Getting A Cybersecurity Job with No experience or College Degree | Cybersecurity Certifications TIPS

Hey, what’s up InfoSecAddicts! Joe McCray here with another Mentor Moment. What’s been going on with these Mentoring
Programs, doing a lot of them! My God! I had no idea. We’ve had probably 11 new students
sign up just in the last couple of weeks But, let’s go through a couple of
the things, that I’m noticing now Mentees are asking about, Certifications
and what Certifications should they get The key thing here, when it comes to
certifications is, what is the story that you’re trying to tell a prospective
employer? What are you trying to say about yourself? Obviously, if you’re just
getting started, I’d really be looking at something like your Security+ (Plus), CompTIA Security+ (Plus), because, it’s a good way to demonstrate basic competency in general security vocabulary It doesn’t mean that you’re proficient on
the keyboard in anything, understand that. So if you pass something like a
Security+ (Plus) or you’re preparing to do something like a Security+ (Plus) you need to realize what you’re telling that customer, that prospective employer, is
I am good with my basics of fundamentals of IT security, I know what a worm is, I
know what a virus is, I know what DLP is I know what these things are.
I’m not proficient on the keyboard configuring a DLP solution or
configuring a web application firewall but I know what these things are. It’s an introduction to IT security, so, A person who does this, is going to be a
beginner in IT security and they’re not gonna be doing a super technical job.
They’re probably going to be doing like a low-level security analyst job or a
low-level with information assurance job where you’re, essentially, just verifying that systems are patched correctly and configured correctly. To demonstrate your
overall security posture. Now the next thing is people say okay well what about
my GPEN or my OSCP or some of these other
certifications? What’s the story that you want to tell a prospective employer? Is
that: I understand not just the technical components, but, the process of network
penetration testing? Then yes, your SANS GPEN, is a very good Cert. to get its
technical, I don’t want to say it’s not technical, because, it is, but, it’s really
more focused around; what are the processes involved in performing a
network-based penetration test. The same thing for your GWAPT it’s a web
application penetration testing certification, but, it’s gonna be really
really focused around, do you understand the processes of testing a web app for
application security vulnerabilities. Is it gonna make you a ninja who’s ready to
do Bug Bounties? Probably not, but, if you’re trying to show an employer, hey! I’m ready for this type of position where I can be performing these types of
tasks, then, the answer is yeah, it’s a very good certification, again it’s very
well respected. If you wanted to demonstrate to a customer that you
prepare to do some technical stuff I would be considering either the SANS GIAC based Certs or the eLearnSecuritysecurity Certs. Now, What’s the first drawback, that a lot
of people run into with these Certifications? Obviously, is cost, so, with
that in mind, some people will look at something like another company which is
a buddy of mine his name is Armando and his company is called eLearnSecurity
and they’ve got a series of certifications that are a little bit
cheaper, they’re just a few hundred bucks per certification and you want to say
it’s the exact same thing, they’ve got a network one, they’ve got a web app one, and all those types of things. So, to throw out some numbers to make a
six-figure salary in the IT security space? That’s not uncommon, a couple
hundred thousand, a hundred grand, up to a couple of hundred grand, that’s possible.
Let’s say you want to be able to work from home, that’s possible. All those
things are possible, but, they’re gonna be possible based on how good you are, not
the Certifications that you get. A lot of people keep asking me, well, “I just want to do you know cool stuff in security”, but, I want you to think of it like being
a Doctor. You can be a General MD, right? Or you can be a specialist. Security is
the same thing, Security is a really big, Big Industry, and it’s huge, you can
specialize in Network based Penetration Testing, Network based Incident Response, you could specialize in Web Application Penetration Testing, you can specialize
Penetration Testing Embedded Devices What we’ve got to keep going at here is,
what interest you? Start with what interests you. Let’s not focus on what
makes the most money. If you’re focused on what makes the most money, you’re
gonna very quickly find that, you’re not going to make the amount of money that
you want, because, if you really want to make the amount of money,
then make a lot of money, you need to be really really good. If you pick a
specialization in IT security, and you become good at it, you’re making a
lifelong commitment to become really really good at it, you’re gonna make
whatever amount of money that is that you want. Let’s go back. What’s the story
that you want to tell a prospective employer? If you want to tell this
prospective employer this is what I’m good at. And then, this certification covers it, then yeah then yeah! Do it! But, what if you’re like,
Well, I want to show a particular employer, that I’m really good at Malware
Analysis or Reverse Engineering or a specific subset of that, then, I think
the way to go about doing that You’re gonna find that I’m telling all
of my Mentees to do this, the first thing you want to do, number one, a Blog. And in your Blog you’re gonna write out all of the things
that you’re doing in your home lab. Because, if you’re interested in Malware
Analysis or Reverse Engineering or Exploit Development or whatever it is,
you want to have a Blog, going through you doing these things.
It shows the prospective employer, your writing ability, really important, how far
you’re willing to take a particular thing, how you solve problems. The second thing that you want to build, is a GitHub page. That’s a repository for all of the
code that you write. You really want to do that, because, now when you’re doing an interview and you’re, let’s say, your career changing, and you want to be able
to show, a prospective employer, here’s the stuff I’ve been working on in my
home time, here’s how motivated I am I’m doing this on my own, I’m in a
completely different career, and I’m doing this on my own, because, I’m that
interested in it, and then, here you can look at the code I’ve written, on my
GitHub Page. These are gonna be the two things, that I think, are really, really
important to show to a prospective employer, that they can take a chance on
you, without this work experience, without this professional work experience. And
then, number three is, join an Open Source Project. You want to go to github.com and
then, you want to search for an Open Source Project, that’s anything that
you’re interested in, there’s tons of Malware Analysis Projects out there,
Reverse Engineering projects out there iSC sharing projects that are out
there, Exploit Development projects that are out there, there’s so many tools that
people are developing, and what I think you should do, is join an Open Source
Project, that is doing something that you’re interested in. If you join this
Open Source Project, and you start working on this Open Source Project, even if you can’t code, offer to write their documentation, offer to be a beta tester
for the product, and new versions of the product, get involved. And then you want
to put that on your Blog, show that you’re a member of this project, show
that you’re really serious about moving this project forward. That’s gonna be the
kind of thing, again, that shows a prospective employer, you know, what you bring to the table, that you’re a guy or girl, who’s really, really serious, about
being good at this, and you’re passionate about it. There’s a ton of people
who are really good in this field, but, have no passion for it, and there’s a ton
of people, who have a lot of experience in this field, and they’re assholes, you
know? It’s not someone you want to work with. For you, when you’re trying to demonstrate what you’re good at, you want to show a prospective
employer, your writing ability, you want to show a prospective employer, your self
motivation, your initiative, you want to show a prospective employer, all these
cool things, that you bring to the table and that you’re willing to teach
yourself, you’re willing to learn, you’re a good person to work with, you’re part
of the community, these are the types of things, that are gonna make a prospective
employer take a flier on you., take a chance on you, if you don’t have the work
experience, if you don’t have the education, you don’t have the correct
Certification, again, we’re not saying don’t get Certification, but, what we are
saying is it’s gonna be a little bit more important that you can show, some of these other intangibles, beyond just the Certification, because, a Certification
with no work experience, is gonna still be really difficult for you to get a job. But, if you can show this prospective employer here’s all the things that I
bring to the table: my writing ability; my ability to research; my ability to teach
myself: these are the kinds of things that are really gonna help you get where
you want to get. All right guys, so, this is Joe McCray with your Mentor Moment, I really hope that this helps you guys out Keep throwing down stuff in the comments below, let me know the kinds of things that you’re interested in doing as a
Mentee, and let me know where you want to go. We’re getting lots of people who want
to do some really deep technical stuff people who want to do Bug Bounties,
people who want to do Exploit Development, people who want to do like
Anti Money Laundering, and some really cool stuff, and I can help you get there.
Been recording some of these Mentor sessions, we’re gonna make some of those available online, we’re recording some of the classes, we’ll make some
snippets of that stuff available online So, you can see what these Mentees are
doing. You know? I really hope you guys like it. All right you guys, take care!

Leave a Reply

Your email address will not be published. Required fields are marked *