7 entry-level cybersecurity career questions, answered!
The Cyber Work Podcast community sent in entry-level cybersecurity career questions, and we answered them during our very first Cyber Work Live event. The panel of experts answering questions included:
- Mari Galloway, CEO and one of the founding board members for the Women’s Society of Cyberjutsu, a 501 (c)(3) non-profit cybersecurity community dedicated to bringing women and girls into the cybersecurity industry.
- Victor Malloy, retired military cybersecurity professional who has over 20 years of operational experience in government and private sector cyber solutions.
- Gene Yoo, who has over 25 years of experience in cybersecurity for some of the world's largest brand names including Sony, Coca-Cola Enterprise and Symantec.
Here are their answers to the most commonly asked entry-level cybersecurity career questions.
What should you learn next?
1. What's it like to work in cybersecurity?
Yoo believes corporations don’t do a very good job at preparing employees for the day-to-day work experience. They “don't really socialize or articulate what it feels like to be in the day-to-day. It's mundane. It's slow. It's meetings,” Yoo said. “We always talk about 80/20 as a magic number. It's 80 percent you're going to be operational, 20 percent innovative. Well, not really. It's like 99 to 1. It’s a lot of work.”
The panel stressed the importance of building a strong network within the cybersecurity industry to help figure out what day-to-day work life will be best for you. If you don’t know where to start, listen to and connect with past Cyber Work Podcast guests who have discussed careers ranging from malware analyst and digital forensics to critical infrastructure security and project management.
Consider reaching out to people who work in the positions you're looking for. This is where strong networking skills can pay off. Build your profile on Linkedin and join some cybersecurity-related groups. Ask group members what it’s like to work in their particular roles.
2. What are the best cybersecurity certifications for beginners vs. tech-savvy people?
Whether you’re a beginner or you’ve got some tech experience under your belt, it can feel overwhelming to decide what cybersecurity certification is right for you. Malloy shared his approach to career planning with the PIVOT method:
- Pause: stop and take a breath.
- Inventory: take inventory of your strengths and skills. “Use what you have,” Malloy said. “If you have a passion for being curious, or a passion for being creative, or a passion for being a puzzle master — there is a place for you in cybersecurity.”
- Vision of your value: envision what you can bring to an existing organization. Use tools like the NICE Workforce Framework for Cybersecurity to explore in-demand cybersecurity positions and identify potential paths you can take in the cybersecurity industry.
- Organize: plan your course of action. Decide how you’ll work towards your new goal and what’s a realistic timeline.
- Take action: carry out your plan.
Once you have a better understanding of where you want to go, you can start exploring some of the most popular entry-level certifications. CompTIA certifications (A+, Network+ and Security+) are also a proven way to build a solid foundation of IT and security skills. Check out Infosec's Breaking into Cybersecurity flyer to learn more.
3. What if I fail my certification exams like Security+?
Certifications can be a great way to break into cybersecurity, but what if you struggle when it comes to taking and passing exams? “I failed Security+ and the CISSP on my first try,” Galloway said. But she kept at it and eventually passed.
Others have bypassed certification and demonstrated their skills in other ways. Gene Yoo, for instance, has never earned any certifications during his time “as an engineer and then pivoting into security and then into development and now running a company.“
“Some portions of the people who are getting into the field may have some sort of disability” or it might not be feasible “for them to study at home or work because they have multiple jobs,” Yoo said as another reason certifications may not be a great way to assess candidates. Your personal strengths and weaknesses might make it difficult to earn a passing rate on standardized tests, or might make it harder for you to hold certain jobs in the field, but you still can use your strengths to carve out a path in the cybersecurity industry that is tailored to your unique skill set.
4. How do I move from the help desk to cybersecurity?
Help desk team members transitioning into cybersecurity have an advantage: they’re already familiar with your company. “I’ve hired more people from IT in the past than brought it from the outside because they have the tribal knowledge of what ideas secure better,” Yoo said.
Talk to your manager and use the PIVOT method to create your career plan. “If they’re not even giving you that opportunity for internal transfer, then move on and find another company,” Malloy said. Volunteering and job shadowing are great ways to gain a better understanding of the role and any potential knowledge and skills gaps that can be filled through self-study or a training course.
5. Where would you recommend looking for a cybersecurity mentor?
There are a few approaches to finding a cybersecurity mentor. Connect with people on LinkedIn and keep track of different online and in-person networking opportunities. Local meetups, conferences and other events can be a great way to quickly build your network.
“Also, if you want a mentor, be a mentor,” Malloy said, noting that there are programs on a national and international scale “where you can go into middle schools and high schools and find students who have an interest or a peak in science, technology, engineering and mathematics.” Cyber Patriot, for instance, offers several ways for you to support young people interested in STEM while learning and growing yourself.
Another option besides the vertical relationships of mentor and mentee, you can also join study groups and build horizontal relationships as you prepare to enter cybersecurity. You can find study groups available on LinkedIn as well as on the TechExams cybersecurity forum.
6. How can I make my cybersecurity resume and interview stand out?
If you want your resume and interview to stand out, you’ll need to be strategic in both how you get experience under your belt and how you portray your experience in your cybersecurity resume and interview. Some accessible ways of getting experience include participating in cyber competitions, doing volunteer work, having a personal project or mentoring someone from high school or middle school.
“If somebody had cyber competitions on, we put them at the top of the list automatically, right? It shows they have initiative. They're playing around and they're tinkering” Galloway said. “If they've worked on any projects, open-source projects or anything like that,” she adds “or they've done volunteer work,” it shows that “you really do want to be in this industry. You really are taking the time to actually learn and grow and build your skills outside of your regular job.”
Once you gain hands-on experience like this, take the time to learn how to unpack your experience and reframe your idea with the STAR Framework:
- Situation: explain the situation or problem in detail.
- Task: describe your role in the situation or problem.
- Action: mention the steps you took.
- Result: share the outcomes and what you’ve learned from the experience.
You can find more on the STAR method and other interview tips in Infosec's free ebook, Cybersecurity interview tips: How to stand out, get hired and advance your career.
FREE role-guided training plans
7. Is it ever too late to pursue an entry-level cybersecurity position?
It’s never too late for you to enter the cybersecurity industry. More generations are alive and participating in the workforce at the same time than ever before in human history. Just as human resource departments need to evolve to promote diversity and equity by race and sexual orientation, they should also promote multigenerational workplaces as well as anticipate challenges people of different accessibility levels experience.
You also have the advantage of experience. Even if you’ve never worked in cybersecurity before, you bring unique skills that can help you contribute to a team. For instance, National Cyber Security Awareness Month is “all about human behavior” says Malloy. “Behavior is an equation of motivation, ability and being prompted. I can trick you by sending you a text message or an email or even call you and use deep fake technology, artificial intelligence and modify your behavior because of a prompt that you're going to respond to” — all because of that pesky inevitable carbon factor.
Your experiences in and outside of IT will play a role in what you can accomplish in a cybersecurity position. Your achievements and past experiences are a strength. Your age doesn’t determine whether or not you’re willing to learn and engage in creative problem-solving.
Want your cybersecurity career question answered by experts? Check out the Infosec events page for upcoming episodes of Cyber Work Live.
Get unlimited and self-paced training for you or teams in your organization with Infosec Skills.
- 190+ role-guided learning paths
- 100s of hands-on labs & cyber ranges
- Custom certification practice exams
In this Series
- 7 entry-level cybersecurity career questions, answered!
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity