I Got My Degree in Cybersecurity, Now What?

Written By Sam Lewis

I get asked this question quite a bit: "How do I get started in Cyber? How did you get started in Cyber? How do I become a hacker? How do I become a security engineer?" I never really know if they are serious about doing it or not, or are just trying to bring up conversation, so I tell them, "Dive into it, going to college for it would help tremendously, try for certs, etc." Then I get the questions from people that actually did dive into it and got their degree and just really aren’t sure where to go from here.

Congratulations! You’ve successfully earned your degree in cybersecurity, a field brimming with opportunities and challenges. However, as you stand at the threshold of your career, you might find yourself wondering, "What’s next?" In this guide, we’ll explore the steps you can take to launch your cybersecurity career after earning your degree. Don’t get me wrong, this applies to those without a degree or currently pursuing a degree in Cybersecurity as well. It would be very beneficial to anyone to plan this ahead of time.

Step 1: Define Your Career Goals

Before diving headfirst into the job market, take some time to define your career goals within the realm of cybersecurity. Consider:

  • Your Preferred Niche: Cybersecurity is a vast field with numerous specializations, such as network security, ethical hacking, risk management, and compliance. Identify the area that excites you the most. Generally speaking, everyone is always so excited about "hacking" and the offensive path. I would highly recommend trying out some of the other areas as your skillset may actually be quite useful in defensive or even GRC-related areas, depending on your prior experiences in other careers or jobs.

  • Job Role: What kind of cybersecurity job do you envision for yourself? Are you interested in becoming a security analyst, penetration tester, security consultant, or something else? There are hundreds of positions in Cybersecurity, each with its own unique challenges. Research as many as you can and what they do and are responsible for. Sometimes they overlap with other areas that lead to well-rounded knowledge.

  • Industry Focus: Do you have a specific industry in mind, like healthcare, finance, or government, where you’d like to apply your cybersecurity skills? This may not be at your forethought at first, but when it comes time to enter the workforce in your newfound career, it may be something to strongly consider researching. It would be good to familiarize yourself with certain industry regulations. For instance, if you’re wanting to work in the healthcare industry, you might want to familiarize yourself with HIPAA and other regulations that might affect your work and focus as a Cybersecurity professional.

Having clear career goals will help you tailor your job search and professional development efforts.

Step 2: Gain Practical Experience

While your degree provides valuable theoretical knowledge, hands-on experience is crucial in the cybersecurity field. Here’s how to gain practical experience:

  • Internships: Look for internships or entry-level positions in cybersecurity. Even if they are unpaid or low-paying, they offer valuable on-the-job experience and networking opportunities. If you are military and looking to separate from active duty, take a look at the Skillbridge program. This will help to solidify hands-on experience to use for your future resume.

  • Cybersecurity Labs: Set up your own home lab environment to experiment with security tools, practice hacking techniques (ethically), and develop your skills. If you are seeking offensive positions in cyber, you should be doing this already. You should be learning something new every day and honing your pentesting/hacking skills. This is not limited to just offensive though. Even on defensive, you can set up labs of your own, set up sandboxed environments for malware analysis. TryHackMe has quite a few defensive labs for this as well.

  • Open Source Projects: Contribute to open-source cybersecurity projects. It’s a great way to collaborate with experts and enhance your portfolio.

  • Certifications: Consider pursuing industry-recognized certifications like CompTIA Security+, Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), or Cisco’s CCNA to validate your skills. SANS courses of any kind are generally great to have and are a great experience as well. However, before you fork out 8 grand for one of these courses, look into options that will pay for your certs.

Step 3: Build a Strong Online Presence

I’ve been guilty of this part myself to an extent. I tend to be a very private person, but needed to reach out and establish myself in some way. In today’s digital age, having a professional online presence is essential. Here’s how to establish yours:

  • LinkedIn Profile: Create a compelling LinkedIn profile highlighting your education, skills, and certifications. Connect with professionals in the field and join relevant groups. LinkedIn has helped me to not only build a bit of a professional network, but to actually help get me the cyber jobs I have obtained. Be sure to include all of your skills even if you don’t have certifications in those areas yet. Display what you’ve done and what you know.

  • Personal Blog or Website: Start a blog or personal website to showcase your knowledge, share insights, and demonstrate your passion for cybersecurity. I had originally started this site for that reason. Things happened along the way and I had to shut the site down for a while to focus on my actual work. But now it is back up and running and I’m trying to share everything I know for anyone who wants to learn.

  • GitHub: If you have coding skills, use GitHub to share your projects and contributions to open-source cybersecurity tools. I want to say that even if it’s something minor, put it up here. Projects will only help to grow and showcase your skills.

  • Professional Social Media: Use Twitter (now X), Reddit, or other platforms to engage with the cybersecurity community, share industry news, and follow thought leaders.

Step 4: Network, Network, Network

Did I mention Network? There is a reason I’m emphasizing this so much. Networking can significantly impact your career growth in cybersecurity. While there are many jobs in the sector, it is a very small community. I have run into people that know other people that I have worked with. I have started a new job recently and already knew several people that were working there from past jobs and through mutual friends in the sector. The more people you know in this career field, the better your chances are for finding a great position. Having that referral could make a huge difference in getting a job or not. Some ways to start your network:

  • Join Professional Associations: Become a member of organizations like (ISC)², ISACA, or CompTIA to access networking events and resources.

  • Attend Conferences and Meetups: Attend cybersecurity conferences, webinars, and local meetups to connect with professionals, learn from experts, and stay updated on industry trends. I cannot "foot stomp" enough on this. I have met more people this way than any of the others combined. People at conferences love to teach and love to learn. So if you’re feeling like a complete beginner or "noob", don’t even worry about it because that only gives a chance for someone else at one of these conferences to teach, and man do they love to talk about what they know! I will give a recent example: my wife is not a "nerd" like I am. She’s decently technical though, so she understands some things in the career field. I took her to DEFCON with me this year. She kept worrying that she was going to get made fun of or feel insecure because she didn’t know anything related to the majority of the speeches we were going to. She had the time of her life at this conference. Even though it wasn’t in her area of work, she learned so much and didn’t feel the least bit insecure of her knowledge level. Talk to people while you’re there, that’s what it’s for!

  • LinkedIn Connections: Connect with professionals in the cybersecurity field, including alumni from your university.

  • Mentorship: Seek out a mentor in the field who can provide guidance, share insights, and help you navigate your career path.

Step 5: Customize Your Resume and Cover Letter

Craft a compelling resume and cover letter tailored to the specific cybersecurity roles you’re interested in. Highlight relevant coursework, certifications, internships, and skills that match the job requirements. I’ve heard many mixed things and experienced mixed things when it comes to resumes. I’ve had some people tell me anything more than one page is too much, while getting hired with a resume that was four pages long after getting turned down for interviews with one-page resumes. It really depends on the content, who reads it, etc. So I would recommend either getting someone to review your resume for you that you trust, or putting it together into something you feel comfortable with sharing. Remember, this is just to get you an interview, but sometimes the interviews ask questions based on your resume, so don’t lie in your resume.

Step 6: Start Applying for Jobs

Begin your job search by applying for entry-level positions or roles that align with your skills and career goals. If you feel you’re a little more advanced than entry-level positions, by all means, apply where you think you might be a good fit. Be persistent, as landing your first cybersecurity job can take time. Though my experience was a little different as I was applying through the 2020 pandemic, it still took me quite a while before even getting an interview. Don’t be scared to apply for positions. I was sending out almost 100 applications per week. It just takes that one. Don’t be fearful of rejections either, it is nothing personal. Most of the time, the positions listed are already taken, but are either left up or for legal reasons displayed. So don’t be hard on yourself for any rejection notice.

Step 7: Stay Current and Adapt

The world of cybersecurity is ever-changing. Continuously update your knowledge, skills, and certifications to stay relevant. Follow industry news, read books, take online courses, and attend conferences regularly. In every cybersecurity interview I’ve ever been in, I’m always asked the question "How do you stay up to date and current with all cybersecurity-related events?". After I answer that question, I’m usually asked quite a bit about my thoughts on some current events. If you’re not staying up to date, you’re failing already.

Conclusion:

Earning a degree in cybersecurity is a significant achievement, but it’s only the beginning of your journey. By defining your career goals, gaining practical experience, building your online presence, networking, and staying updated, you can successfully launch your cybersecurity career. Remember that the field is dynamic, so embrace learning as a lifelong commitment, and your career in cybersecurity will continue to flourish. Good luck!

-Sam

Sam Lewis
Previous

Vanity Walkthrough- Proving Grounds OffSec
Next

Web Application Firewalls: Why does your site need one?