We sat down with two Fullstack Academy Cyber Bootcamp alums to find out what it's like to work in cybersecurity today. Fabianna Rodriguez-Mercado and Sarah Gold both graduated from the Cyber Bootcamp in 2019. Fabianna now works as an Information Technology Analyst at Accenture, and Sarah works as an Associate Solutions Engineer at Snyk. They share their tips for working as a remote cybersecurity employee, how they prepared for the CompTIA tests, and what their day-to-day looks like in their cybersecurity jobs.
What were you up to before enrolling at Fullstack Academy?
Fabianna: I grew up in Puerto Rico and got a degree in business and marketing administration from the Pontifical Catholic University of Puerto Rico. While I was in college, I tried a lot of different routes. I tried being a chemistry major, I did an internship with the USDA, I did the Disney College Program. After college, I got a job as a marketing consultant, and most of my clients had tech needs. Businesses were transitioning to digital, and I felt like I needed to be able to assist them with their technical needs so I decided to learn more.
Sarah: I worked in the jewelry manufacturing industry. I went to school for fabricating and designing jewelry and international business practices. I got more into technology and ended up being a 3D technology specialist for jewelry factories around the New York area. I had a great time with it and learned a lot.
Fabianna, why did you choose to pivot into cybersecurity from marketing?
Fabianna: I worked in marketing for five years as a consultant in Puerto Rico. One of my consulting client's websites got hacked and I didn't know what to do about it. I reached out to some IT professionals who helped me figure it out, and that's when I realized I needed to know more about IT. I moved to New York shortly after that. New York had just launched Cyber NYC, a $100 million investment from the state to help create 10,000 cybersecurity positions in New York state. My interests, the opportunities, and my life just happened to line up!
Sarah, what stood out to you about Fullstack Academy’s Cyber Bootcamp?
Sarah: Fullstack Academy was recommended to me by one of my friends who went through a web development program at Grace Hopper. I knew that the jewelry industry was struggling. Computer-aided design (CAD) was my favorite part of the job, but it was starting to move overseas. I wanted to add more technology to my job and one of my friends highly recommended getting into cybersecurity. When I saw that Fullstack Academy was starting a cybersecurity program, it was obvious to me that I needed to look into it more and see what it was about.
Fabianna, what was the day-to-day experience like at the Fullstack Academy Cyber Bootcamp?
Fabianna: It's like a 9-to-5 job except it’s studying. In the morning, there were lectures. We did some pair programming in the afternoon to practice the skills we learned in the morning lectures. That's something I enjoyed the most. Pair programming gave us the opportunity to work on our soft skills and practice working as a team. Every day we worked with a new partner.
Sarah, what types of projects did you work on in the cybersecurity bootcamp?
Sarah: There was a broad range of projects. We started out learning IT essentials and got into some basic Python scripting. We moved into penetration-testing projects and a project with Linux. There were a lot of hack-the-box projects. Later, we started projects that were more defense-oriented. We learned how to automate procedures that are involved with log auditing. We did our final projects in pairs. Having never scripted in Python before, my partner and I scripted something that automates part of the penetration-testing procedure.
How did you prepare for the CompTIA certification tests?
Sarah: I did my certification during the bootcamp. I took the CompTIA Security+ test a month after I finished the at-home pre-study from Fullstack Academy. I was not expecting that I would pass, but I did! At the end of the program, around the time that we were doing our finals, I sat for CySA+ and again didn't feel confident, but I passed on the first try! I studied with my friends and everyone at bootcamp, which helped a lot.
Fabianna: About six months before Fullstack Academy, I was a student at Per Scholas, which is a different type of IT bootcamp. There, I earned two CompTIA certifications: Network+ and A+. That was my foundation for IT. While I was in Fullstack Academy, I worked on my Security+ and CySA+ certifications. I prepared for the certifications by reading books and attending classes mostly. Fullstack Academy provided the space and environment where I felt comfortable asking questions. It was somewhere that I could push myself to learn faster. I loved that Fullstack Academy compressed three months of learning into just a few weeks.
What tips do you have for cybersecurity bootcampers currently preparing for these certification tests?
Fabianna: Find how you learn the best. Everyone learns differently. I learn best by reading books cover-to-cover. Other people feel comfortable watching videos, using a resource like Udemy, and some people learn by themselves by doing research on Google. I know that reading books is time-consuming, but it is the way I feel most comfortable and confident.
Sarah: I agree with that. Learning about yourself is one of the biggest steps in the process. I am totally baffled by people who can read a book cover to cover! That doesn't work for me. I'm a visual learner, so I do well with podcasts and videos. I also learn well when I'm moving. After I figured that out, I downloaded lectures and podcasts like Professor Messer’s to listen to while walking through the park. Make sure it doesn't feel like torture! Make studying something that's enjoyable.
Sarah, now that you're an Associate Solutions Engineer at Snyk, what does your day look like? What types of projects are you working on?
Sarah: I don't do much programming in my position. I do read a lot of code, though. Going from someone who had no experience coding to being able to read and comprehend many languages has been a huge change. I'm sort of a developer advocate within the cybersecurity arena. Snyk's product aims to help people use open-source software and containers in a secure way using a shift-left mindset and integrating throughout the entire software development lifecycle.
A lot of my job is giving demonstrations to Developers and Security Analysts, and trying to figure out if we're going to be a technical fit for a client. The other part of my day is helping people integrate Snyk in their environments. I had to learn a lot about the developer workflow and the different tools they use. I help them troubleshoot and make sure that we're able to be an easy fit for them. The whole point is we want it to be easy for companies to be secure. I spend at least two hours a day studying or talking with my coworkers to get up-to-date on the latest technology and issues that we're solving.
Fabianna, you're working as an Information Technology Analyst at Accenture. What are your daily responsibilities?
Fabianna: I'm working with the local technical support team and I also work with the marketing and communications team. It's interesting to have a mixed role here. Accenture is a consulting firm, and it advocates for every employee to know about information security. I'm working on a project for OneDrive adoption. Every employee has it but we need to protect our data more and promote different features where we can improve the security. I'm also currently supporting the COVID-19 response team's contact tracing program.
Fabianna, do you recommend cybersecurity professionals also get additional training in IT support?
Fabianna: I think that every training is helpful, but it depends on what you're looking for. When I began trying to understand IT, I didn't even know what a motherboard was. The IT Support program at Per Scholas truly set the foundation for my career.
What does the typical career path look like for someone who is new to cybersecurity? Do you start in a junior role and work your way up or do you need a degree to get a senior-level job in cybersecurity?
Sarah: It varies based on the organization. There have been some organizations that I've talked to that don't have entry-level cybersecurity roles because they consider IT the beginner role and you have to be an intermediate to even qualify for cybersecurity. Some companies believe that if you're driven with an ability to learn and you have the certification, then you can start in an associate or junior position and work your way up without a degree. A small company that doesn't have as many resources is more likely to request that you have a degree because they don't have time to train anyone. It can be similar with finance companies because they want more official credentials on paper. In the general tech industry and product-based companies, you'll be seen more as an individual and less as a piece of paper.
Fabianna: I agree with that! It truly depends on each company. Based on the research that I've done, an advanced degree or certification is often required for senior-level jobs. For example, many jobs ask for CASP+ and many years of experience, and then there are companies that require zero experience for promotion. I know someone at Accenture who has a position in security who doesn't have certifications or a degree in security. There's a place for everyone.
Are you using what you learned at Fullstack Academy in your jobs now?
Fabianna: I personally learned a lot at Fullstack Academy, but I think that a bootcamp or any academic environment can't teach you everything. I'm constantly learning new things and challenging myself. The bootcamp will provide you with a ton of information, but you have to keep learning and growing. It's a balance between what they can offer you and what you actually need for what you're interested in.
Sarah: Personally, I learned almost everything I know about cybersecurity in that bootcamp, but I also had to learn a whole lot more because of the nature of my job. I basically had to learn how to be a developer even though I'm not a developer. This career is always going to require a lot of learning. When I first applied to this job, I asked one of my Fullstack Academy instructors about it. We didn't go over that much app security material in the course, so he helped me get a refresher on the important concepts I’d need to know. I wouldn't have gotten here without the bootcamp, but there's also a lot more work that you have to put in afterward to adapt to whatever environment you find yourself in.
Fabianna, how did Fullstack Academy prepare you for your job search?
Fabianna: We had a Career Success Lead named Jackie Ore at Fullstack Academy. I also had a career coach from Per Scholas named Ramone Smith. They were both extremely helpful in my career transition. They helped me prepare my resume and practice my interview skills. Most importantly, they helped me identify the experiences from my previous career that were relevant to my new cybersecurity career. That can be challenging for people doing this transition. They gave me the confidence and the skills to get the job that I wanted.
Sarah, what was the job interview process like at Snyk? Was there a technical interview?
Sarah: Prior to my interview at Snyk, I had done a lot of practice interviews with members of the Fullstack Academy team. This interview ended up being a much different style. It wasn't the typical technical cybersecurity interview that I expected. It was more about whether or not I was going to be a good culture fit and if I was teachable. I made it through three rounds of interviews with a couple of different people. The final interview was a panel presentation. I had to try to learn three aspects of the product, put together a slideshow, and then present it for three team members. I had a little bit less than a week to do that. It was terrifying, but putting the time into it and showing that I was truly interested in the company and that I was motivated to learn more were what got me through that process. I did a practice presentation with Jackie from Fullstack Academy's career services team before I presented it to the Snyk team.
What resources do you recommend for bootcamp grads who are currently on the job hunt?
Fabianna: I used LinkedIn, Indeed, and Google Jobs. I highly recommend joining Meetup. Meetups helped me build relationships in the industry and get a sense of community in cybersecurity. The Cyber Ladies group in New York City is my favorite.
Sarah: I agree with that. Keep in mind that it shouldn't all feel like networking. Find people who you enjoy hanging out with who are also in the cybersecurity arena. You don't want it to feel like a job when you're hanging out with them on a Thursday night. Establishing a community helps you keep your focus. It reminds you why you got into cybersecurity and that it can be enjoyable.
What is the difference between working remotely in cybersecurity versus working in an office with a cybersecurity team?
Sarah: I was initially hired as a remote worker for Snyk, so not much has changed for me. I love working remotely. I still feel connected to my team. We Zoom each other all the time to check in and to troubleshoot work-related things that we're dealing with. Snyk is a global company, so I also get to talk to people from our London office and people from our Tel Aviv office. It's great to have that connection with our entire global team and not have to drive to work. I can spend more time taking care of myself while still focusing on the work that I want to do.
Fabianna: I miss my team a lot. I miss having the opportunity to learn together. When we were in the office, if there was an issue and all of us didn't know how to solve a problem, we would all research and share ideas. It's more challenging to find those opportunities now, but I've been able to work on things that require more productivity without the office distractions.
Did either of you experience bias against bootcamp graduates in your job search?
Sarah: For sure. If somebody spends tens of thousands of dollars on a four or more year degree and they think that's what qualifies them and their entire team for cybersecurity, they're not going to be comfortable with the concept of a bootcamper. You need to make personal connections with people so that you become less of a piece of paper and more of a human being to them.
Fabianna: My experience was completely different. Accenture recognizes the strength in diversity. In my team, about one in 10 of us have a computer science degree. I work with a musician, Per Scholas graduates, MPower graduates, Fullstack Academy graduates, and people from marketing. Our diversity makes us a well-rounded team and it's fun to work with so many different people.
Sarah, how did your background in jewelry and manufacturing transfer to cybersecurity?
Sarah: There are surprisingly more connections than I expected. A big part of my job was making sure I knew how to clearly communicate with the people I was working with who all had a variety of experience levels with the things that we were working with. That strongly translates to what I'm doing right now. I'm talking to Developers and Security Analysts who know so much more than I do! Sometimes I'm working with people from management who know what's going on in their company but might not totally understand the development process or how that's applicable to them. Being aware of what someone's knowledge base is, what they care about, and making sure that I'm communicating in a way that's relevant to them and compassionate to the problem their having is a skill that I'm grateful to have translated over from jewelry manufacturing.
What has been your biggest challenge in your journey to becoming a cybersecurity professional?
Fabianna: My biggest challenge has been deciding what to learn next and then figuring out where to start. Once you enter this path, you will learn that cybersecurity is extremely broad. There are a lot of areas and certifications that you can get into. Right now, I'm considering looking into AWS, compliance, security awareness, and risk management.
Sarah: The biggest challenge for me was not getting psyched out. Initially, the job search was scary. I was constantly feeling like I didn't know enough and I wasn't good enough. I even felt like maybe I didn't have enough specialization. Once you stop psyching yourself out and realize that you only started studying this a few months ago, it gets easier! Communicating in a way that feels more genuine with the people that were interviewing me ended up working out in my favor because I found out right away that I wasn't a fit and that it wasn't personal. It's great to find myself in a place where the company was ready and willing to train me. Getting out of my own way in the job search was my biggest hurdle.
What’s your advice to someone considering making a career change into cybersecurity?
Fabianna: Consider what excites you the most about technology. When you figure that out, go for it! I truly believe there is a role for everyone in technology. My journey wasn't traditional at all, but there is space for me! If you're into HR, you can be a recruiter for technical skills and you can mix that with new knowledge from a bootcamp. If you're into sales, you can be a technical sales representative. There are a ton of opportunities. I'm happy I made the leap.
Sarah: In general, if you're considering going the cybersecurity bootcamp route, the most important question you need to ask is, “Can I handle the fast-paced learning that this requires? Is this the type of learning that's going to suit me best?” I wanted a program with fast-paced, driven, passionate people so that we could pull ourselves up together. That's exactly what I found in Fullstack Academy.