Finding your first cybersecurity job is challenging, even after the certifications and the networking. For many people an opportunity exists a little closer to home. You can find opportunities to transition to a cybersecurity role at your current employer. That first cybersecurity role is always going to involve someone taking a chance on you. However, your current employer would be taking less of a chance, because in many regards you’re a known entity. Finding a role at your current employer may provide the smoothest transition into a cybersecurity career.
Networking is instrumental to finding your first cybersecurity job. When you network internally at your current employer, you have a lot more tools at your disposal. You can use your internal job posting system to determine who the recruiter and/or hiring manager are for roles of interest. Those individuals are much more likely to respond to emails expressing interest from an internal candidate, than from external candidates.
You can leverage your access to your corporate directory to find contact in your company’s cybersecurity teams, with whom you can request informational interviews. LinkedIn—used in combination with your corporate directory—can be a very useful tool for your internal networking.
Everyone who interviews you for your first cybersecurity jobs knows that the opportunity would be good for you. The question you have to be able to answer is, “What benefit do they get out of hiring you?” When you transition to a cybersecurity role in your current employer, you bring a level of insider knowledge that external hires won’t have.
You already understand the culture of the company and know how it operates. You have an internal network, which extends beyond the cybersecurity organization. This can be hugely beneficial, when the cybersecurity teams are working with the business units. It also means that you can speak to the business units in a language they understand. (Business teams’ eyes tend to collectively glaze over, when cybersecurity personnel talk to them using tons of infosec jargon.)
You likely have an understanding of how the company makes money, which dictates which systems are most critical. There are more cybersecurity professionals that you would expect, who do not have a solid understanding of how their company generates revenue.
Internal hires are faster to onboard than external hires. HR doesn’t have to do background checks or run their references. Not only is the “hiring” process faster for internal hires; the technology onboarding will likely also be faster. Current employees would still need to get access to new systems, but someone coming in from the outside could take weeks to fully onboard.
After a year or two in your new cybersecurity role, you’ll be a bona fide cybersecurity professional. You’ll then be set up to advance internally or explore outside opportunities. While you’ll naturally want to explore a variety of potential employers as part of your transition to cybersecurity, don’t forget the most obvious one… your current employer. After all, they already hired you and they undoubtedly have cybersecurity needs. All things being even, they’d probably like to hang on to you.