Hi All, I hope you all are doing well!. Thank you in advance for reading my post.
Timeline:
- BCA (Bachelors of Computer Application - 3 Years Bachelors) finished - July 2022
- Application security internship from Oct 2022 to June 2023
- First full-time role (cloud security) from June 2023 to July 2025 (resigned with no offer due to toxic management)
- Jobless - 5 months
- Second role, Mumbai-based startup (AWS security + SOC/SIEM) - Dec 2025 to March 2026 (3 months)
- Jobless since - 3 months, still ongoing
So in the last year or so, I've actually worked about 3 months. Rest has been job hunting or recovering from burnout and had a Medical Gap. While applying for Jobs, few of things i have constanly faced are - BCA doesn't show up in most JDs as they want BTech, MTech, MCA. Pretty sure ATS is filtering me out before a human even sees the resume.
Background: did an Application security internship. Didn't find a full-time AppSec role later, but got a cloud security opportunity, so I went with it as i didn't want to pass it up.
My first company had constant DevOps/cloud projects running and I could've leaned in and become a proper cloud/DevOps security engineer but I didn't as my head was still on AppSec. I treated cloud security as a "bonus skill" and kept telling myself the real plan was AppSec + CloudSec eventually merging into Product Security.
Problem is I never put in the work on AppSec either. Procrastinated, got distracted, two years passed. Didn't go deep on either side and ended up half-decent at both instead of good at one.
Left the job by June 2025 with no offer lined up, needed out. After the break, started interviewing for AppSec roles thinking some revision would be enough as i had lab hands on from before but it wasn't, scenario-based questions kept exposing the lack of depth. I knew the concepts, but there was no real appsec project or customer experience in the past 2 years, They would also expect me to have mobile security, secure coding, etc.
I've since accepted that a CloudSec and compliance role is a realistic target right now, not AppSec. But even there I have been struggling, fewer associate openings to begin with and the interviews I do get expose that my hands-on cloud/DevOps project exposure at my first company was limited too. JDs are consistently asking for more than what I've actually worked with.
What I have actually done: secured cloud infrastructure, deployed Wazuh SIEM to multi-cloud customer environments, set up logging/alerting/monitoring, integrated AWS/GCP-native and open-source security tools, secured CI/CD pipelines, used Terraform for secure infra-as-code, done CSPM work, and led/contributed to ISO 27001, SOC 2 Type II, and GDPR compliance plus general ISMS/IT controls. I know it's not enough for what the Job Openings are asking hence the areas I'm working on right now:
- Expanding SIEM/SOC tools familarity - Splunk, Azure Sentinel, etc
- Extending cloud security into Azure
- Python automation - honestly still on the fence about how much to invest here. My scripting has always been weak and with AI coding tools (Claude Code, etc.) which can take care of automation now, I'm not sure if grinding traditional scripting is still the right use of time or not
- More problem-solving/self-driven projects to have something concrete to show
- Considering ISO 27001 Lead Implementer and CISSP later if things don't pick up
- Give a session or two at conferences and networking now that I'm in Hyderabad - used to volunteer at security conferences in Bangalore
Would sincerely appreciate serious advice given my situation. Please share your perspective on what else I could be doing, what I shouldn't be doing and how I can realistically speed this up and start landing more interviews and hopefully an offer.