Hacking The Job Market: Double Your Chances Of Landing An Ethical Hacker Role

Imagine this u uh situation. How many of you have applied for a job and at any time and got reacted? So a few of you and yeah so this is uh uh me. I'm Mik as well and I'm a manager in the appsec team in outpost 24. uh I mainly recruit junior for junior roles because of our yo location uh we don't have access to the seniors so we recruit a lot from universities so we have become experts on recruiting juniors and why should you listen to me uh Yeah. Yeah. Because I'm not like an influencer that I don't uh sell myself for clicks and I I'm not selling courses and stuff. I only build like

good teams, good hacking teams. Uh and what is this talk really about? Um there are no payloads or technical stuff in this uh uh presentation. So, it's more or less just me talking about how you should make yourself more employable. Yeah. And I also have this QR code. So, if you want to connect with me on LinkedIn, you can do it already now, but I will show it later as well. Um, this here. Yeah. Okay.

Uh so uh hacking the job market uh you need to stand out. Uh um uh let's see. So you actually need to invest time in yourself. Uh and this is really good because every hour you invest in yourself, you get it again like 100 times during your lifespan. So uh start already now to invest in your time in yourself. So uh and why do we need to um invest time in ourselves? Yeah, because the cyber security community or business is booming. Uh we need a lot of more people into cyber security. uh but it's very hard for a junior to to come into the cyber security uh community. Uh so when you are cyber security uh if

you have taken uh your graduation or uh you're about to apply for your first job uh you're not only competing with the seniors you're also competing with all the other juniors all around. Uh so you actually need to stand out to be able to get that job.

So it's uh more than uh a degree or certification. Uh so uh the certification or degrees uh they actually open doors but it's all the other things that uh make you to get to the interview and uh get the job eventually.

[Music]

Oh, it's okay.

>> Okay. So, uh what you need more than a degree uh is you know the passion and the passion for this talk is actually my passion. So I'm passionate about ethical hacking and uh to recruit new people into the to the cyber security uh and you need to take initiative uh you need to show commitment and also that you are very adaptable uh and one more ingredients to this secret source uh you should have to build your personal brand. So if you can't be seen uh then you're I can't find you. So you must build your personal brand and uh brag a little bit about yourself and uh be seen in on LinkedIn or show up here do YouTube

videos or whatever. Uh and you also need soft skills and soft skill uh it doesn't mean weak. It's actually the opposite. Uh so soft skill means uh that you are effective in the team.

So from uh uh from my point of view uh you actually don't need a lot of hard skills from your university because you will learn the hard skills in your work. So uh the if you have the passion and you have the personal brand and you have the soft skills then you're I'm very interested in hiring you. So uh and if you build real world experience uh if you're in a university it can be hard to have some real experience but there are some tricks to get experience even that you don't have a job for example you can uh play CTFs I know that there are CTFs uh ongoing right now uh uh you also need to sharpen your soft

skills uh and you can also train on that. So uh from from my experience uh people in university they don't practice a lot of soft skills. They just focus on getting their assignments in and then they're done. Uh you also need to take uh the ownership of your your of your own journey. So everyone's journey is different and you decide yours. Uh and if you take it to ownership just don't go in the boat. You should steer the boat.

Uh so let's talk about the 10,000 hour rule. Um anyone knows what uh that is? Isn't that 10,000 hours or something? >> Yeah, exactly. So, if you're going to be good at something, you need to spend at least 10,000 hours of deliberate practice on on that matter. Uh, and at university, how many hours do you spend, for example, on hacking stuff, real hacking? >> So, >> a few hundred hours. >> Yeah. So, there there are Yeah. a little bit more to go. So that's why I have written that university education is not enough. Yeah, it might might be enough in some cases but you will grow incredible in value for me if you do other stuff. So you should in once again

invest time outside the classroom. uh and from from my experience uh I have uh uh three key factors that I have um brought here to you. So again, passion uh personal brand and soft skills if you mix them uh you get a incredible advantage uh when you're applying for a job because you know passion if you have passion uh it drives you to even more passion and soon the positive wheel of fortune starts to spin for you.

Oh yeah, here we are. Uh so it's actually more than just technical skill because I haven't even listed the technical skills here. So uh so uh if you show passion, you you must uh really show it through your actions. Uh for example, playing CTFs. And when you play CTFs uh do writeups, publish your writeups and also remember to put this in your resume or CV that I have played uh these CTFs and uh it gets very easy for me when I look for your CV and see oh you have played CTF. So I put you in the in in the good uh pile of uh papers. Uh you can take use of playgrounds like try

hackme and hack the box. Have anyone of you played one of those? Yeah. Nice. Yeah. So you know what that is. So perfect. Uh you can also blend in a little bit of the personal security projects. So if if you're writing a scanner or uh yeah whatever you're writing uh add them in. Uh you can also do blog posting. Uh you can create YouTube videos if you want.

And then if you blend this with uh to build your post personal brand uh you should of course update your LinkedIn uh and you can also interact with people on LinkedIn. So uh make sure that you are seen in the correct context on LinkedIn uh and always be friendly. Uh no hate, no uh gibberish, just uh good spirit. uh uh publish uh your writeups and blog post. Uh you can also engage in uh online conferences or uh conference like this. Uh you should be consistent. So you can't just you don't do this once. You need to do it on a regular basis. Uh engage in constructive discussion. Um also if you're a student take leadership in your student projects. So

uh get used to take the leadership uh and also participate in online communities on communities for example discord and slack. uh and you can also follow and engage with industry leaders and also attend on virtual conference and attending to virtual conference is really good because they are free and accessible from from everywhere. So take that chance. Uh also soft skills the hidden key to getting hired. So for me this is a few example of what soft skill is for example communication and collaboration and also so give and receive feedback. If you're good at giving feedback and receiving feedback then you know how to to build yourself. You should also have workplace awareness. uh this is kind of a I think

it's maybe a generation uh question because I noticed that people might not know how it is uh what's expected from you when you're starting on on a new job but uh so you know how it works when when you are at work uh also the team dynamics you should fit in the team uh and also again take the leadership really early and also for the job role you uh you need to understand what's expectation you have in your role so you're doing the right thing and don't forget important stuff.

So I also have how you should craft an outstanding application. Uh for me uh oh sorry uh for me uh it's uh you should send in a CV and a personal letter. So you can't really blend them into one. So send in one CV and one personal letter so I can separate them. uh and you should also avoid to generate it with AI. uh for the last two or three years I have seen a huge amount of people that generates it with AI. So it's a lot of uh embark this journey and stuff. I never seen before. But yeah, uh you can use AI uh to enhance stuff, but don't use the AI word and it doesn't

really I I don't want to employ ship. I want to employ you for example. So, and you should also make sure that to tailor your CV to to my company, not just a general thing. know with placeholders and sometimes you they send in with the wrong company name and and you show if you show passion in your uh personal letter uh that's a really good thing because uh I also receive a lot of um u personal letters uh where hi I'm a a security student and I have a passion for cyber security but then there are no more thing about the passion I want to read more about your passion so you I know which one I should talk to uh later in

in an interview and you should also highlight your unique strength what's your specialty uh and you should be concise concise and but impactful and make sure that you proofread and format that properly and send in in a PDF format. Uh you can also include links to your work portfolio. But uh if you don't have any thing in your for example GitHub, don't send in the GitHub link with my first Google assignment and nothing more. Uh but if you play CTFs, you can always publish your CTF writeups in the GitHub and then eventually you build your own portfolio in GitHub. So that's a very nice way to fill your GitHub. So the interview uh if you prepare uh you will be

successful. uh you should uh research the role so you know exactly what you're applying for and you should be honest when you sit and speak with me you might have questions for example if I ask you uh can you explain the cross-ite scripting uh and you say yes I know what that is because we read about it uh I might have a follow-up question for you and I say okay uh can you tell me a little bit more about that and you say oh no I can't really so it's a little bit of awkward situation if you so be honest if you don't know the answer say that I don't know the answer but please tell me

and I will learn from it also be mindful of the body language so my super super tips for you is to try to smile a little bit awesome when people are smiling and look happy if you as a cand candidate. If you sit mine, I get so happy and yeah, you probably go in for the next round. Uh you should also prepare for the common question. Uh there are uh for almost everyone have questions. So can you tell me about uh uh yourself? So prepare to tell about the yourself but in the context of the work not the whole life story. Uh uh

I know that I have something more here. Yeah, you should also for uh uh for the question that are uh do you have any uh improvement areas? That's a very common question in interviews. So you can't really do the cliche stuff. Oh, I'm a perfectionist. I'm too much a perfectionist. uh uh I have problems to uh stop working at nights or and stuff like that. So make it count and have prepared with real questions.

Uh one more common question is uh where do you see yourself in one year and in five years? So in five years you can have a vision and talk about the vision but in one year it should be like a more realistic uh plan that yeah I probably uh work myself through the uni role and stuff like that and also prepare for the uncommon question because we will have a lot of uncommon questions that are not in any HR manual and you should also showcase your passion. So you hear passion is a common word in in in my presentation and also engage during the interview. So you should uh for me it's a it's really good if you

prepare good questions to me. So you you actually show that uh you're also assessing me as a employer. So it's not only me that are assessing you. So you can also assess me and my company. And you should also ask about the role. Uh so we can have something fun to talk about. Uh and this is also kind of important. Uh you should be realistic about the role. If you're applying for a junior role, uh you don't need to know everything. you are not a senior probably. So, uh we know that you are junior so you can relax a little bit and this is also really good if you practice interviews. Uh maybe you have done it but I have

another tip reverse the practice. So be the employer not the So you you you will see that you have get a lot of good stuff out of turning the tables a little bit. Uh after the interview uh you can follow up uh send an email. Uh I really appreciate everyone that send me an email afterwards. So, uh it's also your chance to uh send in your questions that you didn't think about when you had the interview. And uh it's really good if you understand the hiring process. Uh for every junior role I have, I have at least 30 people that are applying, maybe 100. So, it takes a while to to work through them. So, I'm not ghosting you

by purpose. So, uh please have a little bit of patience. and also learn from the interview. Uh if you didn't get the job, you can always ask me for feedback. What did I miss? And it turns out it's almost always just small details that are important in that time for for for my team at that time and maybe in five months uh you will be the better fit. So you got your first uh uh ethical hacking roles. Congratulations. Uh so the first weeks they are really crucial that you're uh are on your toes and alert and uh are prepared to be almost overloaded with information. So be prepared to absorb all information. uh you should show initiative and

curiosity even that you are overloaded. So it can be a little bit hard but if you uh show your initiative and curiosity uh you also show the team that you you are a great addition to the team. You can also find a mentor or a guide in the in the team uh that can help you not to do the common mistake that they did when they were new. Yeah. And again uh you should demonstrate that you are uh your reli reliability and your responsibility. So come in time uh be be a nice person uh be helpful. Uh ask a lot of questions. In a matter of fact, if you don't ask a lot of questions,

people will start wondering what's wrong with this person. So uh you must actually have a lot of questions and also you can uh balance uh confidence with and humility. Um so you what did I say? Yeah, you should actually be proud of yourself that you got this position but you should also know that you're in in the beginning of a career. So if you are you will learn so much during your career. Uh so just take it in and take in whatever you can and it's also really good if you keep track of your own progress and uh if you document everything you do in in our team it's more or less mandatory that you document what you're doing. uh and

then after a few months you you have a lot of uh documentation and you will see what you have achieved in in a few months. It's incredible what you know just 3 months from now.

Uh I also have a timeline for uh for your career progress. uh how this is just a suggestion. So you can do whatever you want but uh if you start today in one and a half year you will have a uh increase your chances to get the junior job by a double. So first 3 to 6 months you should learn the basics for example hack the box and the fundamentals. uh 6 to 12 months you should start to work on your brand and also fill in your portfolio with u your writeups for CTFs or your code for your projects or uh whatever you can put in your portfolio and after a year to one and a half you

should just continue to continuously work on your on your brand and then after 6 months or after one and a half year just keep going and refine and build your thing. So this is actually your battle plan. So it turns out that it's only three things you need to do, but you need to do them today. So it's passion, personal brand, and soft skill, and you will get the job. I can promise you. And again, you can connect with me. And I will post on maybe tomorrow or on Monday uh a CTF for you. another one. If you haven't played this one, you have a new chance to play another one. It's actually four of my intern uh that build this one.

It's mostly for students, but everyone are allowed to to play. So, if you are into CTFs, this is a wonderful CTF for beginners. Yeah, that's uh everything I had I think. But remember, passion, personal brand, and soft skills, and you get the job. [Applause] Thank you very much. Uh we have about uh yeah we have about uh 10 to 15 minutes of uh questions. If you have uh any questions, the lovely gentleman is here to answer them all. >> Any questions? >> Hello. I'm on my way. I'm on my way. [Music] Test test test. So there's a lot to learn with like pentesting. There's so much areas you can go in. What do you find is a common area of that newcomers

lack in cyber security um knowledge. uh when I see people coming from the university uh for example I see the what almost everyone miss is uh or lacking is the experience that you hacked like five boxes in one course and five boxes when you come to me five boxes is not enough you can do that in one evening if you want so u especially you I know that you have you have done done a lot of stuff thank you >> any other questions do I see some hands before. Oh, one at the back. Right at the back. Coming up. >> Give me a sec. [Music]

>> One moment. >> Thank you very much. Um really enjoyed the the talk. Thank you. Um just a quick question. Um so um I'm actually a pentester myself and I've got a couple of people that I mentor um and both from a an educational background and people transitioning into the industry from somewhere else. Um I guess the question is obviously there seems to be I think the gentleman down there touched on it briefly. Um, from a university perspective, there seems to be a lot of people who are graduating that have in a cyber security degree that don't really necessarily know a lot about certain topics which are critical for moving into a job in cyber security. What are

your thoughts on how we address that for like from an educational perspective going forward? >> I'm actually glad that you asked that because uh I've started home in Sweden where I live. uh I started to uh be out from from the uh cyber security uh industry out in the university more and speak to the students and try to motivate and try try to engage them to do more than just what they are doing in school. So they doing the foundations in school but they doing the extra and the bonus thing outside school and it turns out that it's has been a really successful strategy. So we we don't really have any problem to find people

anymore with the right qualifications because of people have uh learned that they should do something extra to be more comp competitive when they apply for jobs. Yeah. So if you have the chance go out and talk to students uh it will be so nice and you will meet so many nice students and future colleagues and maybe future customers as well. Any other questions? One hand. >> Hello. Thank you for the talk. It was very helpful. Um, so if you were like just beginning, would we focus more on like LinkedIn or writeups or like building our personal brands? Uh from from my point of view uh uh you should focus in the beginning uh to build some experience with try hackme or

hack the box or pentest lab or whatever you find most uh fun to do because it should be fun to do what you do what you're trying to do and if it's fun then you will get the passion and then after like 6 months you can start making other ones know that you're this It's really fun. Post it on LinkedIn, post on YouTube or whatever. >> Is that enough? >> Yeah. Thank you. >> Thank you. >> Is there any more? Is there another question? Oh, down there. Yep. On my way. >> Yeah. Okay. I I um I work with a number of students who uh probably will never get to university because uh of their

background and and uh they've had some challenges with the education system which um I in my personal view uh doesn't necessarily set them down a bad road um because most of them are hugely gifted and hugely talented. What would you say to those individuals who have got those skills often self-taught maybe through certifications that won't go to university to join their brethren that who have been to university how would they upskill to to um to compete with that that sort of cadra it's all all about the passion again so I'm really glad for your question so if anyone can show me your passion uh everything else get less important you should have the passion you should show me that oh cyber

security. This is my life. It's not only uh a work thing. It's my life and I I even sit to midnight every night and do my labs and stuff. Then it your background doesn't really count for me. It's the passion you have. So I rather take one uh student from preschool or whatever that are passionate than one university student that have no passion or no drive. So cool. I think we have one more question down here. >> Hi. Um, can I ask how you got into cyber security? >> Yeah. Uh, it was much easier for long time ago. So, uh, when I was young, um, you can you could actually get a job by getting caught when hacking. So, that

was the fastest way to to get a job. was to hack something you didn't understand and then you get caught and then you get a job. But I didn't get caught but I I was interested and I I uh did it more like a hobby and then I attended the university really late in my life. I was like 37. Uh but I didn't finish the um uh the university but I hacked the bank instead. So yeah, and after that I have saved by the way. >> Yeah. And after that I actually saved the world once. So I have done a lot and now I'm I'm here in uh uh at outpost 24 and I living my dream uh meeting new

students and it's so nice to just have my job. Um yeah. >> Any more questions? Any more hands? No. Great. I uh yeah I mean yeah give him a round of applause.