MCSI #003: How to impress hiring managers and win first place in the job race
Don't let your first impression be your last.
Hiring managers often receive more than 200 applications for each open position, so they use a rigorous and efficient triage process to filter out those not worthy of their time.
In this newsletter, I'll provide you with invaluable advice to help you navigate the early stages of the recruitment process. My tips are based on my experience of reviewing over 2,000 job applications in the last five years.
Lesson #1: Write an exceptional application email
This is an anonymized application that I received this week:
It is apparent that this individual has made several errors when applying for the role.
Firstly, there is no information included in the email about the application. Additionally, a cover letter was not provided. Furthermore, he is based in India and is applying for a role only available to candidates located in Australia. To add, the only text in the email was making a demand.
Unfortunately, it is not uncommon for us to receive subpar applications. Candidates often write poor emails and apply for roles that they are not qualified or suitable for. If this has been your approach when applying for jobs, then it is no surprise you have not received an interview.
Now let’s look at the application from the very first employee that we ever hired:
We were impressed with the applicant's detailed and personalized application email.
He explained why he would be a good fit for a graduate position in our company, listing relevant technical skills and describing how he had acquired them. He also discussed the transferable skills he had developed while working in a supermarket.
Furthermore, his CV was of a high standard. It included references from both a professor and his current manager, and provided examples of his team-player qualities, communication skills, and ability to plan and organize tasks independently.
As a result, we hired him while he was still at university, despite the fact that he had no cybersecurity certifications. We provided training on the job and he studied further in his own time.
When applying for a cybersecurity job, it is important to ensure that all of the requirements listed in the position description are met. Additionally, a personalized email describing why you are a good fit for the role and the company you want to join should be sent. Finally, a portfolio should be created that highlights why you are the ideal candidate. This portfolio should include a CV, a LinkedIn profile, any projects you have completed, any initiatives you have contributed to, and references.
Lesson #2: Reduce the risk for the employer
The average cost of a bad hire is up to 30% of the employee’s first-year earnings according to the U.S. Department of Labor. Furthermore, a study states that managers also have to spend 17% of their time supervising poorly-performing employees.
My goal in sharing these statistics is to help you understand what is important to employers when they review applications. Many employers and managers are very concerned about the risk of making a wrong hiring decision. To help alleviate their concern and stand out from other applicants, you could reduce your risk profile.
a) Showcase skills relevant to the position
Employers are looking for candidates with pre-existing skills that align with the position description. This is why many cybersecurity roles require prior experience; employers want to ensure they get someone with pre-existing competencies and minimal training. It is not necessarily the number of years of experience that are important, but rather that the candidate has the necessary skills to perform the job.
The easiest way to showcase your skills is to build a portfolio:
MCSI’s unique approach is to help students build portfolio. Here’s an example of a reverse engineering video by Jérémy Gardas:
Jérémy produced this video whilst studying our Blue Team certification.
The concept is straightforward: create tangible evidence of your skills and abilities that you can present to potential employers. This will demonstrate that you possess the necessary knowledge and abilities to start making an immediate impact when they bring you on board.
b) Buy your own training and commit to completing it
Employees in cybersecurity must receive training from their employers. Depending on the course and travel costs, the price per student per course might range from $3,000 to $10,000. In some instances, workers must complete a number of courses before they can start carrying out the important duties for which they were engaged.
Bring your own training with you for a fairly simple method to increase your marketability in the job market! Because of this, MCSI charges $450 for roughly 600 hours of training, and our courses never expire.
"You don't need to pay for training me, I already have this wonderful course that I'm doing and commit to complete within the first 12 months of gaining work with you," our students tell employees when they approach them.
c) Obtain referrals and recommendations
Employers and managers are looking for employees who are a good cultural fit for their organization. That's why they put candidates through multiple interviews to assess if they will be able to integrate well and whether other team members will like working with them.
To alleviate their concern, obtaining referrals and letters of recommendation is a great way to demonstrate your qualifications. You can do this by contributing to the industry and donating your time. After six months, ask your network to write recommendations for you on LinkedIn. Make sure to ask them to mention their experience of working with you and highlight any positive qualities, such as being easy going and that they would like to work with you again in the future.
For example, this is what I did in 2010 and 2011 when I was just starting out Mossé Security. My references included:
It took me 2 years of sustained effort to receive the recommendations shown above. If you are a novice, you should aim for one or two recommendations from colleagues in the industry whom you have assisted.
d) Propose to start off as a contractor
Working with boutique cybersecurity companies can be a great way to expand your professional experience. If you're interested in working with one, you can easily begin by offering to do 1 or 2 small projects. This initial period of work could last 3-4 weeks and provide both parties with the opportunity to determine if the employment relationship would be mutually beneficial. Not only would this give you the chance to earn some money, it would also provide you with more work experience to lodge onto your CV.
Furthermore, taking on smaller jobs can help you to build up your portfolio, which can ultimately lead to larger, more long-term contracts. Working with a boutique cybersecurity company can also give you the opportunity to work with cutting-edge technology, something which could be incredibly beneficial to your professional development. Additionally, it's a great way to build relationships and contacts with other professionals in the cybersecurity industry. All in all, working with boutique cybersecurity companies can be a great way to kickstart your career.
Lesson #3: Prepare and practice before the interview
Many candidates come to interviews without being adequately prepared. On occasion, I have been surprised to discover that the candidate was unaware that I was the CEO of the company. This has led to confusion when I declined to take their application to the next step. To avoid any potential embarrassment, it is advisable to adequately prepare for interviews.
Here’s how to prepare for an interview:
Research the company thoroughly, so you know their mission, products and services
Prepare 3 reasons WHY you’re a good fit for their company
Propose 3 ideas that describe HOW you see yourself contributing
Produce 3 artefacts that SHOW competencies relevant to the position
Craft a list of questions to ask the interviewer
Dress professionally and conservatively
Furthermore, there are many online services that can help you practice for interviews. Take some time to research these services using Google, and aim to spend 10 hours practicing.
It is essential that you are honest and accurate when describing your skills and qualifications. If you do not feel you are a suitable fit for a particular company or role, that is perfectly fine. Use the opportunity to work on your skills and apply to other companies.
When you’re ready, here’s how we can help you
At MCSI, we've reinvented cybersecurity training to help people like you land a job in cybersecurity or advance their career. Our certifications are 100% practical, allowing you to create tangible artifacts for your portfolio every time you complete an exercise. With our training, you'll be able to build an impressive profile, knowing that you can show hiring managers you have the skills and competencies to succeed in the role.