The Truth and Lies of Seeking an Entry-Level Cybersecurity Job, Part One

A multi-part series about the lessons learned in my transition towards an information security career

Prologue

My name is Michael Olsen, a former marriage and family therapist who, about two years ago, decided to transition from being a hobbyist spectator of the information security field to becoming a participant as I sought a full-time career in the industry. From the outset, I never would have dreamed I would be writing a multipart series about my experience as a second-career job seeker trying to struggle my way into the information security field, but here we are. This series was born out of my frustration with the opaque and intractable barriers I have encountered while trying to establish a foothold in the field.After reading a thoughtful piece on the cybersecurity recruiting problem, I started writing, eventually deciding to publish it here. However, my intent is not just about job-seeking challenges; it's about the stark differences between portrayal and appearance and reality. While this contrast is well acknowledged, written, and talked about in the field, it is rarely described from the perspective of the job-seeker. Writing about it from the job-seeker perspective involves risk, as job hunting has an inherently unequal power differential the lower you go down the seniority ladder. Nevertheless, my hope in writing this series is not simply to complain about a problem but to offer a perspective and possible solutions. I hope I can share a perspective of the opposite side from those who have been in the field for a while, both as practitioners and those who recruit and hire for the roles. I also especially hope to shed some light for other newcomers seeking to start a career in information security, especially those coming from non-traditional pathways or without a traditional Computer Science education. No matter who you are, I hope you enjoy the series and find it helpful. I invite you to share this series with others on the social media platform of your choice. Also, please share your thoughts with me about what I’ve written; I enthusiastically anticipate learning many things from this and appreciate your time reading it.

---

Part One: The “Find Your Dreams in Infosec” Ecosystem

The Bounty of Education and Expertise

If you've spent any time at all in the information security training world, you know that there is an absolute cornucopia of training options and pathways available to those seeking beginner skills in all areas of information security. In fact, it's one of the best parts about this field, and a part that immediately drew me in. So many people in infosec are passionate about the things they are do for their day job that they give them away for free! My first tangible “infosec” resource that I utilized was SwiftOnSecurity's https://decentsecurity.com/, a fantastic and straightforward guide focused on Windows hardening that made me, a mental health therapist with a lifelong interest in computers and security, excited to have hard-won professional knowledge given away for free with no paywalls or email subscriptions. That experience encapsulates so much of what I find all around me in the information security education world. Smart, capable people providing their wealth of knowledge and expertise to others less well-learned for free or at highly reasonable costs.

The Supportive People and Influencers

Not only is the educational content extensive and of high quality, but the people are great too! The information security landscape is filled with delightfully warm and supportive people, many long-time veterans of the field, who offer insights up on YouTube, podcasts, Substack, and social media. Seriously, good people seem to be naturally drawn to the field because I find them everywhere. They are giving away expert technical content, encouraging folks to persevere in their skill development, and without fail offering whatever helpful tips and tricks they have for those of us trying to get started in the field. Some of my favorites include:

• Meg West (cybersecuritymeg)

• John Hammond

• Eric Capuano’s “So you want to be a SOC Analyst” Series

• The Phillip Wylie Show

• Serena DiPenti (shenetworks)

However, with slightly acerbic hindsight, all that enthusiasm and encouragement should have been a warning clue about what lay ahead for someone like me trying to get started in the field.

The Appeal of Cybersecurity

If you are reading this, you likely have some interest or experience in the field of cybersecurity, or more broadly information security, so I don't need to elaborate too much about what makes the field appealing. But I want to lay it out briefly all the same because, when the going gets rough, and it's going to get rough, the appeal is what someone like me is going to hold on to in their minds to keep moving forward. Briefly, here are some of the main reasons that the field of information security is appealing:

• Doing important work that matters by protecting others and taking on bad guys holds timeless appeal.

• It involves some of the most creative applications of technical wizardry that you can imagine.

• It pays very well and usually involves a high degree of job security and employability.

• A lot of the work is remote-friendly or is at least quite flexible.

• There is a friendly and passionate professional community, with exciting and culturally rich conventions and touchpoints.

• There is a certain esprit de corps or elitism; you are part of the cool-kids club doing cool things.

Now, I know that someone somewhere is working in an office reviewing audit reports for Governance, Risk, and Compliance (GRC) reasons and has something to say about some of these bullet points. Nevertheless, from the eyes of an outsider looking in, there is a lot to be excited about for a career in information security!

The Pathway to Success

So, let's briefly review what we have so far: there is a lucrative, exciting, technical field with abundant enthusiastic and expert resources ready to help someone get launched into information security. From this starting point, you can find nearly endless stories of how others got their scrappy starts in the field. Many people, with diverse backgrounds, have achieved what appears to be happy, successful starts in information security. Often, they caution in their telling that their success did not come easy, nor without hard work, but nevertheless, success is there to be captured if you have the determination and persistence like them. And without an ounce of guile, I want to say that I am incredibly grateful for each of their stories. I've been moved to hopeful tears and bursting emotions reading about others' nearly-sacred journeys to transform themselves and launch their careers. Many have come from so little and have faced so many obstacles, and when they soar, I too have soared inside for their triumph. Hearing their words and gleaning from their experiences, I’ve learned so much and been able to see so much better than I could have otherwise.

However, after extensive training and hard work, and with close to 200 carefully targeted job applications, at the cost of almost two years of my life, I've found myself yet to find success and instead I’m mired in uncertainty and despair at a pathway forward.

Read Part Two to hear about who I am and how I worked to prepare myself for a career in information security.

---