Analyzing Own skills vs job ad

Author: Stefan Waldvogel

How do you really know if you can do the Cybersecurity job or not?

​ If you read the job description, you get an idea and a feeling, but it might be not enough. Match your skills with the text side-by-side. Go step-by-step, each bullet point counts. You need two things: 

• How much knowledge do you have for this role in %
• How you like the activity in %

In the end, you get an idea if you are a good fit for the role or not. If you want to apply for multiple roles, you can compare them with "numbers".
​
Here, I picked the Security Advisor role to see a new job.

1. Do you have communication skills? You have it if you talked to a customer before. This skill is not technical. In my case, I was a "project manager" and had to talk a lot and organize meetings. 100%/100%
2. This is about building relationships. Do you like people and their business requirements? It is also about curiosity, and you have to be interested in other things. I traveled two times around the world and want to see, learn and understand new things. 100%/100%
3. This is a technical skill. This is an advisory role and you can perform a penetration test? Cool stuff to grow. With eCPPT, I can cover this area. 100%/100%
4. It is not written, a solution does not mean to patch it right now. Here, it is about creativity and understanding. You need both to fix a problem. In the past, I repaired aircraft’s and troubleshooting with talking to pilots was a huge part of it. 100%/100%
5. Here you need presentation and writing skills. I am not sure if I am qualified enough for such a job, but I will try. My English is limited (especially when I am nervous) and even so, I take lessons every week, it is not possible to reach native English level. 70%/100%
6. This is again helping others. You use your knowledge and build a team with the customer. You as a pen tester are a team member and the goal is to fix problems together. 100%/100%
7. This is a substantial part. Usually, it is expected, but if it is part of your job description, you will get a lot of support. Use Twitter and other resources to stay up to date. Expect an interview question about this topic. At the moment 80%/80%, because I do not read enough.

1. Here you need Wi-Fi skills. Kali has some tools pre-installed. Most pen test courses use aircrack-ng but “fern wifi cracker” is easier to use because it offers a GUI. I have it, I am fine. 100%/100%
2. This is a very wide field and if you use Kali / Parrot / BlackArch together with courses or played on platforms, you have this skill set. I have eCPPT and Purple Labs; I have this requirement. 100%/100%
3. It is easy to get the basics in web application pen testing and it is free. Portswigger academy is a good starting point. I have INE’s WAPT course and finished it to 90%, therefore I cover the basics. 90%/80%
4. SET is a common tool, but I guess it is more about talking to customers and teaching. If you know the techniques, you can teach others. It was part of multiple courses, not a problem. 100%/100%
5. This topic has a lot to do with research. Each OS is huge, and it is not possible to know all. I worked on Windows Server and Linux; I am fine. 90%/100%
6. This is my weak point, I can read code and bug fix code, but I am not a programmer and it is one of my least favorite activities. 60%/50%
7. Same here, I can work with code, but code creation is not my strong side. 60%/50%
8. This is a great topic. Here you work as a translator between the technical folks and a customer. If you can create pleasant pictures (e.g. draw.io) and you can translate complicated words in easy-to-understand sentences, you are fine. I worked as an admin and did a lot of help-desk activities; I am fine. 90%/100%
9. Travelling is wanted. I have to buy a car, but I am in America, that is fine. Additionally, I traveled multiple times around the world so this is not a problem even if it is outside of America. 100%/100%

It is not necessary to have 100% everywhere. Usually, you can apply if you have 50% to 70% of the wanted skills. If you have 100%, you are over-qualified. For this job, I might be over-qualified, but if I can grow in this company, why not start in an "easy" role?
 
This job description gives you a lot of details and it is easy to see if you can do this job or not. Many times, job ads are copy paste and the real job has not much to do with the description. To mitigate this problem, you can ask people in the target company.

I know a lot more about this company because I follow some people on YouTube and talk to them. I know what is behind their products and where I can learn the tools. It is a hidden tip: If you want to work for a specific company, talk to the right people and this will give you a massive advantage over other applicants. If you go to an interview and you know their products and how to use them, it is way easier for them to teach you the rest. Additionally, you speak the same language.

Additional things to do:
A job is not just a job, you have to like the job and the people. If you pick a role, make sure you like the packet. If you have the right skills, it is not so hard to pick the right job.

Next: Dealing with poorly written job ads

© 2021. This work is licensed under a CC BY-SA 4.0 license​