How to Get a Cybersecurity Job: What Hiring Managers Look For

Learn how to showcase your expertise, initiative and IT certifications on your resume to land your dream cybersecurity job.

The job market is a competitive arena, sometimes reminding world-weary job seekers of the gladiator games, and there’s no magic formula to help you land your dream job. But that doesn’t mean you can’t gain a significant edge by preparing for a job in advance. When it comes to cybersecurity, you can certainly take steps to make yourself stand out from the crowd.


To help you do that more effectively, we asked Juan Fernandez, a hiring manager with more than 20 years in the industry, what makes applicants most appealing for cybersecurity jobs.

4 Things Cybersecurity Hiring Managers Look For

Resumes and interviews, the humdrum of the job hunt. It can be difficult to attend to the minutiae, but it will pay off! The job market has plenty of qualified applicants. So how can you shine above the rest? This is what hiring managers want to see.

1. An Area of Expertise

It’s a common conundrum…generalist or specialist? Should you choose an area of expertise to focus on or gather a general breadth of skills in cybersecurity to allow for flexibility? Many advocate for the jack-of-all-trades approach so that you can apply skills to multiple roles, but Fernandez recommends obtaining a specialty in at least one area of cybersecurity.

“You can be a jack of all trades, but you have to be a master of some,” Fernandez said. “You have to be good at SOMETHING, inside of being a generalist.”

Without an area of expertise, Fernandez warns that you are likely to get passed over for someone with more knowledge relevant to a specific cybersecurity job role.

2. Initiative

If you really want to land your dream job, Fernandez recommends showing initiative. What does this mean exactly? If you want to show initiative, go beyond performing regular job tasks and find ways to excel at your profession outside of what a boss tells you to do. Fernandez, the consulting vice president of managed IT services at ImageNet, considers this to be a defining trait of an exceptional job candidate.

“For me, it’s a prerequisite,” he said. “I want to see people with initiative.”

Initiative levels up a job candidate from qualified to ideal. In a cybersecurity situation, you don’t want team members sitting around waiting to take orders – you want hires that can handle themselves when the going gets tough.

3. A Unique Resume

Throw out what you think you know about resumes. If you’re plugging your details into a template, Fernandez cautions it will blend in with all the rest. He wants to see how you will excel at the job if chosen.

Here are a few suggestions he has for compiling your cybersecurity resume:

  • Hyper customize the objective for each job: “You need a good objective that hasn’t been copied and pasted. It should really be tailored for the job. It should be personal.”
  • Compile a portfolio instead of a list of duties: “I want to see something meaningful that shows me how you enacted changes and how you improved things.”
  • If you lack experience, make your own: “People think they have roadblocks because no one has asked them to do something. Find a way to apply what you are doing to what you want to do.”
  • Show your initiative: “One of the things I don’t look for is your ability to follow orders. I look for the secret sauce, in essence what makes you, you.”

4. Cybersecurity Certifications

No matter how you slice it, cybersecurity certifications are needed. Imagine IT certifications as an acknowledgement of your participation in an entry-level class. Cybersecurity certifications provide the requisite acknowledgement that you have the most basic skill sets to succeed in a career in cybersecurity.

“In this new landscape, one of the biggest things a cybersecurity manager is looking for is the certifications requirement,” Fernandez said. “I don’t believe you’re going to see that wane at all. If anything, I think it’s going to become more stringent.”

Fernandez advises every practitioner to obtain a cybersecurity certification to validate that you should even be allowed in the door. Without it, he believes you’re lacking the foundational knowledge needed to perform a cybersecurity job.

“We don’t have people who aren’t CompTIA A+ and CompTIA Security+ certified. We just don’t,” Fernandez said. “It’s the basics and the fundamentals. CompTIA A+ is a prerequisite to even get looked at here. You have to have some sort of CompTIA certification. I wouldn’t consider someone without it because we need to level set and all be working from the same set of knowledge.”

Give Yourself the Job

Ultimately, finding the right fit for a job is the proverbial needle in a haystack. If you want to be chosen, you have to be willing to think outside the box. When Fernandez first began working for a healthcare company more than 20 years ago, he enjoyed his job. But over time, he began to notice several areas where process and procedures could be improved.

Rather than wait for the command from higher ups, Fernandez pursued improvements and began writing his own security and compliance protocols, making his company HIPAA compliant before HIPPA was even a requirement. He began writing security templates and policy to ensure the security of his own company, without anyone ever directing him to do so. It was groundbreaking work and it eventually led to working with the FBI on HIPAA, a job offer from the federal government and a lifelong career in cybersecurity.

“Give yourself the job,” Fernandez said. “Stop assuming you can’t have it because you don’t have something. Focus on the do’s, not the don’ts and give yourself the tools you need to make it happen.”

Juan Fernandez appeared in several YouTube Live broadcasts with CompTIA in 2020. ICYMI, check out our YouTube channel and subscribe to get alerts about future broadcasts.

Email us at blogeditor@comptia.org for inquiries related to contributed articles, link building and other web content needs.

Read More from the CompTIA Blog

Leave a Comment