When I started writing Infosec Party, I focused on helping jobseekers with two specific issues they wanted advice on after surveying: home labs and projects. It has grown beyond that to contain resources for community building and networking as a dedicated career development resource.
There are many free resources from cert providers, professionals, and juniors out there for red team work, hacking, web app security, and penetration testing, so that is not the focus of this resource.
Instead, this is sort of an attempt to answer cyberseekâs mission to fill the âcybersecurity skills gapâ and help jobseekers gain relevant, significant and practical skills.
This resource intends to encourage blue team or defensive skills, since most security jobs (no, not all) are actually defensive. It also specifically encourages actionable solutions to security training. I have a Security+, but that certificate is mostly theoretical. Plenty of training exists to teach the practical, technical actions of your day-to-day in security roles!
Cyberseek only recommends paid schools or universities for training, but many relevant skills can be acquired through experience. Luckily, several platforms exist to let you practice these skills for free, including setting up labs and products that utilize AWS and Azure, accessing and configuring SIEM dashboards, and designing secure networks and systems.
Cyberseek provides âFeederâ roles for your cybersecurity pathway. If you want to work in another role first, those are decent places to start. This is a good option for people choosing not to go to school for IT, CS, or engineering.
Most âskills gapâ legends are myths.
One industry-specific reason it takes 21% longer to fill cybersecurity positions is that many entry level positions in cybersecurity are not actually âentryâ level. There are many positions where itâs a reasonable requirement to ask for previous experience. Another understandable reason is that newcomers have not established trust within the communityâsecurity should be in the hands of people who are trusted without any qualms.
To become a Security Analyst, employers often request a background of several years in tech support, alongside a degree and often look for at least one security certificate. This is the same for any other cybersecurity position. Even SOC Analysts and Endpoint Detection and Response employees are usually required to have certifications and multiple years of help desk experience, when this isnât necessary to perform well on the job. If youâve trained and studied as a SOC Analyst, that is likely enough for the position, as your training implies this knowledge!
These requirements are also only expected of someone who isnât working at or known by the employing company already. Many organizations admit openly to bringing one of their employees with no background in security into security roles, or to training someone who is put in that position on the job. You can always try that route yourself. Remember, you do not need to be a genius to work in this field, you just need to study and work hard like you would in any other field.
I hope that this resource can be a gift to other info or cybersec hopefuls trying to make this field less inaccessible! Letâs break that gate!