CYBERSECURITY JOB HUNTING GUIDE
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  CYBERSECURITY JOB HUNTING GUIDE

Cloud security

Author: Stefan Waldvogel
​
​Editor: Shana Wejuli -reserved-

Cloud offers high salary and a lot of jobs

Cloud has a lot more jobs than Cybersecurity, which is why I highlight cloud. It is the big hidden hype, and you can earn more money with it. Do you look for internships in Cybersecurity? Currently (Feb 2021), the US offers 1350 internship positions, and in the cloud are 2270 open positions available. What about jobs? We have 244,000 open positions in the cloud, and in Cybersecurity, we have 67,000 open jobs.
I used LinkedIn to get these numbers, but the difference is enormous. Both fields are close together, and people do not consider cloud-based jobs.

Are you interested? Know, you can learn cloud knowledge for free. Microsoft Azure is the second biggest player, and Microsoft offers free virtual training. If you attend the course, you get a free AZ-900 voucher (https://www.microsoft.com/en-us/trainingdays). Do you like it? You can go for AZ-104 (Administrator) and AZ-500 (Security). The knowledge is free with https://docs.microsoft.com/en-us/learn/certifications/exams/az-104 (scroll down) and the official GitHub (https://github.com/MicrosoftLearning) with all the videos and labs. Microsoft’s certifications are not expensive. A certification voucher is $165, but if you lot your job due to COVID, you can schedule an exam attempt for $15.

You will need at least 2 to 3 months for one certification if you practice a lot. Do all modules and all GitHub labs and later search for practice questions.
AWS is similar. The training is free (https://aws.amazon.com/training/), and the exam vouchers are not that expensive (~$150).
Compared to Cybersecurity, you can save a lot of money.
Picture
AWS has more jobs. It is up to you to research because I do not know much about that field and the paths. Cloud is vast, and there is much more to discover.

Why is it “easy” to start with the cloud? The reason is simple, the cloud is new, and few know enough. Many Network- and System admins switch their careers to Cybersecurity, but the cloud is “unknown”. Cloud is not hyped, even, so the salary is high. In the cloud, you do not compete against many people. Few people have ten years of work experience in the cloud, but many have 10 or 20 years as a Network admin.

I took AZ-500 (Azure Security) for this reason because it gives me an immense advantage over “Network- / System-admin only” people, and cloud knowledge increases the paycheck on average between 10 and 20%.​

You want to get an Azure certification for free: https://csc.docs.microsoft.com/ignite/registration/March2021 If the link is outdated, google for Microsoft Cloud Skills Challenge, and many times you can get a certification and the matching training for free.
How to get a Microsoft certification for $15
​

This article is for people with little money and without a current job. At the moment, Microsoft offers a lot of discounted certifications. You can find the list here: https://docs.microsoft.com/en-us/learn/certifications/skillingoffer

The pricing and rules
The certifications are $15 (Schedule for USD15), and the standard price is $165 (in the US).
Picture
What do you have to know:
  • ​The $15 exam is online only. You need a closed room, a stable internet connection, and you must use a particular browser, no books or pencils, and other things. Microsoft is stringent. Read the rules before you buy the exam. The rules are here:
  • ​https://home.pearsonvue.com/Clients/Microsoft/Online-proctored.aspx#collapse553
  • The $15 offer is a special Covid offer, and you can take it if you lost your job or do not have a job due to Covid. The exact rules are this:
Picture
Microsoft does not ask you for evidence and the wording economically displaced is a broad term. 

Find the right exam
This is your part, and it is impossible to recommend a specific exam or topic—research about open jobs in your area.
This task will take a while because Microsoft certifications are role-based, and it is very confusing if you do not know what you are looking for. Here is the overview: https://docs.microsoft.com/en-us/learn/certifications/

As a beginner, an option could be the administrator path (Azure or Microsoft 365). Use your LinkedIn connections to ask people about the best certification in your area.

Study the materials
Usually, if you study for an exam, you need to buy the training. Microsoft is different. Of course, you can buy courses (ITProTV, udemy, etc.) but in my opinion, this is unnecessary. You can use the excellent official course material for free.
  • Microsoft learn (official): https://docs.microsoft.com/en-us/learn/
  • Microsoft docs (official): https://docs.microsoft.com
  • Microsoft GitHub (official): https://github.com/MicrosoftLearning
These three links offer you everything that you need to know. Some courses on GitHub have video links in them. One example: https://github.com/MicrosoftLearning/Lab-Demo-Recordings/blob/master/AZ-103.md
​
Alternative resources:
  • YouTube: You find a ton of free materials
  • Google: This is important if you want to take the exam to get some practice questions
The way to knowledge
  • The following pictures give you an idea about how you can approach a Microsoft exam.
Picture
Important:
People focus on the exam, but the actual goal is knowledge. My advice is: Do not focus on the exam! You want to work with that knowledge. Microsoft exams are “easy” because you can find many very realistic practice questions. Focus on gaining helpful knowledge and hands-on. During the first two or three months, do not think about the exam.

Things to know about hands-on
Start with the basics and use your knowledge practically. One example: You learned Azure Active Directory. Great! Now, it is time to spin up an own lab in the cloud and build an Active Directory environment. Use google and the docs to create your lab. You might think: This takes too much time, but if you are going into an interview... you can talk about your lab, what you learned, the mistakes, and more. Impress your interviewer, and you can beat many competitors (especially cert warriors). You are ready for a job!

Microsoft offers free sand-boxed labs. You need an MS account, and you can do a lot of things for free. Microsoft pays for these special labs, and you can learn a lot.

Other things to know.
If you are a student, use your *.edu email to your advantage. Microsoft offers a free Win 10 edu version (with hyper-V), a free Office, reduced exams, and much, much more. This hint is valid for many companies, and the *.edu address opens you a lot of doors to free stuff.

Exam study time
Think about this after you finished all GitHub courses and the related learning path, not before! Google for practice questions, BUT... be smart!
Do not learn them like: This is A, this question is B, etc... Honestly, you can pass the exam like this, but it does not make much sense. Squeeze out each question and try to understand every single bit. Many exam questions are “real” scenarios, and the knowledge is essential for your career.
​
Another hint: Do not trust the answers... Some answers are wrong, and you can learn a lot if you read the comments.

You can take a Microsoft certification in 2 weeks, a month, or less... but you shouldn’t. The following picture (again a cloud example) points out why:
Picture
Can you learn so much in a month? Unlikely... If you have a certification, a future employer expects you to use the knowledge and do your job.

Exam time
The special Microsoft offer is valid until further notice. Watch some related youtube videos about the exam, and you can do the proper preparations in advance.
Read the rules, find a quiet place and knock out the cert. Take your time and study every day for at least 2-3 months.
​
Good luck, and do not become a "cert warrior"!

The pen tester option
If you want to add pentester knowledge about cloud, Pentester Academy offers some boot camps for Azure and AWS.
The price for each boot camp is about $500 but much cheaper compared to similar SANS courses.
Website: bootcamps.pentesteracademy.com/
Sometimes BHIS offers similar courses.
Next: Financial advice
© 2021. This work is licensed under a CC BY-SA 4.0 license​