Landing a Role in Cloud Security
I wanted to put together a quick how-to to help give some direction to those trying to land a job in Cloud Security or Cybersecurity. This is not all-encompassing but some things that have helped me that you can benefit from too.
The cloud security and digital transformation industry is, and I am not exaggerating when I say this, exploding. The U.S Bureau of Labor Statistics reported an 18% growth in employment opportunities for the category of information security analysts between 2014 and 2024 and is expected to be one of the fastest-growing occupations in comparison to any other occupation. I wouldn't be surprised if an updated report has that number even higher.
I have been fortunate to have been able to pivot into the field and expand my foundational security knowledge in the space. I love working in Cloud Security as it presents new challenges and opportunities to me as the industry grows into maturity. As a professional in this space some of the most common questions I've found myself answering revolve around transitioning into these news roles in a space that hasn't been blueprinted very well: How do you get a job when you do not have previous experience, How do you pivot from other traditional security roles and others of similar nature. The reality is that it depends on where you are in your journey into the security space. For those brand new to security it may take you some time to build your foundational knowledge and experience; for those already in the space, you have a better leg up as you can take advantage and leverage some of your experience. Either way, there are a few things that can be done by everybody to gain some leverage to get into Cloud Security. So if you identify with any of the above..this article is for you.
First Things First: Figure Out Your Own Blueprint
I have recounted a number of times on blog posts, and my podcast, that I am a self-proclaimed "factory-made" security professional. Meaning my journey to the role I am in now was very traditional: I identified technology as a field I was interested in from high school; I studied computer science in college and graduate school; all of my internships and full-time roles were technology-related. I say this to say that my particular "journey" may not be a mold for you, especially if you are pivoting from a non-technical related field but these skills highlighted I believe are universal. Diving into this field without a plan can prove difficult, so it is important that you do the research, build your skills and resume, and attack purposefully. I hope you can use what I describe below to create your own blueprint for success.
Leverage Previous Experience
Regardless if you are already a professional in the IT industry or not, if you have professional experience already you already have some skills you can leverage. If you are in the IT industry - such as a computer programmer, software engineer, technician, network admin, to name a few - transitioning in cybersecurity and the cloud will have a low barrier to entry. Most employers filling these roles are looking for employees with solid IT fundamentals including your database, networking, and systems experience.
If you are not pivoting from an IT-related role, no worries. There are plenty of non-technical related skills that help transition you into technical ones: skills such as project management, being adaptable, having a thirst for knowledge, a willingness to be open and ask questions, interpersonal skills and much more. Strong communication is key as it is expected for you to be able to articulate clearly to both technical and non-technical colleagues what threats an organization is facing as well as recommendations. Employers view these skills as essential and look for a candidate who has a mix of both soft and technical skills. So all in all, soft skills are just as important as technical skills, so having these will help you get in the door.
Get Your Hands-On Experience By Building Your Own Projects
One of the best ways you can build practical experience, outside of real-world scenarios, is through building something from the ground up. The cloud service providers (CSP's) all offer free trials for users to practice their skills in a cloud environment. You can build applications, build databases, or even play with security tools. Take the time to learn each service offering and figure out how to make your own mimicked enterprise environment. For example, the Google Cloud Platform has plenty of test data to let you import into a free trial environment to see how their services work on actual data. You can create your own custom solution, get your hand dirty, and share this with employers when you are job hunting. Showing initiative and drive to go above and beyond will take you FAR ****in this field. It lets employers know that you are willing to learn and show that you already have knowledge in how to deploy x,y,z service - all you need is the opportunity to put it in real-world experience.
Do Some Side Jobs or Freelance
While you are on the job hunt for a full-time position, picking up smaller side jobs will also help you build your resume. Today's society is shifting to a more remote and online workforce, so finding jobs on your own terms is possible. Google any one of the countless freelancer sites on the internet, throw your resume and projects on there and start doing small odd-jobs in security. If you build out a great open-source contributor platform, based on the projects you build from the recommendation above, your chances of landing a side job and an eventual full-time will drastically increase.
Study and Pass Certifications
One of the most common ways to validate your skills is through the attainment of certifications. There are a number of cloud and cybersecurity certifications available, specific to each cloud service provider, that will enhance your knowledge and skills in the field. In fact, a large majority of cloud positions will require you to have them in order to land the job. Passing a certification does not require experience but let me emphasize that certifications are not an adequate replacement for real-world experience. I personally always align my certifications to my career and roles that I am interested in and am in the processing of achieving security and architect solutions certifications for all three cloud providers (GCP, AWS, Azure). Having all three is a personal choice, not a requirement, but the knowledge and skills you get by getting all three is an added bonus. My advice would be to pick a CSP, a focus, and aim to knock down 1 or 2 certifications to be able to get your foot in the door. Add these certifications to the side-projects I recommended to build, as well as leveraging some of your previous experience, and you will have a great competitive edge.
Some Resources To Get Started
Hopefully the tips I have highlighted help give you some direction on how to create a plan and take action to get your foot in the door of cloud security. Below I include some great resources that have helped me gain some experience and knowledge of services and tools in the industry. Let me know if you use any of this and how your cloud journey is going by tweeting me.
Threapost.com (News Resource)
Note: I will be creating an upcoming deep-dive into the Cloud, Cloud Security, and roles within the industry. Make sure to sign up for the newsletter to know when it drops. Sign up here.