TLDR at the bottom.

Hello,

I just got a remote Cybersecruity job with no prior Cyber experience and less than 1 year of IT experience. I'm in my very early 20's, and this would be a 30% pay raise from my previous IT role.

I wanted to make a post for a couple reasons: 1. To describe what I did to prepare myself for the job hunt 2. The job hunt itself. 3. My perspective on the current state of the job hunting and my advice to help people who are looking for get a job. 4. For entertainment, educational, and journaling purposes (my life goal is to be an author lol).

1. What I did to prepare myself for the job hunt.

I dropped out of college.

I was in school for nursing and I never really studied in HS. I never had to truly study for anything in my life, and nursing 1 classes changed that very quickly. I didn't know how to study, and because of that I started failing my classes. Instead of failing out, I chose to drop out of my nursing classes and spent the rest of the semester finishing my gen-ed classes.

I then started working at a nursing home, and then a hospital. Both jobs were fine enough, but I realized
that this really wasn't what I wanted to do with the rest of my life. One day, I was on scrolling on tiktok when I saw one of those cyber influencers telling me how I could "make 90,000$ a year while working in the Bahamas".

Even posting this from an anonymous account, it feels embarrassing to admit that this video sold me.

A. I addressed my mental health.

I have autism.

I was diagnosed when I was two, but my parents only told me when I was a sophomore in HS. One of the big side effects from this is that I did not like to think about my mental status (since I didn't really grow up with the fact that I have autism, i really don't like acknowledging I have it. I think I might mentally acknowledge it to myself once a month. I feel like if I do truly acknowledge it, i can then use that as an excuse to do nothing with my life. Even writing this section felt very uncomfortable for me.). The occasional time I ever felt "mentally wrong", I would just blame it on the autism and move on with my day.

However, failing out of school made me revaluate things. I went to a psychiatrist and he said that I had pretty bad ADHD and he had no idea how I made it through HS without the slightest inclination that something could be wrong (my genuine reaction to that information). Annoyance aside, he threw me some Adderall and it improved my life drastically. With a renewed determination, and some addys in hand, it was time to get to work.

B. I enrolled at WGU (Westerns Governors University).

If you have engaged in the Cybersec community, its possible you may have heard of WGU before. You might
have have also seen their ads on tv before (its the one with the owl). WGU is a online, non-profit, nationally-accredited university.

WGU is different from typical universities, as instead of paying for individual courses that make up a term, you pay for time slot of 6 months. You can complete as many courses as you'd like, or do as little courses as you'd like.

I absolutely love WGU. It has completely changed my life for the better. WGU's cyber program offers 10 certificates (WGU says its 15 but 5 of those certs are basically not real, as they are certs you get when you get multiple certs. For example, you get the CompTIA IT Operations Specialist certification when you get the A+ cert and the Network+ cert.) that are included in the tuition price. So if you graduate, you will have a degree from a national accredited university and industry recognized certificates. As much as I love glazing WGU, lets move on with my journey.

As soon as I enrolled, I got a job as a home aid using my prior health care experience. My home aid job allowed me to to study at work for 7 hours a day, as patients only really needed work done for one hour and mostly needed the convince of someone being around for the the rest of the time. In 8 months, I got done over 50% of my courses for the four year program, something that would not be possible in a traditional school.

There is a lot of positive things (and some negative things) about WGU I'm leaving out, so if you have any questions feel free to DM or comment.

C. I got a IT helpdesk job.

This step sucked.

Through my research I quickly discovered that if I expected to just graduate and get a cybersecurity
job with no problems, I would be in for a rude awakening. Most people recommended to get into helpdesk as a good entry point, so I did school until I got my A+ certification (which is the industry standard entry level IT
certification) and started applying.

It took me 389 applications. At the time, I thought this was insane, but comparatively its actually not bad at all. I've seen some people put in 1000+ and still be searching. Interviewing was a relatively new thing for me. In health care you'll get hired if you have a pulse, while in IT I got ghosted after a a fourth round in person interview for a huge company in the city. After going into the city. After paying a 10$ parking fee.

Cory, if your reading this, I hope your pillow stays warm at night.

Luckily for me, the job I ended up getting in the end was probably one of the best ones I applied to. The pay was higher then average, and the job was very easy, so I spent most of my time there studying. I also got the chance to complete do multiple security projects, which looked quite nice on the resume.

D. I networked and attended local meetings.

This step sucked worse.

Through further research, I learned that the best way way to get a job is to know a guy. It also looks good on your resume if your apart of some cybersecurity groups.

I really didn't want to do this, as I was already working full time and in school full time at this point. I also haven't really been socially active since covid, as covid really change my life for the worst. I used to enjoy going out but covid left me in a bad place physically and mentally. The only people I talked to were my family, and my very close friends.

However, I knew that if I wanted to better myself, eventually I would have to go outside and touch some grass. I looked up popular cybersec groups in my area and I went to two of them.

The first one was formal. you would network before the meeting, a sponsor would give a presentation on why you should buy their product, and then it was over. I didn't particularly care for this one so much, as there wasn't really to much time to network. Everyone was also way older then me, which definitely made it harder to connect with people in such a formal environment. You have to pay a yearly membership fee aswell.

The second one was informal and meets at a bar in the city. They had a discord group which I joined, and started talking to people from there. I posted my resume in the career advice channel, and I immediately got invited to a voice call where two people critiqued it. After critiquing it, they said it was overall pretty decent, as I had 5 months of IT work experience, some good certs under my belt, was active in some security groups, and in school for cybersecurity. They told me that they will keep my resume if anything came up. I also went to their physical meetup and it was great. It was very nice to know they I still had it in me to make friends from strangers, something I couldn't have done 8 months ago. The steps I was taking to improve my self were paying off.

I also went to an annual cybersec conference in the city, I already knew some people from my other groups, and that was a cool experience.

With all these steps being completed or in progress, its time to talk about the job hunt.

2. The job hunt itself.

I got lucky.

So lucky. Stupid lucky. So lucky I should have bought a lotto ticket. I mean, your going to need some luck with any job hunt you do, but this was something else entirely.

About a month ago, I get a DM from the guy I was on the discord call with about my resume. He was leaving his current position and referred me to the hiring manager. While I appreciated the gesture, I didn't think much of it, as my resume had to to be good enough to get a call back. I'm a pessimistic guy (especially after my last job hunt) and assumed the worse.

About four hours later, I get a email from HR asking if we can schedule an interview.

While doing all the steps before this moment contributed to this interview invite (Step A allowed me to for steps B, C, and D to occur. Step B and C allowed for my resume to be good enough to get an invite. Step D allowed for the opportunity to get the invite in the first place, as without step D the person who referred me would not know I existed in the first place.), It was still very lucky that he left his position in the first place, and it was very lucky that he referred me.

With that being said, luck can only take you so far. It was time to execute from this point forward or "lock in" as my fellow zoomers would say.

By this point, I was pretty good with interviews. The HR screening interview went perfectly. We had a great connection, and I did flawlessly on the few technical questions that were asked. The HR person even scheduled my next interview during the middle of the interview. The next interview was with the director of cybersecurity operations. It was an 1 hour long, with 45 minutes of straight technical questions.

I'm going to post the ones I remember below, just to shed some light on what technical questions you could potentially see in some of these interviews:

1. Identify the following ports. (20, 21, 22, 23, 53, 80, 443, 3389)

2. What are the two types of encryption?

3. What's TCP?

4. What's UDP?

5. How does DNS work?

6. Does DNS use TCP or UDP?

7. What's the MITRE attack framework?

8. What's the cyber kill chain?

9. Why would you use hashing?

10. Can hashing be reversed?

11. What's the difference between a firewall deny rule vs a firewall drop rule?

12. What is a brute force attack and how can you mitigate it?

13. Name the two most common vulnerability scanners.

14. What is a MITM attack and how can you mitigate it?

15. What is a SQL injection attack and how can you mitigate it?

16. What is the difference between a SIEM and an EDR?

I got 13/16 of these questions right (6 is a trick question, 8 I got half right and I bricked on question 7). I also tried to go the extra mile and give examples/scenarios when I could. I thought the interview went good/decent. We had good conversations but it was hard to get a good read on the guy. I also felt I did quite poorly on the behavioral questions that were asked, so I expected the worse.

The very next day, the HR person called me and gave me an offer.

In only 14 months, from the start of my enrollment at WGU to this point, my hard work had finally paid off.

(live motion_seaker reaction)

3. My perspective on the current state of the job market and my advice to help people who are looking for a job.

This section will probably be controversial. The following section is simply my opinion.

A. My perspective on the current state of the job market.

If you spent all your time in this subreddit, you would think that you must work at an IT helpdesk for 1.5 centuries before even thinking about being worthy to so much as apply for a cyber role.

If you spent all your time on cyber tiktok, you would would think that simply getting the Google cybersecurity course on Coursera qualifies you to be a CISO at a fortune 500 company.

The truth, in all things, lies somewhere in the middle (with the scale pointing a bit to the left in this subreddit's favor.).

It is not an easy market. However, if you have the skills, the proof that you have the skills, sheer willpower, a good network, and some luck on your side, you will find an opportunity.

B. My advice to help people who are looking for a job.

You can find a lot of sources on how to get cyber jobs, certs for different sub paths, etc. I have listed some tips I've personally used to my advantage.

1. Shoot the damn ball (apply to everything that your interested in).

I used to get caught up in job descriptions of jobs that interested me, and pass up applying to a job if I didn't meet exactly what they were looking for ( EX: I didn't have a certain certification they were looking for, they required 3+ years of cyber exp when I had 0 years exp, etc.). The consequence to this is that I only applied to a few jobs a day, and the jobs I did apply to were almost impossible to get, as the standards were lower so more people applied to them.

One day, I was catching up with my friend who was on leave from the marines. We were at a park and he went up to this women, who was way out of his league, and got her number. I have a hard time trying to talk to strangers, much less do something like that. I asked him how he gets his confidence. His response?

"Shooters shoot."

He was right. I needed stop thinking about if I was taking a high percentage shot and just shoot the damn ball. Weather the shot was under the basket (it helpdesk) or from outside the arena (CISO of google). To get a job, all you need is one place to say yes. The more applications you put in, the higher chance a place will say yes.

I started doing this and got more interviews. Even if I didn't get the job, this let me practice for interviews. It was also an amazing networking opportunity, as you get to talk to employers in your desired field and get on a first name basis. These interviews can also be a great opportunity to get other positions as well. For example, companies would tell me "I don't think you meet the qualifications for the pentesting position, but we we have SOC opening that I think you could be a good fit for!". The prior example happened to me 3 times.

2. Put a face to the name.

When you apply to position, from the employers perspective, you are just name in a system. A name on an application that gets run to through an AI screening software that bases if your qualified for the position on keywords in your resume.

When you apply to a role your particularly interested in, it is worth the effort to reach out personally to the hiring manger/recruiter. Its harder to send some one an "Unfortunately" email when the candidate connected with you on linked in and messaged you saying "I'm looking forward to to this opportunity Ｏ(≧∇≦)Ｏ". In case you the recruiter doesn't immediately give you the job based on that message, it's another good way to establish relationships with employers in your field of interest.

3. Leverage any resource you have to your advantage.

By 'any' resource, I mean any resource. Your friends mom works in HR at company of interest? Ask her if there's an opening. Linked In allows 100 free connections a week? Connect with as many cyber recruiters and people who work in your dream jobs as possible. Message them and and ask for tha "15 min coffee chat" those linked in warriors always talk about (as annoying as it is and as uncomfortable as it to ask to meet with a random stranger, putting a voice to a name is even better then putting a face to a name.). You have a phone? Start calling calling companies in your area and see if they have openings.

Use as many resources as you can to maximize your job hunt.

If you are still reading this, I appreciate the time you took to read this. I hope I have given you tips you can use, or have entertained you at the very least.

Fell free to DM me with any questions :)

TLDR

1. Make sure your are mentally prepared and healthy.

2. Acquire skills (weather that's through education or certifications).

3. Network with others in the space.

4. Optimize your job hunt using relevant tips in tricks.

5. Do not give up.

6. Get lucky.

Hello, could anyone help with titles of entry level positions that require no to little experience, besides help desk? Also anything that can be remote would be a great bonus! Thank you.