1st year doctor in residency gets heart surgeon job

Author

Stetson Blake
November 20, 2024

In partnership with

sup IT pros,

I read a post today on our Facebook group about someone who was working in the help desk and wanted to find a Cybersecurity role in a SOC.

A few comments discouraged the original poster from looking because “CyberSec entry roles require 4-5 years of hard IT experience” and likened it to “a 1st year doctor in residency saying that they are ready to be a heart surgeon.”

I’m not sure what hard IT experience is.

1st year General Surgery Residents probably observe surgeries and take notes and stuff.

Another commenter went on to say that “their schools never told them that jobs in cybersecurity are not meant for those with no IT experience and entry jobs in CS requires several years of IT experience.”

I replied and let them know that job titles are fake and made up.

I was trolling.

Kinda.

Where am I going with this?

I guess I do agree somewhat with the posters, generally, you need some broad IT experience before you specialize in more technical roles.

BUT

It’s not uncommon to accelerate the path you’re on or even find a role at a company who is desperate for help that decides you are the person who can help them.

How do you accelerate from little IT experience to a more specialized role?

Here’s what I’d do if I wanted to get a role in a SOC or security role: (keep in mind I’m a security IDIOT, I work in Software/DevOps):

  • Contribute to Open Source Software

    • There are tons of security-related github repos here. Dig through them, find issues and open merge requests. Or add features

    • Make your own security related tool and open source it

  • Write Online and Share what you learn

    • This can be about the above-mentioned Security related repos or maybe about an exploit you found or the journey you took studying a topic. Just explain stuff to other people in a simple way and share it.

  • Study For Certs

    • There are tons of Security related certs that you’ll learn oodles of concepts through studying for. Sec+, CEH, OSCP and others come to mind. Study for em, share what you learn online.

  • Talk to people already working in the field

    • You can find these people in Facebook groups, X, BlueSky, and other social media apps. Get involved and network with these people. Share knowledge and tips, network and find a friend and a new job.

All of the above isn’t guaranteed to get you a security job and the experience I and many others had looking for a job during the ZIRP-era is definitely biased because the economy was absolutely ripping then.

But skilled, curious people are always needed and will always get hired. And the ones who try will always have a leg up on the ones who don’t try.

So don’t get discouraged in your job search and don’t let internet randos dissuade you from trying because thy want to gate keep their made up job title.

✌️

Stetson

PS:

Check out today’s newsletter sponsor, codeium:

Unlock Windsurf Editor, by Codeium.

Introducing the Windsurf Editor, the first agentic IDE. All the features you know and love from Codeium’s extensions plus new capabilities such as Cascade that act as collaborative AI agents, combining the best of copilot and agent systems. This flow state of working with AI creates a step-change in AI capability that results in truly magical moments.