← Back to Blog

October 14th, 2021

Customer Interview: Stefan Waldvogel

Picture of Christoper Luft, LimaCharlie Co-Founder and Creative Technologist
Christopher Luft
blog post header image

LimaCharlie is lucky to have some really amazing people on the platform. During the course of operating our business we often get to interact with our customers and sometimes those customers become friends: Stefan Waldvogel is one of these people. Stefan has had a very interesting journey on his way to becoming a cybersecurity professional and we asked him to share his story.

photo of Stefan Waldvogel

Everyone has a story. What is yours? 

My story started in Germany. I grew up in a valley with few people in it, but I loved technology. The valley and the city offered farming, tourism, and all kinds of jobs with wood. Nothing that I enjoyed.

At 18, I left my area and started a career in aviation. First, I repaired radar systems, and later, I was responsible for all aircraft-related IT at an airport. I did that job for a couple of years, and I enjoyed it a lot. In Germany, having a degree is essential if you want to work for a big company, therefore I studied Electrical Engineering. 

After that, I did a world tour and visited many countries, mainly in Asia, and learned a lot about the world and different countries. Later, I worked for Airbus and worked with IT again. 

You recently started a new job in cybersecurity - congratulations! What brought you into the field?

When I was 18 or even younger, I organized many network parties. I was not a massive fan of playing games, but I loved to help people, and sometimes we played with BlackOrifice and other malware types. It was fun, but at that time, cybersecurity didn't exist, and without jobs, I had to do something else.

About two years ago, I moved to the US, and the big question was: "What can I do?" As a non-citizen, I couldn't work in aviation anymore, so I needed a new goal. A mentor and English teacher told me about cybersecurity, and I liked the idea. I always wanted to do more with security, but now I saw my chance. 

COVID hit the US, and therefore I had a lot of time to study.

Tell us more about this career transition. There seems to be a huge competition for entry-level jobs in cybersecurity. How did you do it? What helped you succeed? What was hard about it? What have you learned along the way?

At least, in my opinion, there are very few actual entry-level roles. If I had known this fact, I would have picked Cloud or a different IT path. Getting into Cybersecurity as a foreigner is pretty much impossible, but luckily I had a lot of time.

The most crucial part is knowing the right people. For this reason, I spend a lot of time on LinkedIn. I started with about 20 connections, and now I have about 13,000. I tried to help others and shared a lot of valuable tips and tricks.

Besides that, I did many certifications, classes, and courses and invested about 4000 hours into upgrading my knowledge.

Was it hard? I was unemployed for two years, but I had a clear goal. I wanted to start with an engineering role. It was not so hard with my visibility, but few people have two years or have wrong expectations.

How did you learn about LimaCharlie?

A long time ago, I saw a YouTube video about LimaCharlie with Gerald Auger. I liked the idea, and therefore I used my home lab and played with it with the Atomic Red Team.

What was your first impression of the product?

The product is easy to use and stable. The set-up process is straightforward and takes minutes to see some results. I really like the idea of the two free agents.

LimaCharlie is a professional EDR, and everyone can install two agents for free. During my study time, I tested LimaCharlie against various malware and backdoors. The front end is intuitive and not overloaded. As a beginner, this was very important, so I could learn more about how a professional environment looks like. 

How did you leverage LimaCharlie during your job hunt?

I have a large home lab with dozens of tools. I learned a lot about working with an EDR, but as a SIEM Engineer for Graylog, I do not have that much to do with it. This might change because LimaCharlie can produce logs, and Graylog can digest these. If someone requests this feature, it is my job to write or validate parsing rules and develop content on the Graylog side.

Knowing an EDR is very useful, and I got some interview questions about it. Most technical jobs in cybersecurity are challenging and knowledge about an EDR is helpful in some ways. For example, in a SOC, you see data because all endpoints might have an EDR installed.

LimaCharlie supports many different outputs. As a SIEM Engineer, I have to know many different log formats, and using a real tool with real results helps me get better in my current job.

What would you say to people who are looking to get a job in cybersecurity today? Are there any tips you could share that would make it easier for them to succeed & accumulate the experience required for the job?

Three main tips are: 

  1. Do not trust ads. Cybersecurity is very challenging, and the technical side is a small field. Everything is possible but plan this career very carefully. A cert like Security+ is not enough, and a degree in cybersecurity is not enough to get a job.

  2. If you want a job, do networking and create visibility over a long period. As mentioned before, cybersecurity has few real entry-level jobs, and most of those are go-to friends or friends of friends. You do not want to compete against over 400 other people for a $50K job, right? So you can avoid this marathon if you skip HR.

  3. Cybersecurity is a broad field. Most people know SOC Analyst and Pentester, but cybersecurity is a lot more. You can work with compliance, with Cloud, with IAM… and a lot more. So if you pick an unknown field, it is much easier to get a job.

I arrived with zero connections and got a job as a SIEM Engineer. If I can do this as a foreigner, you most likely have a much better starting point. Your English is perfect, you might have the right citizenship, and you know a lot more about your country.

A hidden bonus tip: Knowledge in cybersecurity is free, and there are dozens of great free resources, and you can push your level far beyond OSCP without paying a single cent. You do not have to take expensive boot camps, certs, courses, or a degree. Instead, spin up a home lab or do free courses and show your knowledge on your website, on Twitter, on LinkedIn, or somewhere else.

Copyright © LimaCharlie 2024