What’s a Hacker’s favorite season?
Phishing Season
Now that I have your slightly judgemental disbelief at how poor that joke was — and your attention, let me get started with why we are here.
(Unless you clicked on the link accidentally, and are now reconsidering your life decisions — in which case, STAY! )
Over the past few years, every once in a while I meet someone who asks me how do we get started with Cybersecurity. And every single time, I wonder what would be the best answer to this question. I won’t lie, my answers and the details I go into also vary with the time of the day it is and how long an answer I am willing to type out. And I’m pretty sure it’s not just me.
( A brief bio, just in case)
Now before I start getting rambly about everything that the Cybersecurity domain has to offer, a little bit about myself.
I’m Harshita, a Product Security Engineer with VMware, India. Before VMware, I worked for Cisco Systems as a Security Consulting Engineer helping clients deploy Cisco Firewalls and Identity Services Engine in their network and secure their network from external threats. My journey in security started at Deloitte working as a Consultant in the Cybersec Center, which was also my first internship and my first security gig ever.
So let’s get started?
I’ve curated some of the most common questions here and tried to answer them in as much detail as I could. Now reiterating, I’m learning every single day as well and may not be 100% right about a lot of stuff — but feel free to reach out, correct me and shoot your questions so this can help the community. :)
Q1: I am an undergraduate fresher and all the on-campus jobs I’m being offered are Software Engineering oriented. How do I get into security?
HS: You’re graduating in a few months and have already figured out what your area of interest is — so first of all, a huge shoutout! Now secondly, I know and I’ve seen this from my own campus recruitment experience not so long ago that Networking or Security roles are SCARCE to put it nicely. What I would recommend you do is make a list of all the companies and roles you would love to work for. Every company has a careers page so check that out and find the jobs that interest you. And then get in touch with the employees working in these companies and express your interest. It’s possible that even though there are no immediate openings you would get contacted once something opens up. Try to get someone to refer you for these roles and in the meantime explore courses and projects that will help you shape your resume for a role in Cybersecurity.
Q2: What online courses do you recommend? Should I do XYZ certification to increase my chances of being hired?
HS: Okay first things first — from my experience so far a certification does not really matter a whole lot (usually) in getting hired when you are a fresher. You will most likely be joining an entry-level position and no company expects their freshers to have a gajillion specializations before joining. (It’s unrealistic if they are, just move on to the next)
This brings me to the next point, everyone who is hiring you is making an investment in you. So all you need to do is convince them that you WANT TO DO THIS. And while certifications may be one way to achieve this, a more practical and fun way would be participating in CTFs, Bug Bounty programs, and Hack the Box challenges. With an extra emphasis on PARTICIPATING, you may not hit a bounty in your first attempt. But what’s important is that you try and you learn something from it. It’s always the effort that counts.
Q3: I’m currently working in a different industry and want to move to Security. What should I do and where do I start?
HS: While I don’t have a lot of experience with this one, I did recently change gears to Application Security, a completely new and unexplored domain for me. And what I can assure you from my interviewing experience are 3 things that are extremely important
a) APPLY FOR THAT ROLE — I know the Job Requirements look daunting, you might be absolutely new to a lot of tools mentioned, but what counts is you take that plunge and apply for the roles you want to move to. You may not be selected for the first one you apply for but for every interview that you don’t make it to — you will have a wealth of topics to prepare better the next time you appear for another one. Don’t wait until you meet 100% of the reqs.
b) WORK WORK WORK — Read as much as you can, understand the concepts and delve deep into the subject. Make sure while you’re waiting on those interview calls you are also working to make yourself a better fit for the role.
c) COMMIT AND MERGE — What do you currently do on your job? Is there a way to make your code more secure? Can you take up a side project that focuses on cybersecurity that will help you learn and pick up new things? A lot of doors open up for you once you start knocking on all of them :) As they say, if you never knock — you’ll never know!
For the sake of brevity, I’m wrapping this article here. You can always drop by with your questions and if I’ve missed something out here, I’d love to add it in Part 2.
Until then, stay tuned!
