The Definitive Guide for Getting into Cybersecurity
This StartaCyberCareer.com series will show you how to get into the cybersecurity field, even if you don’t have any experience or a degree. If instead you’re interested in learning cybersecurity, go here for our series on the best strategies to learn cybersecurity. If you’re not sure if cybersecurity is right for you, check out our resource on how to know if cybersecurity is for you, which can help you make an informed decision.
Table of Contents
- Getting Into Cybersecurity: The Basics
- Common Yet Generally Ineffective Ways to Get Into Cybersecurity
- How to Get Into Cybersecurity With No Experience
- How to Get Into Cybersecurity Without a Degree
- Our Recommended Strategy to Get Into Cybersecurity Fast
- Get Into Cybersecurity Step #1: Assess What’s Missing From Your Resume
- Get Into Cybersecurity Step #2: Begin Building Your Own Documentable Education
- Get Into Cybersecurity Step #3: Create Your Own Cybersecurity Experience Opportunities
- Get Into Cybersecurity Step #4: Completing the Resume and Marketing Yourself
- Get Into Cybersecurity Step #5: Finding the First Opportunity
- Getting Into Cybersecurity FAQ
Getting into Cybersecurity: The Basics
So, you want to get into cybersecurity, and you’re looking for the best way to get there? We’ve trained hundreds of aspiring (and now current) cybersecurity professionals, and interviewed dozens of employers to find out what the best path is for someone to get into the cybersecurity field. Everything we’ve learned from our experience and research has been compiled into this ultimate guide that you can use to get into cybersecurity, no matter where you’re starting from. This approach has worked for every person we’ve mentored and worked with that has followed it.
If you’re interested in getting into cybersecurity, you’re choosing a great field at a great time. We love cybersecurity as a career option because it is an exciting, fast moving and ultra in-demand career field (check out our article on the incredible demand for cybersecurity professionals if you don’t believe us), and one which is open and available to just about everyone (we say just about everyone because criminal backgrounds understandably impact cybersecurity career opportunities. If this is a concern for you, look at our resource on how to get into cybersecurity with a criminal background.)
What we mean by “open and available” is that cybersecurity as a career field isn’t burdened by the regulations or requirements that a lot of other high paying professional fields have, such as passing the bar, graduating from medical school, or earning and maintaining a license, which we see in careers such as law, medicine and accounting, for example. In those fields, you must attain some sort of third-party qualification before you can even start. Cybersecurity is different.
In cybersecurity, if you’re knowledgeable and clearable, you’re good to go. And if you’re really knowledgeable, the opportunities (and salaries) can be staggering.
Common Yet Generally Ineffective Ways to Get Into Cybersecurity
A quick search online will show you plenty of forums that are full of opinions on the best ways to get into cybersecurity. There are lots of potential ways to get there, and current professionals have found success using a variety of methods. That’s all well and good, since any method that ends up helping someone get into the cybersecurity field is positive, at least for that person. Let us repeat that: We recognize that people in the field currently got there through a variety of paths.
Interestingly, aspiring cybersecurity professionals have a wide range of preconceived notions about the best path to get into cybersecurity. For example, you may have heard that the best way to get into cybersecurity is to:
- Finish your degree first, then look for a job
- Attend a technical training school that prepares you for certifications
- Earn a specific certification, or group of certifications
- Hold out for an entry level job in the specific niche that you’d like to specialize in
If you subscribe to any of these strategies or think that they’re the way to go, then you have a different perspective than us. At StartaCyberCareer.com, we don’t recommend any of these approaches because they 1) don’t make you well rounded, 2) take way too long, and most importantly, 3) don’t help you compete against the several thousand other people that are doing the same exact thing. In other words, they may work for some people but are just not the most effective way for the majority of people to get into cybersecurity that we’ve seen. Again, these methods will work for some people, and they may even work for everyone eventually, but we want to use the best way to get into cybersecurity the fastest.
Our Recommended Strategy to Get Into Cybersecurity Fast
Instead, we believe that you if you’re serious about getting into cybersecurity, you need to live and breathe this stuff. Which means you need to be well rounded and all in. Think about it: Because cybersecurity as a profession doesn’t naturally have excess regulation and requirements, we can leverage this flexibility to get started building our skills now and add to them as we grow. We don’t need to wait until we pass the bar to start practicing. We don’t need to wait until our license arrives in the mail. We can start building skills now and add on other qualifications as we go, which is exactly what we recommend you do. We explain what the best entry-level cybersecurity jobs are here. Take a look at that to make sure you know what you’re shooting for.
Get Into Cybersecurity Step #1: Assess What’s Missing From Your Resume
And here’s where you start: Your first task in your effort to get into cybersecurity is to do what you need to do to build the ultimate entry-level cybersecurity resume, because if you do that, than you’ve naturally become well rounded and employers will hire you.
If you don’t know what the ultimate entry-level cybersecurity resume looks like, head over to our article that explains in detail how your resume needs to look in order to get hired, but the quick overview is that you need to have (and therefore build up your resume in) six key areas, which are:
- Professional Summary, which outlines your technical skills using keywords so that a database search will find you
- Professional Experience, which is any experience that can be related to cybersecurity in any way, including positions that showcase soft skills such as customer service, sales, management and teamwork, all of which employers look for and desire
- Education, which shows you’re currently enrolled in something and moving forward in your education
- Related Volunteer Experience, which helps you increase your documentable technical experience when you don’t have much, and shows you’re a good, community-minded person who is willing to give and not just take
- Certifications, which show that you go above and beyond the classroom and formal education to prove your knowledge, and
- Professional Associations, which show that you consider yourself a professional in this field and take it seriously (and as a by-product will help you meet people in the field)
Take a look at these six areas, and quickly assess how many of these you actually have covered. How many of these would be empty on your resume if you were to write it this way? If you don’t have all the qualifications to list in all six areas, or some of the six are weak, you have some work to do in order to build your best chances of getting into cybersecurity. The good news is, these six areas of the resume will serve us as our guide as we move forward with our plan to get into cybersecurity.
If at this point you’re feeling overwhelmed or would just like more information or direction in a key area of the resume that I’ve listed above, you can take a moment now to check out our resources on:
- How to leverage volunteering to build cybersecurity experience
- Why you need to earn certifications if you want to compete for entry-level cybersecurity jobs
- The best entry-level cybersecurity certifications you can knock out pretty quickly
If needed, check out any of these resources in order to learn more about what we mean for these areas, and then come back to this page to continue with your “Getting Into Cybersecurity” plan.
Using the Resume to Identify Target Areas for Improvement
What we’ve identified in this first step is that we want to use the prototypical perfect resume (and the six areas that it should contain) as a tool to evaluate what we need to start working on in order to get into the cybersecurity field.
For this step, take a look at this downloadable template (see below) and quickly fill out what things you can add in each area. This will be the roadmap you’ll follow to assess what you need to work on first and where you need to move forward.
Once you’ve reviewed the template and filled in the answers, move on to the next step, which is to assess your educational goals and what education you need to start pursuing. Let’s look at that now.
How to Get Into Cybersecurity Without a Degree
One of the biggest perceived challenges cited by those trying to get into cybersecurity is the ability to get into cybersecurity without a degree. Because of that, let’s address how a college degree fits into the equation for getting into cybersecurity.
Open positions in cybersecurity, especially those at higher levels, are almost always posted with degree requirements, and quite often those requirements are as high as a master’s degree. We’d like to point out now that 1) those positions are usually not entry-level, 2) just because an employer is asking for that qualification doesn’t mean they’re going to find someone with it, and 3) having the requested degree without experience would make you appear unqualified anyway.
We’ve covered the difficulty of cybersecurity degrees and the role that bachelor’s degrees play in cybersecurity here, so if you need that information, you can check it out. In fact, our full article on how you can get into cybersecurity without a degree is here, but this is the general idea:
You can get into cybersecurity without a degree, but you’re going to need to be in a particular situation, based on our experience. This situation involves you:
- Having some prior IT or technology experience
- Having some military experience that is related to security in some way
- Having one or more cybersecurity-related certifications
- Having the ability to accept an entry-level job and the salary that comes with it
From our experience, your ability to get into cybersecurity is going to rely on one or more of these things. If they don’t apply to you, you may be in a more difficult situation regarding getting into cybersecurity without a degree in hand.
Get Into Cybersecurity Step #2: Begin Building Your Own Documentable Education
In our quest for getting into cybersecurity, we’ve already assessed our resume and looked for areas that we need to work on. Now that you’ve done that, we move on to step #2, which is to focus on our education. Here is our strategy for cybersecurity education, based on what education you’ve accomplished thus far:
- If you already have a cybersecurity, computer science or other related degree, then you’re strong in this area. If you’re following our process and already have a degree, we recommend that you either 1) do nothing right now regarding your education since you have that covered, or 2) enroll in a free online cybersecurity class of some sort. That way you can document on your resume you’re still pursuing education, without it costing you money. Cybrary.it is a good option for this.
- If you don’t already have a cybersecurity-related degree, consider whether you want to pursue one now. Knowing that most higher-level cybersecurity positions require one means that if you choose to pursue cybersecurity as a career for the long haul, you very well may need to get a degree sooner or later, and at the very least, you know you’ll be benefitted in salary and opportunities if you do. So if you’re following our process and do not have a degree, we recommend that you either 1) enroll in a college cybersecurity degree program that you can afford, or if you’re not willing or able to do that due to cost or some other factor, 2) enroll in an affordable online cybersecurity class of some sort.
What we’re accomplishing in this step is that we will now have documentable education that we can add to the education section of our resume (and that we can afford) and we can show we’re working to improve our knowledge.
Take the time to complete this second step now on your way to getting into cybersecurity, based on which situation you fall into above. Once you’ve done that, you can move on to our third step, which is to build experience.
How to Get Into Cybersecurity With No Experience
The other big challenge cited by those trying to get into cybersecurity is the difficulty of getting into cybersecurity when you don’t have any cybersecurity experience. Let’s take a look at our strategy to get into cybersecurity without experience now.
How can you get into cybersecurity with no experience? You can get into cybersecurity without experience by gaining cybersecurity knowledge in a documentable manner through training and certifications, supplementing that knowledge with volunteer or personal technical experience, and networking in professional cybersecurity settings to meet potential employers and others that can help you.
Before you jump to the conclusion that this is easier said than done, let’s evaluate what we’re talking about here. What we’re describing is simply building up the other five areas of our resume that we looked at in step 1 above (all of the others besides professional experience) in order to minimize the perceived weakness that a potential employer may see in our lack of experience.
For example, I said above that to get into cybersecurity with no experience you’ll need to do three things, which are 1) gain knowledge that we can document, 2) find experience opportunities outside of the general employer-employee relationship, and 3) get out and meet people that can move our career forward. These things fall exactly in line with the other areas of the resume that we’ve discussed above, including certifications, volunteer experience, education, and so on. Let’s now take this concept and turn it into our next step on our pathway to get into cybersecurity.
Get Into Cybersecurity Step #3: Create Your Own Cybersecurity Experience Opportunities
If you’re following along so far, in step #1 above you used our resume template to identify areas that need to be addressed to make you a stronger candidate for entry level jobs, and in step #2 you identified and added documentable education to your resume. We tackled education first so that we can now use that education and the knowledge that comes with it to find opportunities to gain experience.
Therefore, here in step #3, we’ll identify opportunities and then put our knowledge to use toward those opportunities to further build out our experience qualifications. If you want to do a deep dive into how to build cybersecurity experience, you can go to our article here, but the general idea is that we want to build experience through any and all of the following ways:
- Completing technology projects for friends and family
- Volunteering to complete technology projects for local organizations
- Competing in organized cybersecurity competitions, such as hackathons or Capture the Flags
- Building up our own personal technology resources, and gaining hands on practice there
What you’ll notice about these opportunities is that they all have an advantage in that they can be finished in a short period of time and are much easier (and quicker) to attain than a regular job.
Our first option above is to complete technology projects for those that we know and that we can help. This may sound small, but it does move you in the right direction and gets others to see you as knowledgeable in this area. Consider opportunities to help those you know set up their home internet service, or a new wireless router, or a new computer system. Look for opportunities to help those you know update their computers or check for security or virus issues or simply to back up their files.
Its worthwhile to take a few moments to consider the technical help, no matter how small, you’ve already provided to those around you. This is our first step in building experience and it should open your eyes to other ways to help those around you in a similar manner. I want to point out again here that this is worthwhile and not to be overlooked, because this provides you with several things, including hands on experience with specific technologies, an opportunity to communicate technically with a person who is in a customer-type role, and a reference point for when you move on to the next step.
Our second option above is to complete volunteer opportunities related to technology support. I’ve explained in detail the importance and process of completing technology-related volunteer work in this article, but in short, this is a way to add volunteering to your resume and more technical experience at the same time. Consider those organizations around you and in your area that could use your help. Examples I’ve actually seen before have included:
- refurbishing computers for needy children through a local non-profit
- installing computers for a non-profit private school
- providing elementary school teachers with technology assistance and education
- teaching school children how to code in an after-school program
- teaching children how to fix computers or the basics of cybersecurity through a church
- upgrading or updating systems at a local church
- teaching a parents’ advice seminar on how to keep their kids save online
- teaching a technology course to adults with special needs
- tutoring college students in cybersecurity
- installing wi-fi service for the local community association
- building a website for a local non-profit
- presenting on the current state of cybersecurity to the local rotary club
- presenting on staying safe online to a senior community
The point here is that the options are endless if you’re creative and are willing to connect with the people around you. Keep in mind that volunteering in any of the ways I’ve just mentioned, and listing those items on a resume, does a few things for you. It makes you appear to be a good person invested in your community, it is interesting enough that most potential employers will be curious and ask you about it in an interview, and it is yet another form of experience in that you are providing technology-related service to another person.
It’s important to address an important point at this time, and that is that some of you may be wondering if these types of experiences are close enough to cybersecurity to help you. It’s true that much of what we’re discussing here could be considered general IT work. I’d like to assure you that this is perfectly fine, since this is the exactly the kind of technology that has security issues anyway, and it is a great stepping stone to move you into higher level cybersecurity concepts.
Our third option above to build cybersecurity experience is to get involved in competitions. Know that most competitions do not require much experience at all, and that they are available in every community, as well as online. This means that you can (and should) get involved in these now.
Build Your Own Technology Resources
The last suggestion in this step, where you’re building your experience opportunities, is to begin to build up and use your own technology lab. This doesn’t have to be extensive or expensive, and you can build this over time, but it is very helpful to have equipment at your disposal where you can practice with virtual machines, practice coding exercises, configure networking equipment, and so on.
In order to begin building your own setup, be on the lookout for any equipment that is being discarded or given away, and if it’s salvageable, it may be worth it for you to take it in and give it a new purpose. Secondly, online platforms like eBay have lots of equipment available for pennies on the dollar that still work and can provide good practice opportunities for you. Just because something has completed it’s useful life for a business doesn’t mean that it’s worthless to you or me. Be on the lookout for the kinds of equipment you’d like to get your hands on.
Now that we’ve provided some examples of how you can begin to build experience, let’s get moving on this step by downloading our Cybersecurity Experience Brainstorming Worksheet and finding ways that we can start to build experience. Fill out the worksheet and then pick two or three items you’ve uncovered and get started building experience.
Get Into Cybersecurity Step #4: Completing the Resume and Marketing Yourself
At this point, you may feel like you haven’t accomplished much and still don’t know anywhere near enough to get into cybersecurity. But you are moving in the right direction by starting to work on documentable education and experiences, even it they are just starting and are minor. It takes a lot of hard work to make a major change like this, but you’re taking the right steps.
At this point, we want to round out the rest of the resume. That means we want to begin looking for associations we can belong to, and if we have some background technical knowledge, possibly begin pursuing a certification.
It’s really important to begin looking into professional associations that you can join and participate in, and it’s never too early to begin this step. This process will round out your entry-level resume and provide you with the connections you’ll need to find job opportunities, whether they are part-time or full-time.
If you’ve chosen to enroll in a college program from step #2 above, look into student clubs on campus. Join any that are related to technology or provide good opportunities for networking with others. Ask the student life office as well as your instructors for options. Get signed up and start attending.
Look into professional associations related to cybersecurity or technology in your area. You may be surprised to find that they do exist and are active in your community. Simply search for “cybersecurity professional association” or “information technology professional association” to get started. Look at the webpage for your local town’s chamber of commerce. You could even call their office to ask. There are often several different professional associations in one area, and they always know about each other. Get signed up and start attending.
It may be too early for you to pursue certifications if you’re really new to all of this, and if you’re taking classes, you may not have the time for study. But if not, adding a single one-exam certification, such as CompTIA Network+ or Security+ will really do wonders for you job prospects at this point because they are so well recognized by employers. Look at our suggestions for the best entry-level certifications here and see if pursuing one now makes sense for you.
Get Into Cybersecurity Step #5: Finding the First Opportunity
It’s now time to put the job search into high gear. Sending out resumes is fine, but don’t fool yourself into thinking it’s always effective. Your best approach to finding an entry-level opportunity at this point now that you have a few experiences and are pursuing your education is to do all of the following things:
- Send out resumes to any entry-level jobs you see posted
- Attending professional association events as described above and communicating to people that you are looking for an opportunity
- Letting the people around you know that you’re looking for an opportunity, including your family, friends, neighbors and teachers
- Have business cards ready and available in case you meet someone. Have them printed at a site like VistaPrint.com, and keep the back of your business card blank so that you can write down someone else’s information in case they don’t have a card to give you
- Practice mock interviews with a few different people before every interview you’re offered.
- Go to every interview you’re offered, even if it’s not quite what you want. You’ll need the practice and it will help you determine what you don’t want as well as what you do want.
A few things to point out at this time:
- Always send an email thank you note after every interview to the interviewers. I’ve seen this put people over the top to get the job.
- Employers are not going to tell you why you didn’t get the job (at least not the real answer.) Don’t be naïve in thinking that they will because it’s too risky from an HR perspective for them to do so.
- Always bring copies of your resume and a pen and portfolio to write on to every interview. Showing up empty handed makes an applicant look unprepared and inexperienced.
- It’s better to be 15 minutes early than 1 minute late.
- Dress professionally.
Getting Into Cybersecurity FAQ
Let’s take a few moments to answer some of the frequently asked questions that we hear from people that are following our recommended steps to get into cybersecurity.
Are all of the steps to getting into cybersecurity necessary?
The steps aren’t absolutely mandatory, but done together they will give you the best chance of success. Many people have and will be able to get into cybersecurity without volunteering, or getting a certification, or going to networking events, for example, but all of the steps are advisable because when they are done in combination, they give you the best opportunity to accelerate your timeline to get into cybersecurity.
What is the biggest mistake people make when following the steps?
Many people like to skip certain steps because they’re hard or they take a lot of work, or because they push them out of their comfort zone. Unfortunately, this often harms their overall progress, even though they don’t realize it at the time. Don’t skip anything so that you can have the best odds of succeeding. Ready to Earn Your Security+?See Our Recommended Security+ Study Resources
Someone advised me to focus on school first, then look for jobs. What about that advice?
That advice is bad for most people. I’ve seen parents, spouses and even college guidance counselors recommend to people to focus on their schoolwork exclusively, or upon graduation only focus on applying for jobs. This approach is the same as just about everyone else’s on the planet, and it therefore makes it nearly impossible to differentiate yourself from the crowd. I know people that followed that advice and are still looking for jobs years later.
How long should I expect this to take?
If you’re really following all of the steps, it could take between two and four years, although I’ve seen it done in as little as 12 months. It depends on where you’re starting from and how hard you work. For some people, especially those that work full time while pursuing this goal, it could certainly take somewhat longer. We’ve covered in detail how long it can take someone to get into cybersecurity in this article, including some additional strategies you can use to speed up the process.
How hard can I expect this to be?
Getting into cybersecurity takes a lot of time, dedication and persistence, but it’s also important to keep in mind how hard your job will be in the end. We’ve covered how hard cybersecurity can be in our article here.
Is cybersecurity changing too fast to keep up?
As you’re working to get into cybersecurity, it’s important to know that cybersecurity is a wide field with many different specialties, and those will continue to change and evolve over the years. There are job titles and specialties in cybersecurity that will exist 15 to 20 years from now that don’t now. That’s why in some ways we do children a disservice when our school systems force them to pick a career path so early, often in junior high school. The reality is that the jobs these children will be working in as adults don’t even exist yet, just like cybersecurity didn’t exist when I was in school. How do you prepare for a job that doesn’t even exist yet? You learn to be a great lifelong learner.
If you do complete the process of getting into cybersecurity and stay in the field for the long haul, you’ll probably have many different jobs, including ones you haven’t even thought of or maybe even heard of. And that’s okay. You’ll be ready and prepared as long as you’re always learning and increasing your cybersecurity knowledge.
What are some of the downsides of the jobs that I may get?
We covered this is great detail in our post on the pros and cons of cybersecurity jobs, but to summarize, as you’re getting into cybersecurity you should be aware that many of the jobs that you’ll be applying for will:
- Require some amount of odd hours or on-call work, because people and cybersecurity attacks don’t just happen from 9 to 5.
- Require that you learn new things daily, and continue to learn new things outside of work on your own time.
- Require you to utilize non-technical soft skills, such as customer service and teamwork.
- Have many interesting parts, as well as some tasks that are not as enjoyable.
Have you ever seen the process not work?
No. Not when all of the steps are followed.
Have you ever seen someone be unsuccessful in their effort to get into cybersecurity?
Yes. No career field is for everyone, and some people find out early on that they don’t enjoy the work or are not cut out for it. Others are unsuccessful simply because they will not apply themselves to these steps.