Getting a job in any field without experience can be a real challenge.  This is the old chicken-and-egg scenario that we have all heard about: Every job requires experience, but how can you get experience if no one will give you a job?  Fortunately for those of us pursuing a cyber-security career, there is a good work around that we can use to get cyber security and technical experience that employers will value, even though we don’t have a job yet.  Let’s take a look at this process now.

So, how can you get cyber security experience without a job?  The best way to build cyber security experience when you don’t have a job is to follow the process of 1) building a base level of technical knowledge to share, 2) implementing some sort of technology on a personal level as proof, 3) gaining real-world technical experience in a volunteer setting, and 4) building experience through cyber security competitions.

I’m sure this all sounds easier said than done.  And you may also be wondering if this process will actually work.  I have seen it work many times, but if you’re not sure where to start, read on as I explain exactly how to build up cyber security technical experience using my four step process.

Knowledge comes before opportunity

Brian Tracy said that success always has a price, and that price must be paid in full, and paid in advance.  In other words, you have to put in the work first before you can acquire the benefits of success. The same holds true for our quest to gain cyber security experience.  You can’t get cyber security experience in any realistic setting if you don’t even know what a computer is, for example. Because you have to have a foundation to build from, your first step will be to build a basic level of technical knowledge that you can use later on in your experience opportunity.

Step #1:  Build up a base level of technical knowledge

To get started, spend some amount of time every day learning about computers and technology.  A good place to start is to review basic computer repair and networking information, such as material for the CompTIA A+ or Network+ exams.  This content is always a good place to start because every organization has a computer and a basic network, so these skills can be used to help just about anyone.

By studying and learning a little bit every day, within a very short amount of time you will build up a foundation of technical knowledge which will surpass the level of knowledge that most people have in general.  If you get serious about studying and learning everyday, you should be able to build up this base level of knowledge within a few weeks or so, if you don’t have it already.

Hopefully you see the point here:  If you were to spend only one hour each day for the next four weeks reading on technology, you will have gained more technical knowledge than 90% of the planet.  This knowledge is what separates you from everyone else and opens the door for experience opportunities in the next few steps.

Step #2:  Complete a basic technology project for yourself or someone you know

Almost everyone that has no experience starts building experience by working on odd technology tasks for family and friends.  This could be repairing a computer for a neighbor, setting up a internet router for your house, setting up a new computer for a grandparent or installing wifi in a friend’s house.  These are all basic tasks that you can figure out how to do since you’ve been learning in step #1, and it is something that you can reference once we move on to step #3 and take our technical knowledge out into the world.  And this may be something that you’ve already been doing anyway, which just means that you’re a step ahead.

Step #3:  Offer up your technical knowledge in a volunteer setting

So far, nothing we’ve done is really resume worthy in that it would convince an employer to give us a job.  In this step, we’ll change that by providing technical help to a non-profit organization in a volunteer arrangement.

Volunteering, or what I call related volunteer experience, is critical for your efforts to gain cyber security experience, because these things get to go directly onto the resume.  Unfortunately, they are one aspect of a resume that many people overlook. Work-related volunteer experience can have a positive impact on a resume in that it can substitute for basic experience for those that have none, and it also speaks positively about someone’s goodwill and personality.  I have personally witnessed applicants with little experience get hired by senior hiring managers because they were impressed with the technical volunteer experience on their resume. Talk about being effective in getting cyber security experience.

How to line up volunteer experience

Think about it:  Most nonprofits and local organizations have technical support needs but do not have technical support resources.  With that in mind, brainstorm the organizations that you, your family and your friends are associated with. These groups are easier to get connected with because you’re already connected in some way. Consider what churches, recreation councils, non-profit organizations, private schools and small businesses are in your area.  What are your personal interests and passions and what local organizations are related to these interests? Once you’ve narrowed down who you’d be interested in helping, connect with them and ask them how you can help. Give them time to consider what needs they may have. A good way to approach this is to ask them to consider their needs and let them know you’ll circle back with them in a week.  Give them the opportunity to ask around the office and brainstorm internally. And do all of this in person. This is more effective than email. By far.  Read our full article on how to leverage cybersecurity volunteer experience here.

Making sure the volunteer experience will be valuable

I’ve found one of the best ways to verify a project or volunteer experience will be resume-worthy for those trying to build cyber security experience is to measure it against three parameters.  If you meet these three parameters, you are virtually guaranteed to have a great project or volunteer experience that a hiring manager will want to hear about.

  1. Need – Make sure the work you’ll be completing serves a true need for the organization.  The last thing you want is a project that is just busy-work or one that really doesn’t move the organization forward.  For example, if you offer to take out the trash for me, but it’s already been done or it’s something I can do for myself, then you’re not really meeting a need and are at risk of completing a project that doesn’t have much impact.
  2. Impact – Make sure your efforts will result in a positive impact for the organization.  If you worked on a project that was needed, but they aren’t any better off for you having been there because you didn’t complete the project or deliver results, then that’s nothing to write home about.  Make sure your work created a positive impact for the organization.
  3. Expertise – Make sure you’re leveraging your expertise and technical knowledge.  There are plenty of ways to volunteer, but you want to make sure the work focuses on the skills you want to sell to an employer.  Going back to our prior example, you could volunteer to take the trash out for me, but it’s far more impactful if you fix a computer system or provide some coding, because it’s much more likely to be something the organization can’t do for themselves.  This is what makes it a strong addition to the resume.

Step #4:  Start attending cyber security competitions

At this point, you’ve gained a little background knowledge and you’ve helped out someone by volunteering.  You’re starting to get positive momentum. If you’re following along so far, now is the time to take the final step in our four step experience building process.  This step is so often overlooked by beginners that it’s almost criminal. It’s time to begin attending cyber competitions.

You may not be aware of what I’m talking about here, and that’s okay, so let me give you the basics.  First, there are cyber security competitions everywhere, and they run at least monthly in most cases. Second. many are free.  Third, most don’t require any background knowledge at all. Just sign up and bring your laptop. Fourth, all of them provide a great opportunity to get experience.  To get moving on this step, just do a Google search for cyber security competitions in my area or capture the flag competitions in my area.

Following these steps as outlined here will build up your experience and start moving your resume into a place where talking with employers about jobs that can get you even more experience can start becoming a reality.  Don’t skip any steps and just go for it.  To learn more about cybersecurity competitions, what they are, and how they work, check out our article here.

Step #5:  Tell everyone you know about your cybersecurity work

One step that many of us overlook, and quite a few of us feel uncomfortable with, is advertising what we do and our successes.  Just like Ted Turner said, “work like hell and advertise.”  We have to put the work in, but we also need to tell others about the work that we are doing and want to do.

I’m not great at this personally.  I prefer to operate under the radar.  But it’s best if you can get the word out about the first four steps.  Tell those you know about your interest in cybersecurity, what you’re learning, where you volunteered, and the competitions you went to.  This will help spread the word about your interest in getting more experience, and it will help you feel like you’re becoming part of the cybersecurity culture.

Related Questions

Is cyber security hard?

Cyber security is probably equivalent in difficulty to any other knowledge career that requires continual education.  Cyber security generally is not physically demanding and doesn’t require excessive hours, but does require dedication and determination in order to stay relevant.  Read our full review about cybersecurity difficulty here.

How long does it take to get into cyber security?

For a beginner, a reasonable timeline will be three to five years, depending on whether someone is studying full time or part time, and what career goals they have.  Getting into a general information technology position first will be quicker.  We have this topic covered pretty well – you can see our full guide on getting into cybersecurity here.

About the author 

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity, and technology training fields. He has a degree in Computer Information Science and CompTIA A+, Network+, Security+, Server+, CySA+, and Cisco CCNA certifications.