On 16 November, CISSE UK ran a well-attended Cyber Security Education and Employability Forum in collaboration with the The Open University. This forum explored:

• Routes into Cyber Security Education and becoming a cyber security lecturer.
• CyberFirst’s approach to improving access to cyber careers and improving diversity.
• The Open University’s work integrating industry certifications (EC-Council’s CEH) into their new Systems penetration testing module.

I enjoyed speaking about Cyber Springboard (slides), why I created it, and how it might help you to build and evidence the skills to get a job in cyber security.

One of the most interesting aspects events like this is hearing from students. In particular, questions around moving into careers in cyber.

A few of those I enjoyed discussing are paraphrased below.

I am changing career and am completely new to cyber security. How can I improve my chances of becoming employed after I graduate?

Suggestions here included:

• Work out which areas are interesting to you, learn about them and practice talking about them.
• Build practical skills and evidence them, whether using Cyber Springboard, GitHub or many of the other learning platforms. Link to this on your CV. Understand how these skills are used to solve problems.
• Work out which job roles are most interesting to you, identify tools or technologies these roles require, and build experience in these tools.
• Mention the practical skills, tools and evidence on your CV.
• Ensure you have a clear story about yourself, your skills and interests, and where you might like your career to go.
• Tailor this story to the jobs you are applying for.

I have experience working with different IT systems. Is a career change into cyber security feasible?

Yes. Systems administration is a valuable skill, and gives you insight into how the underlying systems work. It also gives experience of the socio-technical system, how vulnerabilities may be introduced, and how to work within an organisation to secure their systems.

Consider which areas of cyber you are most interested in, and how to build upon what you know into skills in these areas. For example:

• Using DevSecOps tools to automate builds, deployments and vulnerability scanning.
• Configuring network monitoring or intrusion detection and prevention systems.
• Building on bash or PowerShell scripting experience and developing wider programming experience.
• Gaining penetration testing experience or a qualification in this domain.
• Building AWS or Azure IAM experience.

Does the title of your degree matter?

This depends on the role and the organisation you are applying to. Some organisations may reject candidates where the degree title doesn’t match their job advert’s requirements during their initial CV sift.

I think what is more important than the title is how you communicate the skills you have learned, and the materials covered during, and outside of, your degree.

For example, if you’re on a BCS-accredited Computer Science degree, or an NCSC-accredited Cyber Security degree, a hiring manager will have some expectations around what the degree will have covered. This will not be the case if your degree title is unusual but still covers computer science or cyber security topics. Here, it can be helpful to clearly state relevant modules, for example, data structures & algorithms, programming in python, as well as your scores. This can save reviewers considerable time and increase your chances of getting interviewed.

Make it as easy as possible for the reviewer to do their job. You might include links to public evidence of your skills, such as your GitHub or Cyber Springboard portfolio. Note that Applicant Tracking Systems (ATS) may not provide reviewers with the original document. Links may be removed. Including your username alongside an icon can help the reviewer in these situations.