In partnership with
Hey everyone,
Today, I’ve just seen that most popular YouTube video hit 35,000 views.
"How I Would Start Cybersecurity in 2026" resonated with thousands of people asking the same question: "Where do I even begin?"
But here's what surprised me...
The comments weren't just from beginners. I saw experienced IT pros, career changers, even people with degrees asking: "Am I doing this right?"
That's the problem. Everyone's focused on the "what" (which cert, which skill, which tool), but nobody's asking the recruiter sitting across from them: "What actually gets someone hired?"
Today, I'm pulling back the curtain and talking about what I actually look for in candidates and what makes me hit "reject" in 6 seconds flat. Let’s get into it.
The Recruiter Reality Check
Your resume has 6 seconds to grab my attention.
Not 30 seconds. Not "a quick scan." Six. Seconds. On average a recruiter / Talent acquisition spends 6 seconds reviewing whether to continue looking through the CV.
In that time, I'm looking for three things:
1. Can you solve problems, or just pass tests?
I see resumes stacked with certifications: Security+, CEH, CISSP, OSCP...
But zero evidence of problem-solving.
What I want to see:
"Investigated and remediated phishing campaign affecting 50+ users"
"Built home lab to practice threat hunting using Splunk"
"Contributed to open-source security project on GitHub"
Certs prove you studied. Projects prove you can do the work.
✅ Action item: Add one project to your resume this week. Even a home lab counts.
2. Do you understand the business, or just the tech?
Technical skills get you in the door. Business awareness gets you hired.
Here's what separates junior from senior candidates:
Junior thinking: "I found 47 vulnerabilities in the web app!"
Senior thinking: "I prioritised the 3 critical vulns that could impact customer data, and here's the business case for fixing them first."
See the difference? One speaks tech. The other speaks impact.
✅ Action item: Reframe your resume bullets in terms of business outcomes. Replace "Implemented XYZ tool" with "Reduced incident response time by 40%, saving 10 hours/week."
3. Can you communicate, or just geek out?
I've rejected brilliant technical candidates because they couldn't explain a security concept to a non-technical manager.
Harsh truth: if you can't sell your ideas, you won't get promoted.
The best cybersecurity pros I've hired could:
Explain ransomware to a CEO in 2 sentences
Write incident reports execs actually read
Present to boards without losing the room
✅ Action item: Practice the "explain it to your grandma" test. Pick one security concept and explain it to a friend with zero tech background. If they get it, you pass.
Video of the week: The 60 Day SOC Analyst Roadmap that actually works in 2026
Want to break into cybersecurity and SOC Analyst roles but don't know where to start? This 60-day roadmap gives you a clear, actionable plan to become job-ready whether you have Security+ or you're starting from scratch.
In this video, I break down two certification paths (Security+ & CCDL1), show you the essential hands-on skills employers actually want, and share the exact job search strategies that get results. With 15 years recruitment experience, I know what hiring managers look for and I'm giving you the insider advantage.
Perfect for complete beginners, career changers, and anyone serious about landing their first SOC Analyst role. No fluff, just the practical steps that work.
AI in HR? It’s happening now.
Deel's free 2026 trends report cuts through all the hype and lays out what HR teams can really expect in 2026. You’ll learn about the shifts happening now, the skill gaps you can't ignore, and resilience strategies that aren't just buzzwords. Plus you’ll get a practical toolkit that helps you implement it all without another costly and time-consuming transformation project.
Recruiter's Corner: The One Question That Changes Everything
In every interview, I often ask one question that reveals everything:
"Tell me about a time you failed at something security-related. What did you learn?"
90% of candidates freeze. They fumble. They try to spin a "failure" that's actually a humble-brag.
The 10% who get hired? They tell me:
What went wrong (honestly)
What they learned (specifically)
How they applied it (demonstrably)
Cybersecurity is about continuous learning. If you can't admit failure, you can't grow.
✅ Action item: Prepare your failure story. Make it real, vulnerable, and focused on growth. This question is coming.
Your Next Move
If you're serious about breaking into cybersecurity (or levelling up), here's your homework this week:
Polish one project and add it to your resume/LinkedIn
Reframe your resume bullets with business outcomes
Practice explaining one security concept simply
Watch the roadmap video (16 minutes that could save you months) - https://youtu.be/qAztehdV6VQ
Prepare your failure story for interviews
Want more recruiter insights delivered weekly? Hit reply and let me know what you're struggling with. I read every response.
📊 News & Trends: What's Moving in Cyber This Week
AI is redefining the SOC analyst role. Gartner just dropped their top cybersecurity trends for 2026 and the message is clear: AI is reshaping both offence and defence. For SOC analysts, this doesn't mean fewer jobs. It means the role is evolving. AI will handle the repetitive Tier 1 triage, and analysts will shift towards oversight, judgement calls, and edge cases that require real strategic thinking. If you're building SOC skills right now, lean into critical thinking and learn how to work alongside AI tools, not compete with them.
The talent gap is still massive. The Bureau of Labor Statistics projects 29% growth in information security analyst jobs through 2034, and an estimated 3.1 to 3.5 million cybersecurity roles remain unfilled globally. Translation: there is room for you. The barrier isn't a lack of jobs. It's a lack of candidates who can demonstrate real problem-solving ability (see above).
Cloud security is no longer optional. If you're targeting SOC or analyst roles, cloud skills are now a baseline expectation, not a bonus. AWS, Azure, and GCP security fundamentals are showing up in the majority of job descriptions. The traditional on-premise SOC is shifting to cloud-native environments fast. Start getting familiar with cloud logs and IAM concepts now.
State-sponsored attacks made headlines this week. Notepad++ was hijacked by state-sponsored attackers, CISA issued warnings about an actively exploited SmarterMail vulnerability, and a new Linux toolkit called DKnife surfaced for malware delivery. This is the world you're training to defend. Stay curious, stay informed.
Quick Wins
🎓 Free Resource: CyberDefenders just launched a new SOC Analyst learning path and it;s genuinkly one of the better hands-on training option I’ve seen for aspiring SOC analysts. Use my link and code LUKE at checkout to recieve 10% off for a limited time. Check it out →
💡 This Week's Tip: Update your LinkedIn headline. Instead of "Aspiring Cybersecurity Professional," try "Building cybersecurity skills through [specific project/lab/cert]." Shows momentum.
📊 Industry Insight: Job postings for SOC Analysts are up 23% this quarter in APAC. Entry-level roles are back. Don't sleep on this.
Here's the thing about cybersecurity careers: everyone's giving you the same advice.
"Get Security+. Build a home lab. Learn Python."
All true. All important. But nobody's telling you what I see from the recruiter's desk:
The candidates who get hired aren't the most technical. They're the ones who can solve problems, communicate clearly, and show they give a damn about the business.
Be that person.
As always keep levelling up your career and i’ll see you on the next edition.
Luke
P.S. Stuck on something? Hit reply. I'm here to help.
The Career Compass | Cybersecurity Career Advice from a Recruiter's Perspective
Because the best career advice comes from the person deciding who gets hired.
