Getting the Job

Everything in the previous sections was preparation. This section is about execution: finding the right roles, researching employers intelligently, avoiding common mistakes, and having an honest picture of what the career is actually like once you're in it.


The Honest Pros and Cons

Before you invest months building toward this career, you deserve a straight answer on what it's actually like.


Finding the Right Roles

Where to look

Platform
Best For

LinkedIn

Most useful single platform; recruiters actively search here

Indeed / Glassdoor

Broad searches; use Glassdoor reviews before interviewing

US-specific job demand by region and role

USAJOBS

US government and defense contractor roles

HackerOne / Bugcrowd / Intigriti

Bug bounty; consistent findings are evidence of offensive skill

What to look for in an employer

The company's security maturity matters more than the job title. A company with a well-funded, respected security team in a culture that treats security as a business priority is worth taking a slightly lower salary for, especially early in your career.

Questions worth asking in interviews:

  • What does the security team's relationship with engineering look like?

  • How are security incidents handled and reviewed?

  • What does the team's learning and development budget look like?

  • How long do most people in this role stay before advancing?

If the interviewer can't answer these clearly, that itself is information.


Do You Even LinkedIn?

Seriously. Go look at your LinkedIn profile right now.

Is the headline generic ("Aspiring Cybersecurity Professional" tells me nothing)? Is the summary empty, or does it read like a form letter? Have you posted anything in the last six months? Do you have any connections in the field?

LinkedIn is not optional in this industry. It is where recruiters actively search for candidates, where hiring managers check you out after your resume lands, and where your professional network lives. A weak or empty profile is a missed opportunity every single day.

What a strong cybersecurity LinkedIn looks like:

  • Headline that says what you do specifically: "SOC Analyst | CompTIA Security+ | TryHackMe Top 10%" beats "Aspiring Cybersecurity Professional" every time

  • Summary in plain human language: where you're coming from and where you're going

  • Certifications listed

  • Some sign of activity: sharing an article, commenting in the community, posting about a lab you completed

You don't need to be a content creator. You need to exist and look like someone who gives a damn.


Your GitHub Is Your Real Resume

When I'm hiring, I check GitHub before I read the resume carefully. So do most technical hiring managers I know.

If your GitHub is empty or private, that's your most important task before you send another job application.

And if you don't know where to start with open source: you're reading an open-source book right now. This book lives on GitHub. Fixing a typo, improving a section, adding a resource you found useful is a real open-source contribution. You can put it on your CV. It counts.


Show Up. Physically, If You Can.

Most people wait to feel ready before showing up anywhere. That's backwards.

Security conferences and meetups are where the industry actually lives:

  • OWASP chapter meetings. Free, most major cities.

  • BSides events. Community-organized, low-cost or free, highly accessible.

  • DEF CON and Black Hat. Student discounts available.

  • Local ISACA and ISC2 chapters. Often discounted or free for students and unemployed members.

Just ask. Many events offer discounted or free tickets for recent grads or first-time attendees. The worst they can say is no. Showing up matters more to most organizers than the ticket price.

What you do when you get there: talk to people. Not to network in the transactional sense, but because these are people who do the work you want to do. Ask what they're working on. Ask what they wish they'd learned earlier. Most practitioners in this community are generous with their time. The conversations you have at a BSides event will do more for your trajectory than many hours of solo studying.


Internships and Training Positions: Don't Be Proud

A paid internship at a well-known company, or an unpaid one if you can afford it, is one of the fastest paths into a full-time role. The name on your resume matters less than you'd think for landing jobs later. The experience and the reference matter enormously.

Sitting and waiting for the perfect opportunity is the worst thing you can do. An imperfect role you took, learned from, and turned into a reference is worth far more than the ideal role you're still hoping to get.

Training positions, apprenticeships, even junior helpdesk roles at companies with security teams are all entry points. Many of the best security professionals started somewhere unglamorous. The job you take isn't the job you stay in. It's the job you use to get to the next one.


On Discrimination

It happens. Most people in positions to discriminate won't admit it, even to themselves. You may face it because of your name, your background, your accent, your gender, your age. It is real and it is wrong and you will not always be able to prove it.

Don't let one bad interview, one silent rejection, or one frustrating experience stop forward motion. The data is on your side. Keep going.


One More Thing About This Book

How much of this did you actually read? Be honest.

The authors of this book, and the contributors who've helped build it, share decades of combined experience here for free. No paywall. No upsell. No course to buy afterward.

The point is: you don't need to buy a fancy program, book, or course to get into this field. The information exists. Much of it is free. The bottleneck is never access to information. It's doing the work.

If this book helped you, the best thing you can do is contribute back. Fix something that's wrong. Add a resource. Improve a section. Submit a pull request on GitHub. Your name goes in the contributor list, and you have a legitimate open-source contribution to put on your resume. That matters to hiring managers who know what to look for.

Don't know how to contribute to open source yet? This is your first project.


Your 30-Day Launch Plan

You don't need to be ready to start. You need to start to get ready.

Week 1: Build Your Foundation

  • Create a free account on TryHackMe. Complete the "Pre-Security" learning path (~10 hours: networking basics, Linux, and how web technology works)

  • Install VirtualBox (free) and set up a Linux VM (Ubuntu is a good choice). Spend time every day in the terminal: navigation, file management, process management, piping commands

  • Watch Professor Messer's CompTIA Network+ series on YouTube for free. Take notes in your own words

Week 2: Go Hands-On

  • Complete TryHackMe's "Introduction to Cybersecurity" path, which covers how attacks work, what defenders do, and gives you a taste of each pillar

  • Set up DVWA (Damn Vulnerable Web Application) on your Linux VM. Practice every OWASP Top 10 vulnerability in this safe environment. Document what you learn

  • Based on what you've experienced this week, commit to one of the four pillars, not forever, just for now

Week 3: Build a Visible Presence

  • Create a LinkedIn profile specifically for your cybersecurity journey. Document what you're learning and what certifications you're pursuing

  • Join the TryHackMe Discord, r/cybersecurity, or a relevant professional community

  • Find three professionals on LinkedIn doing the work you want to do in five years. Study their career paths

Week 4: Make a Commitment

  • Register for CompTIA Security+. You don't need to be ready yet. You need a deadline. 60 to 90 days from now is reasonable. Having money on the line focuses the studying.

  • Identify your primary practice platform and use it daily

  • Write a simple one-page plan: your target pillar, your first certification, and the job title you want 12 months from now


Further Reading

Resource
What it covers

Interactive map of career transitions, certs per role, and job opening counts

Glassdoor Company Reviews

Read reviews from current/former security team members specifically

LinkedIn Salary Insights

Self-reported salary ranges by job title and location

Beginner CTF platform by Carnegie Mellon. Problems permanently available.

r/cybersecurity and r/netsec

Active communities; r/cybersecurity is career-focused, r/netsec is more technical

Cybersecurity Career Master Plan by Dr. Gerald Auger

Practical, experience-based guide written by someone who hired security professionals


Want someone to look at your LinkedIn or GitHub and give you honest feedback? Stuck on where to start? Join the community on Discord or reach out on LinkedIn -- happy to help. And if this book was useful to you, pay it forward: contribute to it, share it, or just send someone else here who needs it.

Last updated