I’m often asked by students and those thinking about a move into cyber security: “How do I break into the field?“
My answer hasn’t really changed over the years, but I get asked often enough that I figured it’s worth putting into a quick* blog post. I’ll give you a sense of how I think about hiring, what I look for, and hopefully give you something more useful than some of the generic, unhelpful advice out there.
Just to be super clear – everything here is 100% my personal opinion. This is what I look for when hiring for my own teams, regardless of seniority.
This post is focused on the technical side of cyber security – engineering, architecture, offensive security, defensive security. I think it’s a good foundation, even if you eventually end up specialising in a less technical field like governance, risk, or compliance.
* turns out this wasn’t the “quick post” I thought it would be – it took me three weekends in a coffee shop to get this finished 🙃