How to Start a Career in Cybersecurity Without Experience

"How do I get experience without a job?" This is the million-dollar question that pops up on my feed more times than I can count and it is one that I asked myself when I was first trying to get a job in #cybersecurity. The usual answer is "Build a home lab and put it on your resume." Looking on here you may think "Everyone has one, there is no way that is going to help me stand out..." You would be mistaken my friend! Not everyone has a home lab. I have gotten to speak to numerous people who are either looking to break into the industry or are already in the industry but do not have a home lab whatsoever. When I interviewed for my current position one of the things I got told made me stand out was my home lab! It was nothing super fancy or impressive, just a couple of VMs that I used to understand different concepts better for myself. I wanted to do something on my own outside of training on platforms like Try Hack Me, Lets Defend, Hack the Box, etc. What made mine stand out? I described what business cases I did in my home lab and not just the technology that was in there. My resume bullet points showed not just what tools i used, but what skills I was practicing and showed their relevance to the position I was applying to. Instead of just bullet points with the tools in my lab like: -Kali Linux -Splunk -Microsoft Active Directory -Phishing analysis I used something similar to: - Created a personal SOC environment utilizing Splunk to monitor a Windows environment including workstations and an Active Directory server. - Simulate attacks with Kali Linux against Windows environment and reviewed network traffic to generate alerts for attacks, harden environment, and write analysis of findings. - Perform analysis of potential phishing emails by investigating emails sent to my personal email address. Investigated email headers, sender domain and IP reputation, and investigating links in a sandbox with any.run. This is how you show experience! You can even take it a step further by writing a blog post, LinkedIn article, or record a video of you working in your lab that shows each task in your lab. (Videos are a bonus as they can show your soft skills as well!) This worked really well for me, just remember what you do in your lab should be relevant to the role you are trying to land. I wanted to be a SOC Analyst so all of my labs were geared towards blue teaming. You can easily change it up for whatever role you are seeking, just remember to explain the business cases you are solving in your lab! #cybersecurity #homelab #learningeveryday #jobadvice

People always ask me HOW. “How did you get into cyber?” So here is EXACTLY how I did it. - when I was 26, I went back to college as a single mom. I knew I wanted to go to school for something in tech, didn’t know WHAT, so I started towards a general IT degree. - couldn’t afford school so I joined the military (not a tech/cyber career field) to help me pay for college. (2018) - I finally got my A.A. In 2020 and transferred to ASU to their B.S. in IT program - started doing research into cybersecurity after talking to someone who has their own cybersecurity consulting firm. He said “bachelors in IT, masters in cyber” so that was the road map for a long time. - used the AFCOOL program to get my Sec+ - did Skillbridge (2023) -got a mentor -learned how to translate my skills to cybersecurity skills - networked, networked, networked some more (I LIVED on LinkedIn) - attended events in person and online - started doing research into GRC - took a GRC master class by 👉🏼 Gerald Auger, Ph.D. 🙌🏼 - narrowed down my search to 3 job titles and non-negotiables (like working remote and salary range). Set Lonkedin to send me job postings everyday for the 3 job titles. - I studied job postings and requirements to carve the path forward. -tailored my resume to EVERY SINGLE JOB I applied for. I never used the same resume, ever. Every job got a tailored resume (yes it takes a lot of time, use AI) - applied, tracked every job in a spreadsheet, got rejected, applied again. - resume not working? Try again. Different format, different “professional summary”, different metrics. - found what worked. Landed interviews. - did my research on the company, did my research on the people I interviewed with. PRACTICED interviewing, made sure I had my questions ready (and not the basic ass questions either - do research, dig deep! Want to know more about the team? Ask. Company culture? Ask!) Breathe and take your time. Don’t know the answer? Don’t bs the answer. It’s okay to take an minute to answer if you have to form your sentence right. Be yourself. - got multiple offers and got to choose where to go. It took me YEARS to figure out my way. With a lot of curves, mountains and valleys. And the journey keeps going. Stop comparing your journey to other people. Don’t get discouraged and don’t let the fire burn out. Learn, be adaptable and just keep going.

I hear this question all the time. "How can I get hired if I don't have any relevant experience?" It seems every cyber job posting wants "5 years of relevant experience" and a list of skills you don't have. Super frustrating! To win the job you want, you have to think differently. Instead of saying, “I don’t have the experience”, you need to start asking, “how can I get the experience?” “I don’t have the experience” creates a limiting mindset that in order to learn a skill or gain knowledge, someone has to hire and train you. This is not always the case! “How can I get the experience?” triggers an action-mindset that allows you to start qualifying yourself. Here are 3 ways you can get started: 1. Do the job before you have the job. - Research job postings for your target role. - Extract key responsibilities - Figure out how to mimic these actions with your available resources (sometimes this won't be possible, that's ok, do your best). For example, for a "GRC Analyst" role, you could write fictional scenarios involving cyber threats to a small business (including impacts and response plans). You can share this sample documentation when you apply or interview. 2. Leverage your background. - If you have work experience, you can focus on applying to similar industries that match your background (for example, as a former nurse you would target healthcare companies). - Network with people that made the same transition you are trying to make. 3. Surround yourself with experienced people. - You are a sponge. Make sure to connect with people who work in your target industry! - Put yourself out there on LinkedIn, Discord, X, forums, and where possible, in-person events. - These people can provide mentorship, skill development, and referrals for future jobs.