SE Labs CTO Stefan Dumitrascu offers some words of advice and encouragement to those considering a career in cybersecurity. And to those who may not think that they can do it!
Are you considering a career in cybersecurity? What does it take? A degree in computer science? A bag of certifications? A laptop full of stickers and a body full of tattoos and piercings? Depending on who you talk to, and which Twitter accounts you follow, you might believe you need all the above. But that’s not (necessarily) true.
Attacking the problem
At SE Labs we test security products by attacking through them, like real attackers. We are red-team testers, which means we must know how to behave like bad guys such as cybercriminals. And as our business grows we need to find people to join us.
In the middle of the COVID-19 pandemic, we saw a huge increase in the number of applicants for positions as testers at SE Labs. I want to try to shine a light on our approach to recruiting new members to our team. This article will not answer questions such as, “which certifications should I get?” However, if you would like to get more insight into what you can do to stand out during a recruitment process and your probation period, I hope you will be able to have a couple of takeaways to help in your next interview.
First, a bit of SE Labs team history. We started SE Labs with 7 permanent staff members in 2016. After the pandemic allows us to return to our office, we will have 16 people in the now dusty chairs, with a few more working from outside of London (and even the UK). This takes our total somewhere closer to 20 in 5 years of SE Labs operation.
I hope that my experience in building our team can help you when considering a career in cybersecurity.
A shiny piece of paper or a personality?
Throughout the years we have been slowly adding to our team, with the biggest consideration being our “corporate culture”. While I am using a bit of a buzzword, the main point that I often discuss with our Head of HR is “How well will they fit into our team?” We have had experience with candidates that appear to have all the qualifications in the world but, without having developed good communication and teamwork skills, it led to a highly ineffective onboarding period.
Fairly early on in our company history we developed a “soft rule” that people skills are more important than having a piece of paper with a BSc in Computer Science. We can train your technical skills quite quickly, but developing someone’s character and interpersonal relationships can take years, if it’s even possible! This leads on to my second key point.
Attitude is so very important in a world where so many people can show up with a computer science degree. Even more important is proven attitude. You say you are self-starter? Show me that you can use the numerous resources online to develop yourself. To anyone who wants a career in cybersecurity and fears a lack of technical skills, I say this. There is a huge number of free (or very low-cost) resources online to help you get started and even work towards more advanced skills, whether that would be penetration testing or malware analysis.
By using these resources, you develop your technical skills in a way that is usually more up to date and practical than what you will achieve at some universities. It also shows me, as an employer, that you are willing to invest your free time in developing yourself.
Practice for free
A quick side-point here: this also make us more willing to invest in higher-end certification training for you. Looking up YouTube tutorials and practicing in a safe virtualized environment at home is a great idea. Cheap, free options that I recommend include platforms like TryHackMe and HackTheBox. These have subscription-based models with guided rooms.
You can even use our own blog to learn how we test.
Cybersecurity is one of the ‘easiest’ careers to get started in. I am not saying that the actual learning process will be a doddle (if it is then you are probably not challenging yourself) but the number of resources online is quite astounding, and you are often using the same resources that real professionals use in their work.
Back to my point about attitude. There are ways like I mentioned above, where you can show both in your CV or covering letter that you have applied yourself to this as a career. To carry this on as my last point, the attitude you show in your interview and in your starting months is so very important. Those who come across as “I know everything, I’ve already learnt this at university” will have a shock.
The best thing about cybersecurity is also the worst thing about cybersecurity. It is always changing. Your challenges will always shift, and you cannot ever get too comfortable or you will fall behind.
Education, education, education!
To close this out, I will have a small rant about the education system in the UK. Pathways in cybersecurity are often unclear and a lot of the students going into higher education really don’t know their options and what they can do to acquire the right skills for this. While we have seen this slowly shift, there is still a severe lack of awareness in secondary education students. We need more programmes to show the wide range of skills required in this industry.
As a company we are trying to fix this by going into schools (when they aren’t closed in lockdowns) and holding workshops about cybersecurity, as well as attending career fairs as much as we can. The stereotype of the skinny nerd that Hollywood likes to sell really does not help here. If you like to solve problems and be creative, then this can be a career for you. To be clear, I am not suggesting that if you like dance, cyber security will give you that opportunity. I am referring to being creative around solutions to a problem or your way of thinking. There is usually more than one way we can approach an issue.
If you are considering a career in cybersecurity, no matter what your background is, I hope you were able to take some points away to help you get going and stand out in your next application. We have had 5 new hires since the start of the first lockdown in March last year. Only one of them had a degree in computer science. In the last recruitment period, earlier this month, our top 2 candidates had a background in English Literature. Please take a dive into this field. You might just like it.