"No one should ever work." ― Bob Black, The Abolition of Work.

Career Hacking

This page contains our recommendations on how to seek a remote, entry-level job in technical information security with good chances of getting hired. Similarly to the Self-Education Academy, this guide is not panacea. It is mostly tested, and mostly reliable, but it's clearly not the only path to follow. You are encouraged, in true hacker spirit, to make adjustments and changes so that the process fits your personal requirements. Make this work for you.

This guide assumes that you have completed (at least some of) the Greenbridge Curriculum. Though it may theoretically be possible to get a job in cybersecurity while being almost clueless on the subject matter, you will need a very rare combination of factors for this to succeed: a desperate, gullible, opportunistic employer on one hand, and an aptitude for lies, suitably placed buzzwords and deceit on your behalf. To be clear: this is not the career hacking we are trying to help you with here @ Greenbridge.

In order to get a job in Information Security, you'll need some key elements:

1. Prepare a battle plan.

The first thing you need to do is spend some time thinking what exactly it is that you would like to do in cybersecurity. Generally speaking, the entry level roles that can be performed remotely in technical cybersecurity fall into three categories, which mostly align with three distinct hackers types:

If you have done your homework and completed (at least some of) the Greenbridge Curriculum, it should be fairly clear by now which of the above appears most appealing to you and compatible both with your future aspirations and your current modus operandi. This will probably be related to what you have been working on so far, either at your current job or as part of your studies, but also to how you relate to information security in a more general sense.

Use your google-fu to locate job opportunities related to these roles as well as their variants. Try different combinations and wording pairs to track down as many relevant opportunities as possible. Try searching for opportunities in languages other than English. Try to think in reverse: what would a prospective employer include in their hiring campaign to attract talent? Consider trying search terms which are adjacent to what you are looking for (i.e "vulnerability assessment" and "red teaming" are different things, but relevant to penetration testing). Here are a few example search terms for penetration testing:

Make a shortlist of 20 vacancies that interest you and prioritise your applications according to a set of criteria. We'd recommend the following criteria, but, as usually, feel free to adjust these to match your own goals:

Diogenes of Sinope

2. Submit strong applications.

Pay attention to the wording at the job vacancy posting and submit, with surgical precision, exactly what is required. No more, no less.

In most cases, they will require a CV. Your CV is your personal marketing tool. It must be fairly compatible with contemporary-looking CVs, but it should have your own trademark personal touch. Make sure that it is in English, that it is a PDF document (not .txt, .docx or anything else), that is is visually apealling and that is fits in one page. Avoid spelling, grammar or punctuation errors and do not use plagiarised or boilerplate content. Besides the presentation of your CV, the actual content obviously matters too, so make sure to include all your relevant achievements here, including degrees, FOSS projects, programming languages, operating systems, work experience, and any offbeat interests you may have.

If a cover letter is required, tailor your response to say exactly why you are a good fit for the role. A couple of well-written, error-free paragraphs are usually enough to draw attention. If your potential employer is asking for other credentials, such as copies of certificates or anything else that they may need, make sure that you submit them, or provide a valid justification for any prerequisites you are not able to provide.

3. Prepare for the interview.

If you are invited to an interview, make sure that you conduct extensive open source intelligence gathering on the company you are interviewing with. If your interviewer's name is known to you, do your OSINT on them as well. Educate yourself in relation to the interview process and be prepared for any specific tests they will be asking you to take. You may also want to prepare a few things to reply to some of the most common interview questions. Last but not least, to state the obvious: Get a good night's sleep before the interview.

4. Interview.

Things to keep in mind for the interview: