Cybersecurity Certs are Dead

Cybersecurity Certs are Dead

After you look through hundreds of resumes from certification factories (people who get one certification after another), they all seem to blur together. This is Cybersecurity Certs are Dead?

"How many certs do I need?"

or

"What kind of certs do I need?

The question comes up again and again, and I'm here to tell you that cybersecurity certifications are dead. They won't make you stand out anymore. While they are great achievements, they don't make a hiring manager scream, "THIS IS THE ONE."

Two things will make you stand out:

1. A strong personal brand, and

2. Hands-on experience

A strong personal brand

A hiring manager will review a resume before the interview. Before they know if you have hands-on experience, you have to make them want to email you back. Your two-page resume should scream, "You know you want to talk to me."

A link to your blog should be at the very top of your resume. If you have a link there, the hiring manager will click it and briefly scan your blog to see what you've been up to.

Your blog should be personable. Against conventional advice, it should show your personality. You should write in a language that is natural to you and avoid sounding too formal.

Your blog should have walkthroughs and how-tos of labs you've done here at Cyber NOW®. Pick one of the dozens of labs and write your version. Change it up some, give credit to me (please), but do it.

Your blog should also contain reviews of Jump-start Your SOC Analyst Career, SOC Analyst NOW!, and any other training you've done. Write about how you felt the training went, what you learned, and how you will apply it to your career.

Your blog should be about your journey to becoming an SOC analyst. Write about your successes and failures. Be honest about areas where you can improve by writing about your shortcomings and what you're doing about them. Write about how difficult it is to land a job in cybersecurity, but it means so much to you.

In addition to your blog, you should be attending local meetups. Places like Def Con groups, OWASP, 2600, BSides, hackerspaces, makerspaces, and any conventions that are nearby. Get out of the house once or twice a month and do this. You should find opportunities to present and volunteer at these meetups. There should be a section at the bottom of your resume for Volunteering/Presentations/Publications, whichever fits. This should lure the hiring manager into finding out more about you.

You should also create a GitHub page with information about the projects you've worked on, your home lab, and your involvement in the community. There should be a link at the top of your resume next to "blog" that says "GitHub."

You can try teaching by making short YouTube videos or creating a course on Udemy. Udemy requires a lot of work, but it's not as bad as you think. Your goal isn't to make a bunch of money; it's to list a course or training on your resume. Who cares if it's not popular?

These things will spark the hiring manager's curiosity to want an interview.

Hands-on experience

You've got the interview now, and this is when your hands-on experience will shine. Wait? What hands-on experience?

By now, you should have been participating in the Cyber Range here at Cyber NOW® and completed the dozens of projects that we have walked you through. The muscle memory with security analysis will help you answer questions in the interview about how you know if something is bad. The projects give you much experience with system administration and the cloud. These are all topics they might ask you about in your interview.

If you do all of this, you will be recognized as someone who walks the walk and isn't just out to add letters to their name. It's essential to have a few critical certs like the Sec+, even Net+, but more is not better. It's time to change your strategy because the role of certifications and education has changed. The jobs now go to those most qualified to do the work, not necessarily those who could afford a premium education or a bunch of certifications. It doesn't take much money to learn cybersecurity, believe it or not. Be the only one who does a lot more with a lot less; in this declining economy, that is how you will earn the respect of your superiors.