So I spent a lot of time on /r/Cybersecurity /r/ITcareerquestions and /r/HomeLab for the past year and a half as I’ve tried to break into security and I just landed an entry level role as a Security Analyst. I thought I’d share my story here as I was in the same boat as a lot of you two years ago (no relevant degree/certs, no real IT experience, vague idea of security, lots of discouragement from negative people on forums, etc.) .
I had a Bachelor’s degree in philosophy and about 3 years of job experience doing technical writing, operations management, and other roles but I knew that I wanted to go into IT. I decided to apply for a Master’s in Information Systems Operations Management to get that technical skillset/street cred. Towards the end of my degree I pretty much had my sights set on security. I loved the classes and it just seemed like a badass field (hacking, secrets, cryptography, etc.) so I decided to dedicate the next year and a half to making myself the ideal candidate for a security position.
As my first step, I applied for a desktop support role at the university I was studying at and got the job. Here’s what factored into that:
-the nature of my degree
-even though my most recent role was not officially IT related, I helped on a ton of IT projects and pushed that as much as I could in the interview
-tried to push the fact that even though I did not have an extremely intensive IT background, I had a lot of customer service/people skills which is invaluable in a desktop support environment when dealing with difficult situations/people
-researched desktop support interview questions and just general good interview preparation
(the fact that I was a student in the university which the job was held did not factor into me getting the job so don’t be discouraged about that. The hiring manager didn’t know I attended school until my first day of work).
From my literal first day, after meeting anybody with a vaguely IT related role I would ask “do you do anything security related?”. From there, I got bits and pieces from everybody as time went on and learned about security from an actual IT environment. I cannot overestimate how much this helped my understanding of security. This extra step is what will make the most of your desktop support role.
After a few months on the job, I delved into a bunch of security projects at home. I started watching Security+ cert training videos and built a home lab. I made my own pentesting kit with a small pi kit and made my own personal VPN using Amazon Web Services / Google Cloud platform.
At this point, I just start applying like crazy. DevOps, IT Architect, SysAdmin, Security Analyst etc. I used Linkedin, monster, indeed, my own university, etc. I made sure to have my linkedin profile looking as best as I could, making sure my settings were open to recruiters, adding my skills and hounding my friends to endorse my skills if they had seen me use them in class or on personal projects.
A few months into applying a recruiter contacted me about a Security Analyst role. I learned as much as I possibly could about the company, researched their employees on linkedin, and read every kind of relevant security interview preparation that I could find online. I made it through the rounds and got the offer.
They loved the fact that I had a homelab (you should check out that subreddit by the way, /r/homelab its awesome) and they actually outright asked “do you have a homelab” which I thought was crazy. It gave me something tangible to talk about and showed that I was clearly interested in security. The homelab was also a great way to learn about basic networking concepts which is ESSENTIAL to security.
Also, all the probing I did at worked helped me talk about my desktop support experience like it was a security job. I’ve found the title doesn’t matter as much as the experiences you can talk about from that position. The security+ videos helped a lot too. Even though I never went and got the certification, watching the videos helped me understand basic security and totally helped me get through the interview process. (The best youtube channel to practice for security+ is “Professor Messer”. His guides for all IT certs are free, quick, informative, and just all around awesome.)
So yeah, all of the above took a long time, but definitely worth it. I am by no means an expert in cybersecurity, but I literally just made small progress every week which really accumulated over a year and a half. I’m happy to answer any questions and honestly, I’m just here to say that you can do it too!