Getting your Foot in the SOC

Written By Nathan Kincaid

Preparing for a Career in Cybersecurity

In the digital age, cybersecurity stands as one of the most critical fields, blending technical acumen with a strategic mindset to protect sensitive information and ensure data privacy. As cyber threats continue to evolve, so does the demand for well-prepared professionals who can anticipate, mitigate, and respond to these challenges. Whether you are a novice seeking to break into the industry or an enthusiast looking to transition your career, the path to a successful cybersecurity career can seem daunting but is absolutely navigable with the right approach.

Introduction

To embark on this journey, anchor your efforts in the career trifecta: Portfolio, Network, and Credentials. These three pillars form a comprehensive strategy to not only enter but excel in the cybersecurity domain. In this blog post, we'll delve into why each of these components is crucial and how you can effectively leverage them to carve out a successful career in cybersecurity.

Portfolio

Before beginning anything, without hesitation, create a portfolio! This is where you will document everything you do. Promoting your efforts and offering your insights to others makes you a contributor to the cybersecurity community which will expose you to new opportunities and show employers the care you’ve put into developing your talents.

Have fun with it! Use websites like TryHackMe and HackTheBox to learn practical hacking skills. As you get comfortable with using various tools and techniques, compete in some Capture the Flag competitions. Don’t worry if you are a total noob, the goal isn’t to win, but rather to gain experience by working through the puzzles using online resources and AI to help you along the way. After you compete, you have a perfect opportunity to add a write-up to your portfolio where you detail how you worked through the competition.

If you think of any fun projects, do them and document everything! Employers love someone with ambition. There are also a ton of free labs and project ideas all over the internet you can source for inspiration.

Don’t neglect this step. Do you know how many programs I’ve created for various classes? Hacked various games? How about the time I built my first desktop at 16? Or when I modded my Xbox 360’s LED’s, reflowed the sodder and fixed my red ring of death? Nobody does! I could rave endlessly about all my projects yet because I waited so long to build my portfolio, they’ve done nothing for me. Owch. You must document and advertise your talents! Start sooner rather than later and prevent your efforts from going to waste! A good portfolio alone will work wonders for you.

Network

Join online groups where you can network with others and leverage their wisdom in your journey. Being a part of a CompTIA Certification Seekers Facebook group not only motivated me to continue earning certifications, but also connected me with a ton of free study resources that enabled me to prepare for and pass my exams with minimal cost.

Competing in CTF events can put you in touch with talented individuals who can mentor you, don’t be afraid to reach out to the winners and ask them to share their wisdom with you!

In-person groups are great for finding that first job, and being a contributor to something like a cybersecurity club looks great on your resume. There are many clubs where you can become a member of a CTF team and get to collaboratively develop these skills with the guidance of your peers.

Credentials

Credentials are important. When recruiters look for candidates they use filters. These often include highest level of education, and sometimes certifications. These are often required from the hiring managers of companies and are only bypassed by rare exception. Not only will you show up in less search terms, but the best paying jobs for the best companies tend to require these things.

Due to such circumstances, it behooves you to obtain some credentials at the onset of your journey. The cheapest and most viable path is certifications. I personally recommend pursuing college work that has certifications baked into the degree program. This way, you can build your portfolio as you document the projects you work on for your technology classes, study for and obtain certifications while earning college credits, and also work towards obtaining the lengthy and often required bachelors degree.

Security+ is a required certification for many jobs for the federal government in cybersecurity. Fortunately, it was recently announced that the Office of Personnel Management would be transitioning to skill-based hiring by Summer of 2025 which will open doors for those who have a ton of experience documented in their portfolio but lack a college education. However, this will likely be limited to lower-level roles so you should definitely still get pursue formal accreditation of your talents.

Getting certified is the best bang for your buck. I recommend watching a few YouTube videos on certification paths and go from there. Having a degree is obviously ideal, but if you’re not ready to bust open the backpack, certifications are the next best thing. If you do happen to have that prestigious .edu email, be sure to take advantage of CompTIA’s huge discount for student exam vouchers, assuming your college doesn’t have already have some program to cover the cost in full.

The Optimized Path

My personal recommendation for holistically combining these three elements into one is to pursue higher education, either online or in-person, document everything, and start gaining career experience as quickly as possible.

The vital step where most people fail is in maximizing the visibility of their efforts as they work through their degree program. They tirelessly hammer away for years getting through their course waiting to obtain their degree before ever reaping any benefit from it. Worse yet, they get the degree and then have to try to remember all the things they worked on for the past 4 years in a potentially great job interview, stumble, and fail to set themselves apart from all the other candidates. Sad, but happens more often than you think. When I worked as a recruiter for cybersecurity, I once spoke with a candidate who had just obtained his masters degree and had an extremely difficult time presenting his skills to the hiring manager because his documentation was minimal. There’s no way he didn’t do a ton of work that would merit him a nice position somewhere, but he didn’t document any of the work!

Portfolio: In your degree program, every class you take will require homework, and many will require an occasional project. If you document these things, you will undoubtedly have an amazing portfolio by the end of 4 years, and you would have been obtaining college credit while doing so.

Network: Most colleges, online or in-person, will have a cybersecurity club. Oftentimes they will have a CTF team where you can hone your skills with your peers in competition. This puts your name out there, gets you comfortable with the tools of the trade, and gives you an opportunity to add a nice write-up to your portfolio. The relationships you build with people will open doors you never knew existed and could end up flourishing into lifelong friendships. In addition to clubs, colleges tend to have workforce programs and career fairs. These resources help you discover exclusive hiring opportunities as well as guide you in developing the fundamentals: your resume, interviewing coaching, etc. It is expected that most students complete a summer internship prior to graduating their senior year and colleges negotiate exclusive arrangements with businesses to help you obtain them.

Credentials: Why pay for your own vouchers and spend your free time studying for certifications when you could be gaining college credits for your studies, and have the school cover the cost of your exams? It’s a no-brainer really.

While you’re engaged in your studies, try not to lose sight that you’re there paying a bunch of money and sacrificing loads of your free time because you want to get a job. The earlier you start gaining career experience the better. No matter what level of education you have, you are going to start at the same entry level positions as everyone else and will need to work for a few years before you start seeing that intermediate job growth. Start while you’re young into your journey. Whether it’s full-time, part-time, or even just during summer breaks, get comfortable applying for jobs, interviewing, and presenting your portfolio. Once you land that first job, you’ll realize there are a bunch of soft skills you’ll only learn with practice in the field. These include but are not limited to: Professional communication, attending and contributing to meetings, developing a great work ethic, learning the nuances of various tools, dealing with clientele, and so much more. Do not delay advancing your career for a piece of paper if you can start now.

Conclusion

By building a strong portfolio, you showcase your practical skills and dedication; by networking, you connect with industry professionals and gain valuable insights and opportunities; and by obtaining the right credentials, you validate your knowledge and enhance your employability. Together, these elements create a solid foundation that will support your growth and success in the dynamic and fast-paced world of cybersecurity.

Do the things I have presented, and I have no doubt you will penetrate the market and blossom in the field of cybersecurity.

Nathan Kincaid