not reviewed.

If you are looking to enter cybersecurity, know that you are aiming at one of the more lucrative fields in technology and fierce competition typically awaits entry level positions at well-known companies. For example, if you apply to reputable Fortune 500 companies for an entry-level role, each job opening might attract anywhere from 50 to 200 applications or even more. At this level even if you are highly capable and fully qualified, you might not be noticed.

Here are some key points you should consider before applying for these roles:

1. Be mindful of the location of your job search. The region where you reside may not have the largest cybersecurity job market. In contrast, areas such as the DMV (DC, Maryland, Virginia) have the highest number of job openings in cybersecurity. If there are not enough jobs available in your area, ʻoku fakasiʻisiʻi ho faingamalie ke maʻu ha tuʻunga.

2. ʻOku fakangatangata pe ʻa e fakapaʻanga ʻo e visa. Ko e lahi taha ʻo e ngaahi kautaha ʻoku ʻikai ke nau ʻoatu ʻa e visa sponsorship. Kapau ʻoku ʻi ai haʻo hingoa ʻoku ongo muli (hange ko au) pea fie maʻu ha sponsorship, ʻe lava ke fakangatangata ange ho ngaahi faingamalie. ʻI he tafaʻaki ʻe taha, kapau ʻoku ʻikai ke ke fie maʻu ʻa e sponsorship, fakakaukau ke fakahaaʻi ho tuʻunga ʻi hoʻo resume ʻi he mahino taha ʻe lava. Kuo tuʻo lahi hono fehuʻi mai kiate au fekauʻaki mo hoku tangataʻifonua neongo ʻoku ou fakahaaʻi mahino ko e U.S. au. tangataʻifonua, ʻo fakaʻuhingaʻi ai ʻoku ʻi ai ha kau kanititeiti ʻe niʻihi ʻoku nau fakafofongaʻi hala honau tuʻunga pea toki pehe kimui ange ʻoku nau fie maʻu ha fakapaʻanga. Tokanga ki he ngaahi tuʻuaki ngaue loi.

3. Tokanga ki he ngaahi tuʻuaki ngaue loi. Out of every 10 online job postings on platforms such as LinkedIn, around 4 may be fake, that is the jobs do not actually exist. You might apply for a posting for which you are fully qualified and receive no response, leaving you to wonder why you weren’t noticed when in fact the job was never real.

4. Many roles are not publicly advertised. For every 10 jobs posted online, there could be as many as 40 positions that are never publicly advertised. These opportunities are typically filled through networking or local channels. Look up local businesses in your area that hire for your role, reach out to them or check their websites. You might also consult lists like the Russell 2000 or Fortune 500 and leveraging AI tools may help you uncover positions that aren’t listed on LinkedIn.

5. Certifications matter but only if they are the right ones. ʻOku ʻi ai haku kaungameʻa ʻoku ne faʻa tulifua ki he ngaahi tohi fakamoʻoni ako pea toki launga fekauʻaki mo ʻenau ola lelei. ʻOku mahuʻinga ke fakapapauʻi pe ko e fe ʻa e ngaahi tohi fakamoʻoni ʻoku fakamahuʻingaʻi ʻe he HR pea tulifua ki ai kae ʻoua ʻe tanaki pe ia ʻo loto mamahi ʻoku ʻikai mahuʻingaʻia ʻa e HR. Naʻa mo e ngaahi taukei lelei taha ʻe ʻikai mahuʻinga kapau ʻoku ʻikai fekumi ki ai ʻa e kau ngaue. Ko e ngaahi tohi fakamoʻoni ʻoku ke maʻu pe tulifua mahalo ʻoku ʻikai ko e ngaahi tohi fakamoʻoni ia ʻoku fie maʻu lahi taha. Vakai ki he fehokotakiʻanga ko ʻeni pea fili ho siteiti, ʻa ia ʻoku ne fakahaaʻi ʻa e ngaahi ngaue ʻoku ʻata ʻi he tohi fakamoʻoni ʻoku fie maʻu ʻi he siteiti takitaha. For example, ʻi Misuli, kotoa 30 ʻOku fakatahaʻi ʻa e ngaahi tohi fakamoʻoni ʻa e SANS ki he fakafuofua 500 ngaahi ava, lolotonga ia ʻoku ʻosi ʻa e tohi fakamoʻoni CISSP ʻataʻata pe 1,200 ngaahi ava, mo e Security+ ʻoku muimui ʻi he takatakai 1,100.

6. Tokanga ki he filifilimanako. There is a deep sense of distrust and bias against individuals from certain countries due to political tensions especially in sensitive industries. If you are originally from one of these countries, consider removing references to your foreign education or experience from your profile, although the final decision is yours. For example, if you are seeking an internship at a pharmaceutical company, your foreign education might not add value to your cybersecurity credentials or national security expertise.

Below are some steps you can take to improve your chances:

1. You need to follow common job-hunting practices. Common practices such as networking, participating in cybersecurity communities, enhancing your online presence, tailoring your resume, following up on job applications, and even sending a handwritten thank you letter (even if your handwriting is as bad as mine).

2. Consider de-emphasizing your background on your resume. If you are a U.S. citizen or a permanent resident, consider de-emphasizing your background on your resume if you are from a country that does not have a strong relationship with the United States, as this might reduce the likelihood of being viewed unfavorably. First impressions matter, and you never know who will review your resume.

3. Craft your resume specifically for positions for which you are eligible. Read job descriptions carefully to ensure you meet or exceed all the qualifications listed in both your resume and cover letter. Merely being qualified does not guarantee you will secure an interview or the position.

4. Compile a list of job listings for the roles. Compile a list of the roles you desire, note their requirements and tailor your resume accordingly. By reviewing many listings from different companies for the same role, you will gain a better understanding of what the industry expects in an entry-level candidate.

5. Consider pursuing internships or volunteer opportunities. If you are unable to find a job immediately, consider pursuing internships or volunteer opportunities. Cybersecurity can be challenging to break into. If you cannot secure an internship at a high-profile company, look for opportunities at local libraries or community organizations. Adding more experience to your profile might prove more advantageous than emphasizing your background alone.

6. Start in IT and then switch to cybersecurity. If transitioning directly into cybersecurity proves difficult, consider starting in IT and then shifting into cybersecurity later. It might be best not to mention this strategy to recruiters; instead, work on your transition while holding a related IT role. After a couple of years, you may have a much better opportunity to break into cybersecurity.

7. Aim at the top. Finally, pursue a certification that distinguishes you. For example, consider aiming for the CISSP certification if you also have a education background. Granted, CISSP is not an entry-level certification and you cannot achieve full CISSP status without five years of experience! But you can become an associate CISSP almost immediately if you pass the difficult exam. It is hard for recruiters to dismiss a candidate with a CISSP (or Associate CISSP) certification. Even if your application is ultimately rejected, It will at least receive serious consideration. Pursuing the CISSP requires a significant commitment, But if you are prepared to send several hundred carefully tailored applications and cover letters and compete with several hundred other candidates, It could be very well worth the effort.