Despite what you might have heard, there’s no shortage of people looking for jobs in cybersecurity. Every open position triggers stacks of resumes, but the challenge is finding the right people with the right skills to do the job.
Most resumes include impressive lists of certifications and degrees, but that’s not what employers are looking for the most. If you’re seeking a job in cybersecurity, the best way to set yourself apart is to demonstrate an aptitude for the skills actually needed to be a great threat hunter, investigator or researcher. But how can you demonstrate that aptitude if you don’t already have a job doing it?
It’s pretty simple, actually. Just find recent threats that have not yet been analyzed and write an analysis about them.
That’s not as complicated as it may sound. You can actually just search the web for new and relatively unknown malware. There are so many different ways to do this.
As a simple illustration, if you want to examine some opportunistic attackers, one useful technique is to search for a hot topic (especially one that is emotionally charged) and add phrases like “free download” to the search. For example, in a recent search for “stop the steal” (a powerful catch phrase for a segment of the U.S. population) and “free download,” one of the top results pointed to an algorithmically generated (DGA-looking) domain with an article about U.S. presidential impeachment. Clicking on the result redirects to a page that uses a fake landing page with a “human varication” check (complete with false Captcha logo) designed to trick users into allowing the doma ..