How to get into Cybersecurity - CyberXcel

Cybersecurity Career Transition Course

Introduction and Why You Should Listen to Me                                  

First of all, thank you for enrolling in this free course. In this course, I’m going to help you start your cybersecurity journey in no time, without requiring a degree, multiple certifications, or any other hoops to jump through.

Who am I and Why Should You Care?

I’ve been in the IT field for nearly 10 years now, with 5 of those years specifically focused on cybersecurity. Prior to this, I was a musician struggling to make ends meet. Thanks to a family contact in IT, I changed careers and have not looked back since. Over the years, I’ve seen the skill gap in this industry, and I understand how tough it can be to break into the field without proper guidance. That’s why I’ve decided to share everything I know for free.

The Roadmap: Five Pillars for Breaking into Cybersecurity

Breaking into cybersecurity or any profession comprises the following five pillars:

  1. Your Skills: What you can actually do.
  2. Qualifications: Something that validates your skills, like a university degree or certification.
  3. Resume and LinkedIn: Your professional summary.
  4. Networking Skills: How to leverage people for your goals.
  5. Interview Skills: Being able to sell yourself in interviews.

In this course, we’re going to cover all of these aspects to help you launch your career in cybersecurity.

Understanding the Cybersecurity Industry: It’s More Than Just Hacking

Before diving into the details, it’s essential to understand the vast landscape of the cybersecurity industry. A common misconception is that cybersecurity is all about hacking, pentesting, and the offensive side, commonly known as red teaming. This could not be further from the truth.

Different Roles in Cybersecurity

There’s something for everyone in this industry:

  • Lawyers: If you’re a lawyer, you can specialize in cybersecurity law.
  • GRC Enthusiasts: If you’re good at speaking, writing documents, and policies, Governance, Risk Management, and Compliance (GRC) might be for you.
  • Technical Roles: Most of the open roles are in blue teaming and the engineering side of cybersecurity. Network engineers can transition into network security engineers, and the list goes on. DevSecOps is another avenue.

Starting from Scratch: A Roadmap for Beginners

If you have no IT background, you’ll have to start from scratch. Cybersecurity isn’t for the faint of heart; you’ll need a strong foundation in computers, networking, and Linux operating systems.

Entry-Level IT Roles: Your First Step

The best way to begin is by landing an entry-level IT role like help desk IT support or a service desk analyst. This phase is crucial for building foundational skills. While you’re working, absorb as much knowledge as you can about networking, operating systems, etc.

Identifying Your Target Role

After spending 6 months or a year in an entry-level role, you should identify your target role in cybersecurity. From there, focus on learning the specific skills and knowledge required for that role. You don’t have to be a jack-of-all-trades; it’s more beneficial to specialize.

The Importance of Providing Value

At the end of the day, it’s all about business needs and the value you can provide. Employers won’t spoon-feed you; you have to prove your worth through hands-on experience and during interviews.

Mindset Matters

Drop the ego. If you’re entering this field expecting everything to be handed to you on a silver platter, you’re in the wrong mindset and zone.

The Degree vs. Certification Debate: Ending the Confusion

In this lesson, we put an end to one of the most common misconceptions: that you need a degree to start in tech. Spoiler alert: you don’t.

No Degree? No Problem!

In my 10 years in IT, not a single employer has asked to see my degree. What has always mattered is the value and skills I bring to the table. If you’re considering spending thousands of dollars on a university degree that doesn’t guarantee anything, you might be setting yourself up for a lifetime of debt.

The Power of Certifications

Instead of a degree, consider obtaining certifications. These are internationally recognized and respected within the IT and cybersecurity industries. They are also frequently updated, ensuring that you are always learning the latest trends and technologies.

Which Certification to Choose?

With hundreds of certifications out there, choosing the right one can be daunting. Here’s a simple guide:

  • For Non-IT Folks: Start with CompTIA A+. This certification will not only teach you the basics of IT but also help you get past HR screening
  • For Those Already in IT: If you don’t have any certifications, start with CompTIA Security+. This is all you need to validate your knowledge in cybersecurity.

Certifications Are Not a Job Guarantee

Remember, certifications alone won’t get you a job. Your hard-earned skills, resume, LinkedIn profile, and interview skills are what will land you your dream role.

The Certification Loop: A Trap to Avoid

Don’t get caught in an endless cycle of collecting certifications. Learn the necessary skills, earn your certification, and start applying for jobs. Focus on networking and enhancing your people skills to further boost your employability.

From IT to Cybersecurity: Your Detailed Roadmap

Now that we’ve established that a degree isn’t necessary, and you’ve landed an entry-level IT role, let’s talk about your transition into cybersecurity. This roadmap will guide you in moving from your current IT role into a cybersecurity position as quickly and efficiently as possible. If you’re ready to embark on this exciting journey, comment “Mission Accepted” below.

Understanding Cyber Foundations

If you already have foundational IT and networking knowledge, it’s time to delve into the basics of cybersecurity. Similar to learning a new language, cybersecurity has its own set of terms, acronyms, and concepts that you need to become familiar with.

Getting Certified: Why Security+?

The best way to acquire this foundational knowledge is by taking the Security+ certification exam. While there are other options like Google’s certification, at the time of recording this, Security+ is more widely recognized by HR and recruiters.

How to Prepare for Security+

  1. Video Training: Your First Step

Start by watching a video training course on Security+ to get an initial grasp of the topics. Take notes as you go along.

  1. Dive Into Practice Tests

Don’t waste time hopping from one video course to another. Immediately start taking practice tests. Aim to score at least 80% correct answers before considering yourself ready for the exam.

  1. The Back-and-Forth Method

The preparation process is a game of revisiting material. If you get questions wrong in the practice tests, go back to your notes and video training to understand why. Repeat this process until you’re confident with your answers and their underlying concepts.

  1. Never Rely on Memorization

Simply memorizing the material won’t get you far; understanding is key. Make sure you comprehend each concept, so you’re not caught off guard during the exam.

  1. Going In-Depth: Official Study Material

If you feel the need to understand a topic in depth, consult the official Security+ study book. It’s a valuable resource for a deeper understanding of the material.

Note: I will link the best and most cost-effective resources for Security+ training. Make sure to use them to your advantage.

Post-Certification: Hitting the Ground Running

Congratulations, you’ve cleared the Security+ certification in just two months! So, what’s next? You’re likely wondering what skills to focus on and how to gain hands-on experience in them.

Identify Your Target Role

First, you need to identify your target role in cybersecurity. Remember, the field is vast and not just limited to penetration testing or hacking. In my experience, transitioning into blue team roles, particularly Security Operations Centre (SOC) positions, is the most straightforward path.

Why SOC or Security Analyst Roles?

The benefit of targeting SOC or cybersecurity analyst roles is that hiring managers are often more willing to consider candidates with less experience. While security engineering roles are also viable, SOC roles provide a great starting point.

Skill Acquisition: The Hands-On Approach

To succeed, it’s crucial to actually learn and practice the skills required for your target role.

Job Descriptions: Your Skill Guide

Here’s a pro tip: The job description of your target role is a goldmine of information. It will list all the skills, tools, and experience that companies are desperate for.

Niche Down for Success

I can’t stress this enough—focus on one specific area. Don’t spread yourself too thin by trying to learn everything; specialize and become a master at it.

The Job Hunt: More Than Just Technical Skills

The job hunt is a crucial part of your journey. While technical skills are essential, soft skills are equally, if not more, important. You’ll need to craft a killer CV, hone your interview skills, and excel in other areas that are often overlooked.

In upcoming modules, I will delve deeper into each of these aspects to help you finally land your dream cybersecurity job.

Hands-On Training: Tools and Resources

Alright, let’s get into the specifics. When I say you need hands-on experience, I mean it. But where do you start?

Vendor Training vs. Affordable Alternatives

If you’re looking to learn about specific tools, say, SIEM tools like Splunk, official vendor training is always an option. However, those can be expensive. The good news? There are cost-effective alternatives that can get the job done.

Resources for Blue Team and SOC Roles

Since I’ve recommended focusing on blue team and SOC roles, let me tell you—there are ample resources that offer lab environments for practical training.

Try Hack Me: Choose Wisely

While platforms like Try Hack Me offer a variety of courses, a common mistake is to get stuck learning about penetration testing and ethical hacking. Skip that temptation. Try Hack Me offers specific roadmaps and training focused on blue team and defense.

Let’s Defend: SOC Analyst Training

Another excellent resource is Let’s Defend, a platform that concentrates on SOC analyst training.

Topics to Cover

The ideal skill set should include malware analysis, incident response, threat hunting, understanding the cyber kill chain, and familiarity with the MITRE ATT&CK framework. A little knowledge of Azure Cloud and Sentinel will also go a long way.

Application Over Accumulation

Don’t waste time amassing skills you won’t use immediately. After training, your focus should shift to job applications and resume-building.

Networking: The Hidden Curriculum

Dedicate time to network with professionals in the industry. You can know all there is to know, but if you’re invisible in the industry, that knowledge won’t get you far.

Marketing Yourself

Remember, you have to market yourself to get noticed. You joined this course because I advertised it, and you saw value in it. You need to do the same for your professional profile.

Up Next: Tips for Job Hunting

In the next lesson, I’ll share some invaluable tips and tricks to supercharge your job-hunting process, including optimizing your resume. Stay tuned!

Resume Building: The Art of Getting Noticed

Download the Template

First things first, go ahead and download the resume template I’ve included in this course. Trust me, this template is a game-changer. I’ve used it myself, and it has consistently produced results. My students have also benefited from it immensely.

The Mistake of the Generic Resume

Now, let’s address a common pitfall: the generic resume. Most people submit a run-of-the-mill resume that simply does not catch the eye. Look, when a company posts a job listing, hundreds—if not thousands—of applications flood in. Do you honestly think hiring managers or recruiters have the time to sift through all those applications meticulously?

The 5-10 Second Rule

Reality check: Your resume gets a mere 5-10 seconds of attention. That’s right, seconds. So, your goal is to capture interest within that minuscule time frame.

Elements that Grab Attention

How do you do that? It’s all in the details—your name, headline, location, summary, and technical skills need to pop. Your educational background, while important, should not dominate the top section of your resume. Hiring managers are mainly interested in what value you can bring to the business. Can you solve their problems? That’s what they want to know.

The Summary: Be Direct

Avoid talking about your aspirations or dreams in the summary section of your resume. No one cares if you’re “enthusiastic” or “aspiring” to break into cybersecurity. What matters are the skills and tools you bring to the table.

Work Experience: Why IT Matters

This brings us to your work experience section. Listen, having IT experience is absolutely vital. Imagine a cybersecurity company has two resumes in front of them: one from a bartender and the other from someone with IT experience. Who do you think they’ll choose? IT experience—even basic IT support—is essential.

Be Wary of False Promises

Be extremely cautious of services that sell you an impossible dream. The reality is, you need concrete skills and relevant experience to be seriously considered for roles in cybersecurity.

LinkedIn: The Untapped Goldmine

The Importance of LinkedIn

In this lesson, we’re diving into LinkedIn, a powerful tool that’s often underutilized by professionals. I can’t stress enough the role this platform plays in the job-hunting process. Now, it would take me quite a while to go through every detail of optimizing LinkedIn, but here’s the gist.

Update Your LinkedIn Profile

First off, your LinkedIn profile needs to be in sync with your resume. It should be up-to-date and brimming with relevant keywords and skills tailored to your target role in cybersecurity.

LinkedIn as Your Virtual Business Card

Think of LinkedIn as your virtual storefront or business card. It’s your personal marketing tool. You have to make sure it presents you as a strong candidate, not just someone “aspiring” to get into cybersecurity. The term “aspiring” is ambiguous and vague—you either know your stuff, or you don’t!

Don’t Sell Yourself Short

So, get rid of language that diminishes your skill set. To get a sense of what an impactful LinkedIn profile looks like, you can take a look at my profile or those of some of my students.

Our Program Can Help

If all of this feels overwhelming, don’t fret. We offer a comprehensive program designed to equip you with the technical skills you need. We provide lab experiences and even assist you in landing a cybersecurity role—guaranteed within six months, provided you have an IT background. If you want to learn more, you can book a call with me or someone else in my team so we can come up with a personalized plan just for you. 

Interview Skills: The Gateway to Your Dream Job

The Importance of Nailing the Interview

Interviews are a critical step in landing your desired cybersecurity role. Let’s put it this way—if you apply to 50 jobs, you might get 10 interviews, or maybe even just 5. The margin for error is small, so it’s crucial to ace these interviews, or else you’ll miss out on valuable opportunities.

Pre-Interview Preparation

Before you even step into an interview, make sure you’re well-prepared. I’ve included a list of common interview questions you’re likely to face. This list should serve as your study guide. Take the time to prepare your answers; don’t leave it to the spur of the moment.

Navigating Non-Technical Questions

I can’t stress enough the value of rehearsing answers to non-technical questions. Questions like, “Tell me about yourself,” will come up. I have my answer for that question memorized, and so should you. And when you do answer, make sure you’re framing it in the context of the role you’re applying for. You’re not there to share your life story; you’re there to demonstrate how you can add value and solve the company’s problems.

Techniques for Answering Behavioral Questions

When it comes to behavioral or scenario-based questions, the STAR (Situation, Task, Action, Result) or CARL (Context, Action, Result, Learning) methods are your best friends. These frameworks help you structure your answers in a clear, concise, and impactful manner.

Handling Technical Questions

When it comes to technical interviews, there are no shortcuts. You either know your stuff, or you don’t. If you’re found lacking in the technical interview, it might be a signal that you’re not yet ready for that particular role. So, it’s crucial to have at least a strong foundational understanding of the required technical skills.

It’s Okay to Not Know Everything

Don’t beat yourself up if you don’t know the answer to every question. Nobody knows everything. What’s important is how you handle it when you don’t know something. I’ve found it effective to say, “I don’t have that information right now, but I’m the kind of person who will figure it out—even if that means doing extra work outside of regular working hours.”

Recap: Zero to Cybersecurity Hero in 6 Months

Starting Out:

  •  No Degree Needed: You don’t need a degree to break into cybersecurity.
  •  IT Foundation: If you have no IT background, it’s beneficial to start with an entry-level IT role to gain foundational knowledge and skills.

Certifications:

  • Security+ Certification: It’s a great starting point for understanding cybersecurity fundamentals.
  • Study Method: Watch video training first, take notes, and then do practice tests until you can get 80% correct.
  • Resources: Refer to official Security+ books for in-depth knowledge.

Skills and Roles:

  • Identify Your Target Role: Cybersecurity is vast; identify a role you want to target, such as a SOC Analyst.
  • Hands-on Training: Utilize platforms like TryHackMe and Let’s Defend to practice skills.
  • What to Learn: Malware analysis, incident response, threat hunting, Azure Cloud, Sentinel, etc.

Resume Building:

  • Template: Use the provided resume template.
  • Attention-Grabbing: Your resume should capture attention within the first 5-10 seconds.
  • Focus on Value: Employers care about what value you bring, not your life story.

LinkedIn Optimization:

  • Important Tool: LinkedIn is vital for job hunting.
  • Professional Branding: Optimize your LinkedIn profile to align with your professional skills and target role.

Interview Skills:

  • Preparation: Prepare for both technical and non-technical questions.
  • Techniques: Use methods like the STAR or CARL method to answer behavioral questions.
  • Honesty: It’s okay not to know everything, but show your willingness to learn.

Your Next Steps: Going from Zero to Hero in Cybersecurity

Hey everyone, I hope you’ve found this course valuable in setting the stage for your transition into cybersecurity. We’ve covered a lot—from optimizing resumes and LinkedIn profiles to preparing for interviews and gaining crucial IT experience.

However, I know that implementation can often be the hardest part. While this course has set you up with the fundamental knowledge, you might be looking for a more direct and personalized path.

Our Guarantee

We’re committed to your success so much that if you don’t secure a cybersecurity role within six months, we’ll continue to work with you at no extra cost until you do. We even put this in writing to make it official.

👉 If you’d like to learn more about how we can help you fast-track your cybersecurity career, feel free to reach out.

See you in the cyber world!

Sohail Ershadi

CEO & Founder of CyberXcel Training Academy 

My mission is to guide you on a smoother, more focused path into the cybersecurity industry.

Contact Us