The Cyber Security Mindset and Important Success Strategies.
Cyber security is a difficult field, but it is by no means impossible - it all comes down to the cybersecurity mindset.Let's perform a hypothetical scenario that may be very real to many of you...It's been a few weeks/months since you started your career studies and you catch yourself looking at job descriptions and feeling insignificant, feeling unqualified and feeling down. The jobs feel so far from reach and you find yourself wondering, "When will I finally achieve that job?" I have good news for you... We have all been there at some point in our career development and the answer is, soon!Let's turn those negative emotions into productive ones! In order to be effective in this field, you must develop the ability to see things in many ways. Let's imagine we are looking at a cube in our hands, we rotate it to every angle, each side, consider what it looks like inside and outside, the material it is made of, the texture of the material, the vulnerabilities of that material, etc. This is the cyber security mindset in a nutshell, and it is something that no certification test will train you. Now we must use the cyber security mindset to look at anything we do in our career field, including the job search.In the career hunt:Job postings provide you with an exciting opportunity, a chance to see how you measure up against the current workforce demands in terms of knowledge, skills and abilities(KSAs). You can accurately gauge your existing KSAs compared to the job postings to determine how far you are getting in your education and development. This allows you to identify pathways that you need to strengthen to make yourself a more ideal candidate for those elusive cyber security roles. It also gives you a chance to understand the most valuable skills across multiple employers to ensure that you obtain at least a baseline of necessary skills to land that next job. It is important not to focus on vendors, but rather to focus on the KSAs that it takes to effectively operate vendor tools. For instance, even if you lack experience with Cisco firewalls that doesn't mean you can't learn how firewalls work, how rules / networking filtering works, etc.In the professional arena:As a member of both blue team (defender) and red team (attacker) you will be expected to understand the myriad of attack and defense strategies to be an effective cyber security practitioner. Learning how to look at hundreds of different attack or defense strategies / methods enhances your KSAs. For example, each time you learn of a new exploit type, or defensive strategy you increase your arsenal of KSAs. Then you must consider from yet another point of view, insider threats vs. external threats and go through each of those points of views as best you can, it just expands from here and gets larger and larger. The goal here is to continuously be learning - it will be the defining difference between you and another job candidate one day!
What does it mean to "try harder"?One of the most difficult to obtain cyber security certifications is called the Offensive Security Certified Professional(OSCP) it is considered by many to be the pinnacle of cyber security certifications, especially on the red team (offensive) side. The catchphrase of this certification is "I try harder" and for good reason! During your studies and testing, they will remove access to well-known tool-sets and force you to adapt; making you change your attack avenue or build your own replacement tool to help you achieve success. They give you no choice but to try harder and that is why it is one of the most highly sought after and acclaimed certifications in this field.That is what it means to try harder... to persevere even when the odds have been stacked against you. Your tools were removed, try harder! Your learning lab environment is limited, try harder! You were given yet another rejection email, try harder!To illustrate the concept of try harder, I want you to imagine a giant flywheel that you have to physically push. The first push is the absolute hardest and the next 100 probably won't be easy either, but with each push it becomes slightly easier. The concept of a flywheel is one of momentum - the more you push it consistently, the faster it will get using the rotation of its own mass as momentum. Your cyber security education is no different! The first 1-100 concepts are going to be very difficult, and maybe the next 101-400 will be moderately difficult, but by the 1000th concept you've learned, you'll have established a strong momentum on that flywheel and will be learning how all of these concepts, strategies, techniques, technologies all interconnect and that is when you start to see the big picture.The fundamental principle of mastering anything is the flywheel effect. You will not achieve that job, those KSAs, unless you take the time and effort to push that flywheel (your education and experience) forward as much as you can and as consistently as you can.Are you up to the challenge of trying harder?
Important things you need to know to be successful:I speak from personal experience when I write that it can be difficult to self-assess your KSAs, especially if you are more pessimistic than the average person. This can lead into a few pitfalls to watch out for while you are studying / getting into this exciting career field.Imposter Syndrome:Imposter Syndrome is when you feel that you are an imposter among all of your peers / fellows. If you feel like an imposter, odds are - nearly everyone else around you feel it too. This field has so much to learn that no one person could learn it all, so know that and be confident and happy with what you do know but keep striving for success. Never let the "imposter" feelings drag you down - we all experience them at some point in our career.Cover letters are an absolute must:When you apply for a role where you do not fully measure up against the job description requirements, you have a secret weapon in your arsenal that may just land you the interview: A cover letter.Cover letters allow you a chance to provide a narrative for your lack of experience and a chance to show the initiative you have taken upon yourself to gain the KSAs needed to land that job. It is important that you craft the message so that your passion and initiative are expressed in writing, so the hiring manager knows that you are in this field because you live for it. Never underestimate the power of a well written cover letter that provides the context to the recruiters and hiring managers - it may just be the thing that gets you a job.Don't learn the certification test - learn the content:Certifications provide value by proving your knowledge based on a standardized test, but it is important to remember that employers are not hiring you for your test taking abilities - they are hiring you for the KSAs that certifications are supposed to measure. In my own experience, I have interacted with many cyber security professionals who held several certifications but failed to connect them to the work they did on a daily basis - don't be that person!Each certification has a blueprint available on the certification website, it allows you to understand exactly what you will be tested on and you should assess the blueprints to gain an understanding of the necessary KSAs to be effective for both the test and in your future career!If you are rejected, follow up with the hiring manager:It is critical to your development working towards getting your first job, that you follow up on rejections. Ask the hiring manager, what you could learn to improve your chances next time a position comes available. Ask if there was anything you did or said that you can omit from future interviews. This act alone may make the hiring manager remember you next time a position opens up - especially if you interview again and he sees you adhered to his advice. This can be a measurable way to achieve your first job, by eliminating bad behaviors, KSAs or interview etiquette to be a better interviewer all around.------------That's it for this round - thanks for reading and if you are an Insider Pro member and have any feedback or commentary, you can reach out to me on the Cybrary Slack @WitheredForest.
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!