Considering a cybersecurity internship? Hear the following industry insiders' best advice for getting your foot in the door.
γπ Degree(s)
γπ¨ Skills & qualities
γπ§ Knowledge
γπ Certifications
2. What companies you can apply for
γ1οΈβ£ Bigger companies
γ2οΈβ£ Managed Security Service Providers (MSSPs)
γ3οΈβ£ Other
γπ₯ Networking
γπ Resumes
γπ
°οΈ Grades
γπ Cover letters
γπ΄οΈInterviews
4. How to secure a return offer
If you haven't already, it's helpful to think about whether cybersecurity is something you're actually going to like.
A lot of people try to get into cyber to chase the salary, but that's the wrong mindset. It's a labor of love. It can be stressful in terms of workload and deadlines, so if you're in it for the wrong reasons, it's not going to be a very good experience.
β Senior cybersecurity engineer
Here are some articles to get you started:
The great news is that you don't need a specific degree to break into cybersecurity. You can just go to a bootcamp.
I was a nurse for close to two decades before switching over to cybersecurity! I didn't go back to college to get a relevant degree. Instead, I did a bootcamp.
You can also learn a lot using online resources. Here are some I suggest: Josiah U, Gerald Auger, and BlackHills.
β Senior SOC analyst
That said, it always looks good to have a relevant degree.
A lot of the postings I've seen (for prior and current jobs) ask for a bachelor's degree in IT, Computer Science, Management Information Systems, Business Information Systems or a related field. This will put you ahead of someone who got a liberal arts degree.
It doesn't mean you'll be more successful. But as far as HR requirements (or even hiring biases), anything technical is helpful for getting your foot in the door.
β Senior cybersecurity engineer
What skills and qualities do employers look for? Interestingly, our cybersecurity professionals emphasized soft skills more than hard skills.
Soft skills have been imperatively important in my career. Even though the job description may not specifically require them, soft skills are critical.
Hard skills, I can teach. Like I can teach you how to respond to a malware infection or be a SIEM administrator. But I can't teach you to care about your job or be empathetic.
β Senior cybersecurity engineer
We don't put that much weight on IT experience. Of course, we'd prefer that you know what a computer is or are familiar with the basics of computer networking. But once you come on board and do your training, usually anybody can pick these things up. So you don't have to have that background.
β Senior SOC analyst
Now let's dive into the skills and qualities they recommend having.
You need to work well with others, since you're constantly working with customers, HR, or higher-ups. You need to speak clearly, collaborate, and work well with others.
β Senior SOC analyst
Security imposes a lot of guard rails and ruffles feathers. We're the ones who block websites and programs on people's computers, so you need to have the soft skills to de-escalate situations, speak with empathy, reach a level ground with them, and deliver bad news.
β Senior cybersecurity engineer
By "critical thinking skills," I'm looking for whether you have have any experiences where you had to differentiate between what's important and what's not. With cybersecurity alerts, you have to know what's priority. You have to be able to make those judgement calls.
β Senior SOC analyst
One minute, your priority will be to do A, B, or C. Another minute, D pops up, and your priority is D, C, B, A. You need to be able to prioritize based on the situation.
β Senior cybersecurity engineer
You need to be organized and take good notes.
You work as a team, so when you're signing off for the day and you need to hand off your tasks, you need to have clear notes so the next person will understand what to do.
Also, if an urgent task pops up, you'll need to drop everything, which means you need to take good notes so you can come back to your work and pick up where you left off.
β Senior cybersecurity engineer
Coming in as an intern or junior-level employee, you're not expected to know much. But it definitely helps to know some basics! Here's what our cybersecurity professionals recommend knowing.
Do you know the difference between Linux, Mac, Windows? Do you understand how networks work and different networking protocols? Do you understand wireless internet and how it works? Do you know what a router is? To secure the system, you have to know how it works.
But we're not looking for somebody that knows everything right off the bat.
β Senior cybersecurity engineer
You can gain some of this knowledge through free online courses or through IT internships.
Ideally, you should have a basic understanding of the standards of cybersecurity that everyone follows. Here are two big ones.
- CIA (Confidential, Integrity, Availability) β this is an oath you take when you work in cybersecurity.
- Confidential means making sure any information in a company will remain confidential. So no blogging about it or talking to your family in detail about it!
- Availability means that no matter what happens, you're going to make sure a company's information and assets will be available at all times. (Assets are things that the company wants to keep private, such as the company's financials or the personal information of its customers and employees.) For instance,, we need to make sure assets are still available even if there's a rain storm that causes a power outage.
- Integrity is making sure nothing is altered. We need to make sure we have backups, for instance. So even if a threat actor tries to manipulate our assets, we still have the original information somewhere.
- NIST (National Institute of Standards and Technology) β NIST is a 900-page book that defines the standards or best practices that organizations should follow β for example, "If you encounter this sort of incident, you should respond in this way." These standards are updated every couple years, so there's no need to memorize them! Just be familiar with NIST, since you'll need to refer to it.
You can learn the rest through experience!
β Senior SOC analyst
If you're aiming to work in a Security Operations Center, here are some things to be familiar with.
Time stamps: Be familiar with different time zones and military time. In many SOCs, the alerts (e.g. "Mary in HR logged in") are set up to show the time in GMT and military time ("GMT+8 2300").
Linux: Know what a shell is, what a command line is, and how to look up certain logs. You don't have to be an expert but know the basics. For example, if your manager asked you to pull up an alert back in November, you don't want to have to go through eight months of logs to find it. You'll need to run a script to quickly narrow down to what you're looking for. (SOCs are fast paced so you need to do everything quickly so you can finish your current task and move onto other tasks.)
β Senior SOC analyst
Cybersecurity is a field with lots of certifications. You won't need one to land an internship, but it may help if you're aiming for entry-level roles, just as a way to stand out.
I did a bootcamp and also got my Security+ certification before my first full-time job. For students, this is a good one to have since it's a fundamental one. It won't guarantee you a job, but having it shows employers that you understand the basics (like computer networking, access control, physical control, things like that).
So even if you don't have any internship or prior experience, if you have that certification, it'll put you above others who don't have anything. And these days, a lot of entry-level cyber jobs will have this in their preferred qualifications.
But it's not an easy exam. I studied hardcore for about a month. You do have to pay a good amount of money for it and unfortunately if you fail it, you don't get your money back. (Tip: Look for student vouchers which will give you 10% off!)
Besides this, there's also the A+ certification, but I don't think that's necessary. It's just basic tech stuff like "How to use a computer." So just go for Security+. Then from there, you can see if you want to expand to other certifications. Like if you want to go into network engineering, get the Network+ and Cisco certifications. If you want to be a penetration tester, maybe get the Pentest+ and OSCP (Offensive Security Certified). But I think Security+ is more than enough for entry-level roles.
β Junior cybersecurity engineer
Our senior SOC analyst echoes the view that you should hold off on more specialized certifications.
Until you really know what specialization you want in cyber, don't worry about certifications. Even when you get hired on, some companies may want you to have a cert that you didn't have. GRC people, for instance, need different certifications than SOC people.
So first get an internship or do a bootcamp to see what area of cybersecurity you'd want to specialize in. Then after you're hired full-time, let the company pay for the certification.
There's also lots of online trainings. I'd go through those before getting a slew of certs.
β Senior SOC analyst
If you're looking for an internship, you might want to start with big companies hiring in your area.
Usually the bigger companies will have internship programs. My internships were at mid- to large-sized companies with 4,000+ companies. Look for big manufacturing companies, big banks, pharmaceutical companies, software companies β these tend to have internships that lead to full-time jobs.
A lot of times, these entry-level cybersecurity internships and jobs are in SOCs, but you'll also find some Tech Development Programs, which are rotational, so you'll get to spend time under different security teams. There are also internships in a concentration of cybersecurity, like SIEM, vulnerability management, etc.
β Senior cybersecurity engineer
Some companies outsource their cybersecurity to MSSPs. MSSPs have internships. At the lower-level SOC positions, they're generally like a meat grinder with long hours and shift work, but that's how you can get your foot in the door.
β Senior cybersecurity engineer
Some MSSPs even offer bootcamps. They'll train you and pick the best ones for their SOC internships. Our junior cybersecurity engineer did one of these and didn't end up being picked for the internship but it most likely helped him land another internship.
I attended a month-long bootcamp in college. It started you off with fundamentals like computer networking and penetration testing. It pretty much prepared you for a SOC analyst job at an MSSP.
However, they only take a small percentage of students and I didn't make the cut. I knew I still needed to get an internship since cybersecurity is super competitive to get into, so I searched elsewhere and applied to another company, which took me in as an intern.
After I started my internship, I found out that another intern was also from my bootcamp.
β Senior cybersecurity engineer
It never hurts to cast a wide net!
You never know! Small companies sometimes also have internships. When I was an aspiring intern, I looked everywhere. I went as far as looking on Google Maps for companies within a five mile radius of my school and checking their websites to see if they had intern postings.
β Senior cybersecurity engineer
If you're applying for a SOC role, you should be able to find them anywhere. You could try finding some SOCs near you and see if they're taking interns.
Everybody needs SOC teams. Hospitals, airports, restaurants, you name it. They all need to protect their employees' private information and any other information that they think is important. They also need to follow back-up protocols in case they're shut down for, say, a ransom attack. Any company that has assets (basically any company!) needs SOC analysts. Even small companies.
β Senior SOC analyst
You can find plenty of internships on Prosple.
Make a LinkedIn profile and comment on people's posts. Follow other cybersecurity professionals and ask questions. Once you do that, and people start seeing you're active on LinkedIn, recruiters will actually reach out to you for internships.
β Senior SOC analyst
Let's explore what cybersecurity professionals look for when reviewing students' resumes.
This one is a must-have!
As a student, it's understandable if you don't have hands-on experience, but if cybersecurity is something you're really serious about, you should have something that demonstrates your enthusiasm. For example:
- Maybe you participated in a cybersecurity bootcamp.
- Maybe you participated in a TryHackMe (where you try to hack into a system).
- Maybe you built something in Linux and you put your project on Github.
β Senior SOC analyst
For students, I'm really looking for what you do in your free time related to IT, tech, or cyber that will put you above someone else. I'm looking for the drive and "This is something I'm genuinely interested in, not just something I want a paycheck from." It's easier to train someone when they're really interested and have the drive.
For instance, if you have a home lab, where you play around with different computers (both physical or virtual), that's usually a good sign.
There are people who spin up enterprise level servers at home! But you don't need to sink a lot of money into a $4000 server. It's as simple as "I have an old laptop from high school and I put Linux on it and turned it into a server." Or "I host a minecraft server to play with my friends."
It doesn't even have to be a server. Maybe you just opened up a new computer and put on a different OS. Or you're into 3D printing and make trinkets. A lot of PC gamers build custom PCs (they buy all the parts and build it themselves).
It doesn't really matter what you do, as long as it shows me that:
- You're doing something that expands your knowledge of computers past just using it on a daily-basis.
- You want to know how things are working, and want to build things.
β Senior cybersecurity engineer
I look for leadership or teamwork experience, mainly to see if there were roles where you collaborated with people.
β Senior SOC analyst
In general, I wouldn't say your part-time jobs really matter. When I applied for my first IT internship, I worked at a wedding DJ company and a swimming pool supply store. Kids are going to work odd jobs during school and the summer.
But if you have retail experience, that does bode well since it shows you have customer service skills and would be able to speak to people who might be customers or stakeholders.
β Senior cybersecurity engineer
Here are some other things that are nice to have on your resume.
A lot of organizations do like you to have basic coding skills (python, Linux), since it'll help you do your job faster, even if it isn't in your daily duties. For instance, if there's something that we need to deep dive into, and SecDevOps can't get to it right away, we'll ask a colleague who knows some coding for help.
There are also a lot of applicants who've worked IT helpdesk roles, which is where you respond to a bunch of tickets when users have issues logging in or their printer isn't connected to their laptop. This is a plus as it tells me a candidate is familiar with software and applications.
But we take people with all kinds of backgrounds! You could be working a fast food restaurant, but you have a passion for IT or cyber, which you could demonstrate with the summer projects or bootcamps that I mentioned earlier.
β Senior SOC analyst
For our best tips on writing resumes, check out How to craft a winning resume as a college student.
The cybersecurity professionals we spoke to don't look at grades themselves, but say that others do.
I did have a colleague who looks at grades. Personally, I don't. You never know what a student was going through. They may have had a rough semester or they may be majoring in something that their parents forced them into, but they might have a passion for cybersecurity.
That said, I still wouldn't recommend having F's. I'd recommend having an average GPA (2.5 or higher), which shows you did put in some effort!
β Senior SOC analyst
I don't look at grades. However, a lot of internship programs require you to have a certain GPA requirement, so I'm guessing HR does filter for them.
For college graduates, I never looked at grades. If you have the degree, you have the degree!
β Senior cybersecurity engineer
Our cybersecurity professionals have never had come across a cover letter.
Cover letters are kind of a thing of the past. Employers just want to see what experience you have. Save the cover letter for your initial conversation. Sell yourself then ("Hey I'm a great worker, I'm a team player, I thrive in team environments, but I can work independently").
Recruiters are getting inundated with applications. They don't want to read a lot. And especially in cyber, we want you to avoid the fluff and get straight to the point.
β Senior SOC analyst
I can't remember being given a cover letter by human resources. Usually they just give us a PDF resume and I show up to an interview.
Personal opinion, I think they can be important. Definitely tailor it. I submitted cover letters with every application I put in. It's one of those things that puts you ahead of the crowd if you're willing to put in the extra amount of effort to tailor a cover letter, as stupid as it sounds.
β Senior cybersecurity engineer
You could have anywhere from one to three interviews.
With internships, there was only one interview. But for entry-level jobs, we'd do a phone interview and an in-person interview.
β Senior cybersecurity engineer
We did three rounds of interviews.
#1 Phone interview
This is to get a glimpse of their personality and whether they'd be a fit for our team. Here are some things I'll look out for:
- Whether the candidate enunciates and speaks clearly.
- Are they cutting me off when I talk? This tells me whether they're respectful and can work with others.
We also check whether they're coachable. (It doesn't matter what level you're at, you'll have to learn new things all the time.)
#2 In-person interview
We'd then have one face-to-face meeting to introduce the protocols and responsibilities ("You'll be responsible for 24/7 eyes on the glass" or "You'll create tickets").
This is to make sure they're OK with the work. It has to be a great fit. We're looking for longevity, not for someone to be here for a couple of months. So a candidate who's eager to do the work (regardless of whether they're very knowledgeable about it) and can see themselves doing this for the next 10 years, they have a better chance of getting in
In this round, we also filter for people who don't seem to understand basic computer networking concepts or the job requirements (which we've already listed on the job description online).
#3 Technical interview
For the last interview, we'd ask questions to see what their level of experience is. The questions are usually not right or wrong.
β Senior SOC analyst
In terms of technical questions, we usually ask:
- Questions about key concepts like "What does CIA mean?" or "What is a three-way handshake?"
- Scenario-based questions. I might bring up a basic scenario that they should be familiar with and ask, "Based on this alert, what would you do first?"
- Questions about cybersecurity tools: For students, I probably wouldn't ask about the specific tool we use, but maybe an application like AWS that they should be familiar with: "What is it?" "How do you create a profile?" "What do you think are the important things you should have on your dashboard?". Or even more generally, "What applications do you think you should have on your PC so you have an effective work day?"
β Senior SOC analyst
I'll ask simple technical questions like "What port number is DNS?"
This is just a quick test of whether you have basic IT knowledge and how much time it would take to get you up-to-speed.
And if you're not exposed to IT, this tells us whether you're going to lie about it. It's OK to say "I don't know" like "Hey, I don't know that question, but I'll find out who knows that answer or I'll look into that."
β Senior cybersecurity engineer
Here are our cybersecurity professionals' favorite non-technical interview questions to ask.
This is your elevator pitch. We want to know how you present yourself. Who you are, why you're here.
β Senior cybersecurity engineer
For more tips on answering this question, check out 7 sample responses to "Tell me about yourself" for students
I'd want to know what their goals are for the next 5-10 years.
- Do you see yourself working in a SOC environment?
- Do you see yourself responding to incidents?
- Do you see yourself as a CISO or a manager in 10 years?
Their response will let me know if they're serious. It'll also help me decide which team member I would place them with (Should I place them with a SOC 1 analyst or a SOC 2 analyst? I'd want to place them with someone who has the same career goals?).
β Senior SOC analyst
For more tips on answering this question, check out 7 sample responses to "Where do you see yourself in 5 years?" for students.
Think about it like this "What's your greatest professional weakness?" (I don't care if you're afraid of spiders!)
Your response should be something along the lines of "Hey, here's a weakness but it's not enough of a weakness for you to not hire me." Time management skills is a great one. A lot of typical responses are "I procrastinate a bit but I'll get it done"
I mainly want to gauge your attitude and whether you're going to fit into the team. If someone says "I'm perfect" then they're probably not a great team player.
β Senior cybersecurity engineer
For more tips on answering this question, check out 7 sample responses to "What's your biggest weaknesses?" for students.
Other variations of this would be "What is a hobby that you love to do?" "What makes you happy?"
In this field, we get stigmatized for being "computer people." But we have big personalities too! I always want to know what you like to do outside of here, just to make sure you're personable.
At the end of the day, we're first line defenders. We have to have each other's backs. If you're going through something, it's going to affect me too. You can't always separate work from personal. For instance, you can't leave your divorce at the door.
You need to communicate your personal problems with your team - it's all part of being a team. For example, if I know Suzie's not having a great day, I'll cover more of her duties. At the end of the day, we're all a team working together to protect this company's assets)
β Senior SOC analyst
"Tell us about a time when ... ?" questions. These may or may not be useful but we do ask these.
β Senior cybersecurity engineer
For tips on answering behavioral questions, check out The STAR method: Your secret weapon to acing interviews as a student.
We have to be able to see if that you won't just take the first answer you see. There are times you'll have to do a deep dive into an alert. If you just give a straight answer, we know it's memorized.
We want to see how your mind works. You have to think through the incident; you have to document how you think through an incident and how you'll handle it and why.
β Senior SOC analyst
I'd print out the resume, circle stuff, and make notes, and ask questions about things, especially their educational experiences and any certificates.
For example, "You went to this college and did this degree. What coursework did you do? Did you do any collaborative project work?"
We dig a little into each item on the resume (which is why it's important to not lie on your resume). You can fluff things up, but don't lie! The people who interview you are experienced in the field, so if you're lying about something, you'll get found out.
β Senior cybersecurity engineer
This shows me whether the person put in the effort to learn about the company. If you did your research, it definitely will put you above other people, since it shows that you care and are excited for the opportunity.
I worked for a company that makes military tanks, and candidates would say "no" to this question or try to make things up. That doesn't look good.
β Senior cybersecurity engineer
Some memorable questions I've been asked by junior-level people were:
- How did you get to this point in your career?
- What else can I learn that would prepare me for an internship?
- Are there any tools that I can study up on to expand my knowledge?
Questions like these show that:
- You care (and that's not something I can teach you)
- You've got drive (and will be easy to teach)
Plus, you can also get some free advice, so it's a win-win!
More generally, a lot of people ask about work-life balance, training budget (will they pay for certifications or send me to conferences?), company culture, and things like that. I also ask about these things as I see interviews as a chance for me to interview the company too.
Generally, I wouldn't ask about compensation though. That's more for HR.
β Senior cybersecurity engineer
For more tips, see Smart questions to ask at your next internship interview.
If you want to secure a return offer as an intern, itβs about standing out, proving your worth, and taking on more than what you're given. Be that person who asks for more work when you've finished your tasks.
Say something like, βI have 10 minutes before the next meeting. Can I watch what youβre doing?β Youβre more likely to get that offer, though it all hinges on whether there's a position available.
Think about it this way. Let's say there are 10 interns. You've all worked in the same company, so you all know how it operates and that's not something that'll help you stand out. You've got to show that you really want to come back.
One of my best interns got the internship, proved his worth, and got a return offer. I actually went to the hiring manager and said, "We need to keep him. Weβre not going to find anyone on the market who knows the company as well as he does and is as driven."
If you're a standout, even if thereβs not an open position, it's possible the company will even make a position for you.
β Senior cybersecurity engineer
Of course, it's not the end of the world if you don't secure a return offer! Sometimes, you and the company just aren't the right fit for each other, so it's for the better. But we hope this gives you an idea of what you'd want to do if you do come across the right company.