CYBERSECURITY JOB HUNTING GUIDE
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  CYBERSECURITY JOB HUNTING GUIDE

Calculate and evaluate knowledge

Author: Stefan Waldvogel
​Editor: Jonathan Disla ​https://www.linkedin.com/in/jonathandisla/
Before you pick your career and your specific goal, know the price tag for each piece of knowledge. The price for the same knowledge is between free and expensive. The value of knowledge is different, too.

A side note: Most course providers use a lot of free open-source software for their paid courses. If you pay for a course, most likely you pay for the convenience (it is organized), not so much for unique knowledge. Get your wisdom and knowledge as cheaply as you can. -> That is not what I did, because at that time, I didn't know how to get it for the cheapest price.​
If you work as a Security Engineer, you earn between $70K and $200K, but can you afford the time, the risk, the courses and the certifications to reach it? Few get such a job. My price tag is:

CompTIA:                            $232 + $232 + $338 + $370 + $338 + $370 = $1880
INE + eLearnSecurity:       $750 + $400 + $400 + $400 = $1950
RangeForce:                        $150 to $750 = $150
PurpleLabs:                         $500
TCM Academy:                   $75
Blue Team Security:         ~$100
Microsoft:                             $15 to $165
TryHackMe:                        $30
DroneSec:                            
$1500
CEH:                                    $2400 ← huge mistake, but I was new
FAA: Commercial Drone License: $95

Summery:                             $ 8,695

If you go the same path, you’d spend around $ 6,300 just for certifications and courses (don’t take CEH unless an employer pays for it!). I got a lot of courses and certifications for free, because I did beta testing and much more. This means you can reduce the costs further if you are doing something for a training company. Other paths (SOC Analyst) with less required knowledge are much cheaper and easier.​
Most tech jobs in the US require a degree. An associate’s degree is just about Security+ and Network+ level, but you waste two full years to reach this low level if you take it via Community College… if you have an IT background, it is a waste of time, pick a faster path.

Do you need to copy my way? No, not at all. Use my guide as inspiration to find your own goal with your own bricks. Pick the bricks with the lowest costs and the highest return value. I made some expensive and stupid mistakes, do not repeat them.

​​The next picture shows my bridge to get a job.
Picture
Your bridge looks very different, but the point is, you need some or many bricks. The most important brick is the networking brick (my opinion), it is the top layer, and it does not cost money. Whatever you do, dedicate time to networking.

The next thing you would need is the glue. Bricks alone are not very stable, you need something to stabilize your knowledge. Show your knowledge to other people. Write a blog, post things on LinkedIn, use Twitter, stream on Twitch or find a different way. This has a double effect:
  • First, if you teach something, you have to know the topic very well. Before you create content, you think about the structure and you repeat it in your brain. A sandstone brick slowly transforms into a solid granite brick if you put enough pressure on it. You connect different bricks together and you see how it works as a building.
  • Second, if you show your knowledge, people combine your name with it. A potential employer has a much better idea what you know or not. Let us say a CISO with an open role is following you and sees your posts every week… you apply for a job and he or she sees your name. Even though you have never spoken to the CISO, this person knows YOU. An interview is an hour, but if you write multiple posts or you are good on YouTube, this shows your ability to do the job much better.​
How do you know which brick is useful or not? Which brick has the most value? Scrutinize each brick before you select it for your own bridge. The price and the HR relevance are the two top points.
Picture
The biggest and most expensive brick is the degree brick.
Picture
Here, I picked three paths, but there are a lot more ways. Some Community College work together with universities. You study 4 years at a Community College, but you get a full degree. Without a scholarship, this way is about $40,000. A cheaper way is an online degree. Most universities offer their classes online. Why should you pay for a full university if you get the same via an online university? You can stay at home and learn when and where you want. Heath Adams talks about it: https://www.youtube.com/watch?v=k6bU199s3nQ An online degree at WGU is about $23,000 (3 years).
-> You can cut down the costs further to about 3,000 for a degree.  www.cyberhuntingguide.net/cheap-degree.html

Each city, job and country needs a different bridge. If you are in Africa, India and other areas things are very different. Try to get the free things before you spend a single cent. Under “free resources” I list dozens of free and cheap resources and certifications. The Cybersecurity community is very helpful, you do not need money to build a bridge. Each potential job is different, and each country is different. The only thing you need is time.​
Time is money! Invest time to start your career, I would say the minimum is at least 500 to 1000 hours, but most likely, you have to invest more time to get a job. During this time, you could work for someone else and you could earn $20 or $30 an hour:
Picture
With my old knowledge I would have earned $70K a year, that is $35 per hour multiplied by 3,000 hours = $105,000.

You see, if you spend thousands of Dollars for training and certs, it is nothing compared to this number. How can you lower this number?
​​Start with a different job, but this job should give you a lot of the wanted knowledge. One example:
Picture
This picture points out why it is a good idea to start a Cybersecurity career with a different but related job. If you have a very good employer, they will pay for training, so you can lower the costs further. Study a lot after work, too. Most employers are not willing to educate you, because it increases your value and they do not want to pay you more. If you want to move up your own willingness and effort counts, nothing else. Don’t look at your employer, it is not their job even if they care.
Next: Imposter syndrome
© 2021. This work is licensed under a CC BY-SA 4.0 license​