Got a job in cybersecurity without a university degree
Sigma School
15th April 2024
Watch the full interview here:
Johnson currently serves as a cloud security financial tester and is still studying for a degree in cyber security. In this article, Johnson shared with us what got him into the tech journey and how he got a tech job even without a degree in his hand. We hope that you guys can gain some new insights through his experience, enjoy!
Yeah, sure, my name is Yong Kah Hoe (Johnson). I'm currently studying degree in cybersecurity and I'm also currently working as a cloud security financial tester,incident response and some cloud infrastructure management. My story is that I started my journey as a cyber security engineer around when I was 19. I got interested in cyber security at that time but unfortunately my college doesn't offers diploma specifically for cyber security but i wanted to study purely that because i know what i want to do in the future so what i did is I went out and took courses and that was the game changer for me as the certification actually secured me an internship position like the earliest compared to my friends.
We were required to take a three months internship on our semester 6 and during the end of semester 5, I actually went out and got an cyber security entry-level certification and that itself helps me to secure an internship job, faster than all my other friends and most of them can’t find any intern job that time because they did not have any experience or certification . For me, I got a job offer immediately on JobStreet after I obtained my certification.
The reason that I am so passionate is because like things that relate to security, I feel like security will affect the world a lot, it's the game changer and it's a must for every company!
When I dive into the world of cyber security, i didn't do any research so the first time when i actually entered into the course like it was so hard for me to even catch up sometimes so when i went back home and review everything, it’s surprisingly there's so much i don't understand and i would need to study until midnight to catch up with other students in the course but it was a fun journey for me. I would say 60 percent of it starts from the networking side of things until you actually get to know more about security things.
After my internship finished, I had a six-month break at that time. I wanted to take on more projects to brush up my skills, so I went to Developer Kaki (A Facebook group) and asked if anyone needed a freelancer for a penetration testing project. I also went to Sunway Tech Club to give a talk on cyber security. I shared topics such as proxies and how to conduct penetration testing. I also did a write-up about capture-the-flag where I shared about what kind of challenges I faced and how I overcame them. These kinds of journeys actually help to propel my career and brush up my skills that I need for my future career.
Well, first of all because my parents promised me that they would send me to get a degree. For me, I want to study something that’s more specific and after some research, I found out that Sunway University offers a degree in cyber security and also provides other professional certifications. I could also choose a route that I don't pursue a degree but continue to work professionally but the sole purpose that I continue with a degree is that I want to get a degree certification.
If I were given a chance to start all over again, I would choose a route where I will finish a diploma and internship, then I will straight up go for cyber security certifications instead of going for a degree. First of all if you know what you're gonna do in the future then don't waste your time doing or learning something that you're not gonna use. It's the same as if you're into cooking but you are telling me to study hotel management, it's not the same thing even though cooking is in hotel management course. If you especially like cooking then just go for it and it's the same goes for any IT field. If you're into say programming, data analytics or cyber security then just go for it but not a degree in computer science because it's only going to teach you the basics that’s enough to get a few things done but not really secure a proper job in your desired industry.
In my experience, and I will be very honest that even with a CGPA of 2.5, I am the first one to get a job out of all my batchmates. If you were to ask me again, yes I would revert my choice and go out, get a professional certification and secure a job immediately. In an interview, people aren't going to ask you what you did in your degree but they're going to ask you what you can do? What’s your experience in other things? Degree doesn't prepare you for all these, but getting a professional certification can prepare you for these industrial level work. If you have a professional certification, it's actually a proof of recognition for the company to know what you actually know and are an expert in.
To pass a diploma test, all you need to do is just memorize the answers because that’s how the paperwork test works but when it comes to a real life job, you can't just memorize everything, you need to do hands-on work. My advice is, when you're doing your diploma, always learn something outside what your lecturers teach you because when you come to a proper industry work, they’re not gonna ask you stuff like “Hey, code a HTML for me”, the company going to ask you to do many different things like do javascript for me or do laravel php and these kind of things doesn't teach in diploma.
Cyber security actually has a very low demand in Malaysia because Malaysia is a country that doesn't focus on security but with Malaysia starting to step into the IR 4.0, there’s more companies that are hiring for cyber security right now.
I started my journey as a penetration tester and learn cloud infrastructure later on and i implement my knowledge in security knowledge into cloud infrastructure and then GCP (Google Cloud Platform), where in GCP, there’s this system called stackdriver where you able to monitor people’s action and i am able to apply my security knowledge into cloud security and transforming myself to be a cloud security engineer.
In my opinion, in the cyber security journey, never limit yourself to just one role, the more you interact with, the more you learn, the faster you are able to find your own sweet spot. I never expect myself to become a cloud security engineer right now. I have done a lot of different things and even right now I am starting to develop my own python for my security penetration test.
Cyber security is a fun journey for me because I get to experience a lot of different things like mobile application, web application and network application. There’s a lot of people saying that cyber security is hard because you need to know a lot of things but that's actually not the case.
You don't need a programming skill to actually do a penetration test on web application because web application uses one thing to communicate to other which is https and http, so as long as you know how to play with http and https you will do fine, knowing a programming language is a bonus but to clarify out there you don't need a programming skill to actually do penetration testing or cyber security.
Firstly, do enough research to know what you want and secondly identify your end goal because in cyber security there's a lot of different routes you can go. It took me a long time to identify what my end goal is.
To learn cyber security, you need to have the initiative and passion to keep learning as you have to learn a lot of things for example if you want to do a mobile penetration test, you need to also know about mobile application layers, mobile packages etc. It will take passion and initiative to deep dive and learn.
My suggestion is, if you are working currently, go ahead and take a certification course, it will probably take you five days in-house. For beginner level I would prefer you to go in-house because it’s important to have a trainer to guide you step-by-step.
For university students, go and study some cyber security skill sets during your free time to prepare yourself for the real-work situation. When I go for an interview, the interviewer doesn't even ask if I have any diploma or degree, they just want to know what my skill set is and what I can do for them.
Never stop learning and let me tell you this through my own experience, you don't need a diploma or degree to be successful. The one thing that stops you from becoming successful is yourself, are you willing to take the initiative and learn to improve yourself. And also follow us The Hacker Collective as we actually have some very good courses now :D
Thanks for the awesome interview!
If you are interested in learning to code, whether it's web development, front/ back-end development, join us - the #1 online live coding bootcamp in Malaysia.
Learn more here: https://sigmaschool.co
Facebook: https://www.facebook.com/joinsigma/
Instagram: https://www.instagram.com/joinsigma/
Linkedin: https://linkedin.com/company/79085028/
Whatsapp Us
