My cybersecurity career officially started in 2021 with one of the leading and largest consulting and IT services firms in my country. Over the next three years, I worked on significant engagements within the Digital Forensics and Incident Response (DFIR) domain.
Why I transitioned from consulting to a content engineer role
During my time in consulting, I spent a significant amount of time researching and experimenting with various tools and techniques to upskill myself and stay current with industry trends. I found great enjoyment in this process—particularly in simulations, detections, and continuous learning.
This period of intensive learning and development also led to several speaking invitations at various events. I was asked to deliver talks on my areas of expertise, develop content, create CTF challenges, and design courses. These experiences made me realize that I could continue to learn and grow while also creating valuable content for the community.
Transitioning to a content engineer role offered the perfect blend of continuous learning and content creation. It allowed me to acquire new skills and techniques, while also diving deep into topics to ensure that the content I produced was accurate and insightful. This realization led me to make the decision to transition into the role of a content engineer.
Skills Necessary to Become a Content Engineer
Having spent a reasonable amount of time in the industry, I believe I can share my perspective on the essential skills needed to secure a job in cybersecurity.
Communication
First impressions are lasting.
The first thing we do with others is communicate our thoughts, ideas, and ourselves. A lot of work happens during these interactions, as the other person forms an image based on how you talk and express yourself. In my experience, many people tend to overlook the importance of soft skills in cybersecurity—the non-technical aspects that play a crucial role in job acquisition. While technical skills are vital, soft skills are equally important. For instance, you might be able to write high-quality code, but if you cannot explain or present it effectively to others, it becomes a barrier.
Networking
Don't wait for the opportunity… create it.
Networking is an invaluable skill in the cybersecurity industry. It involves building and nurturing professional relationships that can lead to potential job opportunities, collaborations, and knowledge sharing. Through networking, you can gain insights into industry trends, learn about job openings, and receive recommendations from peers.
Active participation in industry events, conferences, and meetups can significantly expand your professional network. Engaging in online communities, contributing to forums, and connecting with professionals on platforms like LinkedIn can also enhance your visibility and credibility.
By creating and maintaining a strong professional network, you not only open doors for yourself but also position yourself as a proactive and engaged member of the cybersecurity community.
Writing
You have learned how to communicate and how to build a network, but there is still more to master. In the industry, once the technical work is done, the next critical step is documenting it or creating a report.
Practicing writing blogs, walkthroughs, or Proof of Concept (PoC) documents demonstrates your writing skills and indicates your ability to produce quality reports. This skill is crucial because clear and concise documentation is essential for communicating your findings and ensuring that others can understand and replicate your work.
Additionally, strong writing skills can help you create detailed project plans, proposals, and instructional materials. These documents are vital for collaborating with team members, presenting to stakeholders, and contributing to knowledge sharing within the community.
Practicing
Everyone knows practice makes you perfect. In today's rapidly evolving technological landscape, continuous practice and learning are essential to keep up with the industry's demands.
It allows you to refine your skills, discover new tools, and develop innovative solutions to complex problems. Engaging in hands-on projects, participating in CTF competitions, and working on real-world scenarios can significantly enhance your practical knowledge and expertise.
Moreover, practice helps you build confidence in your abilities and prepares you to tackle various challenges you might encounter in your professional career.
Certification
The topic of certifications has been a subject of much debate. Do certifications guarantee you a job? From my perspective, the value of certifications extends beyond just job security. For me, certifications have always been a reality check and a confidence booster, essential elements that everyone needs from time to time.
Certifications challenge me to step out of my comfort zone, learn and develop new skills, and gain the confidence necessary to tackle similar engagements in the industry without hesitation. They push me to stay current and relevant in the ever-evolving field of cybersecurity.
It's important to note that certifications do not always have to be expensive. If you are a student with a tight or no budget, you can opt for free courses that provide certificates or those that are more affordable. Once you secure your first job, you can then plan and prioritize paid certifications to further upskill yourself. Remember, learning is a never-ending process.
Determination and Resilience
Not everything will go as planned, and sometimes we must face rejections. It's okay to feel sad or even cry at that moment. However, what truly makes the difference is how you react afterward.
Do you continue feeling low, or do you look for the mistakes you made and work on them? The former might be more comforting, but the latter will make you emotionally and mentally strong. Failures are an integral part of success, and you cannot skip the process and jump to success directly.
I always say when asked—failures will come and teach you a lot. If you continue to feel low, you will remain in that state, but if you learn from your mistakes, you can reach the sky. Success is guaranteed if you keep learning from failures and mistakes.
How I got my Job as a Content Engineer
I’d like to share how I got my job as a Content Engineer at Security Blue Team, using the points mentioned above.
In August 2023, I found a job posting on this very cybersecurity careers platform, which I saw mentioned on LinkedIn. The position was for a Junior Defensive Content Engineer at Security Blue Team. I met the requirements and applied. A couple of weeks later, I received an email that my application was accepted. I was very excited because the job description included activities I love.
To learn more about the job, I contacted Malik Girondin, who is now a good friend. He kindly answered all my questions. I then took a technical test, which went well because of my previous practice with simulations. My profile, including relevant certifications and tutorial blogs, looked strong.
However, due to unforeseen reasons, I did not make it to the final round. This was disappointing. Despite feeling low, I continued doing what I loved, with support from my connections. I contributed as a freelancer to the "Request for Lab" initiative launched by SBT.
In mid-2024, I saw the job opening again on CySec and reapplied. My application was accepted quickly, and my interview was scheduled within a week. Since I had already shown my skills before and contributed to the Lab, no additional technical test was needed. Joshua Beaman, the CEO and founder of Security Blue Team, interviewed me and continued from where my last interview ended. Within a few days, I received an offer letter and was confirmed for the position.
Skills Required to be a Content Engineer
Staying up to date
As a Content Engineer, it's important to be aware of new threats, emerging technologies, and industry best practices. Keeping up with current trends ensures that the content you create is relevant and accurate. Resources like blogs and forums, social media, podcasts and webinars, conferences, industry news websites, etc., provide great information that can be used by individuals.
Knowing the Infrastructure
Understanding the technical infrastructure you work with is essential for creating relevant and effective content. This includes knowing the various components of a network, how they interact, and the common configurations and architectures used in the industry.
Virtual Labs: Set up virtual environments to practice and understand different network setups and configurations. Feel free to check out the free course on Virtual Machines by SBT: Intro To Virtual Machines.
Home Labs: Build a home lab to experiment with various tools and technologies.
Simulations: Use simulation software to create and test scenarios without the risk of damaging a live environment.
Knowing the Toolset
Familiarity with the tools and technologies used in your role as a Content Engineer is crucial. This includes both the tools for content creation and the cybersecurity tools you will be documenting or teaching about. Tools can include cyber security tools and content creation tools which can include, SIEM, Wireshark, antivirus softwares, Metasploit, forensic tools, Content Management Systems like Confluence, Video Recording & Editing etc.
Being Realistic in Planning the Lab
When planning labs or practical exercises, it's important to balance ambition with practicality. Overly complex labs can be overwhelming, while overly simple ones may not provide enough learning value.
Consider the following when planning labs:
Objective Clarity: Clearly define the learning objectives of the lab. What should the participants learn or achieve by the end of the exercise?
Resource Availability: Ensure that the required tools and resources are readily available to the participants. This includes software, hardware, and any necessary configurations.
Step-by-Step Guidance: Provide detailed, step-by-step instructions to guide participants through the lab. Include screenshots and explanations to help them understand each step.
Feasibility: Ensure that the lab can be completed within a reasonable time frame and does not require excessively specialized knowledge or resources.
Conclusion
Skills required for cybersecurity, such as effective communication, networking, continuous practice, and obtaining relevant certifications, lay a strong foundation for any role in the field. Becoming a successful Content Engineer builds on these fundamentals and requires a blend of continuous learning, practical experience, and effective communication. Staying updated with industry trends, understanding the technical infrastructure, mastering essential tools, and planning realistic labs are all critical skills. By developing these abilities, you can create valuable content that educates and empowers others in the cybersecurity community.
If you're looking for a new role in cybersecurity, be sure to check out the available vacancies on CySec Careers!