After my last column, I received tons of great feedback (thanks, Mom) and lots of questions. There was a common, and somewhat Catch-22-like, theme: How does one find a security job without security experience? And how does one obtain security experience without a security job?

The cybersecurity industry is immature but growing rapidly. There's no standardization of job titles or classifications -- an "Information Security Analyst" and an "Information Security Engineer" might perform the same functions for two different companies. Is cybersecurity different from information security? There are as many opinions as there are ways to spell "cybersecurity" (or cyber-security or cyber security or Cyber-security).

So how do you obtain a security gig for which you're not a perfect "10"? Here are some tips for landing the job of your dreams even if you're more a Dudley Moore than a Bo Derek.

Tip 1: Read the job description closely. Now read it again, and ask yourself this question: "What does this company need someone to do?" Not, "What does it need someone to have?" Then decide whether or not you can do whatever "it" is. Now comes the difficult part: You have to prove it, in writing and in person (or over the telephone), and that requires getting a foot in the door. Draft your resumé and cover letter to focus on why you can do the job that's advertised. When you're not a Bo Derek, you really need to broadcast the other qualities you bring to the table -- you're a hard worker, ethical, you live close by, you have industry-specific knowledge or experience, perhaps you know someone who works at the company or an industry superstar who will provide a glowing reference, or maybe you can pass a background check that would make a proctologist blush.

Tip 2: Avoid human resources. HR professionals are expected to recruit a variety of skills and cannot possibly understand the details of what makes one person more qualified than another. Unfortunately, the majority of the time, it comes down to a keyword search match -- a game of concentration. It's extremely difficult to stand out from a pile of electronic submissions unless your experience (resumé) includes all or a majority of the keywords called for in the published job description. Don't waste time throwing your resumé into that black hole unless you're a Bo Derek.

... Read full story on InformationWeek

Post a comment to the original version of this story on InformationWeek