How To Get Noticed By Recruiters And Hiring Managers In Cybersecurity with Pete Strouse
Interview Episode Description
Pete Strouse, MBA, PHR who is the co-founder and managing partner at Infosec Hires, LLC Florida Area. Watch this presentation to learn more about how Security recruiters parse through your LinkedIn Profile and Resume. Pete talks about the recruiter mindset when it come to hiring professional in Security and Cybersecurity, how to look for and apply to jobs, and a great Q/A session in the end.
Transcription
00:03
So good morning, everyone. Thanks for being here today. So today we have Pete Straus from Florida. He's from the InfoSec recruitment. He'll be talking about how to get noticed by recruiters and hiring managers in cybersecurity. He's the co founder and Managing Partner of InfoSec hires from the Florida area. You can go,
00:30
awesome. Thanks for your thoughts. So, yeah, so I'm Pete Strauss, I've been in the industry now for about six years, specifically in security recruitment. And I've been on both kind of the internal side of recruiting, working with a consulting firm and helping them build an HR and recruiting department, as well as being on the what we call agency side of recruiting. So working and running a staffing firm. So definitely, I've seen a lot when it comes to positions in the security space, and just want to give you guys some good tips and tricks as far as how to actually attract the eyeballs of recruiters. I think a lot of folks kind of think that recruiters are here to find you a job, that's not necessarily the case. So I kind of wanted to, you know, set the record straight to you guys a little bit about how we work as recruiters so that you can better understand and you know, are more likely to get noticed by us. So really, you know, when, when I bring on a new client, the first thing I do is I go out and find people versus rely on referrals or something like that, generally, hiring companies have very, very specific requirements that we need to fill in. So it's tough for us just to you know, refer people into jobs unless we have a specific opening. So keep that in mind when you're when you're working with recruiters. And having said that, I think it's generally very important to keep a strong network of security specific recruiters, you know, people that you've reached out to that you have your resume in their database, just so that you're getting calls for anything relevant. And there's a few examples I can give you. But there's a handful of recruiters in the US and Canada that's specifically focused on cybersecurity. So, you know, Google, then make sure that you're reaching out to folks always networking, things like that. So here's my background, if you guys want to send me a LinkedIn connection request or anything like that, this is what it looks like, in mind is kind of geared more towards potential clients and what they might be looking for in a recruiter. But it's kind of the same concept is what you guys would have, in trying to look attractive to a potential employer as well. You know, the summary section here, you're really trying to sell yourself, provide contact info, provide a couple of bullet points as to why you think you'd be a good fit for their open positions. Generally speaking, people don't read the long form stuff here, usually bullet points, or you can do a dash, generally, those are the easiest to read with, with strong action words. So just sort of a best practice, if you have had any, you know, projects at school or, or courses that you've taken online, or anything that you can put in this section, people do like to click on stuff. So that's, again, good to have something there. And then, you know, I would say, just as sort of a general note, everybody can see all of your activity here on LinkedIn. So keep that in mind. When you're out there networking and meeting people. You don't want to be controversial, you don't want to, you know, talk politics or anything like that, because that could get you noticed in a negative light, definitely want to keep it you know, professional and,
03:48
and talk to folks about why you're passionate about the field about, you know, different technical topics and things like that all that looks great to an employer, if they see that here in this activity section, when they click on your profile. So again, mine's more geared towards, hey, client, we're good at what we do. But you know, you can kind of do the same thing as as a candidate. Again, probably bullet points are going to be your best way to show that you have skills in certain areas, it's easier for recruiters to read, and as easier for hiring managers to read to. So I would say just as a general note, make sure that you're always networking that you have a good LinkedIn picture. For instance, it's good to have this was like a, I went to JC Penney department store or something like that and got just a cheap picture taken. It was 2030 bucks, I think. So that's a great way to just get a really professional picture there with a, you know, very neutral background. That's important too. You don't have a whole lot going on behind you. seems simple, but that's something that can really set you apart is having a nice clean picture here. And then background I would say something kind of related to security or maybe Your hometown or something like that, mine's actually probably a little bit too busy. Generally, you want to keep this pretty simple. So it doesn't detract from your picture. But you could put things like, there's clipart online of locks. And you know, that type of imagery, that might not a bad thing to have there. For, you know, somebody seeking a security position, another thing you could do here that would kind of set you apart maybe, is put your put in, like create an image in paint or something like that, and maybe list out your target job titles, and then you can put those right here in your banner, that would be another idea to use this space. But we'll go ahead and look at Cure Thanos, just to give you an idea of, you know, as a recruiter, what I look for when I go through somebody's LinkedIn profile, and what immediately jumps out at me, and you know, where my eyes go, and things like that. So there have been studies done where they have shown exactly where recruiters eye movements go. And they actually track that. And you can actually Google these, and you'll see the heat maps of where their eyes go. So I'd recommend doing that to understand where recruiters eyes move on the page. But just to kind of walk you through that, at least in my experience, first thing we're going to look for is, you know, name picture all up here, the more specific you can be about what you're good at, or what what area of security you're interested in. Having potential job titles here, all of those things are good ideas to have here in this, this title section, obviously, have your name, have your picture, again, good to have like a JC Penney professional picture taken, you know, so and then up here, it's like I said, kind of up to you just what you think might be relevant to potential employers. This one's pretty good. It's actually got cybersecurity up there, which is good and AI. So good job cure, Thana. And, and then I guess just a quick note about connections, obviously, we have a lot of mutual connections, these are going to be your tickets to jobs as those connections so if you encounter a hiring manager that you run across there on LinkedIn, and you notice that you have some mutual connections, and you're interested in working for that person in that company, it's even so much easier to send them a quick note about excuse me, why they're interested in why you're interested in the position in their company, if you have some mutual connections, you can mention Hey, so and so would vouch for me, stuff like that. This is a good thing to do, too. When we talk about volunteering, freelancing, stuff like that, anything that you can do to get involved in the community is going to be a good resume builder for ya. So whether it's volunteering for besides conference or, you know, helping with, you know, big Capture the Flag contest, or anything like that, those are all valuable things to definitely be open, I would say, to volunteering to, you know, build your resume and LinkedIn profile. So your thought it does a good job, you're probably better than most of having nice attachments that people can click on. Like I said, I think people tend to have their eyes drawn to these images. And they tend to click on those people love the thumbnails just from a psychological standpoint. So anything that you can do to fill this out, whether it's a certification or you know, something that you know, just anything that they can click on, basically, followers, again, I guess this just kind of brings up a point, try and build your network as much as you can, that's actually quite a bit for still being in school. So good job there, build your network, now's the time to be doing it. You know, get a presence on LinkedIn, make sure that you're networking with people that are already in the field that's going to help you out so much long term, go to networking events, and meetup groups and stuff like that. So if you go to meetup.com, you can just search by cybersecurity or information security. And you should find plenty of events and groups and things near you. So for instance, down here in Florida, in the Tampa area, there's DEF CON 813. There's Tampa hackerspace, there's all sorts of different things that you can get involved with. And that's all free for the most part and you're able to volunteer, meet other people within the field. You know, and some other things would be is SA ay c squared.
09:24
I Sokka. Those are all great organizations to get involved with. And all that stuff will help you build your LinkedIn profile. And all that involvement is going to look good when you start filling it out here and going down here. So again, Kyrgyzstan is super super involved, which is good and that's obvious and looking at her LinkedIn profile here and I apologize that this is just small, I'm on my laptop. But, you know, usually you'll be able to see more of this on a full desktop computer. And if I could, I would see from here into about You're probably. So that's good to see on the first page, you see lots of cybersecurity. It's all about keywords. I'll tell you right now as recruiters we live and die by keywords, so want to make sure that you have is many different ways of saying security, cybersecurity, information security, things like that, as you possibly can find synonyms for the same type of idea. And make sure that they're all throughout your LinkedIn profile in your resume. What happens is when we as recruiters do a search for somebody, it'll light up your LinkedIn profile like this, and will actually see it highlighted, almost like you took yellow highlighter, and highlighted various words, based on what keywords we put in our search string. So that's why it's super important to have as many relevant technical words as you possibly can. Don't worry so much about the intangible things. They've done studies, and they've shown that women actually tend to undersell themselves when it comes to tangible accomplishments, whereas men tend to oversell themselves in their abilities. So as women, it's super important to you know, try and sidestep any biases and things that you have, you know, very tangible, numbers driven lists of your accomplishments. So if you save somebody money, or increase customer satisfaction rates by x, y&z percentage, things like that are all things that you'll want to include in your experience here. And so this is really the top the the place that most recruiters spend the most of their time is in the experience section. Same thing on your resume. So I'll go through when we look at the resume to and show you where where I spend the most time. So again, they've done studies, and they've shown that recruiters only spend between six in 10 seconds on a resume or LinkedIn profile. And obviously, that is not a lot of time. So it's super important to catch the recruiters eye is as soon as you possibly can. And the way to do that is through keywords. So you know, while it's great to include a narrative about, you know, kind of what you've done in your previous positions, or your internship and stuff like that, it's more important, I would say that you have those keywords in there, that you're keeping your bullet points short and sweet, and that you have strong action verbs beginning. So those are just some some good tips for this type of experience here. So again, Cortana does a great job here, social engineering, phishing, these are all good keywords
12:30
to have in your LinkedIn profile. And it's something that that recruiters can search for. So they may have a job description that says candidate must be experienced with phishing. And then they would just put phishing as a keyword in their or social engineering. And so if they did, this would all be highlighted. When they look at your, your LinkedIn profile, so any any technical tools that you've worked with, or anything like that, even if it's an in an academic sense, you could include either in this about section the summary, or you can include it down here in the experience, if it applies, but make sure that you're keyword loading all of this, especially with technical tools, that's gonna, it's going to make you show up in more searches, and it's going to make you more visible to recruiters. So I'd say you know, just one overall point, make sure that you have a strong filled out LinkedIn profile, and you have a good profile picture there, that's going to serve you very well, because most recruiters are reaching out to you versus the opposite, obviously, you're probably going to be out applying for positions, I think you'll find the most success is when they actually reach out to you because they have a specific opening. And they're reaching out to you because I think you're a fit. So you want to make sure that they can find Jim, essentially. But again, great experience here, she's done so much already, which is great to see. So anything that you can do to get involved now, while you're still in school is going to be super valuable for you. One of the common things I hear from hiring managers, as all these folks come now, to the degree degree programs, they'll have any experience and of course my my answer to that as well. They're coming out of a degree program, do you really expect them to have experience? And and usually the answer is actually yes. So most hiring managers are looking for at least some IT experience some foundation in technology. So anything that you can do to get experience even in like an IT help desk role, or as a grad assistant or something like that. Those are all going to serve you very well. There's a lot of people looking right now. So it's not the best time to be looking for a job hopefully that that looks up in the next couple of years, but just do everything that you can to build your resume now while you can. I know I made that mistake when I was in school, I thought okay, I'll just get a degree and I'll get a job. It seems like anymore. You need almost a year of experience before you graduate college to be in demand. And so anything that you can do to build that via internships, volunteering, you know, interacting with all these various security groups through meetup groups or conferences, those are all going to be key for you in that whole time you're building connections that will serve you well for the rest of your career. So
15:04
but yeah, overall, this looks great. She's got good coops and internships. So that's what you want to have for sure. Anything that, again, that you can do here Cybersecurity Information Security, other ways to say it. Other ways to say that you've done like, this is perfect vulnerability scans, and abilities, and then meta sploit, she actually has the tool in there. So anytime that you've used the tool, make sure that it's it's in there, maybe don't list it, if you've only used it once. I would say less tools or terminologies or languages, in the case of Python, hear if you're at least somewhat proficient in them. Another complaint I hear from hiring managers is well, the resume looked great, but they didn't really have all that experience. So try not to be misleading. But if you are good at something, or have worked on it a few times, you know, make sure that it's listed. Let's see what else license and certifications, this is great to have any of this, if you're coming out of school, I wouldn't necessarily say that the expectation is to have certifications. But it's always nice to have. I will say this don't focus too much on certifications, I think that's a common trap folks fall into is they focus so much on certifications and degrees, they forget to spend time on the actual relevant job experience. So while this is all great, the most important thing is going to be that experience. So do whatever you can to get an internship or Co Op, like I mentioned. And that's going to serve you better than than any certification. Well, having said that, certs won't hurt, neither will degrees. But in the at the end of the day, hiring managers are mostly looking for experience. That's the number one thing that they're looking for. So anything that you can do to build that it's gonna serve you well. And then again, here, object oriented programming web like application Java, obviously, this reads pretty heavy as developer. So you know, if there's a specific job title that you're targeting, make sure that the primary skills associated with that job are listed here first, especially if you've narrowed down what type of security job you want, you want to make sure that those skills are listed first here, and you can actually go in and change that I believe in LinkedIn, and make sure that those are listed first. And then you can have people endorse you for those skills, which would be a good thing to do. Just a quick note, I guess about some of these employers don't really care about some of this stuff. So for instance, you know, if you have Microsoft Office, that's not going to mean much to definitely focus on your and then soft skills to while that is important, and they want to have that in a higher, they don't necessarily need to read that on your LinkedIn profile. So focus on technical skills here for sure. Things that you've done in school or tools that you've used, or you know, things that you've used in a hobbyist sense, you can list those here, but they should, you should at least be fairly good with those things if you're going to list them here. Awesome. So yeah, overall, great, though cure THON. And obviously, she has some recommendations here as well. If you can do that through classmates or anything like that, certainly going to be valuable just to even have anything here is valuable, for sure. So employers are going to scroll down here, and they'll see if you have recommendations from folks at school. So that's another way to set yourself apart. This section, I don't focus on too much, but it can't hurt to have all this filled out. Again, the more keywords you have, in your LinkedIn profile, all these can hit on a on a keyword search. So if you've taken a bunch of courses, and they have, you know, keywords in and make sure that you list them here, it can't hurt. And then yeah, everything else looks good employers will look at your interests too. So keep that in mind, especially for entry level jobs. Again, try I would stay away from anything political or anything like that focus on companies here, or, like this is good cybersecurity forum, or groups that talk about security. So information security community, that's another good one. So anything like that, they're gonna look at that too, if you have hundreds of probably not look at all of them. But they are going to look at probably at least a few of your groups and interests. And then again, just keep in mind that they can see all of this. So make sure you're keeping all of your interaction on LinkedIn, super positive, you know, congratulating people on successes that they've had, or, you know, talking about developments in the field, stuff like that. You want to get engaged with your future peers as much as you can early on. So that's the LinkedIn profile so we can hit here to the resume Any questions before I move on?
19:59
Already Yes. Just you know, real quickly looking at your phone his resume here. And just one thing I noticed real quick was she does not have city in location here, that is still good to include. So oh, I usually because it's extra P i don't recommend that people put their address, but city and then in the US that would be state or I guess for you guys that would be territory is important to include there as well. And then again, in the US it would be a zip code, not sure what it would be in Canada, similar, whatever identifiers you need for your city do include that there because most applicant tracking systems that recruiters use, they have some sort of location function. And they'll do like a mile radius search from a given city. So if you have no location here, it's going to be harder for you to get found. So having some location is good, just don't be too specific and actually giving your address. Again, this comes back to involvement in the community, you definitely want to have a link to your LinkedIn link there. GitHub is awesome as well, because they will check out your GitHub if you've done any contributions to the security community, or IT community that's going to be very well received. And that's pretty rare for folks coming out of college. So that's really, really good to see there. If you have a website great, even so much the better. As far as you know, background here, this is all great. Again, it's very focused on technology. And these are all keywords that somebody might put in a search. So that's really good to have all up there. I will say that if you've held, you know, a bunch of jobs in college or high school or whatever, though, you do want to have those on your resume. They're not as relevant as what you've done in school, or done in your home lab. For instance, if you do have a home lab, but you know, certainly recommend setting one up, that's something that employers look for, for entry level jobs, folks that are passionate, that you know, are messing with the technology and really trying to learn at all times. Those are all good things to have. And you can include all that here, less important to them as what job that you've held in high school or whatever it may be. But you still want to have that down here. In the experience, I would say if you're focusing on a security position, in the first page, you really want to have all security stuff. So Cortana actually does a really, really good job of that here. I see a lot of security terms just jumping out at me, I see a bunch of IT terms. One thing employers are looking for is strong networking concepts. So this is all really good. Oh, typo. Yeah, and that's another thing. Just make sure it's free of typos. One little typo might knock you out of contention for all it sounds stupid, but it does happen. So make sure that you had this proof read by a couple of people and take it through spellcheck and all that good stuff. But yeah, security tools, this is a great section A have anything that you've worked with, you know, you've played around with, you can have up here, it's great to see Wireshark and map, Burp suite, stuff like that their social engineering tools, that's awesome. Anything that you've done in the security world you want to have up here at the top. And then similarly to that, if your degree is relevant to security, you want to have it here. If it's not, if it's in a different degree, then you would probably want to leave it at the bottom. But if it's relevant to a security career, you don't want to have that up here. Same thing up here. You can do academic achievements, certifications, you can also call a section up here, cybersecurity experience and just label it that or information security experience label at that. And then just list everything, both academic certifications, stuff that you've done as a hobby, all that stuff you want to have up here, again, where it's on the first page where the recruiters I goes, because we spend the majority of our time on this first section in summary, and then go straight down to the experience. That's where we spend the majority of our time as recruiters looking. And again, when we when we search for a resume, and we do a keyword search, it'll highlight stuff like this, just like this, like I'm highlighting it on the screen, but it'll be the whole screen that's lit up, if it's if it's full of keywords that we're looking for. So the more keywords you can put in there, the better for sure.
24:27
But yeah, q4 does a great job here again, of listing out all over achievements, making sure security is all over the place. On the first page. She says that as security, cybersecurity, you can put a space between cyber insecurity and call it Information Security InfoSec. You know, there's a bunch of different ways to say the same thing. So you want to do that as much as you can use synonyms, because the algorithm when somebody does a keyword search, it's going to pick up on all those synonyms and it'll rank your results more towards the top. So you know, recruiters reaching out to people and looking through long lists of LinkedIn profiles. For instance, they're looking at 1000s at a time, and they're spending between five and 10 seconds on each one. So that's why it's important to be at the top of the stack. And the way to do that is as many relevant keywords as possible. And I'm happy to review anybody's resume after you've made some of you know, the modifications on mentioning to your resume, just to make sure that it looks good. There's sort of a fine line between adding a lot of keywords and adding too many keywords. Because sometimes if you add too many keywords, and it doesn't read, right, it can be kind of wonky. But as a general best practice, make sure that you're including plenty, just want to, again, make sure that you have strong action verbs here at the beginning, research is a good one, assisted, graded, you know, stuff like that, that's good, extracted, it's really good. And, again, technical skills are super important to include in here, and anything relevant to the job at hand. So I would say to, you know, figure out what subset of information security you'd like to work in, if you can, before you graduate, that'll allow you to, as you're going through and gaining some of this hobbyist experience and academic experience, it'll, it'll enable you to highlight the experience that you want to highlight in your resume. So I believe Jerry, oh, sure did a presentation for you guys. I know Jerry pretty well. And I think he had mentioned, you know, the different subsets of information security and where you can end up, you know, definitely take that advice to heart, figure out what subset of information security you want to get into. And based on that, try and design a resume around around that job, so that all of your keywords are in there. And you can start doing training courses online. And in participating in events and doing exercises like for instance, I just saw, Jerry posted something about it was a digital forensics exercise I believe that anyone can do. So doing stuff like that is all great hands on experience that you can put in your resume. And something that will help you get a job in your chosen field. So if you're considering a variety of different verticals within information security, so So you're targeting maybe a sock analyst position, or a junior digital friends expert position, you'll want to have a different resume for each one, where you include the most relevant technology to each one. So I would argue that you're thorough, you wouldn't necessarily if you're going for a security position, you wouldn't necessarily need to include your web development experience here or front end development experience. It's valuable, because it's it experience, and it gives you a good foundation, but it's not necessarily relevant to the job at hand. So that could go either way. If if, for instance, this was a whole section full of digital forensics tools, and you're going for digital forensics job, then yeah, that would be perfect, you definitely want to include that in there. But keep in mind, you want to try and tailor it as much as you can to the job at hand. Having said that, some people tell you, you know, have a different resume, for every single job, I don't recommend that. It's really the name of the game, I think is mass customization, as I call it, so having, you know, one resume customized to a specific idea, or a specific type of job, or a specific vertical, you know, something like that, where it's specific enough to where it's applicable to the job at hand. But it's not too specific that you can't use the resume for multiple jobs. So you know, target like one subset of information security, have resume for that, and then have another resume for different subset, and then just keep it specific enough to where it's applicable, but not too too specific.
28:57
But again, keywords is the way to make sure that you're you're aligned with a specific job or specific vertical. Your Thana does a great job here of splitting out projects and what she was doing. Again, that's another way to show technical ability. You know, it frameworks and things that you've worked with, is have that split out into projects, maybe from school, if you want to beef up your resume a little bit. Don't feel like you need to have it all on one page. I know that's kind of the age old advice. Really, I would say do narrow margins like she has which is good. It helps you fit more info on the same page. And then it makes the page look a little bit more balanced versus having all that white space on the edges. So just a little best practice there. Don't get too crazy with the formatting. You know, I believe this is called libre, that's fine. It's super easy to read. That's what I use for my resume. So don't feel like you need to get too crazy on the formatting and do a bunch of boxes and stuff like that. Keep in mind that when your resume is parsed into an applicant tracking system, the more complicated is and the more textboxes you have and things like that, the more likely the formatting is to get messed up when it goes into an ATS applicant tracking system. So it's almost better to keep it kind of simple. But this, this is all pretty good. It's simple, it's clean, that's what you want. It's good and balanced. You know, you want to have text over here in in headlines over on the left, and then you want to have something else on the right to balance it out. That was something that I learned back in school myself when I was creating my resume is to make sure it's not all off to the left. And you can balance it out the stuff on the right hand side, just for ease the readability, you know, don't have your dates like this all scrunched up next to the wording here, it just makes it tougher to read. And it looks more balanced when you have it over there on the right hand side. So recruiters generally do look for this basic format. Technical skills up here. Education and certifications hear some sort of summary, don't feel like you need to put in a paragraph summary that's that's old hat, I think that doesn't do much good. You can say objective looking for X y&z job. But if that's the case, make sure that make absolutely sure that it's matches up to the job that you're applying for, otherwise, it works against you. So that's why you can just kind of remove that summary or objective piece that's kind of so old hat. But then we do is recruiters look a lot at experience, especially if you you know, get later on in your career, and you've developed a year or two of experience, you want to make sure that these bullet points are as strong as they possibly can be. And again, you include as many keywords as you possibly can. And again, coupon does a really good job of still being in school and having, you know, this experience here. So I guess just to kind of recap, build as much of experiences as you can now. Get that on your resume somehow, even if it's hobbyist experience, or internships or volunteering, do whatever you can to get involved with a community, like boom, here hackathon. That's perfect stuff like that. And just get that all that on your resume, that's going to help you out. So you know, hopefully, this was helpful. I just wanted to give you guys an idea of what recruiters look for, versus, you know, maybe what hiring managers look for, or what HR people might look for. This is kind of how I think about a resume and a LinkedIn profile, just from my viewpoint having been in the field for so long. So I guess I'll stop there. Does anybody have any questions or recommendations on career path and anything like that, that's maybe not even necessarily related to LinkedIn profile or a resume?
32:46
Thanks, speed for the critical change the recommendations, and thanks for presentation today. If you guys have any questions, you can put it on the chat or you can ask question directly to Pete.
33:08
I can't see the chat. So here we go. So someone asked, Are there any dedicated job boards for cybersecurity?
33:20
There are? See if I can find it. It's I did save this Oh, there it is. Cyber SEC jobs. Yeah, that's the one I know of. Also, keep in mind, there's like technology specific ones. So I want to say, if you guys are interested in forensics, for instance, check out this resource. It's DF IR dot training. That's a good one. Some of these sites have built in job boards too. I wonder if about DFI our comm does
34:09
research resources community. Okay, looks like it doesn't help. Nevermind, here it is. So And for instance, I know there's one for Python developers, like there's some very specific job boards out there, you just got to Google it. And then you know, ask around to again, that's why it's so important to get networks. You can ask people in the field if they know of any resources and sometimes that can be a good segue into meeting somebody on LinkedIn. Hey, I noticed your posts about X y&z It'd be my pleasure to connect with you. I was wondering if you had any recommendations where I could learn about X, Y, and Z and send somebody connection request with that note. So that's a good way to meet people. People love to help people love to share. So network as much as you can. And I mean, honestly, just a quick Google search will find your problem A lot of these type of job boards.
35:02
Yeah. Any other questions? So, Pete, I have a question. So since you're us based on our chapters based off Canada, how does the visa process work for us? In case you want to apply the
35:41
good questions, so it's tough if you haven't already gone to school on the US. So the way most people get their visa is they'll go and get a degree. And that's why a lot of people in the US stay in school for so long. So they're able to work while they get their degree. But basically, you have a degree or I'm sorry, I have work authorization, which I believe is Opie T, EA D while you're in school, and then you have another one, or no CPT while you're in school, practical training, and then it's op T, once you graduate, and you're able to work on that work authorization for I think it's two years, maybe three years with extension in the STEM field, STEM disciplines. And then but at that point, then you would need a h1 b. And the h1 B's visa is it's what's tough to get because it's expensive. And it requires sponsorship from the employer. So it sucks to try to get a visa in the US, I'll just tell you that from everything I've heard, I haven't tried to get one myself, obviously. But it's a very involved process. There's a lottery and a selection process and stuff like that. If you're a Canadian citizen, you can come over on I believe it's called a TN Visa. And then you can work for, I think any employer in the US with a TN Visa, but I'm not quite as familiar with that work authorization. But I know for sure, regardless of if you're a Canadian citizen or not, if you come into the US go through degree program, you can be on a student visa, and then work while you're doing it under I believe, like I said, it's the CPT and then op T once you graduate.
37:25
So how's the job market for cybersecurity and security around the world, not just the US.
37:32
I mean, it's changed a lot in the last few months, leading up to COVID. It was insane, you know, people were getting jobs left and right. I think there have been issues with people finding and getting through to jobs. And mainly it's it's the roadblocks around hiring processes and recruiting. So I think there's a lot of poorly trained recruiters out there that, you know, don't really know what they're looking for that aren't specialists, you know, like myself, like, if somebody is recruiting for an accountant all the way up to a CISO. It's hard for them to focus on, you know, any one of those sub disciplines and gain deep knowledge in any of those areas. So I think that's kind of where the problem is. Companies are asking recruiters to do too much and know too many different skill sets. So that's why it's important to try and find a specialist recruiter, if you are going to work with one who understand security who only gets security jobs, and can, you know, give you a call if there's anything so if I were you and reach out to, you know, all the major recruiters out there, you can just Google cybersecurity staffing, cybersecurity, recruitment, InfoSec recruitment, information, security recruitment. And there's a bunch of lists out there of firms, including mine, that are out there that have security jobs, reach out to as many people as you can there, get your resume in their database, and then you get to get calls for relevant jobs. But the job market, it's it's turned around. So you know, there for three, four months, I had basically nothing to work on as a recruiter, like every single company stopped hiring, it was weird. And then over the last probably five weeks or so I would say it's turned around, it's literally done a 180. And, and folks are hiring like crazy right now. So now is actually not a terrible time to be looking. The issue you come up against is that there's a lot more people in the market that were laid off. Whereas, you know, prior to COVID, nobody was laid off. So there was there was less competition. Now there's more competition, but there are a lot of companies hiring right now.
39:37
So honor the past in the chat. Most cybersecurity jobs in the USA look for security clearances. So how would one be eligible for our app apply for security clearances for a cybersecurity position?
39:53
security clearances really aren't needed unless you're working for the government. So, you know, truth be told all of my jobs? Turn in the private sector, non government commercial sites, so I've never had to recruit somebody with a clearance. Now, having said that, we do have some clients that have some government contracts. And we're going to be doing that here pretty soon. But unless you're working in the government, you don't need a clearance, it's tough to get, I believe you need to be a US citizen to get a clearance. And then you have to go through a whole process like, you know, they'll, in some cases, they'll do lie detector, test, tss, ci, poly and all that good stuff. So I wouldn't worry about that too much unless you plan on going to the government.
40:34
So I have one question related to internships. So I've been applying to a lot of cybersecurity positions for winter and summer, and I got an interview at fire. I just did it yesterday for a teaming position. So there are a lot of stages like those top four stages, I'm like at stage three right now, isn't the same case for every internships, and cybersecurity without multiple stages. And then to be bosses.
41:00
Yeah, I mean, any any interview is going to have multiple stages, it just depends on the company. I've had, some people get hired, and as little as two interviews, or even one interview in the past, but I've had some people go through five or six, just kind of depends on the company, and the candidate as well. So you know, in some cases, there may be additional information that a hiring manager needs clarification on or they're worried about, or, you know, something like that, where they think it makes sense to have a second interview, to consider, you know, or talk about a certain topic. But that's not always necessarily a bad thing. It could be they just want you to meet more members of the team. I've seen that happen, where, you know, especially now that we're doing all these virtual interviews they want, where normally they would bring you into the office and you meet 10 people at once. Now they're saying, Okay, well, not everybody is available, they're all working remote. So we got to set up, you know, five or six separate interviews, just so you meet the whole team. So that's not uncommon, I would say, my preference is to always, in working with clients recommend less interviews versus more. Because I think, you know, for folks that are in demand, they're going to go take a job somewhere before they'll go through six rounds of interviews. But, you know, that's, that's something that I'm trying to change one client at a time. But yeah, I'd say that's pretty standard.
42:20
So do you have any success stories, but university students and getting a cybersecurity job.
42:27
What I've found that is, is an external recruiter, so not as somebody on the corporate side who works internal to accompany. So we charge for everybody that we place, right? So we found that companies are rarely willing to pay us for entry level candidates. And so as a consequence of that, we don't really do very many entry level searches. So that's why I say, you know, don't necessarily expect to get a job through a recruiter, at least for your first job. Because generally, we're tasked with finding experienced folks that have been in the market many years. And it's like a really tough to fill kind of senior position. That's the majority of time when we come in. Having said that, I actually did see risk recently. The guy's name is Chris rides. competitor of mine, but acquaintance of mine, good guy. That's K, RI. S. Ri d. S. Over on the West Coast, he had just placed somebody that was relatively entry level, I think they had like, maybe two internships, so roughly about a year of experience total. And one of his clients worked with him to find them a sock analyst. But that's pretty rare, I would say. So we'll see him on occasion. But I don't place too many folks on the entry level side, most of it's really experienced,
43:43
folks. So does anyone have any other questions, you can type it in the chat, or you can talk directly.
43:57
I guess I would just say as a follow up to that, you know, find out who you'd like to work for and work a plan. So one of the things I see, a lot of the mistake I see a lot of people making is they they just go out and apply to 200 jobs, and then they expect to get a call back. Unfortunately, that's probably not the best way to do it. Especially right now, with so many extra people on the market. I mean, there are people that have been in the field for 510 years that can't find a job. So for for you guys coming out of school, it's going to be even tougher to get a job. So it's important to have a plan and work that plan versus you know, be very strategic in your search versus just kind of doing whatever and hoping it works out. You need to work a plan. So I guess to start with that, I would figure out a list of companies that you know, you'd really like to work for. Figure out why. Write all this stuff down. Figure out why you want to work for him. So you have some bullet points that you can include in connection requests. For instance, do your network Do your in person events as much as you can, whenever we're able to go to conferences, a lot of them are free. Believe like, besides a want to say it's free or it's not too expensive cyber craft summit was believe last week, and that was free. So try to go to all these events, meetup groups, things like that those are free and build those connections, sending connection requests on LinkedIn, maintain your network, you can reach out to hiring managers directly on LinkedIn as well. So this is a best practice, always instruct people to do versus applying for jobs online. Sometimes you can find a job online, see what the job title is, see what company it is. And then go find do a little open source intelligence gathering, go find that hiring manager. In some cases in the job description, it'll actually say who the hiring manager is, will have their job title in there. If that's the case, you can go to LinkedIn. And you know, say they were cybersecurity manager at craft, you know, you can put in craft. And let's see, just as an example. So you can go to their website. And I do this all the time when I'm looking for hiring managers from job postings. So you go find the company, go find the employees, say you wanted to find a cybersecurity manager. Because normally, that's who you're going to be reporting to is manager level, possibly director level. So look up type security manager, and then filter by location, or wherever you're at. And then you can find likely the hiring manager that you'd be reporting to, and then you can send them a connection request. So click on that, and then connect, and then make sure you put a note in there, why you'd like to connect, and you know why you think you'd be a good fit for them. So that way, you can kind of bypass the whole recruiting HR thing that's so broken, if you're reaching out to hiring managers directly, you're probably going to see more traction that way versus applying to a bunch of black holes online. So just the best practice there, I think you can get a job through applying to jobs, it's just less likely, it's probably going to be through your network, it's probably going to be through reaching out to hiring managers directly people, you know, I would think about who your champions are, you know, if you've worked with somebody in school, or maybe a family friend or something that you know, is an IT or security reached out to that person say, Hey, I'm looking for a job. Do you know anybody who might be hiring right now? Just little stuff like that? You'd be surprised? You know, how that can make introductions for you? I know that's a long winded answer. But
47:42
does anyone else? Other questions? We got seven minutes. I have another question, actually. Okay, so I have a lot of questions. Since I'm a student, like I just want all the students questions answered. So last month, Dr. auger, like introduced us five different areas of cybersecurity, like pentesting, cyber operations and digital forensics and stuff. So, in the security industry, which job position is like, the most wanted,
48:21
it's tough for me to say because I, I don't work on like, I don't think a representative cross sampling of all the jobs in the industry, you know, I kind of have my focus. So you know, if you were to ask me about my jobs, I'd say DFI are all day. I mean, there's just so many competent companies getting breached right now. And there's so much ransomware that, you know, developing those skill sets are always going to be in demand. And I don't think that's going to change anytime soon. I think offensive security is really kind of the glamorous one that everybody when they start hearing about cybersecurity, that's what they want to get into. For that reason, I think it's super competitive, and it's actually harder to break into. So I would say, you know, if you're looking for a good technical discipline, that's not it audit and security assessment work, or governance risk and compliance, or, you know, standard security operations analyst dsir is a really, really good field to get into for sure. And I mean, it's at the point now, where all these consulting firms are hiring away from other consulting firms, and there's just not enough people to do the work. So since there's that huge shortage, there's a lot of demand and so you get paid really well. So that would be my number one sub discipline I would say, another one if you don't want to go so technical, would be IT audit, that's always in demand as well. So whether you you'll learn it general controls and go that route. I think the field needs more good technical, IT auditors. There's a lot of folks that come out of accounting programs that become IT auditors, but very few people that come out of say computer science programs They get an IT audit and security assessment GRC. So, that's a great path to go on. And your technical background will make you a more valuable auditor. But it's a completely different mindset than for instance, the dfi. Our analysts it's it's less about puzzles more about policy and procedure, more about fact checking and make sure making sure stuff is there if you're super diligent person, audits a great route to go if you're a super analytical person and like to figure things out and puzzles and stuff DFI er, is probably a good one. And then offensive security also for, you know, puzzle focused folks.
50:38
Be any other questions? So, Pete, you have any final words, for today?
51:04
No, I would just say, I guess, yes. So, you know, I see a lot of folks, especially in this market with so
51:13
there's one question somebody, what certifications are trending right now.
51:19
Again, I'm not a huge proponent of going for as many certifications as you can get, I would focus more on getting an internship. But if you had to, you know, I would say focus on the ones that are as applicable to as many different areas as you can, it's good to get specific if you know exactly what you want to do. But it has a way of kind of pigeonholing you. So, you know, if you go and get a digital forensic cert, it's not really going to be applicable to a job is a, for instance, pen tester, like, yeah, it's good to have that knowledge to be more offensive. But it's not necessarily as applicable as more of a generalist cert would be. So, you know, Security Plus is a good way to start. It's low barriers to entry. easy one to get, and you get a certification under your belt without spending too much time or money. Again, I would focus more on internships, experience versus certs. But if you had to get a certain security plus is a good one to start. Or if you know exactly what sub discipline of security, you want to get into that I can make a recommendation based on that. Thanks. I guess I would just say in closing, like, the markets much different now than it was, say in February of this year, obviously, there's a lot of people looking, it's changed a little bit. One thing I see a lot of on LinkedIn is people kind of in despair. You know, I certainly understand that I've been there myself, it can be frustrating. When you're looking for a job and applying to positions and your resume keeps going into black holes. Do what you can to stay positive, you know, keep networking, meet as many people as you can. Those are going to be your inroads to you know, I think a successful career in general, not just your first job is, you know, continual networking, meeting people, having you know, a face to put to the name for all these people that are in the position that you want to be in. So stay positive, get, get the experience and keep with it. One thing that all hiring managers are looking for is passion, grit, perseverance, and resilience. You know, somebody who can get through the tough times who, you know, maybe has persevered through a terrible job market and still managed to develop their skill and still managed to get a job. That's going to serve you very well in the future too, because it's a good story to tell. So I guess that's all.
53:51
Thank you so much, Pete, for your presentation today. We learned a lot and I'll upload this to YouTube as soon as possible. And I'll send the link out to everyone. Thank you so much, everyone for attending today. Yep. Thanks, everybody. Thanks, everyone. Have a great weekend. Thanks, Pete.