This is a presentation I gave to a St. Louis org to help first-time security professionals land a job in the field

1. CyberUp
Getting your first cybersec job
David Strom
blog.strom.com
March 2023
(slideshare.net/davidstrom)

2. Who am I
• More than 35 years of B2B tech journalism,
written 3 non-fiction computer tech books,
magazine editor
• Started in IT back in 1982 and worked for
both government and private industry
doing end-user computing
• Spoken around the world at numerous
computer and business conferences, back
when that was a thing.

3. The process
• Understand the job market
• Build your brand
• Decide on education path
• Go to a couple of conferences
• Get an internship, find a mentor

4. Understand the job market
• What types of cybersec jobs are out there?
• Blue team – people who defend the infrastructure
• Red team – in-house people who attack things to find
weak points
• Audit/compliance/governance teams

5. Blue team Red team
• Security analyst
• Forensics
• Incident responder
• Security engineering roles
• Identity and access management
• Pen tester of various kinds
(network, physical entry, security
operations)
• Vulnerability researcher
• Malware analyst

6. Build your
brand
• Use one of these tools
(Knowem.com,
domains.google)
• Start and maintain a
Wordpress blog
• Set up all the various
social media IDs as well
as work religiously on
your LinkedIn bio

7. Decide on your
education path
• Online classes in computer science/cybersec (here are
three of the best ones) 
• Read my article in Computerworld on how to pick the
right class

8. Look into coding academies

9. Provider/Link Cost Other certifications to consider
COMPTIA Security+
$390 for 90-minute test
Penetration testing, cybersecurity
analyst and general IT courses
too
EC-Council Certified
Ethical Hacker (CEH) $1200 for four-hour test
More than a dozen cybersecurity
specializations including disaster
recovery, penetration testing
ISACA Certified Info
Security Manager (CISM)
$760 for four-hour test for non-
members but significant discounts
for members, study materials extra
Courses on risk management,
data privacy and auditing
ISC2 Certified Cloud
Security Practitioner
(CCSP)
$549 for four-hour test
Also offer numerous other cloud-
based security classes and boot
camps for above tests
Offensive Security
Penetration Testing
$800 for a one year subscription
Three different levels, other
certifications in web apps and
devops
SANS Institute Network $8,000 for in-person instruction at Dozens of courses covering a

10. Go to a couple of conferences
• ‘cons (including Black Hat/DEFCON in Vegas in August)
• Local STL cyber events
• Try one or two Bsides in different cities
• Join a capture the flag team and give that a go too
• Contribute to your favorite open source projects

11. Get an internship, etc.
• Choose a niche narrow enough
that you can conquer it
• Figure out what you are missing
and find the right mentor
• Avoid known bad employers
• Learn how to do people
networking, even if you are an
introvert

12. Other things worth reading
• My blog for Avast gives some perspective on different kinds
of jobs available in cybersec
• Daniel Meissler -- How to build a cybersec career (has a
great discussion on which certifications matter)
• How Walmart does cybersec (an in-depth look)