Lie On Your CV - A Brief Guide To Entry Level Cyber Talent by Josh Jackson

so I want to say thank you to everybody for having me here today it's an absolute honor and a privilege to be here at besides Leeds especially after the extended Hiatus that it's been on um so without further Ado let's get right into it um I think first question is probably you know who am I well my name's Josh um I've been in and around cyber security for about six years now and I am a senior stock analyst by trade and outside work tend to do a little bit of music and a little bit of Freestyle Wrestling I've also been a penetration tester a junior self-canalyst of course um a bit of a standard security

consultant and all around just a little bit of a generalist within cyber security so wear many hats and currently in my role at Banbury cyber security I wear all those hats at the same time but primarily all senior stock analysts work so why should you care who I am why should you care what I have to say about uh lying on your CV and all the rest well I had a bit of a strange foothold in the industry um I'd say I'm probably one of the few people who came into the industry through the job Seekers allowance back in the pandemic um I graduated University straight into the pandemic was not able to get a job

at all um so managed to find my way into Standard Security through a very weird scheme that was running at the time called the Kickstart which puts you on minimum wage 25 hours a week and managed to kind of pivot that into the full-blown career that I have now but as a result of moving up into a senior stock analyst position I'd been interviewing people for my team and as a result of that I've seen a lot of different people come through from a lot of different cyber security backgrounds and I'm not particularly afraid to give you advice on how you should get your foot in the door how you should get that first role that other people might not

really like very much so who's this presentation for well primarily everyone um you'll have something in there for employers something in there for applicants as well that's going to be something for anybody who's interested in entry-level cyber security jobs but primarily this is going to be good slightly more towards applicants just because of the nature of this day so we're going to go through a few character classes you might notice it's the AI generated images I could not find um good royalty-free stock photos to to suit this um so you're gonna have to put up some AI generated stuff but that should be all good um what I mean by a character class is kind

of what kind of background you might have come from to get into cyber security and I tend to I tend to find there are about four of them you've got University graduates um people who've come through a traditional Academia and maybe done like a computer science course or a cyber security course uh people who come from a cyber Academy like uh caps lock is a very good example something that's a lot more focused on just getting you out the door the qualification that can get you a job people who come straight through the industry um I've met a few people who have gone in to cyber apprenticeships uh straight down to sick form or anything like that

or maybe you've gone and gotten your CCNA or some other qualifications that might net you that that first role and some people come in with absolutely no cyber experience at all or no technical experiences for that matter and there are benefits and drawbacks to each of these that we're going to go through here so University graduates tend to be very excellent generalists they've had three years to learn all the fundamentals of computing cyber security all the rest and as well as that I think one of the few genuine benefits um to coming through traditional Academia these days uh as opposed to anything else is that you've proven your ability to learn over the course of an

extended period of time so everyone who's graduating University is going to be at least a certain standard to be able to get in through the door as well as that because you've had three years minimum basically of doing assignments dissertations exams you tend to have very solid written skills which you might be thinking that's maybe not a massive part of the job but people often ask me well Josh what kind of programming language should I learn to get into cyber security or something like that and I always say the language that I use most in my job is English having the ability to write technically having the ability to write clearly concisely comes in very very funding

when you're getting that first job and also comes in handy in your career progression people who come from a university background as well tend to be very confident in their ability which can be a little bit the con as well um having that incorrect perception of the industry and where you fit into it especially as somebody who's only really had theoretical um practice with all of the concepts you'll be coming across within the industry can be a little bit of a downside um and I've seen people come in and be expecting that they should be earning like 30 000 pounds a year in their first entry-level job straight South University and it's it's just not

feasible um really you need to Tamper your expectations of you coming in from this kind of background moving on though to um a bit of a newer kind of way into the industry you've got people who come through these learning academies and these tend to be very good courses that are being focused and curated by industry Leaders with a very heavy focus on employability so you're much more likely to be learning the practical skills that you might be coming across when you actually get into the roles that you're looking to get into they tend to give you a very solid Baseline understanding of security Concepts that you can build off and it's a lot closer to the industry as I said

than any kind of traditional Academia that we see through University um however because you don't have the full three years to really kind of hone in your skills on um you know the more basic parts of computing and of cyber security say like the fetch so you've got an execute cycle um certain networking Concepts I've seen people not really have nailed down um you might have a bit of a limited extended knowledge of computing as a whole and of sun security as a whole but that's largely going to depend on the academy that you've joined your written skills as well um due to it not being as long of a course written skills going to be

largely dependent on your personal background and what kind of things you've done in the past we have somebody on our team who used to be an underwriter for a large Insurance firm and so his written skills are exceptional but other people might not um might not have come from such background and as such written skills might suffer as well as that this kind of career progression can sometimes stunt your career progression and leave you at the I'll say the lower rungs of the of the salary ladder for a little while just due to the way that the loans are structured for these kinds of courses so you might find yourself um earning a little bit less for a

little bit longer until you can access those higher paying roles um but that's not necessarily a bad thing it's a very solid way to get your foot in the door coming through the industry first um gets you very early exposure into the industry so people who come straight out of college or sick from people who just get a certification and they go straight in from there you'll get years of hands-on experience before any of your colleagues will and that will give you a lot of very fast progression if you're early in your career however your wrestling skills once again are going to be a bit of a mixed bag and your skill set will be narrowed based

entirely on what you've been doing through your uh through your day-to-day role basically as well as that because of your own experience you might find that you have to be trained a little bit longer and there's something to consider for employers training is going to be a little bit longer due to be an experience and as well as that due to that uh kind of narrowed skill set you may be less suited to certain roles and require a bit more training when you reskill into those roles later on in your career but kind of stripping away any certifications at all we can take a look at people who come in with absolutely no cyber experience

um who actually can be quite beneficial to all know to an organization my partner manages a pub in the center of York and their previous hiring practice was that they would only hire people who had never worked in a bar a day of their lives and the reason for that is that they had no bad habits um they knew nothing about how to mix the drinks they knew nothing about uh anything really so you could build them up according to the business processes at your organization it's also a lot cheaper for companies to hire people with no cyber experience and I find that both parties tend to benefit from that because not only are you as an

applicant or an employee earning a lot of very valuable experience but also the employer is going to be able to employ you for a little bit less and gets a good amount of value out of you and as well coming from absolutely nothing you've got lots and lots and lots of room to grow cons of all this is that he potentially got no proven ability to work in cyber security and you might get a decent portion of the way into that first role and find that you're still not really feeling it um and that may be due to struggling with a very steep learning curve coming from a very limited uh background and as well as that additional time is

obviously going to be required for training two seconds just gonna add some water so which one of these kind of backgrounds come from is best well frankly none of them um each one of them has its own unique benefits that you might be able to leverage um but if you're applicants I think you should use this information that we've just gone through to really understand your flaws and and kind of where you might have come from in the industry temper those expectations because I know that when I got into the industry I thought that I was on it and then I did did one hat a box and realized that was absolutely not the case I did not know

what I was doing so temper your expectations and also know your trajectory understand where you're going to be headed in the long term um are you looking to manage a team are you looking to build out your own business one day uh what is your career path going to look like if you enter at a certain point and as well as that if you're an employer um looking to implement some entry level positions into your organization when you're hiring really focus on the the team fit of that employee and the attitude for their their attitude for learning I think is the most important thing also have a think about your organization if you don't have any

internal positions available have a think about which shelves might be suitable for entry level Personnel we could always do with getting more people into the industry and when you're thinking about uh which jobs are suitable for entry-level Personnel have a think about what base level bare minimum skill sets an employee needs to be able to perform that task you might find that it's a lot less skill than you actually think so what kind of jobs should you be looking for I'm going to pause here for a second so that you can screenshot this if you need to but these are the keywords that I would suggest you put into any researchers for jobs whilst you're making that first look for entry

level positions associate is one that comes up again and again and again and you might not have every single qualification that they're asking for but we'll touch on how you can get around that in a second so how can you get one of these jobs well my advice is always to get your foot in the door that's the that's the first thing that you should be trying as hard as possible to do do whatever you can to get that first face-to-face interview because borrowing exceptions most people don't really care a great deal about the um experience level of somebody in an entry level position they they much more care about team fit how are you going to

work with the rest of the team how do you fit into that company culture you know are you the right person for this role are you the right person for this job and don't be afraid to get creative uh with the ways in which you'll get your foot in the door because I guarantee you if you don't then somebody else will so how do you um get creative on your CV well um first of all I'm going to preface this by saying that it works I was speaking to um somebody that I hold in very high regard in the industry quite recently and I was um running through some positions that were kind of entry level with him and

asking kind of if they would be suitable for somebody with with very little experience in the in the past and how would you get around not having the experience and he said quite honestly with me um get creative on the CV they did it and they've progressed a very long way in the industry um despite having a relative inexperience going into it so it does work and um I'll caveat that by saying that you should only be getting creative about things that you actually know about because if you can talk for hours and hours and hours about networking then that's absolutely fine but if you can't please please please for the love of God do not tell somebody

that you are a network engineer because you will be pulled up on technical details and people will ask about your experience in your last role what was it that you did what's this specific thing if you can't answer those questions they're going to see through you immediately also if people want to know what you did in your last role um no I signed an NDA signed an NDA with my previous employer I can't talk about it I'm sorry um how can you explain the Gap in your in your CV sorry signed an NDA I can't but I did uh but I do know about these things and these things focus on your technical skills as opposed to your

previous experience that's my advice um as well as that if you can't seem to find any references from previous companies that you might have worked at on occasion friends will make excellent references just make sure that the that this friend can talk about what it is that you want to excuse me what it is that you want to be going into and make sure that they're aware that they're going to be receiving a phone call from somebody because you don't want no you don't want the creativity to fall flat on its face and as well as that some companies will go under and some companies just like in HR departments ensure that we've all seen the recent meltdowns that have been

going on at twitter.com um and it became quite clear to a lot of people after you know certain people were just being fired and they had to literally tweet the CEO to figure out whether or not they were still employed with Twitter um became quite clear that Twitter no longer had an HR department and thus nobody to confirm nor deny whether or not you in fact work there so something to keep in mind when you're writing about your previous experience aside from uh lying on your CV there are other ways to get a foot in the door for example the biggest one is just making friends uh get talking to people because the number of times that

positions will come up and somebody within the company will will say well actually I know someone who wants to get into cyber security uh could you give them a call could you just have a chat with them see if they're the right fit for the job the more friends that you have the more likely it is that that kind of thing will come back your way as well as that talk to the hiring manager it can be a little bit frustrating for hiring managers sometimes getting Awards and messages from people but the worst thing that you'll be told is just to um you know apply normally and wait for a call back um best case scenario you get something

back from the hiring manager and you might be able to Swindle a job out of that also talk to recruiters because they're they're here to help you and that's their entire job is just getting you employed within cyber security or whichever field you want to go into um so make sure that you're talking to recruiters and don't be put off by any fees or anything like that because realistically if this is what it takes to get your foot in the door then it's fully worth it also use social media uh make posts let people know that you're looking for a job let people know that you're skilled in this area and that area in this area

or in that area message people who are kind of influence and influencers in the LinkedIn space see if they can help you out because you never know you might just find somebody who's willing to help and willing to kind of get you in there also just start working on the projects and document it as you go because oftentimes people will be interested in what it is that you're doing and just reach out to you or talk to anyone that you can about that project that you're working on and see if that's uh suitable for a position that you might be looking at bringing yourself a big title on LinkedIn also helps I received I think

three job offers in the week when I listed myself as a senior sarc analyst on LinkedIn so sometimes um all it takes is a little bit of a little bit of a specific title or a little bit of specific experience that people might be looking for to actually get your foot in the door there so how might you secure the job when you actually do get that interview and when you've um kind of gotten very creative with your with your way in um how do you actually get through that interview and get the job well there's no easy way to say it but you just gotta be fun to talk to um I did not know how to talk to people

when I first started looking for some security jobs I remember being a little 19 year old sat in his room uh not fully grasping the concepts of small talk and um there are resources out there and if you're unfortunate enough to be in my position know the man who's on the right hand side of this photo there's a YouTube channel out there called Charisma on command that sometimes does some good videos around how you might be able to talk to people in a nice kind of way um and you can learn to make small talk you just got to start actually speaking to strangers there are cashiers out there there are Baristas there are bartenders there are lots of people out

there in the world who are willing to tell you kind of little bits about their day you just have to go up to and ask them you know how's your day going what kind of shift are you on today um how's the shift been things like that um will get you into the flow with being able to talk to anybody basically also just know yourself if you're going in for a specific role and you maybe don't have all the experience then make sure that you know what it is that you're going to be talking about and come prepared in that sense to make sure that you can speak on that topic for an extended period of time

because realistically all that an interview is is it's a test that you are the right person for that position don't be afraid to say I don't know as well because there's nothing worse than not knowing something and then trying to lie your way out of it trying to um to really kind of accentuate um your knowledge to an extent that just isn't entirely correct it's perfectly fine to say actually I don't know could you tell me a little bit about that or actually I don't know but I'll go away and Google it after this meeting if that's all right perfectly acceptable answer to any questions I'm prepared make sure that you're that you're ready for that interview and ask

questions I was told to always have two questions in my back pocket at the end of an interview because you will be asked if you have any questions so my two go-to's are you know where do you see the business in three years um or maybe five years if you're looking long term and how do I fit into that business strategy in that time if I was brought on how can I help you achieve your goals with this business people like to see that you can commit to that role and what if you don't don't get the job well um it's absolutely fine because there are so many more out there uh cyber is only growing and there are loads of

roles being posted almost daily um and it's okay to not be right for the role because realistically if you didn't get a job then it's likely that the employer just didn't think that you were the right fit or they were probably looking for a very specific person for that role and it's probably for the best that you didn't get it because it's better that you just don't get it you're not miserable in a position that you're not quite right for and you can actually look and find something that is going to be a better fit for you as well as that yes it's about being really really good and yes it's about having all the

experience and all the rest but also it's a numbers game the more jobs you apply to the more likely it is for um you to actually get that role and so just keep at it because remember the only way is up so thank you so much I'm happy to take any questions now if you don't get a chance to talk to me now um You can track me down LinkedIn I'm being tagged in all the B-side leads posts and if you really want to list me as a reference and you don't have anyone else a list by all means do so just message me on LinkedIn let me know first