Lina Lau - How to get a job in cybersecurity earning over six figures : Zero to Cyber Hero

Table of Contents

Introduction
If you are seeking a job in cyber security but dont know where to begin, you are in the right place. Your motivation may rise from something you saw on TV or a movie, an interesting news headline, gotten a taste at hacking on something, or are simply fresh out of school and are looking to break into the field. If you want to take this motivation and turn it into a career, this book is intended to be a helpful foundation for that next step.
I was in your position once. I fell in love with malware, wanted to work in the field and I had no idea how to get my foot in the door. I would read cybersecurity Twitter feeds and not understand basic things like what a CVE was. There was a lot of self-doubt and I questioned if I was good enough or qualified enough to get into the field. I dropped out of University and that only intensified my anxiety about if I was good enough. There was one thing I did know. I couldnt get into cybersecurity following the normal route of getting a degree, competing with thousands of others trying to land an entry job with 3 years minimum requirement written on it. I wanted to accelerate my career trajectory, and this book is about how I did this. I hope it helps you with some principles you can apply to fast track your career and excel in this field.
I am not the type of person who would ever write a book as it is just not something I enjoy doing. But I noticed on LinkedIn a lot of graduates and people asking for advice on how to break into the field and I saw a lot of terrible advice from recruiters and a few senior executives. Their advice ranged from keep trying to apply anyway; hardly meaningful feedback. In principle, they are right, but in practice this dont give up advice is useless when you have not built the right foundation on which to excel in this field.
The road is long and will require hard work and determination. There is no short-cut to gaining knowledge. As much as I wish I could download peoples brains, I cant. The purpose of this book is to teach you how to fast track your career, but you still need to put in the work. There is no fast track success pill that will make you rich or successful and if someone is selling you that, they are scamming you.

This book covers how I got into cybersecurity. You may not have had direct work experience, specific skills or tooling experience, but the methods I will cover might help you overcome your on paper limitations.
You will learn:

• Average salary expectations and benchmarks
• Common recruiting lies
• The negative side of each job in cybersecurity
• Building a network and reputation
• Resume and social media tips
• Acing the job interview
• Technical and practical interview tips
• Dealing with prejudice and judgement

The knowledge in this book is based on my experience, my opinion and the opinions of those in my security network. This may not represent the viewpoint or experiences of everybody.

Step 1: Define what you want to do
It will be harder for you to get a job in security if you have no idea what you want to do. How can people help you when you dont even know what you want? You have two options either apply for a rotational internship program with consulting companies / banks or, read on and try and figure this out for yourself.
Cybersecurity is a broad term. There are several niches and various roles you can fill in cybersecurity each with positives, and negatives. There is no such thing as a perfect job. You will always face struggles, for example work-place stress, politics, confused clients, unrealistic deadlines and hours of Microsoft Office i.e. Excel, Word, PowerPoint. (No offence if you really enjoy using Microsoft Office).
In step 1, I will cover what each of these roles are what skills are needed for them, how much they pay, and some lessons learned from each role. These are the kind of thing that they never write on the job descriptions. For each of these roles, I have spoken to colleagues and friends in each of these roles and gotten their honest opinion.
Do not read this and start looking at job advertisements that say, 3 years minimum experience and feel disheartened. These job advertisements honestly dont mean too much if you have the skills and can show you have the same equivalent knowledge for it in a tangible way unless youre being interviewed by someone who is very narrow minded. In that case, consider how much youd learn being managed by them. When I come across people like this, I see it as a red flag and run. Just remember, 3 years experience does not mean someone was learning for that entire 3 years. I have interviewed people with 10 years experience and did not have that much to show for it.

Even though IT and cybersecurity have several crossovers, there are several intrinsic differences between these roles. IT roles often focus on infrastructure the setting up of systems used by a company, or the management of such systems. They may also focus on networking and managing the network of a company. IT based roles also encompass architecture roles where an architect might be asked to design how the infrastructure works for a company and what tools are used.
The difference between IT and cybersecurity is that IT focuses on the systems that are used, setup and managed and security is all focused on the security of these systems and various security tools.
This guide does not cover anything about IT roles or how to get a job in IT. However, a grounding in an aspect of IT networking, scripting, server administration, cloud administration or otherwise, can be seen as a real asset to someones skills. Just because you have spent your career configuring switches or changing passwords, your skills are just as applicable. If you have a strong knowledge about active directory, there are several security companies hungry to hire you. Make this known.

If you dont know what this topic even means let me take a step back. There is a timeless debate between whether or not people should move from a consulting company to an internal team. Simply this means, do you want to work in security managing the security of the company you work for (i.e. if you work at Laurens Technology Shop, you would manage the security of Laurens Technology Shop) or if you want to join consulting and manage the security of several different companies.
There are pros and cons to each. Working in consulting can be stressful and you need to be comfortable speaking with people, running meetings and presenting. Each client has different needs and requirements and will be different to deal with. You will constantly be faced with different security environments and be faced with things you do not know. Consulting also means you might be surrounded by different people all the time depending on how long each project lasts for. If you thrive in a dynamic work environment and want different challenges and a different environment every day, then perhaps consulting will interest you.
Working for an internal team means you are working with the same internal core team and managing the security of that specific company. Sometimes it pays better than consulting (depending on how well the consulting company you work for pays). Internal teams provide more structure and more consistency and can sometimes be less stressful than consulting if you need stability in your working environment. With that said, I have seen people work for an internal team and be heavily stressed just the same as in consulting.

Cybersecurity Roles
The table below summarises the types of roles that fall under cybersecurity and what they broadly consist of. Please keep in mind that the roles companies come up with often vary due to what lexicon they choose to use. I have even seen some start-ups name their roles Cyber Unicorn and go on to describe the role of a cybersecurity analyst. If you ever feel confusion with a role, its best to read the role description and speak with the HR manager to get an idea of what the day-to-day life of that role is.