My first ITSEC job...
I've spent the past few weeks crafting this post because I want it to serve several purposes:
- Giving God the glory. He's known me since before I was born and has been with me through every stumbling step.
- Encourage anyone struggling towards a career in cyber security. TLDR, your mileage WILL vary...probably greatly. This is simply my experience. If you really want it, hang in there.
- Encourage somebody who is starting to feel burned out in the field. There are many in the wings waiting for opportunities.
Now, onward to my reflections.
I found my vision in the middle of a networking class I took in college. The professor had begun explaining how important it was to secure your networks from attackers because there were lots of folks out there who wanted to break in. He said something along these lines.
"...so that's why many companies have staff specifically trained to SLAM THE DOOR on any bad guys trying to break in.", slamming his hand down on the desk for emphasis.
While half the class was jolted awake from their nap, I caught a clear vision of what I wanted to do with my career. Becoming a network defender fit nicely with so much of my personailty and interests. But the vision was only a starting point and took nearly 10 years to materialize. My advice to anyone interested in building their career is simple: Find your vision. Find that thing which is more than a job; that itch which still bugs your after years of disappointment, rejection, and discouragement; that dream which can survive competing interests of family, illness, and economic cycles. Find out why God made you you and not someone else.
Once I had my vision, I learned quickly how to make shots count, even when they missed. I ended up working a lot of places in my career, mostly in IT infrastructure. I've floated between contract gigs as well as FTE roles. I've worked in three different states and have also weathered being laid off. Each of these events could be viewed as detrimental to one's career and can prompt awkward interview questions, but they forced me to learn to make the most of my circumstances. When I was unemployed, for example, I was applying like crazy, however I also carved out time to continue developing skills. I paid my way through a number of certifications to augment my experience. To further build my network I volunteered in professional organisations (though I learned when one is busy with a day job, family, AND helping run an organization, there is little time for anything else). When employed I took every opportunity to cross-train in order to get closer to real security work. All this experience reflected determination on my resume, but I still had to find the right fit.
When it came time to send out applications, I tried every technique out there. The two extremes I found was to either apply to anything you wanted with a generic resume, or else only apply to places you've built such a great professional relationship that they essentially make you an offer without the need to apply. Neither of these worked for me explicitly in the field of cyber security. In my experience it came down to very specifically tailoring the experience I had to a few prospective opening. If I knew someone there, I'd certainly reach out and see if they would vouch for me, but that was additional material. In the end it came down to understanding what the employer was looking for and using my resume to demonstrate how I could fill the gap, but I'm getting ahead of the story now. There was something far more difficult for me to overcome than learning a certain skill or getting an application rejection.
"And let us not grow weary of doing good, for in due season we will reap, if we do not give up."
Galations 6:9 ESV
This verse neatly expresses my biggest struggle; doing the right things again and again, yet having to wait nearly 10 years for the "harvest". During this time I learned how integral my faith had become...and had to become...to my "professional" life. If God had made me for a particular purpose, I had to realize He would make it a reality on His time table, not mine. Sometimes the delays made sense, but usually not. I also dealt with a lot of guilt when taking jobs outside my vision simply because they paid the bills. I'd taken on the very polarized view that I was either moving towards my vision or away from it, so any job I took that wasn't explicitly related to security was either a betrayal to myself or, potentially, that employer. This was all hogwash, of course, but nonetheless real to me and took many years to sort out when I found the path to cyber security was...not clearly defined, to put it lightly.
Learning to harden my resolve while building a good resume was great, but to overcome some of my internal demons I found I needed some objective help. I had a vision, but struggled with discipline and confidence, so I invested in some professional coaching with my buddy, @Josh Scott. This helped immensely being able to talk things through with a disinterested third party. He helped me set goals, focus on priorities, and held me accountable in manifesting my vision, all of which led to my resume landing in front of my new boss.
For the stats nerds reading this, here are my numbers over the past two years.
3 followup interviews
1 accepted offer
Many might question the relatively small number of applications over a two year period, but these numbers don't take into account the hours of research filtering out prospects I knew wouldn't be a good fit. Take them for what they're worth...one man's experience. Perhaps they'll help encourage the newbies as well as inform the sages the hurdles that are being put up.