Hello friend 👋
I used to get asked about "learning to hack" all the time, but since I wrote a blog about it, I get asked that question a lot less now. Lately, I've noticed a change. Without a doubt, the number 1 question that hits my inbox is:
"How to get get a job in cyber when I have no experience?"
It's a completely valid question. But let's think differently.
Forget about cyber for a minute.
Let's say you want to be a pastry chef and you've never been any kind of chef before in your life. What's the plan of attack?
- Learn how to make basic pastries (reading, YouTube, online courses)
- Document the journey in public so people can see us growing and so we can inspire others.
- Build a portfolio of work that will help us get attention from hiring managers and make interviews much easier.
- Network like crazy to get our name, face and portfolio in front of people that can help us get a job.
If you do those 4 things, you no longer have a "lack of experience". In fact, you've GOT experience. You can point to it. You can reference it. People can like, comment and share it. It's all proof that you know how to make pastry.
Cyber is no different.
- Learn the basics of cyber: e.g. CompTIA A+, Net+ and Sec+.
- Document the journey in public: blogs, vlogs, Tweets.
- Build a portfolio of work: put this in your CV/resume and your LinkedIn Featured section.
- Network like crazy.
These steps will take six months of hard, focused work.
Here's an example from an online buddy of mine, Ashley Walker.
Ashley has worked hard to land himself a cybersecurity role, and now he's keen to get into Cyber Threat Intelligence (CTI). So he started a blog about CTI.
You can see that he's turned on Creator Mode on LinkedIn and put the link to his blog in his bio:
He's also using his Featured section to catch people's eyes and link to his articles after he posts them on his blog. So if you miss the link at the link at the top, you might not miss these as you scroll his profile:
Intially you'll be blogging to no-one but yourself, but eventually, the wheel starts to turn. It's all about committing to the process and not giving up. Check out his latest blog here on LockBit ransomware.
If you'd like help on how to build your profile online, you can check out my free course and workshops or my course on how to get into cybersecurity.
You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.
Until next week,
Fun Things This Week
🎙Robbing Companies of Billions via Email
My good friend and fellow creator Jason Rebholz has a great YouTube channel where he explains attacks blow-by-blow. He recently made this one on Business Email Compromise scams which cost organisations around $43 BILLION A YEAR!
👾 Cool Tools
DFShell is a python3 script which use mkfifo to simulate a shell into the victim machine. It creates a hidden directory in /dev/shm/.fs/ and there are stored the fifos. You can even have a tty over a webshell.
Bellingcat's Online Investigation Toolkit is a gold mine! I've been a huge fan of Bellingcat's reporting and only found out about this toolkit this week. If you're into online investigations, you will want to bookmark this!
Whenever you’re ready, there are a few ways I can help you:
1. If you'd like to learn how to create content to raise your online profile, I have a free email crash course and a whole series of video workshops.
2. If you want to land a career in cyber security but don't know where to start, your best bet is through my SWITCHFIRE guide.
3. If you'd like to promote yourself or your business and help keep this newsletter free to its readers, you can sponsor it by dropping me an email.