How to Get a Job in Cybersecurity without a Degree
Early in 2020, the world began suffering from a viral pandemic known as COVID-19. The world shut down, and people were ordered to shelter in place in their homes. Many jobs were lost or furloughed until the quarantine was lifted, but many employers were able to transition to a “work from home” structure. As a result, Internet service providers saw long and enduring spikes in traffic, and the demand for videoconferencing soared to new heights. The United States Department of Homeland Security designated cybersecurity personnel as an essential workforce for continued infrastructure viability, and the need for cybersecurity workers was higher than ever. During this period, there was already a shortage of nearly 500,000 cybersecurity jobs in the United States alone, and the industry needed to grow by 62% to meet the current demand.
Having a current shortage in the cybersecurity workforce combined with a crisis such as the COVID-19 pandemic, a cyberwar, or any other emergency increases the demand for cybersecurity workers. The shortage of cyber workers gets even worse, and the cybersecurity workforce is drained even further. There is no solution but to work longer and harder. Cybersecurity workers’ physical and mental health takes a toll as the stress and hours worked increase. There is not a fast fix or solution for training new cybersecurity workers, so the result is an extra-taxed workforce.
During the COVID-19 pandemic, the world rushed to continue to be productive while working at home. While the US government shut down businesses everywhere except those deemed as “essential” for some time, cybersecurity was one of these professions considered essential, and the already high demand for skilled workers grew overnight.
What did the industry learn from the pandemic? COVID-19 proved that a vast workforce could be productive while working remotely. For years, US companies have taken steps to be more environmentally friendly. Whether it’s sustainable power for their warehouses, recycling programs, or alternative fuel for delivery vehicles, thousands of companies are embracing sustainable resources around the world. Now that an at-home workforce was feasible, companies embraced this as an opportunity to decrease greenhouse emissions, increase employee happiness… and, you know, reduce operational costs. Since then, working from home has become a part of life for some SOC Analysts.
This does not guarantee that all companies have embraced the benefits of working from home. According to a study done near the end of 2023 by JLL, employees of Fortune 100 companies work an average of 2.96 days in the office per week. This is the hybrid model, and many companies are adopting it as their new norm post COVID-19.
Today, we find ourselves in a global cyberwar. Every industry, in every country, is actively targeted by cyber criminals, state-sponsored hackers, and companies engaging in corporate espionage. That might sound like the plot to a low-budget movie starring your favorite 1990s action star, but the truth is everyone’s a target. Even more troubling is the fact that it didn’t start with COVID-19; this has been going on for decades. It’s only been in the last 10 years that companies have identified the need for higher investments in cybersecurity.
High-profile compromises have served a hard lesson for industries globally. In November 2014, Sony Pictures Entertainment announced they were the victim of a data breach. Analysts from Reuters.com estimated the compromise would cost Sony more than $75 million in recovery costs and lost revenue. The Capital One breach in August 2019 resulted in the theft of 100 million consumer credit applications. Attacks like these two have driven home the requirement for a dedicated cybersecurity workforce.
In fact, according to the US Bureau of Labor Statistics, the Information Security Analyst occupation is projected to grow 32% from 2022 to 2023 in the United States, compared to 12% growth for other computer-related occupations and 0.3% total growth for all occupations.
One significant benefit for those considering a move into cybersecurity is the relatively low bar for entry into the career field.
For decades the narrative has been “Go to college, earn a 4-year degree, get a career.”
Know that college is not the only path into a great career and some high level degree programs are a waste of time and money completely for an entry level role.
When companies embrace the need for cybersecurity, it usually begins with the Security Operations Center or SOC for short.
The SOC is responsible for triage, investigation, and response to cybersecurity incidents.
This concept is not new. Military and law enforcement agencies have been using Tactical Operations Centers to coordinate operations during conflicts for decades. And like the TOC, the SOC serves as the Command and Control hub for first responders to cybersecurity incidents.
Perhaps you’re transitioning from the military into the civilian sector, or maybe you’re in the information technology field already or you’re just self-taught. Regardless, the purpose of this article is to prepare you to become a SOC analyst. Whether you wish to join one of the many specialties of cybersecurity, or work your way up to management, the SOC analyst profession has the lowest barrier of entry for cybersecurity. Becoming a SOC analyst is an excellent strategic position to get your start in the industry.
When staffing a SOC, hiring managers have a few challenges that they continuously face. The most prevalent of those challenges is the revolving door of the SOC. After a SOC manager is hired for an open position, it takes them several months to train the new analyst. Once training is complete, retention becomes a problem as the new analysts are “head-hunted” repeatedly by recruiters enticing them with more money. The average tenure of a security analyst is only 1–3 years with a single company. Companies today offer very lucrative compensation packages tied to the amount of time spent with the company. A common practice is to use stock options spread out over 3–4 years to ensure the worker remains at the company.
Once a SOC analyst is proficient at their job and feels they are no longer challenged, it might be time for them to seek a higher position. One of the most common paths upward is to become a senior SOC analyst. The “senior” title comes with better pay and additional responsibilities such as mentoring the junior analysts that join the SOC. Senior SOC analysts also handle more complicated work as junior analysts will escalate challenging items to their seniors to resolve. Being in this position allows an analyst to become more technical and gives them the opportunity to learn how to train and mentor others. This role is an excellent way to become a SOC manager, grooming them for their next leadership role in the SOC. Almost everywhere in the United States, the senior SOC analyst pays over six figures.
As a new SOC analyst, set stretch goals for yourself to reach this milestone. However, that leaves the hiring manager with your spot open again!
Another problem that SOC managers struggle with is burnout or alert fatigue. An example of this could be when analysts are investigating so many alerts that something important is overlooked or “lost in the noise.” SOC analysts usually work in shifts with 8-, 10-, or 12-hour days, sometimes evening and overnight shifts, and at some point, the task might seem brainless. It’s easy to get complacent when the work becomes second nature and can get monotonous. Most everyone in a SOC is brilliant and constantly needs to be challenged.
The third challenge that SOC managers face is that the SOC is a 24/7/365 operation, which means they need coverage outside of regular business hours and on holidays. Many international companies utilize the “follow the sun” SOC model. That is when companies build three SOCs in different geographical locations for 24-hour coverage. Typically, companies will have a SOC in the United States, a second in Singapore or Australia, and the third in India or Europe. However, there are use cases where companies require analysts from a specific nationality to work with their data. It’s especially true in staffing a Managed Security Services Provider (MSSP).
Hiring for early morning and overnight shifts is not an easy task, and the people that fill them don’t stay for long before wanting to move to regular business hours. Tyler’s first security job was working as a second-shift analyst in a SOC at an MSSP. He was in a position in life where it worked out well for him. He had a base salary and was offered a small shift differential on top of it for working the second shift. He credits his career to making that sacrifice because it gave him invaluable experience that still serves him today. He decided he had to take his experience and run after only a year. It was a hard decision because it was a great company, but he couldn’t wait for a day shift to open up. The night hours started to take a toll. It is nobody’s fault, but it is another challenge of the SOC revolving door.
SOCs aren’t going away anytime soon. The demand for the SOC grows with every new privacy law, and every new compliance and regulation that companies must adhere to. A SOC is an expensive cost center in business. Unless the SOC is part of your product that brings in revenue, it loses the company money. The more SOC analysts they need to hire, the more companies are looking for creative ways to reduce the money spent on a SOC. This demand has given birth to a set of tools promising to automate some of what a SOC analyst does on a day-to-day basis.
Attacking getting a job in cybersecurity like your life depended on it means that you’re getting training, getting experience, getting a resume, and getting a job simultaneously. Cybersecurity is a journey and for instance, don’t wait until you feel ready to start applying for jobs. It can take many months for a qualified cybersecurity analyst to land their first job and the more experience and rapport you have in the community the faster you’re likely to land a job ‘when you’re ready’ (you’ll never be ready).
Getting Training
Obviously you can’t get your first SOC analyst job if you don’t have a baseline of education. The two most important skills for a SOC analyst are networking, and reading and writing. Fundamentally, communication is the foundation of cybersecurity. Whether that’s computers talking to computers or you writing an email or direct message to your coworkers, you can’t have a successful cybersecurity analyst without the fundamentals of networking and reading and writing. Everyone could improve on their reading and writing and I make it a point to look up every word that I don’t know, or unfamiliar phrase, in the Merriam-Webster dictionary or even Urban Dictionary. When you’re writing your resume or emails to your future employer, reading comprehension and writing skills matter A BUNCH. The more polished you are, the better. As for blinky-lights networking goes, I am a staunch proponent of Udemy classes. I won’t promote any one specific networking course but look for one that prepares you to take the Network+ certification. After you have finished the Network+ certification you should look into the Security+ certification. Both are entry level certifications you can find training on for cheap and has long been described as prerequisites for entering cybersecurity. Following those certifications at Cyber NOW Education, we offer our flagship course SOC Analyst NOW! with over 20,000 students. This course is based off my book Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success. We cover the prerequisite skills briefly, and can also be found in this medium article:
The book and course is aimed for folks who have most of the technical skills, but maybe just need a few gaps filled in, and we give them the tips and tricks to give them the competitive edge in finding a job in cybersecurity.
What you’re going to find out is even if your technically brilliant, you will still likely do not have the skills they are looking for if you don’t focus on reading and writing, and have some sense of business acumen.
More topics we cover in preparing a SOC analyst for their careers are the SOC analyst tools and concepts:
To help with business acumen, we wrote a piece on Areas of Expertise in Cybersecurity. This helps you understand the big picture and being able to relate to the hiring manager and team:
All of these are free resources we provide and you don’t even have to spend the $40 for the book (though we wish you would support that project).
So let’s say you’ve done your studying, you have a head full of knowledge but now you need to put the skills into practice. But first lets talk about what you will need to setup.
You need a Medium blog.
Medium is phenomenal in helping you start your personal brand. You want to start your own Medium blog and document all of the exercises, learning, training, and your personal story along your path to becoming a cybersecurity professional. You want to write at least two medium articles a week. It will be a little slow to start off with, but people will catch on and you’ll get some followers. Not only would one of these followers potentially be your future hiring manager, but having a blog means that your posts won’t disappear. Spending an hour crafting a LinkedIN post that will be in the news feed for a day and then disappear is a waste of time. Instead create a Medium post, and cross post to LinkedIN. That way when you put your Medium blog on your resume, the hiring manager will click it and invest more time in your candidacy learning all about you. And if you think they wouldn’t click on your blog to read about you more, you are wrong.
A blog will establish you as someone who knows something about cybersecurity. Make sure you leave a banner at the end of every Medium article connecting to your LinkedIn profile. This way any person interested in you can reach out and connect!
Now, you need to be getting out to your local meetups and conferences.
Networking
Conferences & Meetups
Word of mouth is your friend! It is important to grow your network. Having a broad network of people that you can talk to professionally not only opens you up to new opportunities but gives you people to discuss your new ideas with. Professional connections help you stay on top of the latest trends such as news or technical techniques that will benefit you greatly. There are many opportunities to get involved in projects or communities local to your area. Some of these include:
2600: 2600 is an organization that has deep roots in hacker culture. Today, it exists as a website, meetup space, conference, and magazine to name a few. The history of hacking is fascinating, and their name comes from 2600hz, which is the frequency at which a plastic whistle found inside a Captain Crunch box sounded when you blew it. Blown into a payphone and it allowed the hacker to make free phone calls.
DEF CON: The crown jewel of hacking conferences. The DEF CON conference is traditionally held annually in the summer in Las Vegas, NV. It is considered a pilgrimage for anyone in infosec! There is so much to do, so many knobs to twist, bells to ding, and big red buttons to push; you will never have time to do it all. What makes this conference great for your career is that recruiters love it! I have heard so many stories of people getting job offers on the spot at DEF CON. DEF CON is even better if you volunteer at the events. You will meet more people and at a deeper level. Additionally, DEF CON has “DEF CON groups,” which are smaller DEF CON meetings in your local areas, usually on a monthly basis. This is also a great way to network with your regional infosec peers to see what is happening in your local infosec industry and hopefully pick up a lead!
BSides: BSides is a popular conference held locally in many cities and during the same time frame as Defcon in Las Vegas. It is relatively popular and offers a lot of value. Tickets are cheap (and free if you volunteer), giving you access to what is going on and the people in your area.
OWASP: Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the Web.
Hackerspaces and Makerspaces: These meetups in your local areas are a great way to meet people, tinker, pull knobs, and push buttons. Sometimes these meetings will allow their members to give presentations in a show and tell format, and that is a great way to build your presentation skills.
If you have been attending meetings in your surrounding areas, don’t forget to take a pencil and notepad with you to write down emails and contact info of the people you meet. It is not weird and doesn’t feel uncomfortable, everyone there is there for the same reason, and you’d be the lucky one with a notepad. Most people would feel flattered if you cared enough to write their information on the notepad. Tell your new friends you want to keep in contact and be on the lookout for them. Follow up with everyone the day after, and send them your resume to share with others.
Competitions
This article wouldn’t be complete if we didn’t take a minute to talk about capture-the-flag (CTF) competitions. Capture-the-flag has been around since the very beginning and how it started is with vulnerable applications and systems that have a text string hidden inside of them. The participant finds the text string and submits it to the judges and they get points for every proof that they’ve hacked it. It started in 1996 at DEF CON (mentioned above) and today, has evolved into all sorts of various capture-the-flag challenges inside and outside of conferences. In fact, Tyler’s favorite challenge is the DEF CON Blue Team Village capture-the-flag but has competed in Ghost in the Shellcode, SANS Netwars and Holiday Hack, CSAW and was a mentor for highschoolers for the CyberPatriot program. Tyler was never really fantastic at them but always competed on a team and that was the fun of it. Most bigger conferences other than DEF CON will have their own capture-the-flag competitions. For instance, the Splunk conference, Splunk.conf, hosts a popular capture-the-flag called BOTS, for Boss of the SOC, that is very challenging and popular (congrats VMware for taking 3rd in 2023!). If you are in college, there are many student oriented capture-the-flag competitions and perhaps the biggest one that should be on your radar is the Collegiate Cyber Defense Competition (CCDC).
In addition to these, there are many online CTF competitions and challenges that not only have communities that you can join and participate in to enhance your networking, but also provide awards, credentials, and overall bragging rights. Probably the most popular online CTF platform today that I would certainly recommend you taking a look at is TryHackMe. TryHackMe’s popularity has skyrocketed for being the premier hacking challenge and it’s common to look around on LinkedIn and see analysts advertising that they are “Top 2% in TryHackMe” or “Top 5% TryHackMe”. If you get serious about playing the game and showing off your skills, you can purchase the subscription to make your learning and earning points faster.
On the other hand, for defense (blue team) challenges, LetsDefend is rising in popularity. They have a free option but for the SOC Analyst track it’s a subscription. They have some neat challenges that would give you some hands-on exposure to some of the things we do on a daily basis and even give you a certificate to share on LinkedIn. To sign up for free scan below:
Creating a Course
Online courses are all the rage nowadays and websites like Udemy make it very easy to create and sell online courses. Creating an online course is one of the best ways to establish your credentials in the field. Set up an instructor account on Udemy for free and create a simple course on cybersecurity concepts and add it to your resume. Reach out to Tyler Wall on LinkedIn for opportunities to collaborate. It takes a village to create a good Udemy course and Tyler knows some people and has a few resources to build your reputation and even make a couple bucks in the process. Whether you’re a writer, technical demonstrator, or just have a cool idea for a cloud or security course he’s all ears to hear it. Come join the team and get your name out there.
Once you have attended a few meetings, optionally built a course, and are blogging, you can start to build a network of like-minded community members to associate with. Once you have started to build your network, you might have a few leads, but you also want to not have all your eggs in one basket. You will want to apply for jobs on traditional job posting boards.
Projects
You’re going to need to get some experience. The way you do this without having a job first is by setting up labs and/or completing projects. I am constantly on the lookout for new projects to provide my students because learning cybersecurity at home is a difficult thing to do. One of my most popular Medium articles is this simple post with three fun SOC analyst projects:
And I also wrote a fun one to setup a honeypot. The idea is that you learn some cloud skills and have a honeypot to get IP addresses and other indicators of compromise to practice the SOC Analyst Method on. The SOC Analyst Method is a 5-step security analysis process. Its what you’re going to be doing everyday, day in and day out, as a SOC analyst. So if you really want experience on the day to day, go the extra mile, set up this honeypot and make a Medium blog about your security analysis on the indicators from the honeypot.
So you’re completing projects, you’re competing in CTF challenges online, you’re networking online and in person at meetups, you’ve got a Medium blog with many blog posts, you have your Network+ and Security+ certifications. Time to get your resume together and hit the job boards.
Here’s how…
Where to Search for Jobs
The Information Security world has embraced social media to locate and recruit top talent. With LinkedIn standing out as a clear place to start. Not only can you find job postings, you can get connected with headhunters and recruiters looking to find top talent. LinkedIn offers a premium subscription that can be used to find and connect with recruiters. They offer free trials of LinkedIn Premium and I highly recommend using it when job searching.
If your LinkedIN is uninteresting, then you aren’t attracting the attention you need no matter how good your cybersecurity knowledge is. Other than putting in your certifications and credentials in the headline, there are a few tips to keep in mind.
LinkedIn is not the only website to consolidate job postings, Indeed and Monster are worth investigating too. Once you’ve accumulated a few technical certifications, sites like Credly.com have job boards that are looking for talented people with the certifications you’ve attained.
Finally, you can’t go wrong by looking at the careers section of a company’s website. This will show you what open positions are available and provide you insight into what they are looking for in an applicant.
Note: Don’t be afraid to apply even if you don’t meet all of the requirements in the job posting. To quote the great Wayne Gretzky, “You miss 100% of the shots you don’t take.”
Getting a Job
We would like to explain to you how to perform a job hunt. First off, you need to get your resume together. It takes a lot of trial and error to perfect a resume, but you can also have a professional help you build a good one. A resume can take form in many styles, but it will have the same basic information:
Keep your resume to under three pages to prevent over skimming by the readers. The benefit of having a professional resume writing service is they will share a document with you and probe you with questions until they get all of the information out of you about your previous experience and then write it in a way that is quickly and easily consumed.
Once your resume is together, you can move forward to a job search. There are several job posting websites that have proven successful for us; however, I have had the most success with LinkedIn. When I am searching for a job, I usually purchase their premium membership so that I am able to see the statistics for each job I am applying for, send InMail messages to hiring managers or recruiters for a company I am interested in, and see who is looking at my profile. Also, Google has a good aggregation of jobs to search through. Using Google, you are able to set up and configure job alerts specifically for cybersecurity jobs.
The security analyst position is the job that you will be able to land the easiest as a first step into information security. There is a revolving door in most SOCs, and the position for security analyst opens frequently. The titles that you want to look for first are:
If you are mobile and can move anywhere, your odds for finding a good fit quickly are pretty good. If you live far outside of a big city, then your options may be more limited. Most SOCs require you to be on-site for security purposes, during COVID everyone moved remote, and now more companies are returning to a hybrid work model.
In addition to this, Cyber NOW Education maintains a job board at our website specifically for entry level SOC analyst opportunities that require no experience. Some of these jobs do not require a degree either. This job board is updated monthly and is hand curated by the staff.
Its now also time to prepare for an interview.
Common Interview Questions
The following is a list of common interview questions that might be asked during an interview for a junior SOC analyst. Some are very basic and some are harder, but we feel if you can answer these questions you have the required knowledge to become a SOC analyst:
- What is an RFC 1918 address?
Do you know them?
- Define a Class A, B, or C network.
- What are the seven phases of the cyber kill chain?
- What is the purpose of the Mitre ATT&CK Framework?
- What is the difference between TCP and UDP?
- What are ports 80, 443, 22, 23, 25, and 53?
- What is data exfiltration?
- What Windows protocol is commonly used for data exfiltration?
- Do you have a home lab?
Explain it.
- What is AWS? Azure?
Explain how you’ve used it.
- What is a DMZ, and why is it a common target for cyberattacks?
The importance of having technical knowledge cannot be overstated. The above questions are pretty simple, but you might be surprised to learn that seven out of ten candidates don’t know the common TCP/UDP ports used by modern services. I highly suggest using a common study guide to prepare for your interview. An example of this is the website Quizlet.com. They provide a flashcard style learning platform for information technology certifications like Network+ or Security+. Also, Udemy has a few SOC Analyst interview question courses that you can take.
Despite the need for a basic understanding of information technology, that only covers half of the requirement to be a SOC analyst. An analyst should be a critical thinker and possess an acumen for problem solving. Interviewers will usually test a candidate’s ability for problem solving with scenario-based questions. Let’s cover some scenarios I’ve seen and used to conduct interviews:
“You are a tier 1 SOC analyst, responsible for monitoring the SOC inbox for user-reported incidents. The SOC receives an email from the VP of Human Resources stating that they can’t access their personal cloud drive. The VP knows this is against company policy, but the VP is adamant that this is required for legitimate business requirements.”
Do you process the access request for the VP?
What is your response to the VP?
Who else should you include in the reply email?
“You are monitoring the SIEM dashboard for new security events. A network IDS alert is triggered, and you begin investigating. You see a large amount of network traffic over UDP port 161 originating from dozens of internal IP addresses, all with the same, internal destination IP address. Some quick Googling shows that UDP port 161 is used for by the Simple Network Management Protocol and the byte count of the traffic is miniscule.”
Do you think this is data exfiltration?
If this is not data exfiltration, what legitimate services could cause this alert?
What team could provide an explanation for the traffic?
The first scenario is an example of what you might be asked when applying for an entry level analyst role, while the second is a little more advanced. Let’s go over what the interviewer is looking for.
Scenario 1 is designed to identify if the applicant can be easily intimidated by senior leadership in your organization. Information security is the responsibility of all members of the organization; it should not be waived for the convenience of one senior leader. The larger lesson here is about making risk-based decisions. A junior analyst should never assume the risk of policy exceptions.
The interviewer will ask how the applicant will respond to the VP as it will showcase their experience with customer service. Customer service is another very important task of a SOC analyst. Whether working for an MSSP or for a company internal SOC, there will be times when interfacing with other teams will require the analyst to show a certain level of tact and professionalism. The third question helps the interviewer to understand the prioritization skills of the analyst. If an analyst is working with a VP, there is a high probability there is a procedure around communicating with senior leadership within the org.
Scenario 2 is designed to test the applicant’s critical thinking and technical knowledge while also providing the interviewer with insight to the applicant’s investigative reasoning. This scenario also gives insight to the most important quality of a SOC analyst; if you don’t know the answer, admit it. The last thing the SOC team needs is a “know-it-all”; they are dangerous and toxic to the workplace. If this book teaches you one thing, let it be this lesson. There will be questions you can’t answer, and that’s fine. The worst thing you can do is give a wrong answer with the confidence that you are 100% correct.
Remember that the above scenarios are examples only; each interviewer will use their own set of questions. The goal remains the same, to locate and select the best applicant for the position. Our goal is to assist you in becoming that applicant. The following are a few tricks and tips to help you become that “best applicant” for the position:
Summary
The most important thing we want you to take out of this article is that you have tools to help you find a job. Use job boards, network with others in your area and online, and study to understand the answers to the common interview questions. There are free and cheap training resources available to you. Projects are hard to come by, but you can find them to get experience. The resources that I’ve explained will be even more valuable to you as you move forward in time.
One last thing to end this article. You are entering the world of “cybersecurity”. Cybersecurity is defined as, “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack” This is always correctly spelled as one word to denote a profession, a practice, even an industry.
Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, four online courses, and regularly holds webinars for new cybersecurity talent.
You can connect with him on LinkedIn.
Get 20% off all courses in our On-Demand catalog with coupon code “Welcome20”
Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.
Also available in the Secure Style Store, download the Job Hunting Application Tracker for FREE to keep track of all your job applications.
Check out my latest book Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success published June 1st, 2024 and winner of the 2024 Cybersecurity Excellence Awards.
