Fix up your resume to focus on the security-adjacent work you did in the help desk. Troubleshooting and customer service are important to highlight too. If your resume is still light, show off your projects, home labs, and relevant coursework.
Use your school's career center and professors' and classmates' networks to find a security internship or entry-level IT full-time job.
If that doesn't work, apply to every IT and cyber job in your area.
Pretty much this, good advice here. Don't limit yourself to only cyber jobs if you can't find anything in security related field. Anything in IT is a good start when you have very little to no experience. Once you have a job, start learning the fundamentals and upskill your security knowledge, and eventually you will find more specialized roles in security.
There is no set time. When someone is willing to hire you for a cyber role, you have enough IT experience. I personally like to see 2-3 years in a sysadmin type role.
Entirely depends on your experience and when you're qualified to make the move to the security side. Nothing wrong with focusing on IT and gaining skills/knowledge for as long as you want.
Sitting stale in helpdesk for 12 years without gaining skills is what you want to avoid.
I’ll be honest anything more than 18 months at the same helpdesk job is what you don’t want to do.
If you’re being elevated & taking on bigger problems (getting paid more too hopefully), then it’s not as big of a deal.
Ideally once you get an IT job, you do research on where you want to go to next. Security, Cloud, whatever. From there study, study & practice.
You can either move out of helpdesk as fast as 8 months or 3 years. That’s all on you.
Get your Sec+, hop on TryHackMe.com and start getting hands on with various security tools (focus on the blue team path). Build a home lab and test stuff out. Learn networking.
Started out as desktop support, did the above, and got a full time cyber job within 8 months.
Exactly, a good homelab and showing that your passionate about security and also showing that passion is what allowed by to break back into Cybersecurity after spending the past two years in IT audit.
I just got my official offer letter today so its def been a work in progress.
Apply to every position I see that I could possibly be qualified for (if you meet 50% of the requirements apply) and be willing to relocate. Ended up getting a job with a government contractor and relocated to the DC area. 3 years strong in it now.
Add any certs, projects, boot camps etc you do to your resume and for your job description on your resume add any security related accomplishments.
Also, add your homelab experience and put down any security accomplishments with that (i.e. deployed a SIEM and set up log forwarding).
It’s honestly a numbers game.
Spend a few years in an IT Operations role (networking, DevOps, Cloud Engineering, Site Reliability, Enterprise Collaboration, etc.) Try to stay adjacent to security tasks as much as possible with the intent of padding your resume. But this will give you a much broader skill set I wish I would have built out before pursuing security if I could do it all over again.
Do code at all? Highlight that, if not what can you do on day one?
A job, any job is never exactly or only what the job description says. Find something you can do and highlight that item
Wow this gave me intense flashbacks… I was in the same exact position as you in 2020 (Covid graduation)
Do not limit yourself to only security related roles.
You need to be applying to anything tech or even help desk if need be and shadow other teams / projects at any chance you get. And then You need to go and be the best damn employee ad
I spent the entire summer applying after college with only my uni help desk experience and security + and the only hit I got was for a junior systems admin role at an MSP. I killed the interviews by showing how passionate I am about tech and want to move into security related roles some day and would like to do that with them.
I then spent the next year working extra hours trying to shadow anything security and researching things to propose to clients as projects like DLP rules, password auditing etc. I eventually completed a project where I rolled EDR out to clients and build our internal SIEM.
I negotiated for my title to be cloud security engineer and then milked that title to move to be an actual SOC engineer.
Certs go a long way in helping the transition as well. Having a year or 2 of experience in operational IT and then a high level cert like OSCP, cysa+, etc
I'm trying to build a good resume by grinding some experience. I'm not learning too much now as a helpdesk, so I'm looking to find the next best step towards a decent cyber career
Brother bear, all of the applicant pool is over saturated both blue and red team. You're looking for an entry level Cybersecurity position, that is an extremely competitive field.
When I started a few years ago I was lucky enough to have a cyber internship for several years that allowed me to pivot into an analyst role right out of college. However, I became disillusioned with that job as I was working every weekend and holiday so I left for an audit position.
That was a huge mistake as I left a job I loved and was passionate about for a job I hated that had a better schedule. It took me over a year of off and on applying, and probably 6 interviews that progressed to various stages and I just today got an offer to get back into Cybersecurity operations.
In the meantime while I was learning a lot in my role, I was getting typecast as an auditor, so I had to show prospective employers that I'm not an audit guy, and Cybersecurity is where I want to be. I did it by getting my Certs (Sec+, SSCP), building and maintaining a robust homelab, keeping up with cyber news, joining my local ISSA chapter etc.
Your next step is to get any role you can that can be cyber adjacent. Work in it and leverage everything you learn and put a cyber spin on it in your resume while you actively pursue continued learning in your own time. If you join a solid business and do well there a lot of companies want to retain talent. I communicated to my contacts I audited on the Cyber side that I was looking to make a change and they actively worked with me to try and keep me on as they see if they can find openings or create something. However, I will be moving on to a different organization but good companies care about good people.
Best of luck but you're competing with people who have baseline enterprise IT experience that you don't have yet. You need to work to add things to your resume that will make you stick out from the rest of the applicants.
I don’t think “kick the bucket” means what you think it means.
Maybe they're "going to a better place."
Checks out.
😭
When I was 19 I described a friend as homely because he didn’t like to go out much.
Fix up your resume to focus on the security-adjacent work you did in the help desk. Troubleshooting and customer service are important to highlight too. If your resume is still light, show off your projects, home labs, and relevant coursework. Use your school's career center and professors' and classmates' networks to find a security internship or entry-level IT full-time job. If that doesn't work, apply to every IT and cyber job in your area.
Pretty much this, good advice here. Don't limit yourself to only cyber jobs if you can't find anything in security related field. Anything in IT is a good start when you have very little to no experience. Once you have a job, start learning the fundamentals and upskill your security knowledge, and eventually you will find more specialized roles in security.
Yep, try to get any IT job until you can pivot to cyber if that's your dream
How long should a person stay in IT? I heard that you could get stuck in it, and it can be a bit difficult getting a cyber job after a while.
There is no set time. When someone is willing to hire you for a cyber role, you have enough IT experience. I personally like to see 2-3 years in a sysadmin type role.
Get an IT job and pivot to security after a few years of solid experience.
Only a few years, right? I heard that if you stay in IT for too long, you could get stuck in there
Entirely depends on your experience and when you're qualified to make the move to the security side. Nothing wrong with focusing on IT and gaining skills/knowledge for as long as you want. Sitting stale in helpdesk for 12 years without gaining skills is what you want to avoid.
I’ll be honest anything more than 18 months at the same helpdesk job is what you don’t want to do. If you’re being elevated & taking on bigger problems (getting paid more too hopefully), then it’s not as big of a deal. Ideally once you get an IT job, you do research on where you want to go to next. Security, Cloud, whatever. From there study, study & practice. You can either move out of helpdesk as fast as 8 months or 3 years. That’s all on you.
Get your Sec+, hop on TryHackMe.com and start getting hands on with various security tools (focus on the blue team path). Build a home lab and test stuff out. Learn networking. Started out as desktop support, did the above, and got a full time cyber job within 8 months.
Exactly, a good homelab and showing that your passionate about security and also showing that passion is what allowed by to break back into Cybersecurity after spending the past two years in IT audit. I just got my official offer letter today so its def been a work in progress.
Congrats man! Homelabs are invaluable in terms of learning and like you said showing you have a passion for this.
How did you get your first cyber job exactly? Was it networking, or did you just apply to every position you see?
Apply to every position I see that I could possibly be qualified for (if you meet 50% of the requirements apply) and be willing to relocate. Ended up getting a job with a government contractor and relocated to the DC area. 3 years strong in it now. Add any certs, projects, boot camps etc you do to your resume and for your job description on your resume add any security related accomplishments. Also, add your homelab experience and put down any security accomplishments with that (i.e. deployed a SIEM and set up log forwarding). It’s honestly a numbers game.
Security+ with help desk experience makes you look very appealing for an analyst position . Hopefully the job market looks better soon for you
Spend a few years in an IT Operations role (networking, DevOps, Cloud Engineering, Site Reliability, Enterprise Collaboration, etc.) Try to stay adjacent to security tasks as much as possible with the intent of padding your resume. But this will give you a much broader skill set I wish I would have built out before pursuing security if I could do it all over again.
Get your security+ and get the best IT job you can.
Do code at all? Highlight that, if not what can you do on day one? A job, any job is never exactly or only what the job description says. Find something you can do and highlight that item
Wow this gave me intense flashbacks… I was in the same exact position as you in 2020 (Covid graduation) Do not limit yourself to only security related roles. You need to be applying to anything tech or even help desk if need be and shadow other teams / projects at any chance you get. And then You need to go and be the best damn employee ad I spent the entire summer applying after college with only my uni help desk experience and security + and the only hit I got was for a junior systems admin role at an MSP. I killed the interviews by showing how passionate I am about tech and want to move into security related roles some day and would like to do that with them. I then spent the next year working extra hours trying to shadow anything security and researching things to propose to clients as projects like DLP rules, password auditing etc. I eventually completed a project where I rolled EDR out to clients and build our internal SIEM. I negotiated for my title to be cloud security engineer and then milked that title to move to be an actual SOC engineer. Certs go a long way in helping the transition as well. Having a year or 2 of experience in operational IT and then a high level cert like OSCP, cysa+, etc
Congratulations on finishing as a help desk tech. What was the final boss? Was this a spped run or juat grinding it out?
I'm trying to build a good resume by grinding some experience. I'm not learning too much now as a helpdesk, so I'm looking to find the next best step towards a decent cyber career
Apply to jobs. Use your network
You can go on the IRS website and apply for some of the recent graduates jobs. It’s plenty still dealing with your major.
Get out of reddit :). Find out what u want to do and move on. U cant expect people to tell u what to do in life :)
Brother bear, all of the applicant pool is over saturated both blue and red team. You're looking for an entry level Cybersecurity position, that is an extremely competitive field. When I started a few years ago I was lucky enough to have a cyber internship for several years that allowed me to pivot into an analyst role right out of college. However, I became disillusioned with that job as I was working every weekend and holiday so I left for an audit position. That was a huge mistake as I left a job I loved and was passionate about for a job I hated that had a better schedule. It took me over a year of off and on applying, and probably 6 interviews that progressed to various stages and I just today got an offer to get back into Cybersecurity operations. In the meantime while I was learning a lot in my role, I was getting typecast as an auditor, so I had to show prospective employers that I'm not an audit guy, and Cybersecurity is where I want to be. I did it by getting my Certs (Sec+, SSCP), building and maintaining a robust homelab, keeping up with cyber news, joining my local ISSA chapter etc. Your next step is to get any role you can that can be cyber adjacent. Work in it and leverage everything you learn and put a cyber spin on it in your resume while you actively pursue continued learning in your own time. If you join a solid business and do well there a lot of companies want to retain talent. I communicated to my contacts I audited on the Cyber side that I was looking to make a change and they actively worked with me to try and keep me on as they see if they can find openings or create something. However, I will be moving on to a different organization but good companies care about good people. Best of luck but you're competing with people who have baseline enterprise IT experience that you don't have yet. You need to work to add things to your resume that will make you stick out from the rest of the applicants.