Advice for Graduates Entering the Cybersecurity Workforce

Image for post
Image for post

I recently received an inquiry from a fellow cybersecurity professional who was having difficulty entering the workforce. I think the advice and follow-on conversations by the audience might be helpful for others.

Hello Mr. Rosenquist,

I recently graduated with my M.S. in National Security Studies and Public Safety where I focused on cyber security. I have been looking for work for a few months and have had no luck. I was wondering if you had any advice for me?

I really have a strong passion for cyber security and while I do not have any in the field experience I have accomplished a lot and have very strong references. The only challenge I am finding is that no one wants to give me a chance. Thank you for your time, Winston.

Winston, first congratulations on graduation with your degree! The benefits of a higher education will reap rewards for your entire career. Although I don’t have the specifics of what you have looked at or applied for, I do have 3 general pieces of advice for you.


1. Look to the government sector. Government organizations highly value advanced degrees. Take a look at local, state, and federal openings for security. They are in desperate need and some departments are even offering additional compensation for certain skills. This is where many get their start to build experience.

2. Broaden your search. Keep in mind that most HR groups don’t really know what the organization is looking for or needs with the respect to cybersecurity. The landscape is constantly changing and it is tough to keep up. In many cases they simply cut/paste from other, what they think is similar, job descriptions. The result is overly generic or an inaccurate list of requirements and roles. Don’t hesitate to apply to positions which may fall in this category and in your cover, explain how your education is applicable to the greater goals of risk management.

Also look outside the cybersecurity division. Security insights and skills are needed in many different departments nowadays. For any company on the Internet or which provides services accessible to the Internet, they need security. Look across industry segments. Finance, healthcare, transportation, communications infrastructure, manufacturing, hospitality, healthcare, etc. are all hiring. You will find jobs in audit, legal, engineering, architecture, IT infrastructure, sales, software solutions, program management, marketing, and of course in the information security departments. Don’t artificially limit your search.

3. Obtain a technical certification. It may seem like a step sideways, but remember, many organizations don’t know what they need. So they cut/paste what they have seen before, which in many cases includes technical certs. It may just get you in the door for an interview. I would recommend a broad certification like CISSP, GIAC — GSEC or GSLC, or CISM. This is not just for the paper. These will also provide a rich background that will complement what you studied for your M.S. degree. In the end, you will be a more capable security professional and be able to better integrate the practical side with your academics.

The jobs are out there.

Estimates vary, but they tend to hover around a million unfulfilled positions which need computer related security skills. Do the usual job-search best practices: define your goals, pen a good resume, conduct online searches, handle yourself in a professional manner, connect via professional social media and stay focused on your objectives. As you reached out to me via LinkedIn, I will mention it has many groups to join, connection opportunities to people in the industry, and the ability to follow others who like to blog and discuss job opportunities. Leverage these types of resources for information, job leads, insights, and to make connections within a desirable organization.

I hope this helps you in your career journey. We all started somewhere. You will too. We need people like you. Cybersecurity is struggling to keep pace with the threats. I look forward to your announcement on LinkedIn when you find that first professional role.

A final thought, for all the readers.

To those who are interested in a career in cybersecurity and those already working towards that path, reach out to people in the community if you require advice. We are here to help. We need your creativity, technical expertise, leadership, enthusiasm, and communication skills to make cybersecurity stronger.

If you are already a professional in the industry, please set aside a little time to help those seeking to join the ranks. I know we are all crazy-busy, but only in working together can we overcome the threats we face today and those of tomorrow. Take the first step and add any advice you think is important for the next generation of cybersecurity professionals, in the comments below!

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Written by

Cybersecurity Strategist and CISO specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store