The Hacker's Cache
The show that decrypts the secrets of offensive cybersecurity, one byte at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.
The Hacker's Cache
#15 From Zero to Hero: How Anyone Can Succeed in Cybersecurity
In this solo episode, Kyser Clark discusses the accessibility of cybersecurity careers, emphasizing that anyone can enter the field regardless of their background. He shares his personal journey from blue-collar jobs to becoming a penetration tester, highlighting the importance of certifications and continuous learning. Kyser provides actionable steps for breaking into cybersecurity, including gaining tech experience, obtaining certifications, and effectively marketing oneself. He concludes by encouraging listeners to remain persistent and adaptable in their job search, reminding them that while anyone can enter the field, competition is fierce.
Takeaways
- Anyone can get into cybersecurity regardless of background.
- Certifications are often more beneficial than college degrees.
- Learning from failure is a crucial part of the process.
- You don't need to be good at math to work in tech.
- Discipline and hard work are essential for success.
- Aggressive patience is key in the job search process.
- Rejections are often due to cultural fit, not skill level.
- Networking and marketing oneself are vital for job hunting.
- Internships are a great way to gain experience.
- Continuous learning is necessary to advance in cybersecurity.
Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
The postings on this site are my own and may not represent the positions of ...
(0:00 - 0:18)
Anyone can get in cybersecurity. It doesn't matter what your background is. It doesn't matter who you know right now.
You don't have to have a college education. No one is born knowing the information. Like we have to learn this.
You have to stay consistent. Discipline beats talent every single time. You're just going in the lab and you just can't seem to get it right.
(0:18 - 2:49)
Like that's part of the process and that's actually when you learn the most is when you fail. You have to keep studying. You have to keep learning cybersecurity.
You can't take your foot off the gas. Hi, I'm Kyser Clark and welcome to The Hacker's Cache. The show that decrypts the secrets of offensive security one bite at a time.
Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you. Hello, hello.
Welcome to The Hacker's Cache. My name is Kyser Clark, host of the show. I've been in the cybersecurity field for over six years now and I currently work with a full-time penetration tester and today I have a solo episode.
Now when I did episode zero, which was the first episode we started zero because programmer logic, I said that hopefully I won't do any more solo episodes. However, I had a little bit of a change of heart and I figured, you know what, a quarterly solo episode would probably do this show pretty good. So I had a poll on LinkedIn, YouTube, and X and the results were overwhelmingly positive in favor of solo episodes every quarter.
People who voted had the option to never do solo episodes. They had option to vote for semi-annually or even annually solo episodes and quarterly solo episodes won by about 90% of the vote. So it's very clear that the people who listen to watch the show want solo episodes every quarter.
So that's what we're going to do in the show moving forward. So once a quarter, me by myself talking straight to you. So with that out of the way, I want to talk about today's subject.
Anybody can get into cybersecurity and what do I mean by that? You don't have to have a tech background right now. You don't have to have a college education, although it certainly does help. And with college, I have mixed feelings because college is one of those hard subjects because college is so expensive and it feels like a lot of people have college degrees.
And I know a lot of people can't afford college degrees. And matter of fact, I couldn't afford college either. That's one of the reasons why I went in the military and I got my education that way.
So if you can't afford college, I definitely understand. And college is definitely a hard topic. But overall, my opinion on college is it's totally worth it if you can afford it.
(2:49 - 3:33)
If you have to go into mass amounts of debt to go to get a college degree, then I would pass for now and then maybe get your college degree later if you need it. If you can afford college, then by all means pay for it. It will definitely be worth it as long as you don't have to go into severe debt to get your college degree.
So that's a light explanation of my thoughts on college. I'll probably do a deeper dive on this topic on my YouTube channel. But overall, that's what I feel about college in a nutshell.
You don't need to have any certifications. There's people in this field that get in without certifications, although they certainly help tremendously. I think certifications are more beneficial than college.
(3:34 - 4:22)
I think certifications, well, I don't think, I know that certifications have been the number one factor when it comes to me landing a position in the cybersecurity field. I wouldn't be where I am today without my certifications. Certifications mean a lot to me.
I spend a lot of time learning, and that's how I learned all my stuff. That's why I tell people to get certifications. A lot of companies and a lot of organizations, hiring managers, recruiters, they all want certifications.
You go to job boards and they list five, six, seven, eight certifications. So certifications are totally worth it. I know they can be expensive and I know not everybody can afford them.
However, if you can somehow muster up the savings for certification, it is worth every single penny. It depends on the certification. Not all certifications are good.
(4:23 - 5:16)
There are some bad ones out there, but in general, certifications are worth it. Next thing I want to talk about is no one's born knowing the information. So everybody in this field, you look at them from the outside.
I'm sure there's some audience members thinking, Kyser knows a lot of stuff about cybersecurity, or maybe you see another influencer or another YouTuber, just people in the field. And you're like, wow, they know their stuff. How do they know all this stuff? And here's the fact, no one is born knowing the information.
We have to learn this. For me, I spent hours and hours and hours, thousands and thousands and thousands of hours learning stuff and failing in the labs and doing a bunch of practice questions to understand the vocabulary. For every certification I have, I have dozens of failed practice tests.
(5:18 - 5:47)
Typically, certifications, especially the multiple choice certifications, I'll probably do seven practice exams and usually I'll fail all seven of them. And then I'm like, all right, hopefully I pass the real exam. And then I'm knocking it out of the park.
But the moral of the story is there's a lot of failure when it comes to learning. So if you are not doing good on a practice test, or you're just going in the lab and you just can't seem to get it right, that's part of the process. And that's actually when you learn the most is when you fail.
(5:48 - 6:39)
The next thing I want to talk about is you don't need to be a math whiz either. So I had this weird belief that in order to work with computers, you needed to be good at math. That was like a common myth back when I was in middle school and high school.
You know, I thought I wanted to be a game developer, a game designer, which pretty much means like a programmer, you know what I mean? And people would just say like other students and maybe even some adults and parents and teachers would just be like, you have to be good at math. I'm like, well, it's not that I'm bad at math, but I just don't like math. You know what I mean? So, you know, once I got past Algebra, I'm like, dude, I don't really want to learn this complex calculations.
And I just thought I wasn't cut out for college. And I thought I wasn't cut out for working in a tech field. So that's a big fat myth.
(6:39 - 9:33)
Do not believe that at all. Like you do not need to know math at all. If you want to be in this field, unless you want to be like someone who works with cryptography and you're trying to make advanced hashing algorithms or something, if you're working on cryptography and hashing algorithms, like on a deep level, and you're trying to make like the latest and greatest hashing and cryptography, then you're going to need to know some math, but you don't need to know math to use those hashing algorithms.
You don't need to be a math whiz to use encryption. You know what I mean? You just have to have an interest in technology, a willingness to constantly learn and discipline to get better every day. And that is the big part.
So as long as you have interest in the field, and you're enjoying what you're doing, and there's going to be times when you struggle and you're like, man, I don't understand this. That's okay. That's normal feeling.
But as long as you study every day, and you try to get 1% better every day, the end results are going to surprise you. So don't worry about learning everything in a short amount of time, just worry about learning a little bit. So I want to jump into my story a little bit here to give you an example of why anybody can get in this field.
And the reason why I want to share my story is because I really did come from nothing. When it comes to cybersecurity and tech, I have zero family members working in tech. I have, before I joined the field, I had zero friends in tech.
And my whole family is mostly blue collar. I do have some family members who work in the service industry and restaurants. But for the most part, most of my family works in the trades.
And that's all I ever knew. My first job, I worked in a restaurant washing dishes. And I slowly progressed to a point to where I could help in the kitchen and actually handle some of the food and serve people food.
I had that job starting at age 16. And I worked there until I was just 19. So after turn 19, I got a job working in an oil refinery as an industrial sandblaster and painter.
And for those who don't know an oil refinery, they're not fun. They're very dangerous. There's tons of pipes everywhere.
They're all extremely hot. And they're all holding liquids that could melt your face off and even kill you on contact. And it's a very dangerous place.
And furthermore, it's a ticking time bomb. Like there's drills on like, hey, if this explosion happens, like you got to go out this gate and all this. And it's a very dangerous job.
And I did that for like four years. Started as a painter, industrial painter, and started doing more sandblasting stuff. I painted all kinds of different hot pipes.
I painted handrails, like the yellow handrails, the safety handrails, so people wouldn't fall off platforms and stuff. I painted yellow curbs and I painted lines on the roads inside the refinery. And I painted a lot of tanks that held these chemicals, these fuels, this oil.
(9:33 - 13:54)
And then eventually I got into a position where I could do fireproofing. And fireproofing is basically material that you put on steel beams. So when an explosion does happen, the structures don't fall down because if a structure falls down, an oil refinery, it's going to be a chain reaction.
So one falls down, blows up, the next structure next to it will also blow up. And then that one will chain react to the next one. And then that one will blow up.
And the goal of fireproofing is to make it to where when the steel beams get to a certain heat, the steel beams don't collapse and cause explosions. So basically it's just a delay of the structure falling down. And it was my job to put the substance on these steel beams just in case these oil refinery elements blew up.
And I also worked in chemical plants, which is basically the same as an oil refinery, just chemicals instead of oil, I guess is the best way to put it. And then after doing fireproofing for a while, they leveled me up to asbestos and lead paint abater. And abater, if you don't know, is basically a fancy word for removal.
So abatement means removal. So I removed asbestos. And for those who don't know, asbestos is an extremely dangerous substance and it causes lung cancer if you breathe in enough of it.
And the problem with asbestos is it doesn't give you lung cancer until 40 years from now. So we'll see if I get lung cancer in the future. That's one thing I'm actually worried about because I have removed thousands and thousands of pounds of asbestos and I've also removed a lot of lead paint.
And that's what I did. I had to wear, I guess, you know, this white suit and I had to wear a respirator on my face. And I did that for 10 hours a day for a few years.
So after like almost five years, you know, I decided I wanted to work in tech, but I didn't know what to do. And I figured I had one option. Oh, I had to go to college.
I thought that was the way forward. Right. And then I was like, well, I don't like school.
I didn't like high school at all. I hated doing homework. And I wasn't, I barely passed my last algebra class to graduate.
And I'm like, I don't think I'll survive in college. And furthermore, I don't think I have enough time for college because at the time, this is a fun fact that I haven't mentioned on the podcast, but I did a lot of Twitch streaming. I did a lot of streaming on games and actually built up a channel that's actually larger than this channel, believe it or not.
So I'm still trying to make this channel become a bigger following than my other Twitch channel. But yeah, that's a little fun fact about me. I used to stream on Twitch.
I had a just under 10,000 followers. I was just shy of 10,000 followers. So it was a pretty big deal, but I ended up giving that up to pursue my cybersecurity career.
It was worth giving up to for sure. But anyways, yeah, I thought, you know, I didn't have enough time because of that. And I had a full-time job.
I worked 40 hours a week and I was, I don't have time for college. And I was like, well, you know what, what if I just joined the military? And that's really something that I decided kind of on a whim. And then I just ended up pursuing it and that'd be in the greatest season of my life.
And when I joined the military, I once again, didn't have any family members that was in the military. Didn't have any close friends. I was in the military and especially the air force.
No, it was all new. You know, no, I knew nothing about the military. I knew nothing about the air force.
I figured, you know, the only thing that I did before I went in was I just got in shape. I just, you know, made sure that I could do a lot of pushes and sit-ups and I can run really well. And that's all I did before I went into basic training.
Ended up graduating obviously and had a whole career. And that's kind of where my story picked up. You know, I talked, I talked about this in episode zero where I was like, oh, I just worked a bunch of jobs.
And then I was like, sorry, I wanted something more. So I joined the military. So if you want the rest of the, of that story, definitely check out episode, episode zero.
And I explained, you know, what I did in the air force and all that. So I'm going to end the story there. And I just want to, I want to sort of bring this back in and talk about how this applies to you and how it applies to you is like I said, you don't need to know anybody in the field.
You don't need to have a support system. No one really was with me when I was on this journey. You know what I mean? Like it was just kind of on my own.
You know what I mean? So if you don't have a support system, you don't really need one. You just gotta, just gotta work hard. And when I say you have to work hard, I mean, you have to work really, really hard to put this in perspective.
(13:54 - 16:53)
The way I broke in the field is, you know, I was in the field as a system administrator in the air force, but I wanted to get a cybersecurity field, which is a little bit different, a lot different actually. And I was like, well, what do I got to do? So, you know, I would get off work. I would do my eight hours at my job in the air force.
And sometimes it was more than that, even depending on the day. But I would, I would spend four or five hours studying every single day. And I mean every single day, including the weekend, Saturday and Sunday.
Now there was a couple of weekends where I would take off, but for the most part, I was every day. And I figured the more I put in, the better result I would have. And when my contract was up and the better position I would be once I got out of the military.
And that, that was, happened to be the case. I ended up landing my dream job as a full-time penetration tester. And I am where I am now because I put in those hours studying and, you know, I got 13 certifications.
I'm working on 14 now and it's a lot of work guys. It really, really is a lot of work. This field isn't easy and it's not a nine to five.
So if you are considering doing the field or even if you're already in the field and you're trying to level up, like you have to put in time after work and you have to get better. You know what I mean? Like I, I do my full-time pen testing job and then I still manage to find time to study outside of work and try to get better. And I, you've seen my streams on Sundays and on Thursdays, my live streams where I do hack the box.
That's a form of studying. And that's why I do that because I want to get better. And you, if you watch my live streams, you'll see me get stuck.
I don't know everything about everything, you know, but the point is, is I don't quit and I don't give up and I try my best. And sometimes it's frustrating. You know, if you watch my live streams, you'll see me get frustrated because sometimes it is frustrating, but then when you figure it out, you're like, oh man, that's a little annoying, but I'm glad I got it.
You know? So overall it's, it's super fun. So with that being said, you know, like I said, you gotta, you have to work hard and you have to stay consistent. Like the biggest thing here is you can't study inconsistently.
You have to stay consistent. Discipline beats talent every single time. And then while you're working and you're doing all the studying, you have to have patience, more specifically aggressive patients.
So what does aggressive patients mean? So patients kind of means it's sitting around doing nothing. Aggressive patients means you're going to work your butt off for a long time with zero results, right? You got to think before I got into the position I'm in now, I studied to be an ethical hacker penetration tester for years prior to actually landing the position. So I stuck to something for four straight years without any result.
I got $0. I got nothing. You know what I mean? All I got was, you know, I kept adding certifications to my resume, but at the end of the day, like I didn't get a job.
(16:54 - 19:06)
I couldn't get it won anyways until I figured out Air Force. The moral story is I spent four years learning how to hack without any reward. The payoff took four years guys.
So that's what I mean by aggressive patients. You have to be patient, but you also have to work very hard while you're waiting for the results to happen because breaking in this field is not easy. It's very difficult now, especially with the economy right now in the job market, it's in very bad shape.
I did talk about that in a video called top cybersecurity myths or something like that. Definitely check out that video if you want to hear more on, you know, why the job market's tough. But moral story is the job market is in pretty bad shape at the moment.
And while you're going through this process, you might get all the certifications and you might have all the skills and you might have all the technical know-how and you might even know how to write a resume and talk really well during interviews. No matter what you do, you can be the best in this field and you will still get rejected. But you have to understand that most of the time companies reject you is because you are not a culture fit.
So, for example, if you are a highly intense person, a laid back company won't hire you and vice versa. If you are a laid back, go with the flow type person, an intense and serious company isn't going to hire you. If your values don't match the company, the company won't hire you.
This is good because you don't want to get hired into a place you don't fit in. Think of every rejection as a compatibility mismatch and not a you're not good enough mismatch. I learned that recently because in my company, they were talking about hiring certain people.
This person had all the qualifications and they had all the skills that they were looking for, but it wasn't a culture fit. So don't beat yourself up over rejection. And I used to do this too.
I'm like, why won't they hire me? Why won't they hire me? You know, good things come to those away. You know, it took me, I probably applied to a hundred different places. And even though I got a job pretty quickly, you know, it took me like three weeks to land the job I have after I started searching for it.
But those three weeks felt like an eternity. Let me tell you what, especially when you're facing unemployment coming out of the military, I was sweating bullets, man. I was like, man, I'm about to be unemployed.
(19:06 - 19:14)
Let me rewind for a little bit. So I actually signed an offer for a company and they actually would do the offer. And that was one of the most gut wrenching feelings I've ever had.
(19:14 - 20:03)
But looking back at it, it was probably one of the better things that's ever happened to me. And I ended up with a company that really values me and a place that I really fit into. So I'm really glad it turned out the way it did.
So if you're getting rejected by companies, you think you want to be a part of just know they probably sense that it was a culture fit and it probably did you a favor by not hiring you. So keep that in mind while you're already getting rejected because it will happen. So now I want to give you some actual steps on how to break in the field if you haven't already.
So I know it's like a big pain point in this isn't going to be like a super long guide or anything, but I do want to give you some actual steps on how to break in the field. So the first thing you need to do is you need to land your first tech job as soon as you possibly can. And I know that's a lot easier said than done.
(20:03 - 20:26)
For me, that was joining the military and becoming a system administrator. That's how I broke in the field. And I think military option is a very good option.
If you are considering the military, let me tell you what, just do it. Just like stop thinking about it. Here's your sign and listen to military.
Get your tech job. It will be worth it. Let me tell you what, there's only going to be about 1% of people who are listening to this to actually do it.
(20:26 - 22:34)
And if you do it, let me know if you need any advice or anything getting in the military. Definitely feel free to hit me up. So that's how I did it.
I'm not entirely sure how to land your first tech job without going to the military, to be honest with you. So I would think that the best way to do it is probably help desk. It's probably the most common, you know, entry level position out there.
And the way you would land a help desk job from what I've seen and from what I hear is, you know, go get your Contia A+, go get your Contia Net+, and get your Contia Sec+. If you get the Contia Trifecta, you're in a decent position to start landing those entry level jobs. Now, when it comes to those entry level jobs, like the help desk and all this, you have to understand that if you already have an established career, like for example, if you are, I don't know, you're a lawyer and you want to get into cybersecurity because you just don't like being a lawyer anymore, you're going to take a significant pay cut.
And I took a significant pay cut during the military myself. I was making pretty good money when I was working in the oil refinery. I was definitely making way more than the average 19, 20 year old, you know, in the oil refinery.
But when I enlisted at the age of 24, I took a huge, huge, huge, huge, huge, huge pay cut joining the military. Matter of fact, my first two years in the military, my bank account was so thin that it hurt. I'm like, oh my gosh, I cannot wait to get promoted because I really am tired of struggling with my bills right now because I had a lot of credit card debt and I had a car payment, all this stuff.
And I was, before I joined the military, I was very unwise with my finances and all that credit, all that debt really, really hurt me when I was in my early years in my military career, because I, like I said, all my money went to debt and I didn't have any money left over for anything else. So it took me like two years to get out of debt after I joined the military. And it took me a couple of promotions before I even felt like I was able to have a savings account.
You know what I mean? So if you have to take a pay cut to join the field, do it. It is worth it. In the long run, it is worth it.
(22:34 - 26:19)
It's going to suck those first couple of years because you're going to feel like you have no money and you have no savings account. And it's going to be scary, especially when life comes your way and you have some emergency that you just don't have the money for. That is, it's a risk worth taking, in my opinion.
You know, a lot of people who's already had established careers, they're going to take a pay cut because help desk and residential positions, they don't pay that much. Now, if you're a college student, you don't have to worry about this because you probably don't make any money now. Or if you do make money, you probably are making probably slightly above minimum wage and a help desk is probably going to be an increase in money or if not the same money.
So if you're younger or you're in college, then you probably don't want to take much of a pay cut. But if you are in college, take advantage of your cyber groups and take advantage of internships. Internships is the number one way to break in this field right now.
So if you're in college, definitely pursue internships. That's how a lot of people got in the field. And matter of fact, that's what one of the things that helped me get in the field coming out of the military.
I did this thing called the DoD skill bridge program, which is basically an internship for transitioning military members. We get to work a civilian job while we're still active duty to help us transition. So I had a penetration testing skill bridge and that really helped me get experience that I needed and gave me the confidence I needed to go out and pursue penetration testing positions at other companies.
So that's step one. Get your first tech job as soon as you possibly can by any means necessary. And like I said, it's easier said than done, but it is doable.
Step two, while you are working your tech job or even while you're trying to break in your first tech job, get more certifications. Like I said, to get your first tech job, you could probably do the CompTIA trifecta, the A-plus and F-plus, the security plus. If you already have those, go to the next level.
Go get your pentest plus. If you want to be a pentester, if you want to be a cyber defender, a cybersecurity analyst, get your CYSA plus. Keep going up that CompTIA ladder and keep getting more and more certification.
I think certification is the number one thing that's helped me in my career. And I would say just get certification after certification until you have like 20 of them. Although it's easier said than done.
Guys, I have 13 certifications and there's still like another 20 certifications that I want to get. I just love learning and I think certification has really helped advance a career more than anything out there. So that's up to you guys.
Once you land your tech job, you have to keep studying. You have to keep learning cybersecurity. You can't take your foot off the gas because you want to go from your help desk job or your system administrator job or your network engineer job, whatever job you land into the cybersecurity field, because it's going to take a lot.
And you might need to work in that tech job for two, three, four or five years before you even land in cybersecurity. Most cybersecurity positions require, you know, two to five years of experience before you can land your first cybersecurity job. And that was one of the things that helped me was because I had six years of system administration and cyber defense experience really helped me land my first penetration testing position.
Step three, learn how to market yourself, grow your network, and work on your soft skills. So this is kind of like a three-pronged step here, but I think they all kind of go together. So you have to learn how to talk about what you bring to the table in interviews.
You have to learn how to talk to people. You have to understand how to dumb down technical talk to non-technical stakeholders, and you have to know how to write resumes, and you have to know how to write cover letters. You have to know how to do interview questions.
(26:20 - 27:49)
And there's a lot of books and there's a lot of resources out there that can help you learn this stuff. That is a topic that I want to cover on the YouTube channel. But just for now, if you want some guidance on how to write resumes and you want some guidance on to build a LinkedIn profile, go to my blog and search for the blog article, sysadmin, tip pen tester, how I landed my DoD skill bridge internship.
Towards the bottom, I give some resume resources. So work on your LinkedIn network, create an account if you don't already have one, and just start posting at least once a week, and ideally as much as possible. I post on LinkedIn at least one time every day, sometimes several times a day.
So build your network. It helps out a lot. And the reason why I say it helps out a lot is that's actually how I landed my current position.
I was just posting my hack the box stuff every week. I'm like, hey guys, I pwned this box, nothing special, but hey, I pwned it. Can't really talk about it because it's still not retired.
And I was just doing that week after week, after week, after week. And you know, I pwned 50 boxes. I was like, hey guys, I pwned 50 boxes.
Occasionally I was making YouTube videos back then. I wasn't, the podcast didn't exist back then. Once I got my job offer withdrawn, I posted on LinkedIn, hey, I'm looking for a position, put my green open to work banner up.
And then I had a lot of people hit me up and one person in particular was basically like, hey, I'm not a hiring manager, but I work for this company. I really like it. It's worth it.
(27:49 - 28:17)
And if you want me to forward your resume to my company, let me know. I'm like, sounds good. Here's my resume.
Didn't think nothing of it because this person wasn't a decision maker in the company. But sure enough, that is what got me in the door at my current company. Yeah, I'm very thankful for him reaching out like that.
I would definitely be working in some sort of penetration testing role, but I probably wouldn't be working for the company I'm at now. And for better or for worse, I mean, there could be some better companies out there. I don't know.
(28:17 - 29:56)
My purview of penetration testing positions is very limited. I've only had my one skill bridge in my current company now, but I'm very happy with where I am at the moment. And then step four is you have to apply strategically.
What does that mean? You have to apply strategically. So you have to, it's cliche to say this, but you have to tailor your resume to the position that you want to go into. So for me, this is how I did it.
I made one resume that was specifically tailored for the role of penetration tester. I use all the keywords in that resume that would fit almost any penetration testing role. And I even put penetration tester on the top of my resume before I even landed my full-time job.
I mean, at the time I was in my internship as a penetration tester, but I wasn't getting paid as a penetration tester. You don't have to advertise yourself as a position you want to be. So if it's a stocking, let's put stockings and you have to put this keyword in there.
And I would use that same resume for all the companies because it worked for 90% of penetration testing positions, because most companies are asking for the same tools, technologies, and certifications. So you don't have to really modify too much in your resume. I did send the same resume to every company.
However, I did not send the same cover letter to every company. Every company got a unique cover letter. And I think it's really important because, so you want the hiring manager to read the cover letter so they open up your resume.
So you don't want to put your skills, your certifications, and all this stuff on your cover letter. You really want to maybe, maybe touch on a little bit, maybe tease it a little bit, but I would always put, you can find my skills in my resume. You know, the hiring manager reads that.
(29:56 - 32:04)
Oh, okay. If I want to see their skills, I got to open their resume. The cover letter is really just to get them to open up your resume.
That's all a cover letter is for, in my opinion. You want to make that to be your culture fit. So you're going to read about the company's culture and you're going to read what they're looking for.
And you are going to write about why you're a good fit for the company. And I, once again, go back to that blog post on Kyserclark.com. Since I'm into Pentester, how I got my DoD skill grade or something like that, check out that blog post. And I have some resume advice in there.
And there's even one video in there that I linked to on YouTube video that I highly recommend you watch to help you build a cover letter. And I followed that video. I forget his name.
It's Andrew something. I can't remember his last name, but he's really good when it comes to helping you land positions. So definitely check out that channel if you're in the middle of a job search.
And then when you're job searching, you're going to get rejected. I already talked about this. You have to handle the rejection in the best way possible.
So for one, for me, I took every rejection personally. You know, I'm like, why don't you want me? And I would just work harder. It just, it just encouraged me to work harder.
But the point is you don't want to give up, right? If you, you know, I would take my, my anger and I would use it in a productive manner, but, you know, don't self-destruct don't like cry yourself to sleep. You know what I mean? Like don't sit in the fetal position because you can't find a job. You have to, you know, it's okay to be upset.
That's that's okay. But you don't want it to stop you from applying and lulling up your interview skills and, you know, fine tuning your resume. So definitely handle rejection in a positive way.
And like I said earlier, if you get rejected, it's most likely due to a culture fit rather than a skills fit. So in conclusion, anyone can get in cybersecurity. It doesn't matter what your background is.
It doesn't matter who, you know, right now, it doesn't matter what kind of people you have around you. It doesn't matter what skills doesn't matter what certification don't matter what degree you have, because you can learn it all right now, starting today, you can learn it all. And it takes time.
(32:04 - 33:32)
It takes discipline. You can learn it all. And anyone can do it.
As long as you can read and write, you're probably going to be able to make it in the field. But that doesn't mean everyone will get into cybersecurity. But that is a topic for my next solo episode, which will be next quarter.
But for now, I'll just leave you a little teaser. There is a limited amount of slots in cybersecurity, and you are in a competition against other people for the same position. So keep that in mind when you're considering taking a break from your studies.
I can't wait to talk more about this topic next quarter is definitely going to be a doozy. Thank you so much for watching. Thanks for listening.
If you are on Spotify or Apple podcasts, do me a favor, leave a review, leave a five star review if you think the show deserves it. If you are on YouTube, hit the like button and subscribe to the channel. Also, I'm starting up a newsletter, guys.
And if you want my newsletter, you have to go to Kyserclerk.com. And you'll see on if you click on the blog section, the video section or the podcast section, you can sign up for my newsletter. There I do is type in your email and push one button and you are in the cool kid club where I send you emails every single week of some insights that I haven't put on the podcast, my blog or the YouTube channel. It's exclusive content just for you in the email newsletter.
(33:33 - 34:28)
Also, in that email newsletter, I give you a summary of all the content that I make. That way you don't miss all the information I'm putting out there because I put a lot of information out there for you guys, because I like I said earlier, I came from nothing. I knew nothing about this field.
And I wish I had some sort of coach. And that's one of the main reasons why I started this podcast, my YouTube channel and my blog, because I'm trying to help people break in this field, guys. I love this field.
And it's tricky. It's definitely tricky. And I just try to encourage you guys to get in this field.
So if you want more from me, sign up for my newsletter, guys, it is it is exclusive content. And it's going to be some juicy content in there that you're not going to see anywhere else. It's exclusive just for the email subscribers.
Once again, thanks for watching. Hopefully you enjoyed the show. And I'll see you in the next episode.
Until then, this is Kyser signing off.