Can I start a career in cybersecurity with no experience?
The market for cybersecurity professionals is crying out for new entrants. Reports like those from ESG, who publishes an annual survey on the state of IT, show this quite clearly. In their 2018 report, they identified cybersecurity as the area most in need of skilled personnel.
The report also identified that the need for cybersecurity skills is increasing year on year; in 2014, 25% of respondents had a shortage in skills, while in 2018, 51% stated they needed more staff with cybersecurity skills. In terms of the number of staff required, a recent (ISC)2 report predicts that there will be a gap of 1.8 million jobs in cybersecurity by 2022.
The market for cybersecurity skills is evident but how to make yourself marketable to a company is still a question in many people’s minds. Can you enter the profession without any prior knowledge, for example? Do you need to do a specialist degree in cybersecurity? Do you have to be able to write software code to become a cybersecurity pro?
These questions are valid, and without an answer, they may prevent some of the best people from entering the profession. This article will hopefully help you to find answers and set you on a path to an interesting and well-paid cybersecurity career.
FREE role-guided training plans
What types of jobs are there in cybersecurity?
Cybersecurity as a profession has a wide scope, and it’s good to remember that cyberthreats are based on psychology as much as technology. Human-centered cybersecurity research is being carried out by organizations like The Hague Security Delta, who place emphasis on the approach. Jobs in cybersecurity range from the deeply technical to research to management. With this in mind, here are some jobs to consider when thinking about a career in cybersecurity:
Penetration tester
This is well-suited to a person who has both a business and a technical mindset. The role is sometimes called an “ethical hacker” because you are testing an organization's network for vulnerabilities; thinking like a hacker helps to do this. The role is usually not performed alone: you would work as part of a wider team to cover all of the possible vulnerabilities and aspects of a system. Often, penetration testers will specialize in specific areas of pentesting.
Generally, penetration testers will have an analytical mind, but they work best when they understand the business and the operations of an organization. Communication skills are a must for penetration testers, as you will need to create reports on findings and sometimes be required to communicate these to non-technical audiences.
Security software developer
All of the world’s top companies have security departments, and many need developers to work on software. However, even non-security-related software needs to be written using secure coding practices. If you already write software code, prepare yourself by getting to grips with OWASP’s secure coding practice guidelines.
Development of security software is a hot area to have skills in, allowing you to offer those skills to the many companies across the world that require them. Check out Cybersecurity Ventures’ top 500 security companies for future reference when looking for a job as a security software developer.
Security auditor
This is a role for someone who is diligent and pays attention to detail. A security auditor is tasked with keeping a record of an organization's computer security controls and measures. The auditor will create regular reports on the security measures' effectiveness and create metrics to demonstrate this. They will also offer suggestions on improving the measures by working with company managers. Compliance is their middle name and they need to have a good working knowledge of relevant data security regulations.
Security architect
This job will have you working at a technical design level, designing the fundamental architecture of your organization’s systems. As a security architect, you will be responsible for ensuring that the technical specifications of the architecture are secure.
Human behavior also has to be considered when designing a secure architecture. Often the security architect will work with a security auditor to ensure the smooth implementation of a system.
Product manager
Cybersecurity companies have products that need to be managed. The role of a product manager is one which requires a deep knowledge of the product and its models of use. It also requires strategic vision to help to develop the product’s competitive edge.
Data governance and compliance officers
Most industries have at least one data protection regulation to comply with. In addition, global frameworks and laws such as GDPR are putting pressure on all industries to step up to the plate and apply robust data protection. Larger organizations may have full-time compliance officers that deal with compliance issues and ensure the company meets its regulatory obligations. However, shortages of consultant positions such as Data Protection Officer (DPO) are also an issue since the advent of the GDPR.
Chief information security officer (CISO)
This is a strategic position in an organization which works to minimize cyber threats through smart strategic measures. Increasingly, the CISO acts as a spokesperson for an organization, especially when that firm has had a serious cybersecurity incident. The CISO is where the buck stops in terms of cybersecurity as they act as the head of cybersecurity across the organization.
Do I need a degree in a cybersecurity-related field?
The short answer to this question is “not usually,” but it depends on the job and the employer. You definitely don't need a specific degree in cybersecurity to get into the field, but if you want to study for one, it certain won’t hurt you and might result in a higher starting salary.
A general computer science or information technology degree can help you to get a grounding in various aspects of computing and ease your first steps into the industry. You can then take certifications to focus on more security-related aspects of computing. Other degrees, such as science subjects or mathematics, are also useful to have because they train you in analytical thinking.
Many STEM courses will also have business or management modules, useful for certain computer security positions. But it is important to remember that many people who work in the sector have come in without a degree or with non-computing degrees.
What types of certifications do cybersecurity professionals have?
A study by McAfee found that organizations rate experience and certifications over formal qualifications like degrees. The report stated that, “most respondents believe that experience, hacking competitions, and professional certifications are better ways to acquire cybersecurity skills than is earning a degree.”
Arguably the most prestigious of all certifications is the International Information Systems Security Certifications Consortium (ISC2) Certified Information Systems Security Professional (CISSP). This certificate is comprehensive, covering many areas of cybersecurity. You do need to have some work experience in relevant areas to sit the exam. However, if you are just starting out, some of the more foundational certifications include:
- Certified Secure Computer User (CSCU): A basic certificate to begin building your knowledge by becoming security-aware.
- CompTIA Security+: An entry-level exam to prepare you for a career in information security.
- Certified Information Security Manager (CISM): Ideal for IT professionals wanting to retrain in cybersecurity.
- Certified Encryption Specialist (ECES) which gives you the basics of applying encryption.
Once you have some experience of working in cybersecurity under your belt, you can progress your career by sitting more advanced certifications offered by bodies such as:
- International Information Systems Security Certifications Consortium (ISC2)
- CompTIA
- EC-Council
- CREST
- International Association of Privacy Professionals (IAPP)
FREE role-guided training plans
Where can I network with cybersecurity professionals?
Degrees, certifications and experience are all useful things to have to begin and progress a career in cybersecurity, but networking is also useful too. There are many organizations, both formal and informal, that bring cybersecurity professionals together. Conferences are also great places to network and to build knowledge. Here are a few to check out, but also look for local “Meetups” too.
- LinkedIn has many security-focused groups — find one that suits your interest area
- Insecurity is an organization that brings cybersecurity pros together
- RSA Conference
- Infosec Europe
- RANT — another networking organization for those in security
- BlackHat USA
- Identiverse
Who is a useful cyber security pro to follow on twitter?
If you can’t make it in person to conferences and networking events, keep up to date with the information security industry by following folks like:
- Sandra Ragg @SandraRagg
Works for the Australian government and focuses on building a secure online society.
- Troy Hunt @troyhunt
Troy is the person behind HaveIBeenPwned.com, which lets you know if your online accounts have been hacked.
- Brian Krebs @briankrebs
Journalist specializing in cybersecurity and always on top of the latest security breaches.
- Bruce Schneier @schneierblog
The godfather of cybersecurity, well-respected and highly knowledgeable.
- Mikko Hypponen @mikko
A top cybersecurity researcher.
FREE role-guided training plans
Conclusion: The time is now to move into cybersecurity
Don’t allow your lack of experience or qualifications put you off a career in cybersecurity. The industry is crying out for people from all walks of life to enter this exciting area. If you are good at problem-solving and you like a challenge you should definitely think about transitioning into the information security industry. You may need to polish up some of your computing skills by taking certifications, but many of these can be done online and in your own time; it is totally possible to move sideways into cybersecurity by building a portfolio of certifications. The experience will follow, and soon you’ll be calling yourself a cybersecurity professional.
FREE role-guided training plans
Sources
- ESG Research Suggests Cybersecurity Skills Shortage Is Getting Worse, ESG
- OWASP Secure Coding Practices, OWASP
- Cybersecurity 500, Cybersecurity Ventures
- Hacking the Skills Shortage, McAfee
- Global Information Security Workplace Study, Center for Cyber Safety and Education
In this Series
- Can I start a career in cybersecurity with no experience?
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity