Thinking about getting into cybersecurity? Completely understandable! If you’ll pardon the pun, it’s one of the most secure careers out there: the pay is great, there’s loads of job opportunities, and it’s far from boring. After all, staying one step ahead of cybercriminals is a lot of work.
That said, knowing how to get into the field can feel a bit, well, cryptic. In my experience, everyone who wants to (or thinks they want to) break into the space has the same three questions:
How do I get started in cybersecurity?
How do I learn the skills I need?
Where do I find entry-level positions?
This is the first in a two-part series that will answer these questions and help you get your foot in the door, regardless of where you are in your professional career.
Is cybersecurity hard to learn?
Not if you’ve got a passion for learning.
That’s hardly unique to cybersecurity. What’s great about a career in technology is so long as you’ve got a desire and passion for learning, given the right environment, the only limitations are your own.
Take my own career pathway, which went something like this: intern, developer, server engineer, megatech triage manager, DDoS engineer, application security, then penetration testing.
The only things those positions have in common? I found them interesting.
I spent the time learning about them, studying furiously before each interview. Whenever I was forced to give an “I don’t know” in an interview, I followed with what I did now about the concept or question.
I promised every hiring manager if they gave me a shot, I would not let them down.
My story is not unique. Many managers understand the value in a candidate’s ability and willingness to learn new skills to answer any need or situation.
So long as you’ve got that, and the right training resources, you can completely shift to a career in cybersecurity no matter what your current profession is.
How do I get a job in cybersecurity?
There’s a few steps you should take when trying to land a job in the field (and don’t worry, nobody is going to ask you to guess someone’s password).
Bring passion to the table
It sounds simple, but the cybersecurity field covers every technology ever created, will ever be created, and every misconfiguration within each.
Simply put: there is no way to know all of it.
On top of this, everything you do learn can change on a dime. That means it’s not what you know, but how quickly you can learn and adapt.
If you’re passionate about security, you’ll spend more time learning about it, and therefore adapt and grow faster than others. Hiring managers know this.
Figure out what your interests are
If you don’t know what your passions are, you’re not going to be able to sell them - or match them to the job description. But it’s actually more important than that - before you figure out how to get a cybersecurity job, you’ve got to figure out if it's even a good fit for you.
When it comes to cybersecurity, movies and TV have a lot to answer for. The field is not like the media portrays! That means a lot of people apply for jobs with no idea what cyber is actually like on a day to day basis.
Cybersecurity is also vast: there’s digital forensics, penetration testing, incident response, cloud security, and more. It’s part of what makes it interesting, but also overwhelming. Where do you start?
To answer that, you should figure out where your interests really lie. Only then can you figure out what sort of jobs you’d be a good fit for, and where to best start your new career.
So as an exercise, ask yourself the following questions:
What keeps you up at night thinking and solving?
Do you love coaching youth baseball, and spend time thinking about what drills you run? Or perhaps you spend time thinking about how to write a program to automate your holiday lights?
Whatever your answer is, this is where your passions lie. Find out what these are, then list out why you love these things. What is it about this problem solving or planning activity that gets you excited? What parts of the task do you enjoy? What parts do you hate?
Following your passions will help you choose the career that will make you happiest, and drive your success.
What do I do for fun or for free?
Usually, this is a hobby, but it doesn’t have to be: it can be something you do at work that is ‘extra’.
Figure out what these things are and write down the transferable job skills that come with each. For example, if you enjoy woodworking, the planning, measuring, and troubleshooting steps are all transferable skills.
Again, just like before, figure out what makes you passionate about these things, not just the transferable skills. As mentioned in step one, what you enjoy and why is more important than what you know.
What have you been trained in?
What’s your current background or skill set that you can put on your resume? Obviously, these skills will apply to whatever job you apply for, but once again, ask yourself: What did I enjoy about these jobs? Why did I enjoy these things?
If you are a developer, do you enjoy the planning, coding, or debugging most? People who love debugging make fantastic reverse engineers. Some people enjoy making things happen, and this lends itself to exploit development.
If you’ve got a job outside of tech, don’t let this limit you. Are you a law enforcement officer? Your detective skills and approach to investigations make you fantastic at risk assessment and blue teaming. Medical professionals? Your triage skills are transferable to the field.
In short, don't let the imaginary box prevent you from breaking the mold! There isn't just one career path you can take. Your soft skills are very valuable.
If you’ve followed the steps above, you should have a “career map''. In my next article, I’ll cover how you can match your existing skills to your ideal cybersecurity job and pitch yourself with confidence. I'll also discuss how you can use your skills and career map to find the right job roles and area of expertise in cybersecurity for you.
Pluralsight offers a number of courses you can use to learn more about getting a career in cybersecurity, authored by industry experts. There are easy to follow learning paths for getting industry recognised certifications.
Taking these courses is a great way to get a feel for cybersecurity and what’s involved, so you can make sure you’re making the right career choice.
About the Author
Kat Seymour is a Security Author with 20 years of experience in technology and information security. With a wide breadth of experience, Kat's focus is on Red, Blue, and Purple team operations, tools, and techniques. Kat's passion for technology and security are matched only by her passion to empower the next generation of security professionals through mentorship and knowledge sharing.
5 keys to successful organizational design
How do you create an organization that is nimble, flexible and takes a fresh view of team structure? These are the keys to creating and maintaining a successful business that will last the test of time.Read more
Why your best tech talent quits
Your best developers and IT pros receive recruiting offers in their InMail and inboxes daily. Because the competition for the top tech talent is so fierce, how do you keep your best employees in house?Read more
Technology in 2025: Prepare your workforce
The key to surviving this new industrial revolution is leading it. That requires two key elements of agile businesses: awareness of disruptive technology and a plan to develop talent that can make the most of it.Read more