Cybersecurity jobs — where to begin | Guest Professor Robert McMillen

Get a job! No, seriously, get a job. Cyber Work Hacks wants to help you find the job of your dreams, and your guide to learning how to search for Cybersecurity jobs is Professor Robert McMillen, one of Infosec’s Skills authors. McMillen knows that there’s a disconnect between the skills gap that guests espouse and the commenters who are still looking. But McMillen has some actionable advice for you, and you absolutely do not want to miss this, no matter what level of job you’re looking for. Please take copious notes and enjoy this week’s Cyber Work Hack.

0:00 - Beginning your cybersecurity career
1:36 - Why you can't get a cybersecurity job
8:50 - Common mistakes young pros make
11:50 - What to learn from Infosec Skills
13:42 - Outro

– Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/ 
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Chris Sienko: 

Hey, you get a job. No, seriously, get a job. Cyberworks Hacks wants you to find the job of your dreams, and your guide to learning how to search for cybersecurity jobs is Professor Robert McMillan, one of InfoSec Skills authors. Robert knows that there is a disconnect between the skills gap that guests espouse and the commenters who are still looking for their first job, but Robert has some actionable advice for you, and you absolutely do not want to miss this episode. No matter what level of job you're looking for, please take copious notes and please enjoy this week's Cyber Work Hack.

Chris Sienko: 

Hello and welcome to a new episode of Cyber Work Hacks. The purpose of this spinoff of our popular Cyber Work podcast is to take a single fundamental question and give you a quick, clear and actionable solution. So for today's hack, I am happy to welcome back Professor Robert McMillan. Robert's done a couple of hacks with us and he was a past guest on the CyberWorks podcast and he's an instructor and he's one of the creators of our InfoSec skills learning modules, and we'll talk about that a little bit more with him in just a little while here. But right now, our hack is going to concern getting your cybersecurity job hunt started. So, whether it's, you're right out of college, you're still in college or maybe you're pivoting from another career entirely and you're getting into cybersecurity. It's the number one question we get on this podcast is how do I get that job? How do I start looking for the job? So hoping we can help some people out today. So thanks for your time, robert.

Robert McMillen: 

It's always great to talk to you. Thanks, chris, great to be here, and I have some actionable items for you today.

Chris Sienko: 

Yes, All right, we love actionable items around here. So, robert, one of the big challenges I've discovered in hosting this podcast for six years now is that there can be a big disconnect between the things that guests say on the show and the replies we get from listeners in the comment section. So our guests in this industry will tell listeners that there's this massive skills gap, that there are hundreds of thousands of cybersecurity jobs left unfilled because of a lack of qualified candidates, and we talk about how security is recession proof and has a very low unemployment rate and excellent career mobility, which is all true. But we also have listeners in the comments who will say I have three certifications and I've set my resume everywhere and I can't get an interview. So, robert, can you talk about this a bit? What's happening here if there's all these jobs and no one to fill them, combined with thousands of candidates who can't get their foot in the door?

Robert McMillen: 

Why is there a low unemployment when no one can find a job? Question for the ages? Yeah, I hear you. I hear you. Well, I'm going to give you some tips. Get ready, get your notepad up, get your pencil and paper if you're into that old-fashioned stuff and be ready to write down some of these steps, because they could change your life, and I hope that they change your life for the better. Love it. So here's my step-by-step guide for getting a job.

Robert McMillen: 

Now I'm going to talk specifically about job and cybersecurity, but even if you're just any IT career, that's fine, or any other career as well, all these different types of steps will work generically. Different types of steps will work generically. Now just recall for a second I've been an employee and I've been an employer, and I have hired a lot of people in a multimillion dollar company. Now I'm an educator, so I'm going to use what I learned to help you out. All right. So step one you're going to think this is a little bit backwards, but hear me out. One you're going to think this is a little bit backwards, but hear me out. Go to either LinkedIncom or Indeedcom and start searching for your dream job. By now you know you've been around long enough where you've got an idea of the kind of job you want. Now you may have a couple of different, maybe two or three different ways you could go. You're not 100% sure, that's okay, it doesn't matter. Start out at LinkedIncom, indeedcom I know there's a lot of other ones out there. There's Dice and there's Monster and things like that, and you can certainly use those if you get better success. But what you want to do is type in the location where you want to work whether it's work from home or work in a city or you know whatever it is and the job title that you want, and then start going through all the different employers and looking at all those postings and find out what they require you to have in order to get this job. Now you can discount it. If they say it's an entry level job and you need five years experience, don't even worry about that. That's just HR. That's HR fault. Yeah, yeah, exactly.

Robert McMillen: 

People don't really understand. You know the way the world works, but the person who interviews you, who is technical, they're going to understand what it is. So they're going to tell you the types of certifications. They're going to tell you whether or not they prefer people with a degree, and whether it's a two, four or six year type of a degree. Do they expect you all the way to a master's, or is a two year degree enough? And then that gives you that roadmap you're looking for. It's all right there. They tell you exactly what they want.

Robert McMillen: 

All right, step two you now know. You now know your dream job or dream. You know dream jobs that you're going to go for and you now know what it is you need to attain to get those jobs. Now it's time to gain the education and the certifications that they want. What I suggest is, if you really need to work right away, is gain the minimal amount of certifications that a lot of these jobs are looking for so that way, while you're working, you can continue going to school if that's possible for you.

Robert McMillen: 

I realize that some people you know it's not always possible, but you know you can gain those additional certifications and it's possible. Your job might even pay for it. A lot, of a lot of employers, I mean. They may require that you stick around for a while, but a lot of employers will say, hey, I'll pay for that degree, I'll pay for those certifications. I did that all the time I didn't have a big enough business to pay for people you know, $80,000 bill for college. But I did pay for certifications and I gave them a raise every time they attained one. You know, so that's fantastic and slowly work your way into the type of position you want. All right, step three while getting educated, this is one of the most important things that you can do. Network, network, network, and I'm not talking about Ethernet, I'm not talking about Wi-Fi.

Robert McMillen: 

I'm talking about networking with people at school. If you're still in high school, start it here. Join a computer club, start it there. Start a school local conferences. There's lots of conferences that are going on around you all the time Type in cybersecurity conferences in my area or whatever type of conference you're looking for. No-transcript. Now step four pay someone to help you create your resume, because you're not going to necessarily know how to. Yeah, maybe you can create a resume with Microsoft Word, the resume template. That's not good for every type of job. You know that's good for a certain type of job. I remember the first time I applied for a job to teach at a college. They called me back and they said you know, we really like your experience, everything and all that kind of stuff, even though your resume was horrible.

Chris Sienko: 

I'm like resume is horrible. Oh no, I'm an employer.

Robert McMillen: 

I don't know where resumes are supposed to be written. And they said you know that might have been fine, for you know the type of job people that you hire, but for for a school, we expect a resume to be created a certain way. I was at a disadvantage and I was like, wow, I had no idea. So you want to find someone who knows how to apply for the job, you know for the type of a job and knows how to create the resume for you and get a resume education from that person. Help you create the resume. You're going to need to edit that a little bit every time you need to.

Robert McMillen: 

You know, apply for a different job. So it's. You're going to be looking for certain keywords in that posting and you're going to want to put some of those keywords into your resume in a way where it doesn't look like they were wedged in. You know it looks like it was. It was natural, you know. So get an education from that professional resume writer. I realize it might cost a few hundred dollars. If you're going to school, they usually do that for free. So you know, see, you know, go talk to somebody at your school, your advisor, and see if they've got a resume. You know department that will help you create it, that's there you go Four steps to getting a job.

Chris Sienko: 

No, that's, that's great, and I think that that's uh the. The networking part is extremely crucial. And I think, yeah, more than anything, I think, yeah, outsource uh the the creation of your resume. Cause, boy, that can be, it's so stressful anyway. And then, as soon as it doesn't get a reply, you immediately start getting in your own head about like well, it's obviously my fault, I clearly don't have the skills, but it might just be that you don't know how to sing the song correctly.

Robert McMillen: 

You're right. Yeah, that's exactly right.

Chris Sienko: 

So you know not to get negative here, but can you talk about some of the common mistakes you've seen with young professionals?

Robert McMillen: 

how they search for and apply for security jobs that might keep them out of the eligibility pool. Or, you know, if that's too strong a word. What are some tips to you know? Sort of turn things around if it's not going the way you want it to. Yeah, besides, lack of networking, you know that's a big problem right there.

Robert McMillen: 

Resumes are filtered using bots. So if you look at, you know Indeed is a great way to see this and LinkedIn has this too when you go to apply for jobs, you'll see how many other people have applied for those jobs and what level of education they have. They may even say you know what, what you know, your area and your areas X amount of people have have applied. So what you're going to find is about 90% of all applications are coming from out of the country. They're coming from far away hoping to get relocated, and employers know that. And if they're not interested in doing that, then you're really down. You're really in the top 10 percent. You know already.

Robert McMillen: 

So, as I mentioned before, keywords are important because of those artificial intelligence bots that are looking for specific keywords. So if they say, hey, I'm looking for, you know, someone who has a CCNA, or I'm looking for an OSCP or you know whatever it is you know, and if you have that, make sure that that you know, that is prominently displayed. But look for some of the soft words that are in there. Looking for a team player, you know, looking for someone who you know is positive all the time, and you know. Those kinds of soft skills you can also add into your resume and without them your resume seems fairly cold, you know, and first off, the bots will kick it, and if it gets past the bots, the HR people are going to kick it as well.

Robert McMillen: 

One thing I found out that was interesting recently is that some people are putting their pictures on their resumes. Now, if you're doing just a blind submission, you know, to a post, leave the pictures off, because bots can't see it and they'll automatically reject it. If there's a picture on there because they're like there's a big black square on here I don't know what that means yeah, so don't put pictures on your resume, that's, that's, that's a problem. However, if you are, if you get an email address with a direct HR manager, that's okay, you can leave the picture on there, that's fine. So customize that, you know, that resume for each one. And, as I mentioned, you know you can, you know, hire someone as well.

Chris Sienko: 

Yeah, no, that's. That's also really really good advice and I think it's. It's real easy to get get frustrated in those cases and and yeah, I think simpler is better. When it comes to resumes, you, you know the gone are the days where a flowery you know where, you know when, when you know my illustrator, you know, or just or just like graphic design is my passion style, you know with colored paper and lots of you know multiple font faces.

Chris Sienko: 

unless you're applying for a graphic design job, don't do that. You know, like you're, you're going to be, you're, you're, you're playing the robot, so make sure that you're giving them the information that that they need. So yeah, that's all great advice. So yeah, one last thing, robert McMillan, we are talking here because you have several skills learning paths on our InfoSec skills site, so can you tell our listeners a bit of what they can learn from you?

Robert McMillen: 

Yeah, and if I could back up just for a moment, a couple of other things I just want to mention is employers also promote the zero trust principle of cybersecurity. Even though they don't realize it, they don't trust you because they don't know you, you know. So trust takes time and effort. It's much easier to find a position if you have that, those networking skills. You may also want to start out by looking at a recruiting agency. There are local recruiting agencies, it recruiting agencies in every major you know city in the country. So you may not have as good of experience as you know, as if you got hired directly.

Robert McMillen: 

But hey, you'll get health benefits, you'll get a salary and you'll get experience in the industry, and then you can move on, you know, later on. But as far as my learning paths go, we have multiple learning paths, starting with Windows Server 2019, windows 10, and then also Windows 11 and Windows Server 2022. And guess what I'm starting to play with Windows Server 2025. It's in Canary right now, which I think is really funny. You've got alpha beta and then you've got Canary, canary yeah, okay, so I'm using the canary version.

Chris Sienko: 

You're living in the future over there?

Robert McMillen: 

Yeah, it's one or two versions before the release to manufacturing, but it won't be long before we have Windows Server 2025, and, I'm assuming, windows 12 as well. But for now, those learning paths are available and they're really designed for corporate security, which is the area that you're probably going to be most interested in.

Chris Sienko: 

Yeah, that's all great stuff. I've looked at it myself. I hope you all will check it out as well. So until next time, professor Art McMillan, thank you so much. This has been some really, really top quality career advice. I appreciate it. Oh happy to help, chris, and thank you all for watching this episode.

Chris Sienko: 

If you enjoyed this video and felt that it helped you, I hope you'll share it with your colleagues and on any forums that you're on and on your social media accounts. And don't forget to like and subscribe the CyberWorks InfoSec YouTube page. You can just type in CyberWorks InfoSec and you'll get to our page and it'll be real easy to hit that subscribe and then hit the little bell. We'll let you know when you're getting new episodes popping up just like magic.

Chris Sienko: 

So we've got a couple more coming up with Professor McMillan here and we've got lots of hacks for people at all different levels of learning and job acumen. And if you have any topics you want us to cover whether it's digital forensics or pen testing or management or CISOs just drop them in the comments. We'll answer them all and we'll try to get to them all someday, hopefully very soon. But until then, this is Chris Sanko signing off, saying see you next time and happy learning. Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12 most in-demand cybersecurity roles. I asked experts working in the field how to get hired and how to do the work of these security roles.

How does your salary stack up?

Ever wonder how much a career in cybersecurity pays? We crunched the numbers for the most popular roles and certifications. Download the 2024 Cybersecurity Salary Guide to learn more.

placeholder

Weekly career advice

Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.

placeholder

Q&As with industry pros

Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.

placeholder

Level up your skills

Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.