This guest blog post comes from Michelle Eggers, a member of our Vision and Voice: Women in Cybersecurity community.
It was during the bitter cold of January when my former company held its first all-hands meeting of the year, an event that would spark a true turning point in my career. I can’t tell you what it was that tipped me off, whether it was a dark note in the tone of the CEO’s voice, or perhaps the lack of clarity on how the organization planned to get back on schedule with end-of-year deadlines that had passed without fulfillment, but I could sense trouble despite cheerful words spoken. At that moment I decided to follow my gut and begin the process of finding a new role before I was caught in a layoff without a plan. I had already started developing skills that would help me pivot from a non-technical project management career into cybersecurity and pouring all of my search efforts into landing a cyber role was now the priority. My hope is that the experience I gained through engaging in 45 interviews over 6 months will help others successfully navigate a similar career shift of their own.
Being the sole Black person (and female of color) at the smaller tech companies I’ve worked for, there were certainly a lot of challenges I’ve had to navigate with company culture in the recent past so when I set out to find a new role, there were several criteria points I used to help evaluate potential opportunities.
- How does the company manage and support Diversity, Equity, and Inclusion?
- Does the organization have a respectful candidate review process?
- What sort of pathways exist for internal career progression?
- Will the role align with my long-term goals?
As I began meeting with individuals from recruiter to CISO level, trends began to emerge and I became better at both recognizing and listening to red flags.
DEI: True or False
It’s almost unnecessary to ask about DEI in an interview if you’ve done research on a company as so many will have self-promotional articles letting you know they’ve thought about this area of the hiring process. Never forget that OSINT is your friend! When investigating the board of directors or those in top leadership roles, a clearer picture will develop around the organization’s commitment to their stated initiatives. Are they merely paying lip service to inclusion work, or are they actively putting funds and effort into maintaining a diverse hiring pipeline and promoting equitably from within? It may be helpful to look at the range of people employed at the company on LinkedIn to get an idea of who the company hires and supports.
Respectful Candidate Reviews
Interviews can be an uninviting chore for everyone involved, or they can be a bit like speed dating -- each party shares a little about themselves and determines if they would like to talk more. When you do make a good connection, it’s a great feeling. The worst interviews I endured were with companies that treated the experience like an exam instead of a discussion about the role, what they offered, and what I could contribute to the team. I have had more than one interviewer explain to me what basic acronyms were (such as CISO) when I hadn’t asked for clarification and certainly already knew the answer. If I was already being talked down to in the interview, there would only be more of that to come if employed by the company. Microaggressive behavior from leadership is a solid deal breaker for me as it effectively reduces my success potential within an organization, and an overly-lengthy interview process can also be indicative that the company does not value your time and/or is in fact disorganized, all red flags worth course-correcting over. I hope if you ever feel misled, ignored, patronized, or otherwise belittled by any interactions with a company during the candidate review process you will dust off your shoes and take your skills elsewhere.
Pathways to Progression
Getting a realistic idea of internal career progression within a given organization may be one of the more difficult situations to accurately assess during the interview process. The best way I found to gather intel on this subject is to ask outright if any specific processes currently exist within the organization for trackable career advancement. If the company has an actual program with clear assessment protocols and objectively determined performance measurements this is ideal. In my new role as a pentesting consultant, the final interview was with a couple of individuals who had been promoted internally several times over the course of about 5 years. This was a good sign! Some companies may state they offer opportunities for career progression without any proof to support the claim; be sure to ask for hardline evidence. An especially important point to drive home if you’re a minority in any way is that objective performance assessment metrics are of considerable value on the path to promotion.
Goals Before Roles
The biggest contributing factor that led me to endure so many interviews was a lack of personal specificity in selecting job openings to pursue. I was intently organized in tracking my progress, contacts, timelines, and also networking daily, but the roles I applied for included everything under the sun: GRC, SOC analyst, pentesting, DFIR, and so on. It was a great approach for getting interviews on my calendar but when the time came to discuss my future goals with interviewers, I had difficulty tailoring my true passions in a way that would neatly align with the role under discussion due to the overly broad array of positions I had thrown my resume into the ring for.
A key lesson learned is to spend real time honestly considering your individual long-term plans. If you know who you are and where you want to go, it will be much easier to turn down options that won't carry you toward your intended finish line. You will instead feel confident in putting energy toward those opportunities that will provide the best training and experience for your unique career journey. I went into Cybersecurity with a burning desire to use technical, hands-on skills in my daily work, and placing this self-awareness at the very heart of my job hunt brought me to companies that offered an organized and robust onboarding experience for roles that provided the kind of challenging, technical work I so craved. Narrowing my focus to positions that would deliver an environment of support for the goal-oriented experience I truly wanted made my interview conversations so much smoother and much more rewarding toward the end of my search.
Two (and a Half) Weeks to a New You
Some time after that cold and fateful January meeting, I did in fact find myself included in a layoff that eliminated my role from the company in an effort to cut costs. Those 300-plus applications, 45 interviews, and well over 1,000 hours of effort expended during the job hunt did lead me to a role I truly am passionate about, and I’m so thankful I trusted my intuition. I was already mentally prepared to make a career change and the bulk of my job search was in motion before I was handed any layoff news. I’m happy to say it was a mere 18 days from the time of layoff to new offer acceptance.
The ultimate goal in sharing this story -- a woman of color who successfully executed a career-pivot into a technical cybersecurity role -- is that others on a similar journey may find helpful and actionable steps toward achieving the same kind of results for themselves. And ideally in fewer interviews! I especially hope that those who have practiced cautious intentionality in the teams they join due to racism or other discrimination are able glean useful tips from my experiences for their own processes. In the end, it comes down to a few basic principles: do your research on how companies approach the topics that matter most to you, trust when your gut tells you to walk away from a bad situation, ask hard questions directly, and above all else keep your own goals at the heart of it all for this is what will carry you through.