homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defense Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
      • European Skills Framework
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
      • Cyber Aces
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Why Work with SANS
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
      • Summit Presentations
      • Posters & Cheat Sheets
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Not in Cyber Security? No Problem! Creative Ways to Gain Experience With No Experience
370x370_kevin-garvey.jpg
Kevin Garvey

Not in Cyber Security? No Problem! Creative Ways to Gain Experience With No Experience

Part 3 of 5 of the HR + Cybersecurity series

May 26, 2021

One of the most common questions I get when I talk to those evaluating their future careers in the cyber security industry is “How do I get experience when I have never worked in a cyber security role before?”. It is a question that can frustrate those looking at job descriptions that show an array of technical and toolset requirements to land an entry level role. What if there was another way around gaining experience other than by having a job? Luckily, cyber security offers many creative ways to gain coveted technical knowledge and experience to showcase to a future employer.

When I go to the bookstore and I walk down the Information Technology book section, I am always awed at the number of certifications you can study for. While some certifications include a prerequisite to have a certain number of years in an industry, a secret is others do not have that same requirement. There are some certifications that will allow you to gain foundational technical knowledge to have more “hands to keyboard” confidence while sitting in front of a computer, while others are geared toward growing your cyber security knowledge. I have known smart people who successfully entered the cyber security industry by studying and taking certification. The dedication and effort it requires to learn about key concepts, how it applies to real world cyber situations, and being able to attest to that knowledge on your resume is a critical first step to showing the world you are ready for a career in cyber security. You will still continue to find me in the bookstore looking at new technologies and concepts to learn about!

Certification

Description

SANS Foundations + GFACT

Comprehensive Core IT knowledge + Practical Hands-on Skills

CompTIA A+ / Network +

Core IT and Networking Skill Test

CompTIA Security +

Core Security Skill Test

Linux Professional Institute LPIC-1

Linux Command Line Administration/Shell Scripting/Linux Security Exam

Cisco CyberOps Associate

Security Operations Center tactical exam

Associate of ISC² (International Information System Security Certification Consortium)

Take any ISC² certification such as the CISSP and gain the experience after the exam for full certification

Offensive Security Penetration Testing (OSCP)

Hands on penetration testing exam

Google Career Certificate - IT Automation with Python Certificate

Automation through Python

Many certifications allow you to gain key knowledge to start gaining hands-on expertise in functional areas. However, many can get worried that without having access to the enterprise level technologies seen on job descriptions, they will not be able to apply for the job. Luckily, open source software can come to your rescue when you do not have access to expensive tooling. Open source software is software with source code that can be inspected/modified publicly. This allows you to freely download the software. Being able to stand up the software, troubleshoot any issues you run into with it, and learn the data outputs of the tool will allow you to gain key experience that is hard to get without access to a larger enterprise toolset. In some circumstances, the open source software is very similar to an enterprise equivalent, making your experience in the open source tool even more valuable when you are ready for an interview. Even more important, being able to have an open conversation about your open source toolsets and the “sweat” that went into standing them up and utilizing them makes for a very strong conversation during an interview! The list of open source tools aligned to cyber security is large and I picked a few to look into that you may find beneficial to build your career.

Functional Area

Tool

Vulnerability Scanner

OpenVAS

Network Security Monitoring

Security Onion

Intrusion Detection System

Suricata

Incident Response

Google Rapid Response

Identity and Access Management

OpenIAM

SIEM (Security Information & Event Manager)

ELK Stack (Elasticsearch, Logstash, Kibana)

DLP (Data Loss Prevention)

OpenDLP

When I was starting my career, setting up a lab environment took a lot of time and effort. I researched refurbished computers to add into my computer lab to stand up new software. I put all of the wiring and components of the computer together to network my computers together. Setting up lab environments is a fun way of truly getting that “hands to keyboard” experience for setting up hardware. As cloud computing has grown into the ecosystem of many enterprise environments, it is becoming more important to understand cloud from the ground up. More importantly, companies are looking at cyber security professionals to help secure these new environments. What if you do not have any experience in working in cloud environments? Luckily, the large cloud providers want you to learn all about their cloud offerings so you can help protect organizations migrating to this new frontier. Even more exciting is you can set up lab environments in the cloud now, just like many of us used to do at home, to gain key experience in some of the most talked about cloud environments we are being asked to secure. If you do not want to set up a full lab in a cloud, no problem! Just setting up a free account and exploring is another great step in familiarizing yourself too. Whenever I meet with a new cyber security candidate for any role, I always try to assess their cloud experience so I know they are ready for the latest security challenges an enterprise may face.

AWS Lab Setup:

Get hands-on practice in a live AWS environment with AWS services and real-world cloud scenarios. (aws.amazon.com/training/self-paced-labs/)

Azure Account Setup

Free access to popular products plus a $200 credit

At the end of your first 30 days or after you spend your $200 credit (whichever comes first), you’ll only pay for what you use beyond the free monthly amounts of services. To keep getting free services after 30 days, move to pay-as-you-go pricing. (azure.microsoft.com/en-us/free/free-account-faq)

Google Cloud Account Setup

20+ free products and $300 credit (cloud.google.com/free/)

After working hard to understand the best certification for you, trying your hand at open source security and understanding the beginning concepts of cloud computing, you may be wondering how to solidify this into experience without a job. When I was looking to work full time in the cyber security field, I wanted to showcase on my resume under a “job” how the skills that I learned about from the methods above would help out an organization as well. While there are creative ways of gaining resume worthy job expertise, I’d like to share with you one way that worked for me. I was aligned to a non-profit organization in the city I was living in. Their cause was something I cared about deeply and I volunteered with them for a few years. One day I was talking to some of the workers in the organization and the topic of IT came up. The non-profit was having issues trying to find someone to help them out with their IT problems. I heard this and I thought that if they are having issues getting IT help, security must be an afterthought. I asked the head of the organization if I could help them not only with some of their IT concerns, but also help build up their security posture as well. I asked for nothing in return. For the next few years, I helped them both with their technology and implementing key security principles in their organization. It never felt like a job for me. I loved being able to help out a non-profit that I was already volunteering for, but now I was volunteering in a different capacity. Importantly, as I helped stand up their security program, it helped validate to me that I loved the security work I was doing and I was even more excited to join the cyber security field in a larger capacity. My ask of you is to think about an organization you may have always thought about helping out because you care about the cause. Start volunteering to help them out, and maybe one day if you can help them out in a greater capacity through building up your security expertise. Expect nothing in return and be ready to have a great time in the process too!

Looking into the cyber security field from the outside in can seem daunting sometimes. Terminology that is specific to the industry, certifications that seem miles away from your level, and tools that are prohibitively expensive that will prevent you from getting key experience. The cyber security industry wants you to join our ranks and we want you to be successful and confident in your future cyber security role. Much of these resources are at your fingertips and are free for you to explore while developing your cyber security expertise. Utilizing free resources from SANS at SANS.org/free will also give you access to thousands of content-rich resources developed by industry experts and provided to the information security community. Learning about current research, information, and tools on the latest on technologies and attacks and will help support your security awareness and growth.

SANSFree1245x705.png

ADDITIONAL SANS RESOURCES

SANS Free Resources

Scholarships & Community Programs

Cybersecurity Skills Roadmap pdf download

SANS Foundations training

GFACT certification

New to Cyber Summit | recordings

Trust Me, I’m Certified | GIAC Podcast

20 Coolest Careers in Cyber

Cyber Ranges

STI Bachelor’s Degree Online Information Session Webinar

Digital Forensics and Incident Response

Offensive Operations

Cloud Security

Cybersecurity Leadership

Industrial Control Systems

Blue Team

BUILDING A HOME LAB RESOURCES

Building Your Own Kick-Ass Home Lab, Jeff McJunkin webcast

Becoming an All-around Defender: Building an Enterprise Grade Home Lab, blog

Building an Enterprise Grade Home Lab, webcast, Ismael Valenzuela & Justin Henderson

Extending Your Home Lab to Include Cloud, webcast, Ismael Valenzuela & Justin Henderson

Building Your Own Super-Duper Home Lab, webcast, Jeff McJunkin & Jason Blanchard

OSINT RESOURCES

“I always suggest those interested in OSINT join an OSINT community like the SearchLight Discord as there newcomers can interact with LOTS of OSINT-focused people sharing tips, techniques, and jobs. Have them say hi to “WebBreacher” once they join the community!” - Micah Hoffman (author of SANS’ OSINT course)

HR + CYBERSECURITY SERIES

1. Listen to the corresponding webcast here.

2. Read the rest of the Blog series here:

  • Skilling the Gap: Creative Ways to Recruit Top Cyber Talent
  • Knowing Your Applicants: How to Stay Current to Best Assess Your Cyber Applicants
  • Slow the Revolving Door of Talent: Creative Ways to Keep Your Cybersecurity Talent in Your Organization
  • Transition to Cyber Security From a Non-Cyber Role: Creative Ways to Impress to Land Your Dream Cyber Role
ABOUT THE AUTHOR

Kevin Garvey is the US IT Security Manager for an international bank responsible for overseeing incident response, vulnerability management, cyber threat intelligence, as well as the security operations center (SOC). Previously, he worked at New York Power Authority, JP Morgan and WarnerMedia (formerly Time Warner). Kevin has always had a passion to hunt down the adversary and has loved tackling the risk and threat challenges his responsibilities have thrown at him. Kevin teaches SANS MGT512: Security Leadership Essentials for Managers. Learn more about Kevin here.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Cybersecurity Insights
  • Security Management, Legal, and Audit

Related Content

Blog
HR_Cybersecurity_370x200.png
Cybersecurity Insights, Security Management, Legal, and Audit
July 19, 2021
Transition to Cyber Security From a Non-Cyber Role
Creative Ways to Impress to Land Your Dream Cyber Role
370x370_kevin-garvey.jpg
Kevin Garvey
read more
Blog
HR_Cybersecurity_370x200.png
Security Management, Legal, and Audit, Cybersecurity Insights
June 16, 2021
Slow the Revolving Door of Talent
Creative Ways to Keep Your Existing Cyber Talent in Your Organization
370x370_kevin-garvey.jpg
Kevin Garvey
read more
Blog
HR_Cybersecurity_370x200.png
Security Management, Legal, and Audit, Cybersecurity Insights
April 19, 2021
Knowing Your Applicants
How to Stay Current to Best Assess Your Cyber Applicants
370x370_kevin-garvey.jpg
Kevin Garvey
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • © 2023 SANS™ Institute
  • Privacy Policy
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn