The Best Way to Land that Next Cyber Opportunity
The Best Way to Land that Next Cyber Opportunity
Guest Blog by Kersley Joseph, CyberVista Instructor
You completed your cert. You think it might be time to jump ship. How do you go about landing your new opportunity convincingly? Is a certification enough? Is it all about experience and/or technology? Where should you focus your efforts to increase your chances?
Using the Security Mindset
One of the most common approaches in security is to “think like a hacker.” In essence, we are trying to “reverse engineer” an outcome. Since we are looking at approaches in securing a cyber opportunity, perhaps the more important approach is to “think like the hiring manager.” So where do you start?
Information Gathering: The Type of Opportunity You Really Want (and Company)
Suppose you’ve found a few interesting companies, but you are unsure how to narrow that list. Here are some key questions to ask to help prioritize your choices:
- Which specialty do you want to pursue?
- What are some factors that would influence choosing one company over another?
- Is the culture the right fit for you and vice versa?
Take the time to determine what is most important to you in your next role by having your own list of preferences and requirements, especially when considering the opportunities. Create as many questions as you can to begin gathering more information.
Reconnaissance: How The Company Operates
You’ve found one company you want to focus on. Now, it’s time to strategize using open source intelligence methods and social engineering.
- What can you glean from the company website/social media/blog/content updates?
- What’s the vision from the leadership team?
- What can you glean from job posts about their technology?
- What do people say about working for them on social sites?
Keep notes on what you find. Form a profile for the company and some notes on how you could use this information. This will help with the interview process. The next step is figuring out how to increase your chances after applying for the position.
Scanning Your Network
Let’s shoot for the lowest hanging fruit with the highest probability of feedback: social engineering. Scour your network and resources for recruiters, peers, and employees (past or
present). Get as candid as you can the closer someone is to your peer circle. Ask for an introduction to the recruiter or perhaps an intro to the hiring manager’s boss if you are very comfortable with the liaison. Ask questions about the hiring manager or team lead’s background. Ask about backgrounds, books, or any content that could be helpful in building a profile about the team, its capability, and its authority/thought leadership approach to security. Accumulating as many useful nuggets as possible will be beneficial for the interview and application process.
Exploiting the Application Process
Most resumes are largely dead on arrival. But yours shouldn’t be. Your experience should come to life on paper. Besides the modern approach of keeping your LinkedIn profile up-to-date, keep your resume up-to-date. Make them complementary. Demonstrate your recent experience with results in one or two paragraphs. Make it tangible. Tailor the resume to match the position and go a little bit beyond by including the things that matter to the company. Try to meet most of the requirements by using keywords and close the gap on additional qualifications that are desirable based on what you’ve uncovered from the position or similar positions (e.g., completed CISSP training). Make sure your LinkedIn profile is updated to reflect the tailored approach, too. Highlight what your team has accomplished as well as your own accomplishments. Consider including your work, projects (even side projects) and anything related to a tangible result.. Anything relevant that you have worked on is great to contemplate including a blog or YouTube channel. Content is king.
Another area to consider is a cover letter that is tailored to the company and position. Use this as a way to build a strong case as to why you are the right fit. Tailoring your approach is yet another step to diﬀerentiate yourself. This is where your homework comes in. Follow up promptly with a response and stay interested. Ask about the timelines for interviewing, hiring, salary range, and hard requirements for their decision process.
Enumerating: The Interview
If all is well, you’ll get an interview and you’ll have plenty of information to help you stand out. The interview is a chance to present yourself and to make a great first impression. Focus on making a connection with what the company is doing, the role, and how you plan to help by asking questions.
Before you go into your interview, think about why they shouldn’t take a chance on you. You’ll need to examine holes in your game to be better prepared. In addition to common interview questions, ask yourself:
- Are you strong enough technically for this capability?
- What’s your own personal development process for staying up to date? Where are you weak in proficiency and how are you addressing that area? Why should you be trusted?
- How do you process problems?
Polish up your security knowledge and expertise in case the interview becomes deeply technical.
If you are confident enough to move forward, pivot the interview by making an oﬀer they can’t refuse — oﬀer to present/help on something of interest. Ask if you can help solve a problem that currently exists — for example, mitigating a vulnerability with no patch available is a great start. Pitch the idea of presenting for the team. Need inspiration? Check our blog out for some places to start researching.
This increases the chance that the organization values thought sharing and creates a strong hiring case. Of course, if presenting isn’t your thing you can always write a research deliverable, a blog post, or record a video. Whatever you choose, make it compelling.
Additionally, ask the interviewer additional questions regarding the position. For example:
- How did the position become available?
- Is there an internal candidate being strongly considered?
- What does the day-to-day role look like?
Your goal is to find out more information about the company and opportunity to uncover anything valuable that you can factor into your decision making.
Post Interview: The Follow Up
You’ve targeted your energy on one company for that golden opportunity. You acted on the valuable information you could find, and exploited the recruiting process. You enumerated company resources, recruiters, social engineered friends. You were successful in pivoting the interview into a presentation and you made a lasting impression. Now, stake your flag.
Remember to follow up with consistent interest. Reaching out to say “thank you” is still in style. A handwritten follow-up note is another great touch. Diﬀerentiate, diﬀerentiate, diﬀerentiate. In an email, try to schedule time to speak by proposing a day to call. Stay interested by showing interest in people first (e.g., recall that person’s interest) and flow into the opportunity for an update. Social engineering always starts with being thoughtful.
Hopefully, these pointers get you to where you are headed. If not, keep trying and know that we’ve got your professional advancement needs well-covered.