Life in Cybersecurity: Expert Tips and Insights from a Cybersecurity Recruiter

One of the most difficult aspects of working in cybersecurity can be the deceptively simple task of finding the best job that matches your skills and best aligns with employer expectations. Whether it’s an entry-level position, a lateral move, or career advancement, finding a rewarding job requires more than just relying on the much-publicized skills shortage.

Wouldn’t it benefit you to know how a cybersecurity recruiter evaluates your skills to give you the best chance for longevity and advancement? We were lucky enough to speak with David Sforza, a cybersecurity recruiter for Fortra. He shared insights that can help anyone at any level on their cybersecurity journey.

Can you please tell me something about your role?

I am the manager of the Talent Acquisition team at Fortra. I am also a Senior Recruiter and lead the recruiting team under the supervision of our Senior Manager.

What qualities do you look for when recruiting for cybersecurity positions?

First and foremost, we want to make sure we find people who align with Fortra’s core values, regardless of the role. The people we hire will be interacting with our customers, and we want to make sure they represent who Fortra is and what we stand for. Beyond that, it depends on the position. If it’s an entry-level position, we’re often looking for a certain mindset. We hope to find people with some experience, but more and more often, experience isn’t necessarily the priority for entry-level positions. There are bootcamps, colleges, and universities that offer cybersecurity programs where you can get degrees. We see that and look for that as well. There are also many certifications available. If it’s an entry-level position and the candidate has no experience in the industry, it’s great if they have a degree or certifications. However, hiring managers will often look for the mindset. Again, this ties back to core values ​​- will this person listen to our customers and strive to provide exceptional support?

Cybersecurity is one of those fields where you have to be curious. You have to have an almost innate sense of why things work the way they do and be able to solve problems (we’re problem solvers!) – not necessarily from a technical perspective, but as a human you want to know why things work the way they do. So if you have a problem with something you have to have the curiosity to solve the problem. Also, because of the nature of cybersecurity you always have to be on the lookout for what’s next, what’s coming.

We try to make sure for our clients that their platforms, applications, or whatever it may be, are protected from malware, ransomware, attacks, etc. So, one of the things we pay attention to is what people are doing to keep themselves updated with the changes in cybersecurity. We focus on AI and cybersecurity. Those are two of the hottest buzzwords right now because everyone in the world is thinking about both things. AI has been around for a while, but its importance is only slowly entering the public consciousness, especially in terms of how it will impact their lives. We are always looking for people who are doing their own research and are curious about how AI will impact things. For Fortra, the focus is on the different attacks that can arise from AI.

What advice would you give to people applying for jobs? What makes them stand out?

Before we talk to a candidate, we have behind-the-scenes conversations with our hiring manager. We want to know what they want in a new employee. What does the candidate need to offer to be an attractive candidate? From a recruiting perspective, that’s the kind of candidate we’re looking for. It varies depending on the type of role. If it’s a software developer, we need to know what languages ​​they code in and how well they know it. If it’s more of an analyst role, what do they currently do? What do they want to do in the future? So when we look at people after we’ve talked to the hiring managers and the team and gotten a feel for what the candidate needs to bring to the table, we can assess whether a person is a good fit. We focus on those specific things when talking to candidates and tailor our search accordingly. That way, we know we’re delivering the right candidates to the organization.

What mistakes do you often observe when applicants apply for jobs?

We often run into problems where people don’t necessarily put everything on their resume that could help us know they have the required experience. It’s a fine line. A candidate may have a very sparse resume that tells us nothing. Conversely, sometimes we get a resume that’s 17 pages long and extremely detailed. That’s not something a hiring manager looks at. Most managers will look at a couple of pages. They’ll look at what the person has done in the last five to 10 years if the particular position requires it. Is this relevant to my position? Relevance is very important.

What is more important to your hiring process and what experience do you have in a role or what industry qualifications?

For an entry-level position, the hiring manager isn’t looking for a lot of experience because the company wants to provide training over a longer period of time. They want to get someone on a career path and train them to do it their way. They don’t want to have to retrain someone. They like that blank slate. If it’s a position that requires experience, then it’s pretty obvious that the experience is relevant.

Often when I look at two different people, it can just be about what the person does now. What have they done in the past? What extracurricular activities do they do to show they’re interested in the work? Are they studying on their own for certifications? Are they involved in blogs? Have they entered cybersecurity competitions or are they members of groups? Are they naturally curious and wanting to learn as much as they can? Those are the candidates we want to speak to first. For entry-level jobs, we look for enthusiasm, but as you progress, you need those qualifications to back that up. That natural progression is that if you love the role, the job and the industry, you’re going to seek out more knowledge because you know you want to progress and this is the right career for you.

If you could give one piece of advice to job seekers, what would it be?

The best advice I give applicants is to make sure their resume is up to date. This also means checking it carefully for spelling. I’ve seen a case before where someone was applying for a job that required a lot of attention to detail, such as a quality engineer, and misspelled the word “quality.” Your resume should also list more than just your duties. It should also include how you performed those duties. Provide a brief description of how that task helped the company.

You also need to make sure you have the right experience for the role. Many applicants think that completing a bootcamp qualifies them as a cybersecurity engineer, but the job requires more than that. If it’s an entry-level position, that’s probably enough. However, if it’s a mid-level or senior-level position and you’ve just entered the cybersecurity world, you don’t really have the experience needed in terms of the experience required.

Another important point is that if you are invited to an interview, show that you want the job. In our experience, people present themselves very boringly at interviews and do not show any real interest in the job. Hiring managers are looking for enthusiasm. Bring that. Show up on time. If it’s a long distance interview, make sure you are in an appropriate area. You should not be interviewing while you are shopping or in a noisy cafe. It helps you to look and sound professional. The interviewer will be looking at you. Especially in this virtual world, we do most interviews virtually, so how you come across on camera is even more important than how you look in person. You are not going to get that opportunity. Your first step in this process is going to be getting in front of that camera. Make sure it’s a good camera, and make sure your background looks professional.

Do you receive a lot of applications from people who are completely new to you? What do you think about these types of people? What value can they bring to a company?

Yes! We’re seeing people jumping into cybersecurity as a second career. We’ve seen nurses and other medical professionals, accountants, industrial engineers. They’re realizing that cybersecurity is the future and now is an excellent time to get into the field. We need a lot of cybersecurity people. So people are jumping into this industry from another profession. Some of them have to be comfortable with maybe taking a step back in terms of seniority and maybe even accepting a lower salary than they were before. They have to prove themselves in the industry before they can move up the career ladder. I don’t look at someone coming into the industry from the outside any differently than someone who, for example, leaves university after college and wants to get into cybersecurity. It’s the same thing.

I understand that it’s not just the job itself and the skills that you have that are important, but candidates who already have 15 years of work experience, even if they don’t quite have the technical side of things down and are coming into this newbie, they bring a lot of intangibles and soft skills because they’ve already been doing something else for a number of years. Maybe they have management skills, maybe the self-discipline to manage their own time, whatever it may be, they can bring those soft skills and those intangibles into the cybersecurity field and be just as successful.

At Fortra, we pride ourselves on hiring from within. You can start in an entry-level position, and as long as you continue to demonstrate that you are interested in moving up and have the opportunity to do so when those positions or opportunities arise, we see people continue to advance throughout the organization. We really let people flex their creative muscles. Someone who is interested and wants to be part of the cybersecurity industry is someone we definitely want in our organization. We love talking to candidates who are looking for an opportunity to improve, stay here long-term, grow with the company, and develop as a person and in their career over time. That’s the ideal situation.

Our conversation with David was a rare gift, giving job seekers a candid look at some inside information that will help them get a job in cybersecurity.