Luke Gough

I can tell in 30 seconds if a cybersecurity portfolio will get someone an interview. It comes down to one question recruiters ask: Can this person do something useful in the role? Your portfolio is not a folder of projects. It is evidence. - A tool list isn't evidence. - A pile of badges isn't evidence. - A generic lab dump isn't evidence. 3 relevant projects, each with a plain summary, what you did, and what it proves. That beats 10 weak ones. Comment your target role: SOC, GRC, IAM, or cloud.

New video is live. I reviewed common beginner cybersecurity portfolio mistakes from a recruiter’s perspective and broke down what actually helps candidates get interviews. In the video, I cover: - Why tool lists are not enough - How to make projects easier for recruiters to understand - The difference between weak, okay, and strong portfolio evidence - A simple scorecard you can use before applying If you are building a cybersecurity portfolio for SOC, GRC, IAM, cloud, or your first cyber role, this should help. Watch here: Link below 👇

3 months on from SecAI+ dropping, here's what I'm seeing as a recruiter: - Almost zero job ads require it YET. - But hiring managers DO notice it on a CV - Only works if you already have Sec+ and the fundamentals - Pairs best with a clear "I'm specialising into AI security" story It's a signal, not a shortcut, however, with the speed that AI is moving, I recommend looking into it.

3 months on from SecAI+ dropping, here's what I'm seeing as a recruiter: - Almost zero job ads require it YET. - But hiring managers DO notice it on a CV - Only works if you already have Sec+ and the fundamentals - Pairs best with a clear "I'm specialising into AI security" story It's a signal, not a shortcut, however, with the speed that AI is moving, I recommend looking into it.

Breaking into Cybersecurity: Recruiter Reality Check Most candidates I see fail for the same reasons: - All theory, zero hands-on - No portfolio or public projects - Expecting the “perfect” job straight away What actually works in 2026: - Build real skills daily on TryHackMe or HackTheBox / Build a portfolio - Get Security+ - Show your learning journey on X, GitHub or a simple blog - Network (Can't stress this enough) - message recruiters directly with proof of effort Cybersecurity teams are still short-staffed. Attitude and momentum beat credentials every time. What’s stopping you from starting today? Comment below 👇

New Cyber Careers episode is live. What Cyber Certifications Actually Get You Hired, and Which Are a Waste of Money. Which certs help, which are overhyped, and why evidence still beats collecting badges. Search Cyber Careers with Luke Gough on Spotify, Apple Podcasts or YouTube. Let me know if you have any topics you want covered on future episodes.

Breaking into cybersecurity? Avoid these 5 rookie mistakes that kill most beginners in 2026: 1. Chasing 10+ certifications instead of building real projects. 2. Consuming endlessly (YouTube/courses) without applying anything weekly. 3. Applying to 500 jobs with a generic resume and no portfolio. 4. Ignoring networking - most roles are filled through referrals. 5. Thinking you need a degree or perfect background. The fix? Focus on one role, ship small projects publicly, and talk to people in the field. What mistake are you guilty of (or seeing others make)? 👇

How to Break into Cybersecurity – Recruiter Advice From someone who hires for cyber roles: You don’t need a degree. What actually gets you noticed: • Master the basics: Networking + Linux • Grab CompTIA Security+ (it still opens doors) • Hands-on > Theory: Crush TryHackMe/HackTheBox, build a GitHub portfolio We’re desperate for people who show real curiosity and consistent effort. Document your journey publicly. It makes my job easier when I can see what you can actually do. Drop your biggest blocker below 👇

Breaking into cybersecurity? Avoid these 5 rookie mistakes that kill most beginners in 2026: 1. Chasing 10+ certifications instead of building real projects. 2. Consuming endlessly (YouTube/courses) without applying anything weekly. 3. Applying to 500 jobs with a generic resume and no portfolio. 4. Ignoring networking - most roles are filled through referrals. 5. Thinking you need a degree or perfect background. The fix? Focus on one role, ship small projects publicly, and talk to people in the field. What mistake are you guilty of (or seeing others make)? 👇

New Cyber Careers episode is live. What Cyber Certifications Actually Get You Hired, and Which Are a Waste of Money. Which certs help, which are overhyped, and why evidence still beats collecting badges. Search Cyber Careers with Luke Gough on Spotify, Apple Podcasts or YouTube. Let me know if you have any topics you want covered on future episodes.

Breaking into Cybersecurity: Recruiter Reality Check Most candidates I see fail for the same reasons: - All theory, zero hands-on - No portfolio or public projects - Expecting the “perfect” job straight away What actually works in 2026: - Build real skills daily on TryHackMe or HackTheBox / Build a portfolio - Get Security+ - Show your learning journey on X, GitHub or a simple blog - Network (Can't stress this enough) - message recruiters directly with proof of effort Cybersecurity teams are still short-staffed. Attitude and momentum beat credentials every time. What’s stopping you from starting today? Comment below 👇