A Cybersecurity Job Seeker’s Guide to Employment
By
Professor Steve Linthicum*
An advantage of having longevity in the information technology field is you gain an understanding of where we are
today and how that compares with history lessons of the past. One of those lessons relates specifically to economic
principles associated with supply and demand. The basics of these principles strongly suggest that where a resource is in
short supply, generally the demand for that resource is high, resulting in the cost for the resource rising.
Mindful of the fact that IT certifications, from a historical standpoint, rose in importance in the final decade of the 20th
century (1990-1999), it is helpful to return to that place and time. Novell was the primary leader in the certification
arena its CNA and CNE certifications. Microsoft made great strides in the latter half of the decade, leading the charge
with its MCSE certification, and commanding that leadership in the early years of the 21st century. Every student wanted
to achieve the coveted MCSE certification, and for most who received it by passing the six (6) exams, opportunities for
employment, even for students who lacked work experience, were there.
Advance nineteen (19) years to today’s world and the identities of popular certifications have changed. Gone from the
scene is Novell and its popular Netware operating system. Microsoft is still around, with its workstation server products
continuing in popularity, but facing strong competition from the open source community. That clamor relating to
obtaining its MCSE certification appears absent, replaced with a broad array of certifications that focus on cloud
technologies, cybersecurity, and some surprising additions.
For guidance relating to cybersecurity certifications, the Cyberseek website, sponsored by the U.S. Department of
Commerce, is useful. It details on a National level, as well as state and metropolitan area levels, the current levels of the
cybersecurity workforce and total cybersecurity job openings. It also lists six (6) certifications (Securty+, CIPP, GIAC,
CISSP, CISA, and CISM), providing information relating to the number of people holding the certification for a defined
region, along with the job openings requesting the certification.
Cloud security certifications are relatively new to the field and fall into two major categories. Those categorized as
vendor neutral include CompTIA’s Cloud Essentials+ and Cloud+, the Cloud Security Alliance’s CCSK certification, and the
(ISC)2 CCSP certification. On the vendor side, the two front runners are Amazon Web Service’s Cloud Security – Specialist
certification and Microsoft’s new Azure Security Engineer (AZ-500) certification.
Having some familiarity with these certifications, for most people considering an IT/cybersecurity career, it makes sense
to begin with lower level certifications. For security job roles, consideration should be given to the CompTIA line of
certifications considered by some as the “certification trifecta.” That is their A+, Network+, and Security+. These serve a
foundational role, providing evidence of both a willingness to learn and some proof that you understand the basics of
information and communication technologies. Their importance use to be measured in terms of landing that first job in
IT roles that the Department of Defense in directives 8570.01 and 8140.01 define as Information Assurance Technician
(IAT) levels 1 and 2.
However, there is still the difficulty those seeking jobs in this industry face without experience. We are all aware of that
“Catch 22” conundrum. In order to get a job, you’ve got to have experience. In order to get experience, you’ve got to get
a job. That’s were creativity becomes important. Ask the question, how can I get an employer to hire me with my limited
level of certifications and little or no work experience? The answer may well be by following some of the suggestions
detailed below.
Demonstrate a passion for both lifelong learning and the cybersecurity industry
I often tell people considering cybersecurity as a career pathway there is only one requirement. You must be a lifelong
learner, willing to take the time necessary to keep up with technology. If you do not have a LinkedIn account, get one.
Use your profile in a manner that tells a story about what you are doing that evidences a commitment by you to lifelong
learning. Display certifications you hold, providing sufficient information for a potential employer to verify certification
attainment. LinkedIn provides the ability for you to become an author, composing articles that establish your ability to
write in a quality manner. Pick content that you are comfortable based upon your knowledge, skills, and abilities (KSAs),
to write. Know that it will be read by others and you will be judged on your communication ability. Best perhaps to have
a trusted advisor proof read it before you push the “published” button.
Consider participating in cybersecurity related organizations. I’ve provided the list below to students in Southern
California as a means of identifying networking opportunities. This is area specific and you may not have access to some
of these organizations in your local area. But you do have Internet searching capability. Try finding groups that may
interest you through websites like MeetUp.
Here in Southern California we have a variety of national and international organizations
that provide this ability to network on a local level. Specific networking opportunities you may
want to consider getting involved with include:
▪Infragard – An FBI created public/private partnership. Joining requires you go through a process
characterized as a “security risk assessment.” There is are local chapters located in San
Diego and Los Angeles.
▪ITDRC – The Information Technology Disaster Resource Center is a volunteer organization that
provides communities with the technical resources necessary to continue operations and begin
recovery after a disaster. It harnesses the collective resources of the technology community to
provide no cost Information, Communications, and Technology (ICT) solutions that connect
survivors and responders in crisis.
▪ISSA – The Information Systems Security Association is an international organization of
information security professionals and practitioners. It provides educational forums, publications,
and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its
members. There are local chapters located in San Diego, Orange County, and Los Angeles.
▪ISACA – The organization engages in the development, adoption and use of globally accepted,
industry-leading knowledge and practices for information systems. Previously known as the
Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect
the broad range of IT governance professionals it serves. There are local chapters located in San
Diego, Orange County, and Los Angeles.
▪(ISC)2 – An international association for information security leaders, committed to helping its
more than 140,000 certified members learn, grow and thrive. There is a local chapter located in San
Diego.
▪AITP – The Association of Information Technology Professionals was created in partnership with
CompTIA, and serves as the go-to resource for individuals seeking to start, grow and advance a
career in technology. There are local chapters in San Diego and Los Angeles.
Consider learning other skills and provide evidence of attainment
When most people think of what is required to attain cybersecurity professional attainment, they express
having the KSAs associated with defending and attacking networks. While those skills may be important, there
are certainly other skills that play into this role. Reliance on useful information when making decisions about
what we should be teaching is helpful. The New Foundational Skills of the Digital Economy report, issued by
the Business-Higher Education Forum and Burning Glass, helps to define the nature of skills employers are
seeking for the digital workforce. The graphic below appears on page 11 of the report.
In a recent posting on a closed forum for CompTIA instructors, one of their executives posed the following
question: Did you know out of the 129,397 total U.S. Cybersecurity job postings during Q1 2019, Project
Management was rated #4 as a top specialized skill? When I asked about the source of this information, I was
told they got “this specific data point from the Burning Glass Technologies Labor Insights Tool, May 2019.” I’m
not surprised by the finding. Having taken and passed different version of exams for CompTIA’s Project+
certification, I know of the value of the information I learned that enabled me to possess this certification.
Also identified in the graphic above are what we in education commonly refer to as “soft skills.” From the
perspective of a technical educator, this is a challenging area, and more likely results from experiences both
inside and outside of the classroom. Communication skills (including writing as detailed above) will improve by
participating in the activities identified above. Learning how to react in a collaborative fashion can happen
through the participating in those groups identified above. Critical thinking, analytical skills, and creativity are
a natural byproduct of both learning and working. They will be fine-tuned as you gain job skills.
ABOUT THE AUTHOR
Steve Linthicum taught cybersecurity courses for decades as a professor at the college and university level, and
currently works with the California Community College Chancellor’s Office in a workforce development role. He
holds an array of IT and cybersecurity industry certifications.