Trying to break into the cybersecurity field when you are on the outside may seem like a dismaying task. With so many qualified candidates vying for a limited number of positions, it can be tricky to land your first cybersecurity job in the industry.
However, there are a few things you can do to increase your chances of landing that dream job. Start by networking with people who already work in cybersecurity. Attend industry events and meetups, and reach out to potential mentors. All it takes is one person to pick you to get started.
It’s also important to build up your skillset as much as you can and make sure your resume is expertly crafted and up-to-date.
Read on to find out more about these battle-tested ideas and techniques.
Table of Contents
Do The Work To Stand Out
Since the cybersecurity field is one of the most competitive and rapidly changing industries out there, you need a little creativity to get noticed. To break into it, you need to be prepared to put in the hard work.
Here are a few general tactics you can do to make yourself a more attractive candidate and land your first cybersecurity job:
- First, build up your skillset. Cybersecurity is an ever-evolving field, and it’s important to stay up-to-date on the latest tools and technologies. There are plenty of resources available online (like the Awesome Security List) and offline – take advantage of them!
- In addition to technical skills, employers also value soft skills like communication and problem solving. If you can demonstrate that you have what it takes to be successful in a cybersecurity role, you’ll be one step ahead of the competition.
- Next, get some experience under your belt. There are many ways to do this – from internships and volunteer roles to participating in hacking competitions. Getting actual experience working with cybersecurity systems will make you a more attractive candidate when applying for jobs. Don’t discount this tip. Even if the learned skills aren’t as in depth as they need to be, the networking opportunities will more than make up for it.
- Work on finding a complementary skill that’s not security related. You will be surprised at the cognitive refresh this will give your brain. Besides, this complementary skill may actually help you develop your security sense.
You can choose to incorporate business or marketing knowledge into your repertoire, but don’t think you will be unique here. I’ve met many security professionals who have also studied business. What hasn’t been as prevalent are security professionals with interests in internet business and marketing. This, of course, does not include security folks who are entrepreneurs or those who form their own consulting agencies.
In my case, my dual passion has led to some interesting results. Most notably, my security awareness instructions and rollouts have benefited massively from applying marketing principles and psychology.
It’s hard to get people to care about security. It’s even harder to get people to act on it. I helped kickstart a movement without beating anybody up or having our network nuked to get support.
This level of connection can be brought to your customers, clients, or co-workers, regardless of industry. Consider an unrelated cybersecurity skill today.
First Steps to Breaking into Your First Cybersecurity Job
There are a lot of topics and skills to learn. One way to stay organized is to monitor the topics and skills you are learning by creating your own goal tracker. It doesn’t have to be anything fancy, but you can go as crazy as you want, even whipping up color-coded Excel spreadsheets.
I personally write down my goals and keep a daily journal of tasks, including writing down my wins for the day. You can start with goals or a work journal, but be sure to note the baseline of computer security topics you should know.
Either way, I would recommend you track what you’re good at and what you need to learn to be successful. Once you get organized, note any relevant experience you have, even if it’s not in the cybersecurity field.
Lastly, don’t be afraid to apply for jobs that are slightly out of your skill range. Landing your first job in cybersecurity is all about getting your foot in the door. Once you’ve landed that first job, you’ll be well on your way to a successful career in the field.
Look at the Workforce
Find which role you would like to fulfill. There are millions of rewarding jobs in cybersecurity. Once you get beyond this part, the hard part is yet to come – getting the job.
If you are struggling with this, one resource to help you evaluate the cybersecurity workforce is Cyberseek. This website offers a career pathway, an interactive map, and resources to understand skills gaps.
Companies are starting to take note that entry level cybersecurity jobs are quite rare, and there is a large skill gap. Expect to see more cybersecurity workforce development and financial aid standards and opportunities.
Some examples of workforce development programs include:
- Cybersecurity Training Exercises by DHS
- Cybersecurity Workforce Development by CISA
- Workforce Development by IBM
The comments in that IBM workforce development article are great. They really paint a picture of the struggle. Despite the good news, some people remain doom pilled. A word of caution: if you are frustrated, don’t let your frustration control you, or it will present your offering in a very negative way.
Review Job Posts
After you have looked at the cyber workforce and are appropriately prepared to get started, you can now look at the many different cybersecurity jobs available. What do you see within the job posts? Can you spot any patterns?
Besides seeing what the role offers, check to see if there are additional requirements to fulfill. Some example requirements include:
- Emergency designations and requirements to be on call.
- Alternative times or shifts.
- Education requirements
- Experience requirements
- Licensing requirements
- Certification requirements
- Framework knowledge
- Project management principles
- Designations or industry memberships
- Minimum KSAs (Knowledge, Skills, and Abilities)
Not Everyone Knows How to Write a Good Job Description
Knowing what is in demand and looking at job posts are crucial. Unfortunately, not everyone knows how to write a good job description. Especially if this is their first cyber position.
Don’t be discouraged if you find job posts with competitive requirements that only pay between $40K to $50K. There are solid jobs out there that pay properly. That’s why I’m emphasizing the tactics and techniques in this article.
Some hiring managers and HR representatives don’t always get the whole picture. Consider this scenario that I found (I don’t remember where, and I can’t find it anymore):
We once told HR we needed someone with 3-5 years experience, and experience in windows server 2016 was a plus.
HR put the requirements as 5 years experience in windows server 2016. This was in 2018. You can see the problem here.
This similarly happened with IBM. A job post called for 12 years of experience with a 6 year old project.
IBM’s Global Technology Services has posted a job ad calling for candidates with a “minimum 12+ years’ experience in Kubernetes administration and management.” From a report: Which is a little odd because the first GitHub commit for the project was made on June 7, 2014. And the feature freeze for version 1.0 was announced on May 22, 2015. Absent time travel, it is therefore not possible for anyone to have 12 years’ experience with Kubernetes. The ad is sadly silent on just how IBM expects candidates will have found the time to accumulate a dozen years’ experience in a six-year-old project.IBM job ad calls for 12 years’ experience with Kubernetes – which is six years old by The Register
This reminds me of Hanlon’s razor, an adage or rule of thumb that roughly states:
Never ascribe to malice that which is adequately explained by incompetence.Hanlon’s Razor (variation)
Don’t get discouraged. It will get better in time.
Preparing For Your Next Certification
Required certifications really depend on the nature of the work you will be doing. After you have evaluated the workforce and reviewed some job posts, it will become clearer which certifications are useful to you.
Here are some examples of certifications to review.
- A+, Network+, Security+, SSCP
- ITIL Foundation Level Certification
- CCNA, Palo Alto
- Linux+, Server+, Data+
- GSEC, GPEN, GWAPT
- OSCP, CEH, PenTest+, CySA+
Lead into Management Level
Moving into Security Specialist or Security Analyst roles will mostly require the CompTIA Triad (A+, Network+, and Security+) or SSCP to get started. Some companies list the Security Analyst as a higher level position, so you may need to add a management level certification or two (and relevant experience) to break into that role.
Understanding Frameworks and Best Practices
There are many cybersecurity best practices and frameworks, but these will get you started:
Understanding Policies and Regulations
You will also need to understand some of the official policies and regulations out there. What you will need to know will depend on your chosen sector.
- NIST 800-171
- NIST 800-53
- DoD Directives
- CJIS Security Policy
- State Privacy and cybersecurity laws
Finding a Company or Organization That’s a Great Fit
Looking for the right company to work for can sometimes be a challenge. Many factors play into the decision, including the company’s culture and the types of projects you will be working on. However, some key steps can help you find the best possible fit for your dream job.
One important step is to research the companies you are considering. This includes reading reviews from current and former employees, looking into the company’s social media presence, and checking out industry rankings and awards to see how the company stacks up against the competition. In addition, it is important to consider what you value most in a work environment – whether it’s the pace of the projects you’ll be working on, the flexibility of your schedule, or the people you’ll be interacting with every day.
Once you’ve narrowed your list of potential employers, it’s time to start reaching out! Reach out directly to recruiters at each company to learn more about their hiring process and get information about what type of candidates they’re looking for. Additionally, talk with former colleagues who may have connections at some of these firms – word-of-mouth referrals are often a great indicator of whether a particular company will be a good fit.
Write, Re-write, and Polish Your Resume
You might be tempted to simply write a basic resume detailing a chronological list of your accomplishments and skills, but this is not the best approach. Hiring managers are more interested in seeing how well you can apply your skills and knowledge to real-world situations.
Instead, you should focus on crafting a resume with a compelling narrative that highlights your strongest abilities and aptitudes as they relate to the field of cybersecurity. This means carefully highlighting any prominent projects you have worked on, as well as any technical or IT certifications that you may have earned. And don’t be afraid to draw attention to other unique experiences or talents that make you stand out from the crowd – this could help give you the winning edge over other candidates.
To really set your resume apart from the crowd, consider taking some additional steps, like tailoring your resume for specific positions or getting outside feedback from professionals in the field. With the right approach, you can create an engaging and polished cybersecurity resume that will put you at the top of any hiring manager’s wish list.
Clean Up Your Social Media
Before you start applying for jobs, it’s a good idea to take some time to clean up your social media profiles. Many employers will research applicants online, and you don’t want them to find anything that could hurt your chances of getting the job.
Even if your profiles are set to private, there’s always a chance that someone will find and share something that you don’t want them to see. So, it’s best to be proactive and manage your private data carefully.
Delete any old posts or pictures that could be seen as unprofessional, and ensure your profile information is up-to-date and accurate. In addition, job seekers should also be cautious about making negative comments about current or former employers.
Now that you have a clean and professional social media presence, it’s time to optimize. One of the best places to optimize your skills, interests, and experience is LinkedIn. Yes, people still use LinkedIn, especially friendly recruiters.
Yes, the networking I’m referring to is the human kind. Don’t neglect the opportunity to work on teams or meet new people. Here are a few ideas to try:
- Join local groups
- Volunteer with local STEM initiatives
- Give talks, even if it’s to a small group
- Reach out to professionals in your area and offer to help with projects
Be approachable and easy to talk to. You should challenge ideas when necessary and evaluate and form your own opinions. Be collaborative and less condescending in your conversations. Strive for understanding and not debate victories.
For more networking tips, check out these tested career networking tips to improve your job search.
Apply to Select Cybersecurity Jobs
You’ve done the legwork. Now it’s time to apply. How are you feeling? Are you confident? If it’s close, let them disqualify you; don’t disqualify yourself.
Look at the desired job and assess whether you have enough experience in the field. This can include everything from the specific tools and platforms you are familiar with to your general understanding of tech-related concepts and trends. Along with experience, you should also think about whether or not the job will be fun and engaging. If you find that the tasks feel repetitive or boring, then it may not be the right fit for you.
Finally, consider whether or not the position will fulfill you. Does it involve working on interesting projects that interest you and utilize your skills? Will you be able to learn new things and develop your abilities as time goes on? If so, then that job might just be right for you. Go into your job application with confidence. Good luck!
Preparing for the Job Interview
If you get an interview, great! Now, it’s time to prepare. Don’t be afraid to spend much time preparing for the interview. The decision to hire you could be worth 10s, if not 1,000s of dollars.
Before you step foot, either physically or virtually, into the interview, you should have prepared at least the following:
- Why you want to work at the chosen company.
- What you know about the company and its impacts on the business.
- What you know about the hiring manager or team you would be working with (if possible).
- Sample interview questions you should be able to nail.
- Knowledge of basic cybersecurity concepts and explain them in plain language.
- Stories of projects, both good and bad.
- Current events, especially breaches and current cybersecurity discussions.
Your interviewer should be warm and professional as they’re looking for the best fit. Unfortunately, some interviewers seek the easiest way to disqualify potential candidates. Take this tweet that used to be on Twitter:
We interviewed a 28yo designer in 2012 who told us he had 17 years experience designing websites. I said, “Tim Berners-Lee doesn’t have 17 years experience designing websites.
“Who’s Tim Berners-Lee?” he asked.
So yeah. 🤣
Yeah, I’m sure someone designing and building websites needs as much knowledge as the father of the Internet (1989), let alone cares who he is (he probably should care as TBL is a notable computer scientist). Even still, knowing about Tim Berners-Lee is trivia knowledge. Many people wrote HTML far before they knew who he was.
Anyway, this designer was most likely making websites as an 11 year old in 1995. After all, AOL had a few million users, and Geocities was alive and well. Also, by 1998, libraries had multiple computers available for use. So this progression seems probable with a computer in the 1990s.
Instead of asking what experience or projects this person worked on and how they started as a teenager, she went in for the kill. The interview was most likely over at this point.
This is a great lesson. Interviews can be tough, so learn how to frame responses and friendly rebuttals.
Why You Were NOT Hired After Your Interview
If you were not hired, even after your interview went pretty well, there could be several reasons why. Here are the more likely reasons why you were not chosen:
- You didn’t quite have the skills and knowledge they were looking for. Many companies offer on the job training, but in this case, your gaps were too wide to fill within a reasonable time. If you did have the skills and knowledge, then you didn’t signal enough to them that you could competently do the job.
- You were not a good fit for the organization, or you were not a good fit for the team you would have worked with. Company culture is everything. Furthermore, people want to work with and hire people they like.
- Another candidate was chosen over you. Sometimes, these choices can be very close. You were beat, plain and simple. You’ll have to step it up next time.
Sometimes you didn’t get the job due to other reasons, either internal to the company or external factors. These are quite rare during the interview process, but they do happen sometimes:
- A workforce study revealed that the position was not feasible for their current projects and goals.
- A hiring freeze came across due to market conditions.
- Either their offer was rescinded (before signature), or your counter-offer was rejected due to working conditions.
Other times, you were rejected for nefarious reasons, and everyone’s time was wasted. You shouldn’t run into this too much, but if you do, you weren’t hired due to the following:
- Internal policies on publicly posting jobs for a period of time. A company or department within the company may already have a candidate lined up, but they have to post the job anyway. People don’t want to waste time interviewing, but some do.
- Visa abuse. The company wanted an excuse to apply for an H1B visa. Sometimes, difficult job requirements with low pay get posted to get no qualified applicants. You will see these occasionally and wonder who actually applies to these types of jobs. Now you know. These jobs don’t always interview, and if for some reason you apply to one, expect to be disqualified (overqualified) somehow.
Starting Your Cybersecurity Job
So, you got in. Great!
When starting a new cybersecurity job, the most important thing to keep in mind is that quick wins go a long way toward establishing yourself as an effective member of the team.
First and foremost, be sure to familiarize yourself with all of the systems and tools at your disposal so that you can get up and running right away. Try to learn tools, policies, procedures, and other expected knowledge areas as quickly as possible. A little progress goes a long way.
Additionally, focus on building strong relationships with coworkers and clients since communication is key in this field. One of my favorite ways to connect to colleagues is to leverage a tool called Calendly. Check out my use case for using Calendly to meet my meeting goal at a new workplace.
If your company uses Zoom or another conferencing tool, feel free to use that.
And remember to take time to continue expanding your skillset by continuously learning and staying up-to-date on the latest industry trends and best practices. You are not done once you get the job!
7 Lessons I Learned in My First Cybersecurity Job
- You can’t have only one person do it. Security takes work from everyone, regardless of how many people you have on the security team.
- You can’t eek by without a budget. You can only get so far without cyber spending. Be prepared to justify needed tools and services. Look into possibly creating a charter.
- You should embrace frameworks and best practice lists to build a security program. You don’t have to reinvent the wheel. Learn best practices and baselines.
- Important behind the scenes work doesn’t translate well to management. You not only have to communicate effectively on the projects you are working on, but you also have to communicate your wins effectively. Otherwise, your work may not be valued as much as they say it is.
- You need to champion security, even when it’s painfully obvious. Not everyone has the same level of understanding, especially IT people. Be prepared to push security forward. Your work is never done.
- Just because leaders say security is important doesn’t mean that it is. Actions speak louder than words. If you often get low priority, have little to no funding, and are not recognized as a contributing team member, you are not important to the leaders or the business at this time. Yes, you should be; it is partially your job to help them realize this.
- A security role that handles all security tasks isn’t sustainable. You can’t have one person do everything. It’s fun, but after a while, you will not be able to keep up, even with a prioritized weekly task list. Get instruction from your supervisor or become clear on expectations.
Keeping Up With Current Cybersecurity Events
It’s tough to stay on top of the latest developments in cybersecurity. To get started, you need to learn the lingo or concepts involved in this fast-paced field. Look for regular newsletters and blogs.
You can also follow targeted social media accounts or groups on platforms like Twitter, Facebook, or LinkedIn. Often, these platforms will feature trending stories or popular discussions related to cybersecurity, allowing you to quickly stay abreast of what’s happening in the field. Social media will also allow you to connect to experts in the field.
Cybersecurity News Inputs
Consider these inputs for where you get your cyber news:
- Websites and Blog posts (RSS feeds)
- Webinars and streams
- Videos and podcasts
- Security Now (crazy long podcast)
- Online and physical publications
- Publications like Cybersecurity Quarterly
- Summits, conferences, and regional meetings
- Industry information
- Advisories and Cyber Threat Intelligence
- Information on breaches
- Verizon Data Breach Investigation Reports – annual data breach reports
- Privacy Clearinghouse Data Breaches – a massive database of breaches since 2005
Cybersecurity Industry Conferences
If keeping abreast of security trends and evolving threats is critical to your job, which for most people it is, then plan to attend a conference this year. There is nothing like attending a face-to-face event for career networking and knowledge gathering. If you can’t go in person, virtual conferences are now viable, with plenty to do.
From major events to those that are more narrowly focused, research to find the best opportunities for you. Don’t know where to get started? Try industry conferences by the same organizations that certified you. Security Congress from ISC2 is consistently good.
Still Stuck? Level the Playing Field
Not going anywhere in your career? You might be following bad job advice. Are you still stuck despite everything listed so far? Check out the sections below for ideas on how to progress.
Home Study Projects
What’s the golden rule for home projects? Always be working on projects. Here are a few general ideas to get you started:
- Create a home lab.
- Set up your home network and devices.
- Review this great article on experience and projects by Daniel Miessler.
Side Income Projects
I mentioned you should always be working on projects in the Home Study Projects section above. This is more important than you think it is. What extra-curriculars are you doing? Don’t just limit this to learning projects at home.
What about your side hustles? If you don’t have at least one that brings in some extra cash, look at doing one. I actually got a job, beating out more qualified candidates because I taught online courses. I did more than just my day job, and that demonstrated entrepreneur style thinking to senior management.
This isn’t a commitment for the rest of your life. Just do the hard work now to get you out of your unemployment slump or dead end job.
Get Comfortable Talking to More People
Sometimes, the problem isn’t your work or even your employer. Sometimes it’s… YOU. I want you to repeat after me:
- “Small talk isn’t pointless.”
- “Going to work, putting your head down, and getting things done isn’t good enough (to them).”
- “Get the courage to go outside your department, solicit feedback, and be a visible representation of your department.”
Don’t dismiss this. Check out How to Develop Essential Soft Skills for a Successful Career if you haven’t already.
Get a New Job
Sometimes, the only way up is out. I was at a job where I enjoyed the people, the type of work, and the resources I had access to. I could have seen myself staying there and retiring.
There was one problem, well, two actually. There was no promotion path or chance to get a raise. It was hard to stay motivated when there was no upside and no chance to grow despite years of hard work and successful projects. So I left.
By leaving, not only did I get a near double raise, but I also took on higher level work and got access to more conferences and educational materials. Perfect.
It’s tough, but when the only one who cares about you is you, you need to get out and work for people who appreciate you. Before you leave your current job, be sure to do the best you can to smoothly transition out of your job.
Pay Attention to the Business of IT and Cybersecurity
You don’t have to know these terms upfront, but it’s good to have them in your back pocket. The faster you learn the business side of things, the faster you will get promoted.
- Co-term – A co-term in a business agreement is an agreed-upon length of time during which both parties to the agreement will remain in business together.
- OpEx – An operational expense, or OpEx, is a business expense directly related to the company’s day-to-day operations. This can include things like salaries, utilities, office supplies, and property lease payments. The goal of an operational expense is to keep the company running smoothly and efficiently on a day-to-day basis. Unlike capital expenses (or CapEx), which are investments in long-term projects or assets, operational expenses are meant to be incurred regularly in order to keep the business up and running. In other words, they’re part of the cost of doing business. If OpEx is too high, the overhead is too high.
- CapEx – A capital expense (CapEx) is an expense that a company incurs as it expands and upgrades its productive capabilities. These expenses usually involve purchasing long-term assets, such as new plants and equipment. Examples of capital expenses include spending on research and development, the purchase of property or land, and the installation of new software or hardware. In accounting terms, a capital expense is recorded as an asset on a company’s balance sheet. This asset will then be amortized over time, meaning that its cost will be spread out evenly across the years in which it’s used. When a company spends money on a capital expense, it’s essentially making an investment in its future growth potential.
- Cost Center – A cost center is a part of a business that incurs expenses but generates no revenue. Cost centers are typically found in departments such as accounting, marketing, information technology, and human resources. The purpose of a cost center is to accurately track the expenses associated with the department so that the overall cost of running the business can be calculated.
- Business Enablers – A business enabler is an organization, service, or tool that helps a business grow and succeed. Enablers can include things like marketing or advertising agencies, web design and development firms, accountants and bookkeepers, or office supply stores. Anything that makes it easier for a company to do business can be considered a business enabler.
- Proof of Concept – A POC is essentially a demonstration of something that is possible. In business, a proof of concept is usually a prototype or sample of a product or service meant to show how the final product will work. For example, if you’re developing a new app, you might create a proof of concept to show how it will function and what it will look like. A proof of concept can also be used to test out whether an idea is viable before investing too much time and money into it. This isn’t just for new products or services; it can also be used for trialing vendors.
- Evaluation Run – An evaluation helps you compare different products to see which one is best suited for your needs. It can be used to help choose between competing products or simply to get an idea of the different options available. This can be done in several ways but often includes surveys and interviews with users, as well as hands-on testing. Once testing is complete, a decision can be made about which product is best for your needs. Evaluations are important because they provide objective information that can help you make decisions about complex products.
- Spearhead – To spearhead a project means to take the lead on it, to be in charge of seeing it through from start to finish. It means being the driving force behind making sure that all the pieces come together and that the project is completed successfully. Being a spearhead can involve many different things, depending on the scope and nature of the project. For example, suppose you’re spearheading a work-related project. In that case, you may be responsible for orchestrating meetings, keeping everyone on task, and dealing with any obstacles that come up along the way. If you’re spearheading a personal project, you may be the one doing most of the legwork to make it happen. Either way, taking on this role shows that you’re organized and willing to step up to get it done.
- Budget vs Funding – A budget is a plan of how you will use your limited resources to achieve specific goals. Funding, on the other hand, refers to the actual money that is allocated to a project or company. Funding can come from various sources, including loans, venture capital, or grants.
- Engagement – When a third party firm is brought in to consult on or help with a particular situation or event, that is considered an engagement. Typically, an engagement will involve some sort of contract or agreement between the two parties and will specify the scope of work that the third party firm will be undertaking. Engagements can vary in terms of their duration, complexity, and cost. They can also be very short-term (e.g., for one specific task) or long-term (e.g., spanning several months or years). In some cases, an engagement may even become permanent, such as when a third party firm is hired to become a part of an organization’s staff.
- Bolted On vs. From the Ground Up – When something is bolted on, it means that it was not an original part of the project but was added later. When something is from the ground up, it means that it was part of the original plan, thus creating a higher quality final product or service.
- Implemented – To implement a change or fix means to put it into effect. This can be done in a number of ways but usually refers to installing a new piece of software or hardware, making changes to an existing system, or configuring a device.
- Surplus – Surplus simply refers to retiring technology and selling it off. When technology is surplussed, it is often sold at discounted prices or given away for free.
- True Up – A true-up is a reconciliation process where an organization verifies that it has received the correct number of licenses from a vendor and that the licenses have been properly deployed. This process ensures that both parties have an accurate understanding of the licensing agreement and whether or not any additional licenses need to be purchased.
- Elastic Licensing – Elastic licensing means that you only pay for what you use. With traditional software licenses, you typically have to purchase a certain number of licenses upfront, even if you don’t end up using all of them. This can be a wasted investment if your organization’s needs change over time. Elastic licensing can also make it easier for companies to try new software since they don’t have to commit to a long-term contract or make a large up-front payment.
- End of Life (EOL) – End of life refers to the date that software is no longer manufactured or supported. The EOL announcement by a vendor stipulates when the product support will end or how far into the future product support will be provided. Typically, this refers to the date when a specific product or version is no longer available for purchase.
- Some companies may refer to EOL as End of Sale.
- End of Sale (EOS) – End of sale refers to the date that software is no longer serviced via upgrades, patches, and overall maintenance.
- Some companies may refer to EOS as End of Life.
When renewing, check for product availability and verify if they have a lifecycle policy.
Any received product quotes may have the following information within them:
- SKUs – A SKU (stock keeping unit) is a unique code that is assigned to a product in order to track it for inventory purposes. A SKU can be composed of letters, numbers, or both, and each one is specific to the product it identifies. When a company orders merchandise from a supplier, the products are assigned SKUs so they can be tracked when they come into the warehouse and when they go out to stores. For retailers that sell online, SKUs are also used to identify products on their website.
- MSRP – MSRP is the Manufacturer’s Suggested Retail Price. The is the price that manufacturers recommend. Many people think that MSRPs are just set by whatever the market will bare, but in reality they’re often calculated using a specific formula that includes things like production costs, overhead, and marketing expenses. In some cases though, particularly with luxury brands, MSRPs can be arbitrarily high to reflect the prestige of the brand.
- OEM – OEM stands for Original Equipment Manufacturer. It’s the term used for companies that make products for other companies to resell. For example, Apple laptops are made by Foxconn, but Foxconn is not an Apple company. Instead, it’s an OEM that Apple contracts with to produce its laptops.
A quote can contain any one of the following:
- Letter of Understanding – 1 pager that summarizes an offer, includes price.
- Cost Basis – rates on a per asset basis, more assets, lower price per asset.
- Purchase Terms – length of purchase support, warranty, or subscription.
- Validity – Statement of prices saying they are open for acceptance, usually for 30 days from the date of offer.
- Payment Terms – Net 30/60/90 days. Can be on a rolling cycle with a true up.
- Payment and Billing Info – Remit to address and other contact information.
These agreements usually cover engagements or services and may contain a non-appropriate clause – if the budget isn’t there, the agreement is nullified. Some sample agreements you should know are:
- Acceptable Use Policy (AUP) – A set of constraints and practices a user must agree to in order to access a network.
- Service Level Agreement (SLA) – Defines what a customer will receive from a service provider (standards and quantities?). Specific performance requirements from a vendor.
- Statement of Work (SOW) – Activities, deliverables, and time-line from vendor to client. Includes purpose, scope of work, cost estimates, requirements, etc.
- Memorandum of Understanding (MOU) – The rules and responsibilities two parties must follow while working on a collective goal.
- Multisource Agreement (MSA) – Agreement across vendors to set certain standards for compatibility in products from different manufacturers.
It’s tough out there, but there’s no need to make it harder than it has to be.
It’s important to keep moving forward, even if your current job makes it hard to do so. If you don’t make yourself better on your own, you may pass up an opportunity in the future to work for that company that you do want to work for.
For another perspective on this, check out How to Build a Cybersecurity Career by Daniel Miessler. Like much of his other content, this post is a great read.
Also, don’t slouch on taking care of your health either.
What else do you think is important in building your IT skills? What skill did you learn that proved to be the most beneficial and why?
Sound off in the comments below. Also, let me know if anything needs to be cleared up or corrected. I spent a ton of time on this 6K+ word post and more content can be added!