CYBERSECURITY JOB HUNTING GUIDE
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  CYBERSECURITY JOB HUNTING GUIDE

Analyzing Own skills vs job ad

Author: Stefan Waldvogel

How do you really know if you can do the Cybersecurity job or not?

​ If you read the job description, you get an idea and a feeling, but it might be not enough. Match your skills with the text side-by-side. Go step-by-step, each bullet point counts. You need two things: 
  • How much knowledge do you have for this role in %
  • How you like the activity in %
In the end, you get an idea if you are a good fit for the role or not. If you want to apply for multiple roles, you can compare them with "numbers".
​
Here, I picked the Security Advisor role to see a new job.
Picture
  1. Do you have communication skills? You have it if you talked to a customer before. This skill is not technical. In my case, I was a "project manager" and had to talk a lot and organize meetings. 100%/100%
  2. This is about building relationships. Do you like people and their business requirements? It is also about curiosity, and you have to be interested in other things. I traveled two times around the world and want to see, learn and understand new things. 100%/100%
  3. This is a technical skill. This is an advisory role and you can perform a penetration test? Cool stuff to grow. With eCPPT, I can cover this area. 100%/100%
  4. It is not written, a solution does not mean to patch it right now. Here, it is about creativity and understanding. You need both to fix a problem. In the past, I repaired aircraft’s and troubleshooting with talking to pilots was a huge part of it. 100%/100%
  5. Here you need presentation and writing skills. I am not sure if I am qualified enough for such a job, but I will try. My English is limited (especially when I am nervous) and even so, I take lessons every week, it is not possible to reach native English level. 70%/100%
  6. This is again helping others. You use your knowledge and build a team with the customer. You as a pen tester are a team member and the goal is to fix problems together. 100%/100%
  7. This is a substantial part. Usually, it is expected, but if it is part of your job description, you will get a lot of support. Use Twitter and other resources to stay up to date. Expect an interview question about this topic. At the moment 80%/80%, because I do not read enough.
  1. Here you need Wi-Fi skills. Kali has some tools pre-installed. Most pen test courses use aircrack-ng but “fern wifi cracker” is easier to use because it offers a GUI. I have it, I am fine. 100%/100%
  2. This is a very wide field and if you use Kali / Parrot / BlackArch together with courses or played on platforms, you have this skill set. I have eCPPT and Purple Labs; I have this requirement. 100%/100%
  3. It is easy to get the basics in web application pen testing and it is free. Portswigger academy is a good starting point. I have INE’s WAPT course and finished it to 90%, therefore I cover the basics. 90%/80%
  4. SET is a common tool, but I guess it is more about talking to customers and teaching. If you know the techniques, you can teach others. It was part of multiple courses, not a problem. 100%/100%
  5. This topic has a lot to do with research. Each OS is huge, and it is not possible to know all. I worked on Windows Server and Linux; I am fine. 90%/100%
  6. This is my weak point, I can read code and bug fix code, but I am not a programmer and it is one of my least favorite activities. 60%/50%
  7. Same here, I can work with code, but code creation is not my strong side. 60%/50%
  8. This is a great topic. Here you work as a translator between the technical folks and a customer. If you can create pleasant pictures (e.g. draw.io) and you can translate complicated words in easy-to-understand sentences, you are fine. I worked as an admin and did a lot of help-desk activities; I am fine. 90%/100%
  9. Travelling is wanted. I have to buy a car, but I am in America, that is fine. Additionally, I traveled multiple times around the world so this is not a problem even if it is outside of America. 100%/100%
Picture
It is not necessary to have 100% everywhere. Usually, you can apply if you have 50% to 70% of the wanted skills. If you have 100%, you are over-qualified. For this job, I might be over-qualified, but if I can grow in this company, why not start in an "easy" role?
 
This job description gives you a lot of details and it is easy to see if you can do this job or not. Many times, job ads are copy paste and the real job has not much to do with the description. To mitigate this problem, you can ask people in the target company.

I know a lot more about this company because I follow some people on YouTube and talk to them. I know what is behind their products and where I can learn the tools. It is a hidden tip: If you want to work for a specific company, talk to the right people and this will give you a massive advantage over other applicants. If you go to an interview and you know their products and how to use them, it is way easier for them to teach you the rest. Additionally, you speak the same language.

Additional things to do:
A job is not just a job, you have to like the job and the people. If you pick a role, make sure you like the packet. If you have the right skills, it is not so hard to pick the right job.
Next: Dealing with poorly written job ads
© 2021. This work is licensed under a CC BY-SA 4.0 license​