
Ask HN: What to do when all you have is talent? - tfg4k
I&#x27;m at the end of my rope and this is my first post. Please be gentle. (deep breath)<p>I started in IT 15 years ago as a help desk jockey for a small ISP back in the dial-up days. Since then I have done everything from low level hardware support to leading a large government project installing a new telephony&#x2F;messaging solution for a school system.<p>Here&#x27;s the thing: I dropped out of high school and got a G.E.D. my Junior year. I have always had a weird knack for learning on the fly (are the rest of you like this too?). I always bluffed my way in to jobs I was completely unqualified for and pulled it off quite well.<p>Then the recession hit my area particularly hard so I tried the local technical college but decided it wasn&#x27;t worth the debt or time learning stuff I already knew.. Lately, I have been wasting my time trying to break into IT Security (always my primary interest), with no luck because my security experience isn&#x27;t professional. I was able to self-study for both my Network+ and Security+ (gotta start somewhere) and did surprisingly well. I&#x27;m proud that I was able to score 895&#x2F;900 on the Security+ exam after just reading for two weeks but these certifications didn&#x27;t seem to make a difference.<p>I&#x27;ll get to the point. I can&#x27;t seem to get my foot in the door anywhere to do anything from level one help desk work to anything else. Add a new family to the picture and you can see why I need to make a move now. What&#x27;s someone like me to do? I am talented (some past coworkers and managers actually called it freakish), but you cant put talent on your resume. I&#x27;d relocate anywhere on earth for a stable job. I pull a deer-in-the-headlights every time I try to find a new skill to learn. Too many options. I don&#x27;t know what&#x27;s in demand. What can people still turn in to a long-term career? What area or &quot;discipline&quot; in IT shows promise for a career?
======
ChainsawSurgery
I'm gonna venture a guess here, and there's a decent chance you're going to
respond poorly to it and think I'm just being an asshole, or do some
rationalization and throw my opinion away. But I promise: I'm not just trying
to put you down. At least consider it.

> I can't seem to get my foot in the door anywhere to do anything from level
> one help desk work to anything else.

Maybe it's how you come across personally; whether that's in interviews, or
cover letters, or introductions.

A good hiring process is probably in the 60/40 ratio of talent/personality. If
you're a complete 0 in the personality department, you're probably not going
to get hired unless you're a Carmack-level talent. Some places will skew that
one way or the other, but I doubt it'll ever go more then 75/25 either way
unless you find somewhere completely dysfunctional.

Saying things like:

> I always bluffed my way in to jobs I was completely unqualified for and
> pulled it off quite well

are usually red flags for me, personality-wise. It reeks a little of someone
who constantly needs to publicly validate themselves as "the smartest person
in the room," and ends up not accepting feedback very well (if at all). To me,
self-reflection, the acceptance that maybe you're not as talented as you
think, and striving to constantly be better are critical parts of being a
professional.

It's sorta like that person in school who constantly made sure to tell
everyone that they didn't study and still aced the exam - most people don't
enjoy working with or talking to that person for any extended period of time.

Anyway, I'm not gonna sit here and shit on you. We've all got our things. Just
maybe some food for thought.

~~~
hackinthebochs
Or perhaps he was just establishing context so we could better answer his
question? There's no reason to assume a personality defect because he was
communicating honestly about the situation he finds himself in.

~~~
ChainsawSurgery
Sure, and I'm giving him the benefit of the doubt that he's not a jackass and
perhaps just phrased things in a way that set off an alarm in my head. If I
really thought he was a total git, I wouldn't have responded at all.

However on the off-chance that some of that is leaking into interviews or
cover letters, it's probably worth remediation.

~~~
hackinthebochs
But that's the thing though, there is no way any mention of being unusually
smart or capable would not have been received by you negatively. We've gotten
to the point where we can't honestly acknowledge our strengths without someone
feeling slighted by it and then judging us for it. We see it all the time in
fact, anyone who is publicly recognized for a great thing they did must show a
proper amount of deference and humility, otherwise they are seen as being
pompous or full of themselves. This shouldn't be the case.

------
cheetos
There are three ways to play the game:

1\. Play by the "rules": stockpile the degrees, certifications, awards, etc.
that we all know are largely useless but are absolute requirements for
signaling your way through a standard corporate job interview. If you are
after a normal, boring, corporate American desk job (nothing wrong with this
depending on your life situation) you must play the game by the rules. If you
don't, you will delude yourself and lose opportunities to lesser talented
candidates who are better at playing the game.

2\. Leverage your connections: use your professional connections to bypass /
skip many of the requirements set by the "rules" to get a job. This requires
less of playing by the rules but means you must have a solid professional
network of people that have good jobs at companies that are looking to hire
and are impressed enough by your work to give you a recommendation. This is
harder than it seems, even for those with good connections, but I personally
have found the most success finding good jobs these way.

3\. Set your own rules: start your own business. This is the toughest but
allows you to completely skip the rules. It also requires the greatest amount
of talent and offers the greatest amount of reward. Speaking from personal
experience, however, unless you have stockpiled savings and have excellent
work ethic, this is a massive risk that has the potential to destroy your
savings, emotional state and family relationships.

If I were you, I'd focus on a combination of #1 and #2. Get the college degree
even if you think it's useless -- I'm sure you're being rejected immediately
because of a lack of college degree. If you really don't want to do that,
start working your professional network for referrals or start working on a
great side project that you can present at an interview that showcases your
talents and makes up for your lack of degrees. #3 is the dream, of course, but
I've found that there is enormous value in the stability of a regular paycheck
and insurance, especially when you have dependents, despite the soul-crushing
nature of corporate jobs.

Good luck.

~~~
danellis
There's no sense in getting a college degree just for the sake of having it.
They're expensive and take up a lot of time, and they're not needed to get
into tech jobs. Yes, _some_ companies will care about this, but many, many
companies will not. They care about what you know and what you've shown you
can do.

Leveraging connections, on the other hand, is a great idea. Most jobs are not
actually advertised anywhere, and if you can use your connections well you can
find yourself applying for jobs with very little competition.

~~~
mod
It seems like you chose to selectively ignore what he said the use of a degree
was. And he didn't say "just for the sake of having it," he said it's a
requirement to get your foot in the door at corporate jobs. It is.

~~~
danellis
> he said it's a requirement to get your foot in the door at corporate jobs.
> It is.

And I disagreed with him, which I think is okay. It's demonstrably not a
requirement for _all_ corporate jobs, so you can't make sweeping
generalizations like that. I can say without a shadow of a doubt that you
don't need a degree to work at companies like Citrix or Google, for example.

------
vikp
I can't help you directly (I'm not in the IT Security field), but I think I
have some applicable tips.

I did very badly in college, and majored in American History. About three
years ago, I quit my job and learned how to code. I was focused on machine
learning and data analysis. I faced the same problem you did -- no way to
prove I had any skills.

The way to stand out to employers in your field is to do things that are
publicly visible. It's hard to judge someone's talent from a resume, but it's
easy from a github repo.

Some ideas for you:

* Contribute to open source projects in the space you're interested in.

* Start a blog. You'd be surprised by how much sharing some of your own experience can help others, and it can raise your profile a lot.

* Lots of companies offer bug bounties -- try to find some vulnerabilities and collect some. Blog about your experiences. I don't know how hard this is, though.

* Make cool projects and share them on github. Blog about them. Post them on HN.

* Go to meetups in your area on topics that interest you. Meet people. Make cool projects with them.

* Go to hackathons if you can. They're a great way to meet people and find interesting projects.

* See if you can take on a small part-time role helping out at a startup in your field.

As for what's in demand, take your pick. I've talked to companies having
trouble hiring web developers, mobile developers, and data scientists. Any of
them is a good choice (again, don't know anything about IT security demand).

~~~
jarcane
Wow. That is almost exactly my life story right now (three years of cinema
studies, had to drop out for financial reasons, now trying to teach myself
code and sorta succeeding at it but feel grossly unqualified).

Thank you for posting.

~~~
Jacqued
Hey ! I kind of did this transition recently from Literature grad to
developer.

I don't know if you had the same experience but I think for me the key to
succeeding in this transition was to try and learn not only to 'code', but
also about the engineering, quality, deployment processes surrounding code
that most juniors (that I have seen) typically know little-to-nothing about.

That way, even if you have a lot to learn on-the-job, you probably won't be a
burden on the rest of the team and they won't have to spend too much time
holding your hand (except at code review time, but I guess that's the case
with every newcomer to a project).

I also worked for myself for some time and had some experience (minor really)
to help me get my foot through the door. Then when you get a job, you have an
opportunity to show what you can do and after that you're just like everybody
else.

~~~
dfcarpenter
I am curious how you went from freelancing to working at a firm. I also got
into development from a liberal arts background ( I went to a “great books”
school ). I started out several years ago, first with a brief internship, and
then freelancing with a friend who a more experienced developer, and now I am
freelancing solo. I have several sites and apps under my belt but I feel like
an impostor and totally unqualified when I look at the requirements for
various job listings (Junior/Intermediate JS/Python/PHP)

------
david_shaw
I can't speak for the rest of the industry, but since I'm the CTO of an
information security consultancy, I can at least provide an informed opinion.

Many, _many_ security companies don't care what your formal education is. The
reason for this is simple: there aren't many (or, perhaps, any) undergraduate
computer security programs that are cutting-edge and relevant enough to teach
the skills needed to be a good hacker. Unless we're talking about graduate-
degrees, I barely glance at a prospective hire's formal education -- there's
just not enough correlation between that piece of paper and performance on the
job.

What I _do_ look for is self-motivation, passion, and drive. I know it's
cliché, but you can't be great at infosec if you're just pulling the 9-5 -- it
has to be something you really care about. You have to stay on top of
everything.

So how does one measure passion?

Clearly, if you can talk about side-projects you've done in the security
realm, that's a great start. If not, being involved with the community (such
as the free and local Security BSides conferences, OWASP meetups, etc.), shows
that security is something that you really care about. Those events are free
(or maybe $10), and show a lot of drive.

I know your actual question was in terms of IT disciplines, not just security,
but I'm confident that what I'm saying here applies to almost every selective
career type. You're trying to be competitive in a tough environment, so you
have to make yourself stand out. Really, _really_ wanting something usually
shows.

That said, feel free to shoot me an email if you're still interested in the
security route. I'm always looking for new engineers!

~~~
g0v
Hearing this from someone like yourself brings me great joy...

In 2011 after my time in the military was through I made a decision to get
into infosec. I didn't know how to code, had never been to college, and only
had IT knowledge from being a typical computer geek in high school. That same
year I found out there was security firm in my relatively small hometown, so I
emailed them.

Since then I've been reading books, coding, and emailing that firm every 5
months or so basically asking for work. To hear that self-motivation, passion,
and drive are big hiring factors to you makes all this studying I've done over
the past few years worth more to me than before I read your post.

I finally got a "maybe later this year" from the technical lead, I'm crossing
my fingers.

Thank you.

------
riskable
This may seem way out in left field but: Do a background check on yourself. If
a company does such a check and it comes back saying you're a serial murderer
they will not tell you that's why you were turned down.

Background checks are often horribly wrong or contain bullshit red flags like,
"Claimed position: Developer; Actual position: Architect". Get enough of those
and you'll be dropped for consideration.

When I left an employer a few years ago I requested my employee record and
what was inside blew my mind. The background check was _so_ wrong it was
crazy. It said I worked at places I never worked. It said I lied about my work
history (aforementioned title naming problem). It said my provided address
information did not exist!

Fortunately none of that seemed to matter to the company that hired me but I
suspect it's only because the supposed red flags were ultimately meaningless
(did I work as a customer service rep at some company 8 years ago? No. Was it
relevant? No).

~~~
tfg4k
This is rather unsettling as I have never asked for an employee record from
anyone before.

I have thought to run a background check before. However, I didn't know or
have the time to find out back then where to request one. I know there are a
lot of sites out there who apparently generate a report for you for a price. I
just didn't know if any were particularly reputable.

------
JabavuAdams
Matasano crypto challenge? Prove that you're talented.

Credentials are not skills. If you've been in IT for 15 years you have skills.

Go to meetups. Be yourself, but try to be pleasant and helpful. It's who you
know + how you can help them.

------
lhl
15 years in, formal eduction shouldn't be a big deal. Assuming you made a deep
positive impact on successful projects, you should have a deep network or
connections and referrals to tap? If not, you need to answer that question.

Why are you "bluffing" through jobs when you should have a large tool-belt of
experience? Just-in-time/on-the-job learning should be a positive, but it
sounds like you need to improve your soft skills/be able to more effectively
reposition/sell yourself.

Beyond a resume, which you've mentioned you're terrible at (learn to make a
good one, there are plenty of resources, or get someone who is good at it to
improve yours) you should probably also put together a CV/project portfolio.
Is your LinkedIn up to date?

Also, while it sounds like your experience is mostly in IT support/systems
integration, if you're looking for employability, just learn to code.
iOS/Android if you're looking for immediate employability, some systems
language, full-stack webdev for more general flexibility.

Participate in some open source projects, like others have mentioned, make
sure you have a robust Github account. The only way to judge talent is by
output, and having public repos and project participation speaks for itself
and is a 100x better indicator than any degree or credential.

I wish you the best of luck, but you maybe getting feedback from former
employees and coworkers to assess your strengths and weaknesses would be more
effective than asking random people on the Internet?

~~~
tfg4k
Thanks much. The 'bluffing' was how I got the tool-belt. Again, my apologies
for such a sloppy first post. LinkedIn, while up to date, has never done
anything for me but spam me about things like endorsements and birthdays.

Well, and get my contact info into the hands of every spambot posing as a
headhunter on the planet. It's there though. Former coworkers are hard to
track down but all have written recommendations for me in the past. Some are
on the LinkedIn page. I have no project portfolio. I don't really know how to
put one together.

I like asking random people on the internet because my former managers and co-
workers can't figure out why I have been unemployed for so long either.

~~~
lhl
Hmm, but none of the former managers or co-workers have managed to recommend
positions or leads to you?

In anycase, I suggest you pick a specialty, whether it's infosec or something
else, and make sure you are participating in the proper communities online -
Twitter, mailing lists, meetups, etc and actually get _really good_ at
something.

From your response to mattmurdog, it sounds like you are defining talent
differently from how I think most of the people here would - where talent ==
actual, not potentially acquired skills/experience.

There are a near infinite number of bugs, RFEs, unsolved problems, and
projects to be done (just scan the articles that show up on HN every day).
Publicly demonstrate the ability to fix some of those (like actually upstream
some patches, release some projects), and honestly, you shouldn't have any
problem getting a contract or any other kind of gig. Real (demonstrably
productive) talent in tech is always in short supply.

~~~
tfg4k
A hiring manager from a job I had for a year in Tampa back in 2005 got me my
last two interviews. So, I have been attempting to tap my rather small
network, It isn't that large though.

------
btilly
I know that tptacek used to hire people who did well on
[http://cryptopals.com/](http://cryptopals.com/). He is no longer with that
company, but you can look around for an opportunity like that as a way to get
your foot in the door.

~~~
tptacek
I left Matasano to turn what we were doing with Cryptopals and Microcorruption
into a company. Fun announcement coming soon.

I can't speak for Matasano/NCC Group anymore, but: I strongly suspect that if
you can get through all 7 sets of the crypto challenges, they will want to
talk to you. So far as I know, the resume-blind hiring process I built there
is still running.

If you get all the way through the crypto challenges, want to work in software
security, and have trouble finding a place to work, ping me. I will happily
rep you.

------
AYBABTME
Maybe I'm dumb but nobody who's hired me ever cared of my (lack of) degrees.
All they cared about was proof that I could get stuff done, which is one of
the purpose of my Github. AFAIK, talent is all I have, and I've never had a
hard time finding jobs as a developer. And I learned and started writing code
4 years ago, so it's not like I'm a child prodigy or something.

I'm just a dude who picked up programming a few years ago. What I'm trying to
say is that I'm not special and I'm doing fine. You likely have more
experience than I, so there's nothing that should prevent you from getting in
a similar situation. One thing I do have for myself is confidence, so maybe
that's all there is to it.

~~~
tfg4k
Thank you for the input. While Pen Testing has always been my goal, I have
started looking at things like Database Development or Full-stack web dev
training. Problem is, my financial situation doesn't always allow for me to
get access to structured learning.

~~~
forloop
> Problem is, my financial situation doesn't always allow for me to get access
> to structured learning.

There's so much information on the web, or via books/video courses/MOOCs that
there's no need to do the structured learning thing. Particularly with Python.
Plus, Python is used in security to create scripts/tools.

EDIT: Example of some books, vis-a-vis Python and security (learn the basics
first).

* Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

* Hacking Secret Ciphers with Python

* Python Penetration Testing Essentials

* Gray Hat Python: Python Programming for Hackers and Reverse Engineers

~~~
tfg4k
Yes, I am aware of and use some of these. I have an ex co-worker who is still
a close friend and a developer who is always giving me advice and helping me
find these kinds of resources.

The financial thing was more about certification training, as I was
(mistakenly) under the impression that they carried more weight and would open
more doors for me. Especially in the Security realm.

I had also looked at things like bloc.io but who really has that much money
for that kind of training on their own? Thank you for the response!

------
nmrm
Would you consider a (perhaps accelerated) degree program?

I understand this might not be possible in your situation, but if you can find
an evening, on-site, accelerated program at a local non-flagship state school
then you might be missing an opportunity. I've known some people in similar
situations for whom this approach worked out well.

I can provide some advice if this is at all plausible for you.

(edit: the comment by ferrari8608 is an excellent example of why attending an
inexpensive university can be a good idea, even without finishing the degree
program; you'd be surprised at the number of positions filled via "former
professor" relationships).

~~~
tfg4k
This is something I will look in to. Thanks for the comment!

~~~
nmrm2
Some advice (again, assuming you go this route; not saying you must/should):

1\. Try to find a not-too-expensive, non-flagship state school ($5-9k /
semester for a full course load is a good ballpark. You can bring that down a
lot by doing gen eds at a community college and then registering for 1/2 or
3/4 loads for the semesters you're enrolled at the uni. Most state schools let
you pay by credit hour and are good about accepting Community college credit,
but make sure you get a commitment from the uni that they'll accept any CC
course you take.)

2\. Get in touch with an admissions person and request a one-on-one.

a. Make sure they know you're an "adult learner" and, if you can't arrange
your other obligations to take day-time courses, figure out if there are
evening sections of every course you'll need to graduate.

b. Inquire about scholarships, grants, and subsidized loans. Talk with your
family and figure out what you feel like you're able to afford. Be frank with
the admissions person about financial realities.

c. Request a one-on-one with a faculty member from the CS department. Many
teaching-oriented schools will entertain this, but don't be surprised if you
get turned down. If you get a meeting, start off with general questions about
the faculty's expertise in security (actually this doesn't matter so much
because you ultimately want a job rather than a research position, but
technical stuff is a good way to break the ice). Then ask that faculty member
about what the department does to help place students in internships/jobs. As
an added bonus, in general, faculty are more likely to give you a good sense
of the quality of the school than admissions people (who are, after all,
salesmen).

3\. Don't be afraid or too proud to avail yourself of free tutoring etc., and
try to be a participant in the department's community (e.g., attend official
department events whenever possible. In general, be seen and excel.

4\. Once in CS courses at the uni, be sure to stand out and that your profs
know about your interest in security and prior IT experience (great way to get
leads passed your way).

Other advice regarding finances:

1\. If you have to take out loans, make sure they're subsidized. Make sure
that increase in lifetime earning balances out the full cost including
interest. As a good rule of thumb, the total is approximately the cost of a
new, low-end car. I.e., limit yourself to the amount of debt you would put
into a consumable. Rationale: education has far better pay-offs than a car,
but more risk.

2\. If you can xfer courses from a community college, do all those before
enrolling at the uni. In the mean time you might find a good job (at which
point you can choose to attend the uni or not).

3\. Make sure your family is 100% on board and that you're confident you will
finish the degree or get a job out of it. Be aware that, esp. if you're
working during school, the time commitments and stress are going to take a
toll on personal relationships.

------
staunch
1\. Find a cushy job in government or a very large corporation, where you can
bluff your way through indefinitely.

2\. Buckle down and master some real skills that are in demand. It's a cop out
to say there are "too many options". All you have to do is pick one you're
interested in and put the time in. You have to specialize though. Security
isn't specific enough, penetration testing is, or iOS/Android development,
frontend web development, whatever. After just a few months of study, you
could probably find someone who will hire you at a low salary in any of these
jobs. Then master the specialty on the job.

~~~
tfg4k
I understand. I was nervous about using the right terminology when rambling
out the OP. Pen Testing was the area I had been focusing on. I have taken
online courses and have real-world experience doing that but not in a
"professional" capacity. That being said, how much weight do certifications
carry when applying for employment in that area?

~~~
staunch
It's easy to see gauge your skill at penetration testing. Just try to collect
some security bounties. Certifications don't matter much at good companies.

------
ericob
This may have been covered already, but... The purpose of a resume is not to
get you hired. The point of a resume is to catch someone's attention for long
enough to keep you in the race, or get to the next step.

A successful resume is one that will be NOT discarded by HR drones or
automated resume scanning software. A successful resume will get you a phone
screening or an in-person interview.

If your resume is, as you said, awful, but you are getting to the interview
stage then you are getting there DESPITE the quality of your resume.

If you are not getting past the interview step, the problem is not with the
resume (it's out of the picture). So "something" may be going wrong in your
interviews. I don't have any ideas about how to go looking for what might be
going wrong.

Separately, I don't see any mention of the web site
[http://asktheheadhunter.com/](http://asktheheadhunter.com/)

This guy has strong opinions that are carefully expressed. Many of his
opinions contradict "common wisdom," which I often found eye-opening. He has a
lot of interesting things to say. Poke around the site... read some articles,
subscribe to the newsletter. It could be helpful.

------
touny
Which other talents do you have?

I would also ask myself the following questions:

Do you really wan't a job (employed by a company), or you just need one?

Have you thought that maybe your talents are not appreciated in the corporate
world?

One must consider that the recruitment system is broken, or do we really
believe that with a written one page document and a brief phone call, we can
screen people and dimension their whole personality?

I have asked these questions myself because I relate to your situation. My
advice: Just be productive every day, and this means to create things that you
think might be useful to somebody.

And yes, not everyone has the ability to speak the language of the corporate
world. Just try to find the people you can work with best. Maybe you're best
suited to be an entrepreneur or a workshop guy building stuff and
experimenting.

Also, a new family is not a small thing, it changes many things in our lives,
it unbalances us in many ways, certainly in the economic one. But don't
despair because this too is a great thing that is already pushing you to your
limits and thus providing the opportunity to improve yourself.

Consider this your life quest.

------
Sakes
When people start making assumptions about you, then giving advice, take it
with a grain of salt.

Taking the known issues as you have stated them: No degree, no direct
experience in the specialty that you want to pursue, this is how I would
proceed:

1) Focus on jobs at small to medium sized companies. They will be less likely
to rely on some hiring script, and likely to give more weight to an interview.

2) Make a spread sheet of all jobs on monster.com & similar services that
involve security and start applying for them.

3) Make a spread sheet of all the companies that you can find where you would
prefer to work, regardless if they are hiring, and apply there as well.

4) Once these two resources are compiled start your weekly applications...

Week X:

5) Blast 20 companies with your application, prioritizing the companies by
which ones you like the best. Make sure to customize the cover letter for each
job.

6) Follow up on the previous weeks 20 applications with a short friendly
email.

7) Spend some time during the week building something that show cases your
knowledge in security.

I hope I've said something that you believe will be beneficial and actionable.
Good luck!

------
fsk
>I don't know what's in demand. What can people still turn in to a long-term
career? What area or "discipline" in IT shows promise for a career?

Here's one rule of thumb I've been using to gauge demand. If someone's willing
to hire you to use a tool even though you haven't really used it before, then
the demand is there.

Another warning is that what's hot now may not be hot 5 years from now. iOS is
hot right now. I'm concerned that, with Steve Jobs gone, Apple is going to
implode and lose their market share. So there may be no iOS jobs 5 years from
now.

Just keep sending out resumes. You'll find something eventually. It's just a
numbers game.

Do you have any savings? If not, get whatever you can right now to get back.
Be prepared to take something lousy and be looking to jump to something
better.

~~~
nbardy
Apple is too large to implode and fail quickly. Even if they do fail it will
be a slow death or just a leveling off. Look at Microsoft. The last ~10 years
they been getting beaten in many large markets they are entering, but they are
still a massive player.

~~~
fsk
There's no way Blackberry could lose their market share. Even if they do fail
it would be slowly or a leveling off. There's no way they could go from the
leader to zero in 5 years.

~~~
npalli
Apple has $180Billion in cash. The total it spends on employees is $18Billion
per year. So, in essence Apple could pay its employees just to sit around and
not sell a single product for 10 years before running out of cash.

Ponder that. Apple is nothing like Blackberry. Your example is totally
ridiculous.

------
varelse
I have seen this situation before. It seems to be a particular fail mode for
the typical tech company hiring filter. A lot of people, some of my co-workers
included, screen for a very particular sort of cookie. When they don't get
exactly the cookie they want, they reject.

To be fair to them, the number of flaming idiots that manage to get past HR
phone screens these days is seemingly monotonically increasing, but along
those lines, here's my question: if you're not even getting past HR phone
screens (and these people frequently are keyword-driven dim bulbs IMO having
suffered through some astoundingly inept phone screens that were a waste of an
hour), what are you telling them? Or if it's not even getting that far, have
you had someone look at your resume?

~~~
tfg4k
I actually do well in this part of what has regrettably become the norm in the
industry for "interviews".

I don't really know what I am doing wrong other than needing to refresh my
resume. Still, even in its abominable state, it gets attention and I do get
solicited. I just always seem to lack something that, while insignificant on
paper as it may be, makes the difference.

For example, I was very recently put in touch with a group in Tampa. I was
contacted by them because an old manager in town had told someone who told
someone about me. Long story short, great interviews and 3 weeks later, I was
passed over in favor of an internal promotion because of the time it would
have taken me to move my family from TN back to Tampa.

------
m3gatr0n
Hi tfg4k, I am coming from Romania, so I know a little bit about geography
problems and let's just say that on the old continent, coming from the Eastern
is still a handicap. I also love IT security and I dedicated 1 year of my life
to try to get in and do something. The biggest stupid thing that I could do.
It's way to little and this industry is so closed, that you have absolutely no
chance to make it on your own. It's impossible. In order to break something,
you need to understand it and then exploit it's weakness. Because everything
is so complex now, you're pretty much like a fish out of water.

If all you are saying is true and you are really good, your problem is not
getting a job. Your problem is finding out what you want to be in the IT.
Developer/consultant/tech support or what? This is what you should be asking
yourself in the first place. After you know want you want to be, then go and
find a technology THAT YOU LIKE, THAT MAKES YOU VALUABLE.

> What area or "discipline" in IT shows promise for a career? This is one of
> the biggest top 3 mistake in my opinion. What tomorrow is cool and trendy,
> tomorrow will because obsolete (e.g. Flash), so technology doesn't actually
> matter to be honest. One day it's a keyboard, tomorrow it's touchscreen and
> in 10 years there'll be mental commands. This makes no difference, because
> we built the whole 1/0 logic in order to help us in our day to day work in
> any way possible. So if you are serious about this, FIRST find out what you
> like, than prepare for it, practice it and the step you foot in the door.
> Regardless if you're going in for an internship or to be the manager, your
> goal is to get on that door and keep going in, day after day. If you're that
> good, they will promote you by default.

Cheer up and find something that you're good at, the reward will come by
itself. The most important thing is to like what you are doing, the rest is
history :)

PS: By the way, I ended up being a SAP Developer, after which I switched at
being a SAP Consultant in Germany. I still keep a closed eye at the security
field, but just as a hobby, nothing more.

------
Mz
People who have no credentials, but lots of talent, sometimes start their own
business. This is something I used to comment on a lot on homeschooling lists.
The two examples I typically gave back then were: Bill Gates is a college
dropout and Madonna is a college dropout.

An example that might mean a bit more to you: In this forum, IIRC, jacquesm is
a high school dropout. He is currently #3 on the leaderboard. If you haven't
read his blog, you might find it of interest:

[http://www.jacquesmattheij.com/](http://www.jacquesmattheij.com/)

[https://news.ycombinator.com/user?id=jacquesm](https://news.ycombinator.com/user?id=jacquesm)

~~~
tfg4k
Thanks a lot. Bookmarked. I really appreciate the response to the OP from you
and everyone else. I didn't expect it to get noticed at all.

------
cubano
Wipe away all the negativity from your thoughts and, more importantly, your
resume.

Focus only on you positive achievements. Sell yourself.

Get on daily job mailing lists from ziprecruiter, indeed, dice, and
postjobfree, and apply for at least 5 jobs a day.

Good luck.

------
steakejjs
IT security is ridiculously easy to break into, and I'm not kidding.

If you are able to demonstrate all that talent (github, outside projects,
anything else) and you are able to hold a conversation with people, there are
literally thousands of openings for you.

The certifications only really matter to Washington DC (or people making money
off of DC).

Apply more places, make some things on the side that demonstrate you know what
you're talking about, and look for positions at large, stable companies.

------
ZenoArrow
Would recommend getting a job doing what you've already done before trying to
break into the IT security field.

1\. Getting a job. Know anyone you used to work with that is now at a fairly
large company?

2\. Getting into IT security. Ever considered going into one of the bug bounty
programs, e.g. for Facebook, etc...? That'd be a good thing to put on your
resume, as well as giving you some money.

------
mattmurdog
You sound a lot like programmers I constantly run in to who claim to have 10+
years of experience and rate themselves a 10 out of 10 on everything known to
man. But yet can't land a full time job and just coast from freelance to
freelance work and take on projects that my 8 year old nephew and/or a chimp
could have done/automated. Like some of the replies here, these guys come off
super arrogant and are just not personalable. These are all major red flags.
Not to mention they're just clever at being deceptive, not only to potential
employers but also themselves. Because when pressed in technical interviews or
tests they fold. They fold hard.

If you really want to break in, I would be honest with what you can do.
There's no shame in being self taught. Use that trait as a strength to show
your capability and interest to learn new things. That you're autonomous and
motivated. Talk about how you were able to learn new things or how you were
the driving force behind something. Don't be afraid to take a smaller role and
listen to others. Your coworkers are assets not ladders for you to climb over.
And most importantly, work with smarter people. Soon enough you'll learn that
you're actually not that talented... or maybe you really are. Good luck.

~~~
tfg4k
Sorry, Did I say something negative about coworkers? And again, the talent I
am referring to is the ability to learn quickly because of a great mentor I
had when I was much younger. Not a superpower.

------
mordae
> I am talented (some past coworkers and managers actually called it
> freakish), but you cant put talent on your resume.

And that's where you are wrong. Make sure that those coworkers and managers
will back you up during your next interview and urge the prospective employer
to actually ask these people about your qualification.

~~~
tfg4k
Yeah, you're right. I suppose you can put talent on your resume. Thanks!

------
tfg4k
I want to thank all of you for the great comments and advice.

I had absolutely no idea that this would get so much traction. Some of you
have given me invaluable insight and I hope to see more of it. A few comments
I have even lifted just to put into a note to use as reference later. I think
this is awesome.

------
tfg4k
Update: Sorry if I missed a typo or sentence fragment. Had to edit a lot to
get under character limit.

------
readme
Think about the Army. MOSes in 25 series and 35Q and 35T would be interesting
to you. All computer stuff. 35Q would have you doing _pentesting_. Go talk to
a recruiter if you're not older than 35.

Source: I am in the Army. It's not nearly as bad as you'd think.

------
raincom
You won't pass the fliters to get hired. There is a way to do it. First you
need to show that u have worked for big companies; second, try to work as a
contractor, which can help you gain real experience.

No company wants to mentor anyone.

~~~
tfg4k
I have worked for large companies before. Defense Contractors and in
Operations for very large retail organizations.

Am working as a contractor now. Thanks for taking the time to comment. I
appreciate it!

~~~
raincom
pm me, i can tell u how Indians play the gay. You can play the same game these
offshoring companies play to get a contract gig right away.

~~~
tfg4k
Cool. I have no idea what that means but, yeah

~~~
jqm
That might be one approach to getting a job, but it doesn't really sound so
good... depending on ones orientation of course.

------
tfg4k
Sorry for all the edits, I'm still getting the hang of the formatting in
commenting and posting. I didn't expect a response like this. I appreciate
everyone who took the time to comment!

------
atmosx
I know it's not what you're looking for, but learning JS and a _hot_ framework
like React or Meteor will help you land a job in the IT sector in sooner or
later IMHO.

Good luck with everything.

~~~
tfg4k
Hey, no, thank you very much. I was looking at Angular earlier this morning. I
played around with Node when it was new, dropped it because anything within
reach at the time in my job market were for things like pulling cable, fixing
people's computers for a small MSP, and that was about it. At least I have
something to work on in the meantime. I started playing with JS and Python
when I considered being a programmer. I stopped because everyone said Python
(which is awesome) and I just had a rougher time learning it than JS.

~~~
danellis
It sounds like you lack tenacity. Unless I'm completely misreading you, you're
saying you started learning things to help you get into a web development job,
but then gave them up because... you couldn't get a web development job yet?
Why did you drop the thing that would put other jobs in reach?

> I stopped because everyone said Python (which is awesome) and I just had a
> rougher time learning it than JS.

Whatever you're learning, someone will come along and tell you that something
else is better. Ignore them. The first programming language you learn is
teaching you to program, which is far more important than which language it
is. You're learning transferable skills that you'll take with you when you
learn something else.

------
hemantv
Talents gets you very little, handwork can get you a lot farther.

------
indymike
Instead of doing what is in demand, try doing what you like to do. Liking what
you do makes it easier to deal with the boring part.

~~~
tfg4k
I enjoy it all. It isn't a situation like some I have read about here before
where people who want to become programmers can't decide on a language. Since
I have always pursued my "passion" for just about anything to do with
Security, it has always been in my spare time. So, what I was looking for in
that part of the OP was just a little guidance. Like, if I thought Fortran was
dope, it still wouldn't do me much good to master it right now when I need
work.. (trying a joke) Thanks!

------
bane
I'm going to be a little rough, but it's not meant to slam you.

Here's what I would see as a hiring manager if this was distilled down to a
resume:

1\. H.S. Diploma

2\. Worked help desk and wiring jobs for 15 years with little to no upward
career progression

3\. No particular portfolio of work you can point to

4\. Personally, given this background, you've ended up with a new family. I
don't know if you're struggling to support them or not, but I'm guessing with
help desk jobs it's probably a struggle.

All this together can read to a hiring managers as "not responsible or forward
thinking enough to trust with a chance. May not actually know how to do the
kind of long-term hard work I need for more senior/higher paying positions."

Even with a change in any of those four bullet points, you would read as a
better candidate.

1\. College degree instead of H.S. Diploma

2\. Upward career progression

3\. A portfolio of work

4\. Family issues are not part of the conversation since your personal issues
are not the hiring manager's concern, this bullet doesn't even exist.

I'm not saying you need to have all 4, but any improvement in any of them
would help. You don't have to have a college degree if your 15 years of
experience showed a progression in roles and responsibilities. Or none of that
would matter if you had a bunch of awesome projects up someplace for an
employer to look at.

Or with no changes in 2,3 or 4, in 15 years it never occurred to you to go hit
the local community college and start on what might even look like a degree
path? (I say this one with lots of authority since I was once in a similar
situation as you, but I finally got the clue after only 4 years of suffering
in shitty jobs).

You can't change #1 quickly, even if you started today, that would be years of
hard work. Harder than you can realize right now (I'm speaking from personal
experience)

#2 might be a framing issue, you might need to rethink how you present your
prior work so that if there was any kind of increase in roles and
responsibility it's reflected in your work history (and in how you present
yourself during interviews.

#3 is also long-term, but even some github projects that do automatic security
audits or test for vulnerabilities, things that a few weeks of learning shell
scripts or python could probably get you, those would be huge on your resume.
Being able to talk intelligently about those things during an interview would
be even better.

#4 here's some tough talk. Your personal issues are of no concern to
prospective employers. They honestly don't care, and anything they know about
is likely to make them concerned about your reliability as a corporate asset.

#5 Finally, certificates are touchy things, they might open some doors, but
not as many as just having a college degree would. Most certifications are
barely worth the paper they're printed on. If you are really interested in
computer security (a very good, fast growing industry with excellent pay and
plentiful job openings waiting for you to apply) you need to get into a
college degree program and work towards at least a B.S. in Computer Science,
Computer Security or Information Systems and then get CISSP certified.

Here's some even tougher talk, to even be considered for a CISSP _certificate_
you have to have had 5 years of 40-hour/wk work experience in 2 of 10 work
domains. [https://www.isc2.org/cissp-
domains/default.aspx](https://www.isc2.org/cissp-domains/default.aspx) This is
the level of candidate that professionals in the field are looking for, full-
stop.

You can also become an Associate of (ISC)2 and you'll then have six years to
get the necessary experience.
[https://www.isc2.org/associates/default.aspx](https://www.isc2.org/associates/default.aspx)

If that's too much, remember an employer is going to think "this guy can't
even commit to a real certification program, why should I hire him?". Scout
job postings you want, and look at the requirements, that's your guide for
what is being looked for. Talent is not one of them.

If this is what you want, you need to start _today_ and do everything
necessary to make it happen. You're 15 years behind at this point. But you can
make it up.

If this is all too much, you might rethink and go a different direction. A
portfolio of tools, a blog on your topic of interest, participation in
communities of interest (start networking _NOW_ ) all need to be there when
you apply for that next, better, job.

#6: okay really finally. You need to start thinking in terms of career and not
job. A job is where you go exchange labor for money. You go from job to job,
the pay might be better, it might be worse, but they aren't building blocks
that get you anywhere in particular. A career is a tower, each place you work
gives you building material for that tower and you slowly build up as high as
you're capable of going. Jobs are what you do when you're just out of
highschool and looking to score some gas money. Careers are what you do to
prepare for eventual retirement and raise a family.

I know I'm being harsh, but I know lots of guys in your same place and can't
seem to connect the dots, even after decades of walking in place.

~~~
tfg4k
I appreciate you being blunt. I'm not going to get anywhere if people tip-toe
around any issues they may be able to bring to my attention. I'm not easily
offended. I appreciate the last point. Career vs. Job. Yeah, I could go answer
phones like I did when I was sixteen but that would just be stupid.

Thanks for that comment!

~~~
bane
Sure thing.

The real advice I have is that you have to figure out what your story is. What
is the culmination of your experiences. If you're still doing help-desk -
that's a job people effectively right out of high school do with minimal
training. It's the fast-food cashier of tech jobs.

Are you still doing that same job, or have you learned something in that time?
If so, if you've aggregated experience and knowledge, you need to figure out
how to tell that story and how to distill it down into your resume and
interview.

A long time ago I did tech support also, but I know I learned _lots_ of soft
skills. It took me a while to figure out how to parlay those into better jobs,
but now, many years later and mid-career, those same skills get exercised
every single day.

I think your best bet is honestly figuring out how to rerepresent your job
time as a career, start building a portfolio you can show off, and start
networking.

~~~
tfg4k
Right-Right. I don't know what it was in the OP that gave people the idea that
I am still working help-desk stuff. It was my first technical job.

~~~
bane
Oh right, sorry if I misread it!

Good luck!

------
chrisbennet
Where are you located?

A friend of mine has some sort of security business, maybe I could get you in
contact with him for advice at the least.

~~~
tfg4k
I meant to reply to this first. I didn't expect so many responses. I am
located in Upper East, TN. The Tri-Cities to be more specific.

~~~
chrisbennet
My friend is in the Boston area but he might be able to give useful advice.
Email me and I'll pass your contact info on to him. My address is in my
profile. BTW: Your email address doesn't show up in your profile unless you
put it in your comments.

~~~
tfg4k
Thanks! I really appreciate it.

------
grandalf
Maybe offer to work for free for 2-4 weeks (10-20 hours per week) for someone
you respect, with no expectation of a job, just the expectation of very candid
feedback/coaching at the end of the time period.

Getting your skillet where you can meaningfully add value in the first two
weeks is not necessarily trivial.

~~~
tfg4k
That is a wonderful idea that hadn't occurred to me. Although I don't respect
anyone in the Security field because I don't know anyone in the field. Will
work for free though. Respect or not.

------
dustingetz
people as talented as you say you are, do not end up needing to write this
post. Just my opinion

~~~
tfg4k
Noted and thank you for posting it. It just is a bit more complicated than
that. I have been working on a Security focused startup to provide free
training to the public as well as Risk Assessment, Pen Testing, etc. to the
local small business community because no one else is doing it. Also, about
the talent thing: The talent is being able to adapt quickly. It doesn't really
help when you're broke and there just isn't much of anything other than
becoming a nurse to adapt to in your area.

~~~
rifung
I respect your passion and enthusiasm, but you seem to lack patience. Seeing
as you keep bringing up your financial situation as a barrier, why don't you
take a job that's not necessarily the one you love, but one that will provide
financial stability so that you can spend your other time learning about
security related stuff? That will also give you time to apply to other
companies and not have to settle for less than what you deserve.

If you already feel like you are an expert or at least good enough to have a
job in it, then apply those skills and make something to show your prospective
employers.

Again, if your financial situation is not good then all these things just
become more difficult. It sucks having a job you don't enjoy, trust me I am in
one, but sometimes even if the job itself is not great, the things it will
enable you to do make it worthwhile.

Please excuse me if I'm making too many assumptions about your situation, but
you just remind me of a similar situation I was in a year ago.

~~~
tfg4k
No, the financial situation is complex. It isn't about patience. Quick example
would be having the opportunity four years ago to work for Rackspace as a
Linux Admin but I couldn't afford to move to San Antonio on my own at that
time. That's the kind of stuff I am talking about. And no, you are not making
too many assumptions. It's my fault for writing such a sloppy OP.

~~~
rifung
If you got an offer from them, they wouldn't be willing to relocate you?

It seems like if that's the issue but you are getting offers then I imagine
you should be able to negotiate your way in. That or you could just go into
debt momentarily.

Even start ups fly people in for interviews; I can't imagine they'd have too
much trouble relocating you. That is, if you're willing of course.

------
o2sd98
I'm recruiting at the moment. Having just gone through 153 resumes in a week,
and 4 phone interviews so far, there are a number of things that will get you
to the top of the resume list, the top of the interview list and the job. As a
potential employer, in my mind I am really asking myself the following of any
candidate.

1\. Is this person the solution to my problems, or another problem to add to
my long list of problems? Or, will this person make my workload lighter, or
heavier?

2\. Does this person really want to work in _this_ capacity, in _this_
industry, doing _these_ types of tasks? Or, are they desperate for work, and
will use me as a stepping stone to another position and in 6 months I am back
looking at 153 resumes again?

3\. Does this person think first, and ask questions later, or the other way
around? Questions that could have been answered with just a tiny bit of
thinking are part of my list of problems. Great questions, honed to the crux
of the issue, after thought and research are actually beneficial for me and
the person asking, as they are opportunities to not only fix things, but
improve the end solution as well.

Following on from this, if I were you I would redo your resume AND your
interview technique with the above in mind. Your potential employer is a
potential client of yours, and you are a micro business of one person. You
need to convince your potential client that YOU are the solution to their
problem(s), not another problem sucking down a paycheck.

How do you do this? Personally, I would recommend listing 2 or 3 problems you
solved in each of your last positions. Being self-employed/contractor is no
different to being employed. You are a small business, hired by your client to
solve problems. So list them. If there are disclosure or confidentiality
concerns, make your description of the problem and solution very high level.

I know this will probably sound strange, particularly in this particular
forum, but nobody really cares what you KNOW, they care about what you can DO.
When I read your story about getting 895/900 in the Security+ exam, what it
tells me is that you can learn complex subjects in a short time frame. The
mark is irrelevant to me, you might just have a very good memory. The REAL
question I need answering, is can you put that knowledge to _practical_ use.
Will you protect my company's network like it was your first born child? Or
will you take advantage of the fact that I don't really understand what it is
you do and do nothing all day leaving my business at risk?

It's not easy for technical people to do this, but you need to put yourself in
your potential employer's shoes for a minute. Imagine YOU own your own
company, and you need a network guy to solve your security problems. You need
this person to be capable, competent,responsible and reliable. You need to
know that they wont leave you hanging in 6 months because this wasn't what
they really wanted to do, and they flit off to something else. How can you be
THAT guy?

------
amirouche
why don't you try webdev? backend or frontend.

~~~
tfg4k
Planning to.

------
beachstartup
i'm going to give you some tough love right now, because you've sort of got
the wrong concept of what a 'security job' is in your head.

first of all - why the hell are you waiting for someone to give you permission
to start doing this job? if you want to do this job, just start fucking doing
it.

contribute to security mailing lists and keep an eye out for opportunities.
write articles. blog. go to events. write code, open source it. contribute
documentation if you can't code. sell yourself as a consultant. appear to know
what the hell you're talking about.

DO THE JOB.

if you don't actively participate in a community nobody is going to give a
shit about you, much less hand you a career with a pretty bow on it.

~~~
tfg4k
I have started a small DBA in my area to provide services to small businesses
here. I have been working on developing it but I am having a hard time selling
it without scaring the crap out of the prospective clients.

I guess what I am saying is that I have been doing the job for years. Just not
getting paid for it and was trying to dig out two things in the OP:

1)What the disconnect between working on your own and getting paid for doing
the work was.

2)there was a different area I could/should focus on given my
disadvantages(financial, disabled, etc.)

Big data and analytics are fascinating to me for example, but only because of
the implications and uses of those kinds of skills I can see in a Security
related capacity.

I wanted to find out if someone would yell, "You need to learn 'X' because
it's useful both in some Security roles and you can work doing that as your
day job at the same time." Hope that makes sense.

------
forloop
Do bug bounties.

I remember when Facebook used to put, what I presume, were PK IDs from a user
table in their URL query strings. Lower numbers being earlier users. Anyway, I
couldn't find Mark Z, but messaged one of the early staff. I then got a friend
request off him. Pretty sure if I'd been a dev at the time, I could have
convinced him to get me an interview.

~~~
tfg4k
This is one avenue I have never tried.... and will begin doing this evening.
Thanks guys!

------
ferrari8608
My answer isn't great, but it's relevant due to your experience being somewhat
similar to my own.

I'm currently working my first job in IT, for two years now, after having only
fast food and retail jobs. How did I get here? It wasn't my college education
(I'm a dropout, due to transportation and money issues at the time). College
did play a big role, though.

One of my instructors saw that talent you mentioned in me, and she knew I was
into Linux while the rest of the students knew only Windows. One day one of
her old students called her up and asked if she knew anyone who might be a
good fit for a job he was trying to fill. I was the guy she went to, and now
I'm in IT.

Long story short, it might be beneficial to you to know people who know people
in IT security. College may be the place to meet those connections, though
there are many other ways and places to accomplish that.

~~~
tfg4k
Mind if I send you an email?

~~~
ferrari8608
I don't mind.

------
hackaflocka
Make lots of little projects. Put them out there. When people contact you
about them, let them know you're a consultant who sells his expertise and
time.

I made a tempr for my cousin who was suffering similarly. Take a look:
[http://tempr.org/54e91123b3f95.html](http://tempr.org/54e91123b3f95.html)

