How Cybersecurity Analysts Can Stand Out to Potential Employers

by Pamela McComas | Apr 08, 2019
A red LEGO among a pile of yellow LEGOs

The need for cybersecurity professionals continues to rise rapidly. Despite this, the IT industry is experiencing a severe shortage of qualified cybersecurity professionals. In 2018, U.S. tech employers posted an average of 250,000 jobs per month, according to the CompTIA IT Industry Outlook 2019. Regardless, landing a cybersecurity job isn’t as easy as one might think.

As a hiring manager for General Dynamics Information Technology (GDIT), an IT company with approximately 34,000 employees, I can say from experience that it’s difficult to fill cybersecurity analyst roles. But, armed with information about what hiring managers look for in security analysts and how to best convey their competencies to potential employers, IT pros can successfully start and grow a cybersecurity career.

What Do Hiring Managers Look for in a Cybersecurity Analyst?

There are specific skills that I, as well as other IT hiring managers, seek in cybersecurity job candidates.

  1. Technical proficiency in a variety of industry-standard tool-sets and methodologies
  2. The ability to make calculated adjustments while working on platforms that might be specific to an organization, despite the numerous niche categories within the cybersecurity field
  3. Knowledge of cloud computing
  4. Solid soft skills, such as critical thinking, creativity and the ability to adapt to rapidly changing environments

A big part of a cybersecurity analyst’s role is assessing the infrastructure they are supporting. Certain environments may present challenges of legacy hardware, immature security practices and other weaknesses that can make organizations vulnerable to an attack.

Because of this, a security analyst needs to establish a secure baseline, or a known-good state of the network. After that, they can make additional security updates to the most critical infrastructure and work their way down.

Additionally, interpersonal skills are paramount to the cybersecurity analyst role. A person can be a wonderful technologist but must also be able to work as part of a team and communicate well. Cyber roles are becoming more forward facing and have gained the attention of executives in companies across all industries.  

Gone are the days where an analyst would just show up and work on their systems. Today, those improvements and recommendations need to be presented to both technical and non-technical managers alike. Because of this, a candidate who possesses a good blend of technical proficiency and interpersonal skills can outshine their competition.

5 Ways Cybersecurity Analysts Can Stand Out to Potential Employers

To stand out to a hiring manager, use your resume as a selling point with examples of how you can add value to their company through your expertise and leadership, not just as an opportunity to regurgitate a job description.

Hiring managers want to know that those seeking a cybersecurity career are intellectually curious and looking to continually develop their skills. Simply stating that you are “always wanting to learn more” isn’t enough. We want you to show us what you’ve done, not merely tell us what you plan to do.

Here are a few ways you can stand out to hiring managers when applying and interviewing for cybersecurity jobs:

  • Describe real-life examples of how you approached a situation in which a system was vulnerable to a cyber-attack.
  • Provide proof points of how you made a system more secure or responded to a security incident.
  • Include a link to a whitepaper or blog post you’ve written, as well as special presentations you’ve given, showing that you’re an expert in your field.
  • Explain any mentorship you’ve provided to others.
  • Describe hackathons or events you’ve led or participated in that demonstrate your hands-on techniques and desire to stay on top of the rapidly changing cyber-environment.

Many IT job roles have specific requirements related to education, experience and certifications, but cybersecurity jobs aren’t so cut-and-dry. Hiring managers want to know this information, but they like to see specific examples of how you will tackle threatening situations and work in different environments in the future.

Cybersecurity Certifications Help Hiring Managers Identify Strong Candidates

Gaining cybersecurity certifications is a smart move for a forward-thinking cybersecurity analyst, as well as those who want to move into the field. They often help me identify the best talent.

A certification, whether mandatory or not, shows a competency achieved at a certain level. And, when a candidate pursues a certification that requires continuing education, it’s clear that they are making the effort to stay current on their skills and grow their skillset.

Seeing a progression of certifications, like those included in the CompTIA Cybersecurity Career Pathway, shows me that an individual is thinking about their long-term cybersecurity career and taking steps to continue to develop professionally, which gives that candidate a competitive edge.  

Additional certifications, like those from Cisco, Amazon Web Services (AWS) and Microsoft, can also help candidates as they prepare for a cybersecurity career.

Start Building Your Cybersecurity Career Today

Beyond obtaining certifications, IT pros who want to be a cybersecurity analyst, or cybersecurity analysts who are ready to move to a new company and a more challenging role should strengthen their ability to think critically, be creative in their problem-solving approach, adapt to a variety of environments and communicate effectively with others. Once these skills are solid, they should convey them to potential employers by providing real-life examples of how they’ve solved threatening issues in the past, mentored others, made systems more secure and organized, and participated in hackathons and similar events. This will help them make an outstanding impression on employers and create the cybersecurity career they desire.

15 Comments

  • James Franklin

    Friday, April 19, 2019

    Where do I sign up at?

  • Gordon Maseko

    Friday, April 19, 2019

    Great Article and I am Great full for most of the information. I am a South African and a student and currently studying CompTIA Security+ How do I acquire more info with regards to Cybersecurity Carriers and internships in other countries? Kind Regards,

  • William Thomas

    Friday, April 19, 2019

    I graduated in a December with a Masters in Cyber Security. I have been trying to start my career but with no job experience it is hard as you know. I practice everyday using Linux and pen testing tools to help me gain experience. I also take hands on training. Any suggestions that would help start my career

  • Friday, April 19, 2019

    Hi, James! There are a number of cybersecurity certifications out there. Check out CompTIA Cybersecurity Analyst (CySA+) - you can download the exam objectives to see what's on it and decide if it's right for you. Good luck! https://certification.comptia.org/certifications/cybersecurity-analyst

  • David Andersson

    Friday, April 19, 2019

    For the Federal Govt., security hires HAVE to comply with DoD Directive 8570/8140, which mandate specific certifications, A+, Security+ and CASP are among the acceptable qualifications. You will also find quite a few other organizations use the same requirements rather then "invent" their own. https://iase.disa.mil/iawip/Pages/iabaseline.aspx

  • Pamela McComas

    Friday, April 19, 2019

    Hi Gordon, Security+ is definitely a valuable certification to earn. Regarding finding internships and companies to sponsor any visas you may need, you'll first want to look at the work visa requirements for the country where you would like to work. Additionally, you'll want to investigate if a potential company is able to sponsor an employment visa for you. Without knowing your particular employment or internship intentions, that's at least an initial step in the right direction. Good luck with your studies for Sec+!

  • Dave

    Saturday, April 20, 2019

    The reason there are so many open IT security jobs out there is because there are no "entry-level" positions open. Every job wants 3-5 years of actual and relevant NOC or SOC experience or requires an "ACTIVE" Top Secret/TSCI clearance. It seems if you don't know how to install and configure a major brand firewall you are considered worthless as a security analyst. I haven't seen any companies sponsoring for TS clearance. Until public and private sectors step up to the plate and offering an entry-level pathway to get started in IT Security, Cybersecurity in this country will continue to lag or be understaffed. There are people out there trying to get started (check Redditt some time) that have been looking for a job for up to a year and still haven't found anything. It really bothers me when I continue to see phrases like "there are 500,000 open cybersecurity positions" when it should read "there are 500,000 open cybersecurity positions for qualified/experienced professionals". There are very few entry-level jobs (actually, I haven't seen any unless you have TS/TSCI clearance).

  • Monday, April 22, 2019

    Hi, Dave! Thanks for your comment. You are correct in that many cybersecurity jobs do require experience. But, you can get cybersecurity experience in a non-security job. Many tech support, SysAdmin, network admin and other roles do security tasks that could be applied to more advanced cybersecurity jobs. It's all about finding opportunities in your current role that you can apply to a more advanced position in order to grow in your IT career.

  • David

    Thursday, May 23, 2019

    All great comments and perspective. Like it was mentioned, there a complete disconnect in the IT world on what the needs are and how to fill those needs. Especially given the fact that there will be 2 million unfilled seats by 2025 (if not sooner) for jobs that need. I am a recent Master Degree Grad in Cyber from GWU in DC and have found that HR is clueless about how to address the crisis, and hiring managers are completely unrealistic on how to tackle the shortage. You will never be able to fill the void looking at comp sci and engineering grads exclusively, so until companies get real about that reality, we are all shit out of luck. I'm trying to learn all I can about Pen-Testing and just got my CEH which is one of the hottest Certs right now. I have 20 years of Healthcare experience, so I know eventually I'll get picked up by a major device company. You have to keep getting Certs because they do matter more than experience to HR. Sec+, CEH, Cloud+, CISSP ........ doesn't matter if you have experience, but you need these Certs to have companies take a chance on you.

  • Thursday, May 23, 2019

    Hi, David! Thanks for your comment. You are right that both certs, education and experience all play into being able to land an IT job. You should know that CompTIA PenTest+ is quickly gaining traction and catching up to CEH in popularity among employers. Check out this article that compares the two: https://certification.comptia.org/it-career-news/post/view/2018/08/08/how-does-comptia-pentest-compare-to-ceh

  • Isaac

    Friday, May 24, 2019

    I see a lot of people commenting on the so-called "cybersecurity entry barrier". It can be a difficult industry to break into, however you just have to approach it the right way. I landed my job as an Information Security Analyst in my early 20's with only 2 years experience in IT. How, you ask? The first recommendation I have is to find ways to build cybersecurity experience in your CURRENT role. When I first started my career in IT as an IT Specialist, I did everything I could to get hands-on experience with the security platforms. I was able to leverage this experience later on in my career! The second recommendation I have is to get as many cybersecurity certs as possible. The Security+ taught me a lot of valuable information, but the Cybersecurity Analyst (CySA+) is what provided me with a lot of the knowledge that is necessary for my current role. I would say that both of those certs are needed (at a minimum!) if you truly want to get into the field.

  • Ebonu

    Tuesday, May 28, 2019

    Hello everyone! I currently have a Bachelor's degree in Criminal Justice. I am interested in entering the Cybersecurtiy field. I am wondering if it would be best for me to obtain another Bachelor degree in Cybersecurity or if I should go straight into the certifications. Of course the school counselors are suggesting that I complete the Cybersecurity degree and then go for certifications. I am unable to tell which route would be the best. I will appreciate any input that you all may have. Thank you in advance!

  • J...G...

    Friday, May 31, 2019

    @William Thomas...You say that you "have been trying to start my career but with no job experience it is hard as you know. I practice everyday using Linux and pen testing tools to help me gain experience". Start buying domains. Set up a host account. Install the free apps; wordpress, an e-commerce shop with cart, a portal/cms. Start filling them with content. Think of a good twitter handle to promote yourself (2020securityanalyst or topsecanylyst). Then duckduck top twitter accounts for security anylyst and start following them. These are just some examples. I don't have more time. With a masters William you should be employed. Good luck sir.

  • Colin

    Thursday, June 20, 2019

    Ok this article all sounds accurate in theory, however the reality doesn't seem to support the narrative that there is a "severe shortage" at all. Much of the "severe shortage" position was echoed by the certification training provider I am currently studying through when selling me on a multi $1000 cyber security certification training package and given what we all hear about the growing cyber security threat it would appear to be an ideal career path. Currently I have CompTIA Network+ & CompTIA Security+ certifications and working on CompTIA CASP and as an example recently applied for a position which seemed to be somewhat of an entry level position (asked for some cyber security knowledge but not any specific certifications) and given the aforementioned "severe shortage" would have thought I would have got at the very least an interview, but nothing. So the question has 2 possible answers: Is there a "severe shortage" of qualified Cyber Security professionals? A) Yes, employers can't find them so are scrambling to employ people who have knowledge and already have some certifications which proves their ability to reach any specific requirements in a short time. OR B) No, like every other industry there are more potential employees than positions. From what I've seen so far the answer is B. Sure, as far as positions for multi-year industry experienced Cyber Security professionals there may be more jobs than applicants. But no amount of study or certifications will get anyone outside that pool into it. I surely won't be stopping my progress going forward to gain more certifications as I've spent way too much time and money to date to stop. However my confidence in gaining a rewarding position which pays well in this field is considerably less than what it was when I first read/heard of the "severe shortage" of Cyber Security professionals.

  • Thursday, June 20, 2019

    Hi, Colin! Thanks for your comment, and congrats on your hard work. There is a severe shortage of qualified cybersecurity professionals, and training and certifications can help with that. For people who want to get into cybersecurity, a combination of training/education, certifications and hands-on experience will qualify them. But when it comes to standing out to employers, you need to have a solid resume that grabs their attention and be able to explain why you are the right candidate in both your cover letter and interview. It can be a tough road, but it's attainable! It sounds like you are heading down the right path - don't get discouraged! Keep up the good work.

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story