7 Guaranteed Ways to Become a Cybersecurity Pro

This article provides a process that you can follow to become a cybersecurity expert within 3 to 5 years, depending on your background knowledge. If you’re just getting started in cybersecurity, you can view our getting started guide here. We also provide an article about cybersecurity learning strategies for those ready to learn.

There was an interesting conversation I walked into recently with a few students that were learning cybersecurity.  They were discussing if it was possible to become a cybersecurity expert, which seemed so far away to them since they were just starting on their journey.  I offered up a few comments and moved on, but the topic got me thinking about whether there was a guaranteed way to become a cybersecurity expert. Could there be a defined path that guaranteed a way to become a cybersecurity expert, if someone would just follow the steps?  I believe there is, and here is the way to do it.

In this article, I will explain 7 actions that anyone can take, and that if done correctly and consistently, will guarantee expert status in cybersecurity in 3 to 5 years, depending on where you’re starting from.  Here they are:

Form the Habit of Reading First Thing in the Morning

To get started on your journey to cybersecurity expert status, the first new action I want you to take on is to begin immediately to build the habit of getting up one hour earlier than you need to, and dedicating the first hour of each and every day, seven days a week, to reading in the field of cybersecurity.  (If you don’t feel super motivated by this first action, consider that it’s been said that reading one hour a day in your field can make you an expert in three years, and world-class in five.)

Expert Action #1:  Read in cybersecurity for one hour each day, first thing in the morning.

Set your alarm, get up and grab your coffee quickly if that’s what you need, but immediately sit down with a book or a tablet and get started reading on the topic of cybersecurity.  Do not stop reading until an hour has passed. Be sure to watch out for a few pitfalls, such as surfing the internet without realizing it, or checking your email. Get right into the reading, and continue until an hour has passed.

It’s okay to jump from one book or piece of reading material to the next, as long as they all relate to cybersecurity.  In fact, you’ll probably find it difficult to read just one thing for that entire hour, because it can quickly become a lot to absorb.  This habit will change your level of thinking and your knowledge within a week, and it can compound quickly. Think about it: What you’re able to read and understand after six months will be much higher than what you’ll be able to read and understand in the first week.  This habit builds knowledge that builds on top of itself, making you better and better each day.

Here are some things to watch out for, and some strategies to put into place to make this habit work for you:

  1. Wake up at the same time every day, including on weekends.  This will ensure you don’t skip a weekend day.
  2. Pre-plan what you’re going to read the night before.  This will help you avoid drifting around and reading worthless material.
  3. Build a ritual, including grabbing a coffee and going to the same spot in your home, where it’s quiet and comfortable.
  4. If you live in a cold climate, have a light jacket to put on when you get out of bed, that way the transition from warm bed to cold room is less unpleasant.
  5. Review a few things you learned each reading session, no matter how small.  This will reinforce that you are really learning new things and keep you motivated.
  6. Turn off the internet access, or block all sites except for the blogs you’re going to read.  It’s too easy to get online and start wandering.
  7. Don’t check the news.
  8. Don’t check your email.
  9. Don’t check Facebook or social media.

Here are a few things you can start with on your reading journey:

  1. Any cybersecurity textbook or certification guide
  2. Books about cybersecurity history and hacks
  3. Major cybersecurity blogs, such as Schneier on Security, Krebs on Security or Hacker News
  4. Borrow a few books from your local library to have on hand

Don’t move on to implementing the rest of these steps until you begin and commit to this first action step of reading for one hour every morning.  It’s important to build the discipline to do that before you stretch into the next actions. If you’ve done that, it’s now time to move on.

Get Access to a Lab Environment

You’re now reading a good bit, but that of course is not going to be enough.  You need to get hands on, and do that as soon as possible. Labs are great because they all you to try things out and learn from hands-on experience, but still provide the safety of not causing damage to a real system like you would have in a work environment.  There are two strategies to getting hands on in a lab environment, and in order to become an expert, you’ll need to do both.

First, it’s worth investing in an online virtual lab service.  There are probably a few out there, and usually you can try them out before you buy.  Look online for coupons as well, and you may be able to get a good deal.

One that I’m familiar with, and that has been pretty decent to use, is Cybrary’s Insider Pro option (you can read our Cybrary review here), which can be a little costly but does have some nice options.  Cybrary has built this service as really a conglomeration of a bunch of other existing services, meaning that while they do have home-grown content, they are really serving as a central platform for other services as well, which is fine in itself.  The great thing about a platform like this is that there is always something else to read or learn there, and they are adding things faster than you can read them. And they are therefore likely to have some material on whatever it is that you’re looking to learn at that time.

The labs in Cybrary’s paid option, in many cases, connect you to real virtualized machines within their providers system, which means you’re getting a chance to get hands on in a lab environment.  The labs are documented with step by step instructions and walk you through whatever it is that you’re supposed to be learning.

Expert Action #2:  Get access to both an online lab service and your own personal in-home lab.

In addition to signing up for a virtual lab service, you should additionally build your own home lab or network.  This will give you access to the hardware of the lab as well, which is important. Look for free equipment that is being given away by family or friends, or check on Craigslist.  Download free virtual machine software and ISOs and set up multiple operating systems to work with. Look on eBay for cheap used equipment that ships free and has a 30 to 90 day warranty.  Going this route, you can easily get equipment that originally cost thousands for as little as a few hundred dollars.

Get Live Work Experience Immediately

Since we are on the 3 to 5 year plan to cybersecurity expertise, you’ll need to get working in a real-world environment at some point, and the sooner you do that, the better.  For this step, look for an opportunity to get working as an intern, a volunteer, or a student aide if you’re going to college. (Volunteering is a great option to get started, see our guide on how to find volunteer opportunities here.) Either part-time or full-time will work. The most important thing is to find some opportunity and get going with that as soon as possible.

Many people at this stage don’t feel that they’re ready and assume they can lean on their lab work from the previous step as their hands-on learning option.  That’s not going to be enough, because a live work environment is real, and therefore unlike any lab. In a real environment, results matter, and that makes all the difference.  The realness of the work experience here is a learning tool that forces you to complete the task you’re assigned, and do it well, without causing any harm. It also puts you in an environment with others, all of whom can be great to learn from.

Expert Action #3:  Find and begin live cybersecurity or IT-related work experiences immediately.

Keep these things in mind as you consider getting started with building work experience:

  1. Work opportunities are available for everyone at every level, including entry-level.
  2. You may be able to find remote work as well, with opens up the number of possibilities beyond just those that are near where you live.
  3. It’s understandable and almost expected to leave any opportunity after a year or so, however it is not advisable to leave any job after only a few months, unless the situation is unethical or completely not beneficial to you in any way.  Employers will have to spend a few months training you up in most cases, so leaving after a few months is frustrating to employers and detrimental to your reputation.
  4. Keep your LinkedIn profile updated, and allow recruiters to contact you in your account settings.

Focus On Learning One Topic at a Time

You already know that you’re going to be doing a lot of reading and study if you want to become an expert in cybersecurity.  Another strategy that you need to implement while you’re learning is to focus on a single topic at one time and work to master that before you move on to another major topic.

If you’re dabbling in several topics all at the same time, it becomes really difficult to master any one thing.  Learning something to the level that you need to be effective takes time and focus. If you’re only spending 15 minutes a day with a new technology, you’ll barely make any progress and you’ll end up spending most of that time reviewing what you covered the prior day instead of forging ahead.

Expert Action #4:  Focus on learning one cybersecurity topic until mastery before moving on to another one.

Here’s a great way to go about focusing and making it work effectively for you.  First, make a list of all of the topics that you need to learn or want to learn in the coming six months or so.  Evaluate all of the items on the list and pick one by answering the question – which one of these will have the greatest positive impact on me right now.  This will help you decide which one you should start on first. Continue to put all of the items in order of importance. Items two through the end will be put on hold until you complete the item before it.  Then begin to work on the first item until you’ve mastered it to a level of competence in which you can add it to your resume and an employer would be willing to pay you for that skill.

Commit to Earning Two Certifications Each Year

Certifications in cybersecurity are important to some employers and not important to others, but they have two big advantages for you as you are working toward cybersecurity mastery. 

First, by committing to earning a certification, you are forcing yourself to focus on one topic until you have a strong working knowledge of the topic.  You can use the certifications themselves as organizational tools to help you choose which technologies to focus on first, second, and so forth. For example, you could focus on learning networking by pursuing the Network+ or focus on learning penetration testing by earning OSCP or CEH certifications.

Second, earning a certification provides validation to you that you have focused and learned a topic to a certain level of mastery, which is positive reinforcement and a good guidepost for you to assess how you’re doing.

Continue to earn one certification every six months related to topics that you’re interested in, for the first 3 to 4 years (we’ve reviewed the best entry-level cybersecurity certifications here).  After that time, you can slow down and focus on earning more difficult certifications, perhaps with the goal of earning one every year.

Expert Action #5:  Commit to earning two certifications each year for the first four years.

If you follow this process, you’ll have six to eight certifications under your belt in the first few years, which is proof of a great deal of knowledge that has been acquired.  That will certainly help you on your road to cybersecurity expertise, as well as your path into the workforce.

Commit to Attending Two Cyber Conferences or Events Each Year

There are cybersecurity events, get togethers, networking groups and conferences all the time in every area of the country.  You should consider attending these, and in order to make it worth your while, you should look at attending one every six months.  This amount will keep you in the know and updated, while still allowing you to choose only the events that are worthwhile to you.

Expert Action #6:  Commit to attending two cyber conferences each year.

Attending cybersecurity events is a great way to meet other professionals and to learn about the latest happenings in the field.  These events give you the chance to find out about new job openings and also feel like you’re part of the cybersecurity community.  More than a few people have made job connections at events like these, or made a connection that could put them in connection with someone else that could move their career forward.  This is why so many senior level cybersecurity professionals make it a habit to attend events like these, even though there is a cost associated. Another advantage is that you may even find that your employer is falling behind in technology (when you compare to others at the conference), and that may give you an indication that it’s time to move on.  Don’t miss out on this opportunity.

Teach Cybersecurity to Others

The last step on your path to cybersecurity expertise is to find an opportunity to teach cybersecurity to someone else.  This can be teaching at the college level, teaching adult education or computer basics classes to beginners, or volunteering to teach at a local non-profit or church.  You could offer to do a free seminar on cybersecurity safety online, or a talk on the latest breaches in cyber. 

Expert Action #7:  Teach cybersecurity to others.

This type of opportunity puts you in a position where you have to be sharp and knowledgeable in order to field any questions that may come your way.  In order to teach something to someone else, you must fully understand it yourself. Once you’ve completed the other steps in the process toward expertise, consider teaching as a way to bring yourself and your knowledge to the next level.


With regular, consistent effort and diligence, you can get yourself to a high level of expertise and proficiency in cybersecurity.  Follow the steps above and always keep learning new things. If you do, you could get yourself to that level in three to five years, depending on what level of knowledge level you’re starting from.

Matt Day

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity and technology training fields. He has a degree in Computer Information Science and CompTIA A+, Network+, Security+, Server+, CySA+, and Cisco CCNA certifications. Matt is the author of the book CCENT Troubleshooting Guide.