Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

  • matt@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I’m not sure if this is the right venue for this question so please let me know if that is the case – happy to ask elsewhere!

    I’ve been in various IT roles for the past 10 years and seem to have gotten stuck in a support capacity. My career goal is to be more of a DevSecOps or Security Engineering role but I honestly can’t get the time of day with an interviewer. I’ve got experience with programming, cloud infrastructure, web application security, and am currently going for my CKA but I don’t have a ton of experience “on paper”. Most of my experience is either me doing things myself to further my knowledge or taking on security things within my current role – for ex. in one support role I did a web application penetration test to make sure there weren’t any gaping holes before we deployed it.

    How can I make sure that I have the right experience down on paper for when I’m applying to roles? Has anyone here “broken out” of a support role into security? What was your experience with it? I also have a lot of interest in doing research work and I know this can dovetail with the two roles I listed above but maybe I need to focus on the core ideas of those roles more?

    • shellsharks@infosec.pubOPM
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      This is what I made this playbook for. This will always vary from hiring team to hiring team but for me I look for practical skills/experience & the desire to learn more. Enthusiasm is easily mastered for interviews but proving your skills is harder. Fortunately, there are lots of ways to demonstrate your capabilities, many of which I talk about in the playbook. I’m not saying it’ll be easy, because for w/e reason this industry still hasn’t figured out how to not gatekeep for one reason or another but I think you’ll make it easier on yourself by focusing on practical, demonstrable skills and documenting them. Hopefully that helps!

      • matt@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Awesome! I really appreciate your help and will absolutely start going through this and what my resume looks like.

        Also, right?! How is it that in an industry that has a deficit of security personnel in it already is so damn hard to break into?!