Mari Galloway, CEO and one of the founding board members for the Women’s Society of Cyberjutsu, a 501 (c)(3) non-profit cybersecurity community dedicated to bringing women and girls into the cybersecurity industry. Victor Malloy, retired military cybersecurity professional who has over 20 years of operational experience in government and private sector cyber solutions. Gene Yoo, who has over 25 years of experience in cybersecurity for some of the world’s largest brand names including Sony, Coca-Cola Enterprise and Symantec.

Here are their answers to the most commonly asked entry-level cybersecurity career questions. 

1. What’s it like to work in cybersecurity?

Yoo believes corporations don’t do a very good job at preparing employees for the day-to-day work experience. They “don’t really socialize or articulate what it feels like to be in the day-to-day. It’s mundane. It’s slow. It’s meetings,” Yoo said. “We always talk about 80/20 as a magic number. It’s 80 percent you’re going to be operational, 20 percent innovative. Well, not really. It’s like 99 to 1. It’s a lot of work.”  The panel stressed the importance of building a strong network within the cybersecurity industry to help figure out what day-to-day work life will be best for you. If you don’t know where to start, listen to and connect with past Cyber Work Podcast guests who have discussed careers ranging from malware analyst and digital forensics to critical infrastructure security and project management. Consider reaching out to people who work in the positions you’re looking for. This is where strong networking skills can pay off. Build your profile on Linkedin and join some cybersecurity-related groups. Ask group members what it’s like to work in their particular roles. 

2. What are the best cybersecurity certifications for beginners vs. tech-savvy people?

Whether you’re a beginner or you’ve got some tech experience under your belt, it can feel overwhelming to decide what cybersecurity certification is right for you. Malloy shared his approach to career planning with the PIVOT method:

Pause: stop and take a breath.  Inventory: take inventory of your strengths and skills. “Use what you have,” Malloy said. “If you have a passion for being curious, or a passion for being creative, or a passion for being a puzzle master — there is a place for you in cybersecurity.” Vision of your value: envision what you can bring to an existing organization. Use tools like the NICE Workforce Framework for Cybersecurity to explore in-demand cybersecurity positions and identify potential paths you can take in the cybersecurity industry. Organize: plan your course of action. Decide how you’ll work towards your new goal and what’s a realistic timeline. Take action: carry out your plan.

Once you have a better understanding of where you want to go, you can start exploring some of the most popular entry-level certifications. CompTIA certifications (A+, Network+ and Security+) are also a proven way to build a solid foundation of IT and security skills. Check out Infosec’s Breaking into Cybersecurity flyer to learn more. 

3. What if I fail my certification exams like Security+?

Certifications can be a great way to break into cybersecurity, but what if you struggle when it comes to taking and passing exams? “I failed Security+ and the CISSP on my first try,” Galloway said. But she kept at it and eventually passed. Others have bypassed certification and demonstrated their skills in other ways. Gene Yoo, for instance, has never earned any certifications during his time “as an engineer and then pivoting into security and then into development and now running a company.“ “Some portions of the people who are getting into the field may have some sort of disability” or it might not be feasible “for them to study at home or work because they have multiple jobs,” Yoo said as another reason certifications may not be a great way to assess candidates. Your personal strengths and weaknesses might make it difficult to earn a passing rate on standardized tests, or might make it harder for you to hold certain jobs in the field, but you still can use your strengths to carve out a path in the cybersecurity industry that is tailored to your unique skill set.

4. How do I move from the help desk to cybersecurity?

Help desk team members transitioning into cybersecurity have an advantage: they’re already familiar with your company. “I’ve hired more people from IT in the past than brought it from the outside because they have the tribal knowledge of what ideas secure better,” Yoo said.  Talk to your manager and use the PIVOT method to create your career plan. “If they’re not even giving you that opportunity for internal transfer, then move on and find another company,” Malloy said. Volunteering and job shadowing are great ways to gain a better understanding of the role and any potential knowledge and skills gaps that can be filled through self-study or a training course. 

5. Where would you recommend looking for a cybersecurity mentor? 

There are a few approaches to finding a cybersecurity mentor. Connect with people on LinkedIn and keep track of different online and in-person networking opportunities. Local meetups, conferences and other events can be a great way to quickly build your network. “Also, if you want a mentor, be a mentor,” Malloy said, noting that there are programs on a national and international scale “where you can go into middle schools and high schools and find students who have an interest or a peak in science, technology, engineering and mathematics.” Cyber Patriot, for instance, offers several ways for you to support young people interested in STEM while learning and growing yourself. Another option besides the vertical relationships of mentor and mentee, you can also join study groups and build horizontal relationships as you prepare to enter cybersecurity. You can find study groups available on LinkedIn as well as on the TechExams cybersecurity forum.

6. How can I make my cybersecurity resume and interview stand out?

If you want your resume and interview to stand out, you’ll need to be strategic in both how you get experience under your belt and how you portray your experience in your cybersecurity resume and interview. Some accessible ways of getting experience include participating in cyber competitions, doing volunteer work, having a personal project or mentoring someone from high school or middle school. “If somebody had cyber competitions on, we put them at the top of the list automatically, right? It shows they have initiative. They’re playing around and they’re tinkering” Galloway said. “If they’ve worked on any projects, open-source projects or anything like that,” she adds “or they’ve done volunteer work,” it shows that “you really do want to be in this industry. You really are taking the time to actually learn and grow and build your skills outside of your regular job.” Once you gain hands-on experience like this, take the time to learn how to unpack your experience and reframe your idea with the STAR Framework:

Situation: explain the situation or problem in detail. Task: describe your role in the situation or problem. Action: mention the steps you took. Result: share the outcomes and what you’ve learned from the experience.

You can find more on the STAR method and other interview tips in Infosec’s free ebook, Cybersecurity interview tips: How to stand out, get hired and advance your career.

7. Is it ever too late to pursue an entry-level cybersecurity position?

It’s never too late for you to enter the cybersecurity industry. More generations are alive and participating in the workforce at the same time than ever before in human history. Just as human resource departments need to evolve to promote diversity and equity by race and sexual orientation, they should also promote multigenerational workplaces as well as anticipate challenges people of different accessibility levels experience. You also have the advantage of experience. Even if you’ve never worked in cybersecurity before, you bring unique skills that can help you contribute to a team. For instance, National Cyber Security Awareness Month is “all about human behavior” says Malloy. “Behavior is an equation of motivation, ability and being prompted. I can trick you by sending you a text message or an email or even call you and use deep fake technology, artificial intelligence and modify your behavior because of a prompt that you’re going to respond to” — all because of that pesky inevitable carbon factor. Your experiences in and outside of IT will play a role in what you can accomplish in a cybersecurity position. Your achievements and past experiences are a strength. Your age doesn’t determine whether or not you’re willing to learn and engage in creative problem-solving. Want your cybersecurity career question answered by experts? Check out the Infosec events page for upcoming episodes of Cyber Work Live.