4 tips for landing your first job in cybersecurity

BY Sydney LakeJanuary 24, 2023, 3:21 PM
People sit on their laptops and phones in Bryant Park, as seen in August 2021 in New York City. (Photo by Alexi Rosenfeld/Getty Images)

Job hunting is almost always a stress-inducing chore, even if you know the time commitment will be worthwhile in the end. It can be particularly stressful considering the continued layoffs that are happening in the tech industry. Nevertheless, there are still job openings in the tech industry—particularly in cybersecurity.

There are currently nearly 770,000 open cybersecurity jobs in the U.S. alone, according to CyberSeek. Projections from Cybersecurity Ventures show 3.5 million open jobs worldwide.

With so many opportunities to explore, it can be difficult to hone in on employers that have jobs that match your background. Whether you’ve just finished a cybersecurity bootcamp, earned your first certification in the field, or wrapped up a master’s degree program in cybersecurity, it can be hard to know where to turn first.

Fortune has discussed the challenges of finding a cybersecurity job with industry expert and Cybersecurity Ventures founder Steve Morgan. Between industry research and discussions with Morgan, Fortune has compiled a list of four things to know when looking for a job in cybersecurity.

1. Job boards shouldn’t be your only source 

Job boards can be overwhelming—and they’re not the best option when looking for jobs in cybersecurity. It’s often difficult to discern exactly what companies are looking for in a candidate on job board postings and there are often duplicates of the same position as multiple recruiting firms attempt to fill the role, Morgan explains. 

“Job boards are rife with postings by search firms and other third parties, so it’s an extra hop for any candidate,” he says. “Also, when companies post their jobs, it is usually done by an internal recruiter or HR person and not the actual hiring manager. It’s just a lot of blocking and tackling that distances a candidate from who they really want to be talking to.”

Rather, Morgan encourages cybersecurity candidates to go straight to the “decision maker.” For example, if a cybersecurity company has a sales position opening, he suggests going straight to the senior vice president of sales through email or social media. 

2. Use social media to your advantage

LinkedIn is one of the largest, free networking sites in the world. And it offers a variety of features to narrow down profiles to find people with whom to network, companies of interest, as well as job opportunities that can actually be a good fit based on your profile. 

In the example that Morgan gave about contacting the SVP of sales directly, LinkedIn can be an excellent source to use to find employees at the company you’re targeting and to connect with them.

“If you can actually reach them—social media is one good way—then it can be an opportunity to make a great first impression,” Morgan says. “The best salespeople are probably calling high into organizations—even if they are getting inquiries from people much lower down on the totem pole. It’s the same idea for other positions.”

3. Look at newer companies that are backed by venture capital

As a new grad, there can be the urge to chase after opportunities in Big Tech or well-known cybersecurity firms. However, there’s ample opportunity at smaller startup companies—and these companies have the funding to hire new employees.

“Most companies who raise venture capital (VC) beyond their seed round are using some or a lot of the money to hire talent,” Morgan explains. “The objective of most startups who raise VC is to penetrate their market and grow—quickly. To do this, they need people. It’s not immediately obvious unless you think it through, but the cybersecurity vendor ecosystem is a huge source of new jobs every year.”

Cybersecurity Ventures ranks cybersecurity companies based on the amount of venture capital they’ve raised during the past two years. The Pure Cyber 100 list ranks Lacework ($1.8 billion), Anduril ($1.2 billion), Securonix ($1.2 billion), Splunk ($1 billion), and Arctic Wolf ($751 million) as the top five on the list this year. Fortune also ranks Arctic Wolf as the third-best place to work for millennials—and the company places an emphasis on diverse hiring practices.

“Companies need to understand that exceptional candidates are out there, but we need to be flexible with the job requirements we set,” Nick Schneider, CEO of Arctic Wolf, previously told Fortune. “Businesses aren’t looking at nontraditional candidates enough—folks that don’t have a college degree, neurodiverse candidates, veterans, etc. Whether your background is in construction, health care, or even food services, I promise that there is room for you in cyber.”

4. Networking is key

Although it seems like there are an excess of cybersecurity jobs, many companies are hesitant to hire truly entry-level candidates. Instead of wasting time digging through thousands of job postings, Morgan recommends networking on LinkedIn, visiting conferences, and contacting VC-funded companies to create connections. 

“The deck is stacked against you, even in cybersecurity where there are so many unfilled positions,” Morgan says to entry-level cybersecurity candidates. “The fastest way to get from point ‘A’ to point ‘B’ is a straight line. Go straight to as many hiring managers as you can. Your competitors are filling out HR forms.”

Check out all of Fortune’rankings of degree programs, and learn more about specific career paths.