In many Reddit threads and conversations on other social media, I often hear the advice, “if you want to get into cyber security, start at the help desk.” But, in my opinion, if you want to get into cyber security, you should start in the SOC.
This blog will highlight my five arguments for avoiding the help desk and jumping right into the fire that is the security operations center, aka “The SOC.”
1. You Could be Doing Security Stuff Instead
People argue that you will learn valuable skills at a help desk worth their weight in gold. And that you will use these skills forever as you work your way up the infosec ladder.
But to get this coveted knowledge, you must sacrifice one to two years of your life to the IT gods.
I say no!!!! Don’t do this!
I would argue that you will learn the crucial pieces of help desk work while doing cybersecurity. And at the same time, learn cybersecurity. Talk about efficient use of your time.
The issue with starting at the help desk is that your brain will not be focused where it needs to be, which is cyber security. As an entry-level help desk person, most of your day will consist of doing the same things: fixing printers, modifying accounts, setting up computers, etc.
You will be doing the same tasks, day in and day out. Not challenging yourself and not growing as a security practitioner.
What ends up happening is you will spin your wheels for two years at the help desk. You won’t get much better at security, but you will get some help desk experience to put on your resume.
Experience for the resume is great but, I like to do things efficiently. Why can’t we get experience for the resume and learn a ton at the same time?
2. You May Waste Time Studying for Other Certifications
Working at the help desk wouldn’t be bad if you could just start applying with zero prep. But, like any other skilled role, you must study and be qualified. This means that, much like in cyber security, you must have a certification.
Companies typically are looking for the A+ certification, which consists of two different exams. According to CBTNuggets, they recommend beginners take 10 to 12 weeks to study. That’s three months to study!
Why would you want to spend money and time studying for two exams you will never use again?
Again, efficiency comes to mind. You could be studying for one exam versus three!
If you go the help desk route, your path may look like this:
Study for three months, then take two A+ exams. Next, spend a couple of months looking for a help desk role. Then spend two years at the help desk and, at some point, study and take the Security+ exam. Finally, spend a couple of months looking for your first infosec role.
Taking this route, you have: taken three exams, paid $464 for CompTIA A+ exam vouchers that you won’t use after the help desk, and waited almost 2.5 years for your first cyber security role.
I don’t know about you, but that doesn’t sound like fun. Why can’t you get into infosec faster?
If you go the SOC route, you are looking at 3 months to study for the certification and a couple of months to find your first job. That is 5 to 6 months total before you land your first security-focused job instead of 2.5 years.
I am not saying everyone will land a job in two months, but you can definitely do it faster than the help desk route.
There are many variables to job hunting that I won’t go into in this blog. Variables such as whether you are willing to move and the market conditions can significantly impact your ability to get a job offer.
Most of all it also depends on you! If you have the passion and determination, you will likely study more and get job offers others may not.
But I digress. Let’s move on to number 3.
3. You Could Qualify for a SOC Role Already
If you have followed some of our other advice on this site, you probably already have your CompTIA Sec+ certification. Believe it or not, this may be all you need to qualify for a Junior SOC Analyst interview.
When most businesses are looking for candidates, they are looking for passion and familiarization with the concepts tested on in the Security+ exam. Yes, that is it. Sometimes they state, they are looking for one year of experience, but they will still interview candidates with no experience.
The trick is getting the interview with your resume. If you are getting interviews, your resume is working! Consider yourself qualified for a Junior SOC Analyst position.
Now, if you are getting plenty of interviews and no offers, something else is amiss. You may just have a really weak interview.
Like I mentioned in one of our blogs on interviewing, make sure to continue to review your Security+ materials. I can almost guarantee that most technical questions will come from this material. I won’t go into this issue any further in this post. Still, I recommend following some of The Cyber Union’s suggestions on interviewing to boost your interview skills.
Suppose, on the other hand, you aren’t getting any interviews with a Security+ certification. In that case, it’s time to look at your resume and the actual jobs you are applying for.
In addition to your certification, list any cyber security course you have taken, whether it is online or in school. Businesses like to see that you are working hard to get up to speed.
The job roles you are looking for should be similar to the titles, “Junior SOC Analyst” and “Tier 1 SOC Analyst.” These are both entry-level roles for the SOC. Commonly, you may see the job listing request 1-3 years of experience. No worries. Companies will often overlook that requirement. The key is to beef up the resume with additional coursework.
While you are job hunting, spend time in online labs and learning platforms to hone your skills. You shouldn’t be looking at other certifications, just increasing your knowledge.
4. You May be Miserable
I started my journey as an intern for an IT department. My boss essentially had me helping the help desk people.
At this stage in my life, I knew I wanted to be a pen tester. And I didn’t realize that the SOC was a real thing. So, like many of you, I thought I needed any type of IT experience I could get to qualify for a cyber security role. In essence, I felt I needed to work my way up from the bottom.
But I’ll tell you, I wasn’t happy. I did not enjoy the help desk work. I didn’t learn much on the job, but I took advantage of any free class my workplace offered. And in my spare time, I was studying hard. In total, it was nine months, of I can’t wait to get into infosec.
Luckily a company reached out to me on LinkedIn. After a few interviews, they offered me a full-time job as a Junior SOC Analyst, and I was excited.
The moral of my story is that most of us are unhappy when we are doing something we don’t love. And, there may be other options to reach your goal faster.
If you think that the help desk is the only viable option to get into cyber security, I urge you to rethink. I have seen way too many success stories of people going from a completely unrelated field to infosec with only a Security+ to think otherwise.
Will the help desk help you get a job? Yes. But that’s not the question. You should instead ask yourself, is the time you will spend chasing another position worth it?
I encourage everyone to follow their dreams in cyber security, and I want to help you do it as fast as possible. Keep following our blog for more tips on getting into information security.
GETTING INTO INFOSEC: CREATING A RESUME USING YOUR LINKEDIN PROFILE
GETTING INTO INFOSEC: 11 STEPS FOR SETTING UP YOUR LINKEDIN FOR MAXIMUM RESULTS
GETTING INTO INFOSEC: 10 RESOURCES FOR JUNIOR SOC ANALYST JOB LISTINGS IN 2021