This article is about effective ways to learn cybersecurity if you’re just getting started.  If you are instead looking for information on how to get into the cybersecurity field, you can view our guide here.  We’ve also provided an expected timeline for how long it can take to get into cybersecurity as well as strategies for getting cybersecurity experience.

I’ve helped dozens of my students learn cybersecurity, even when they were starting without any background knowledge.  So, when someone asked me about the best ways to begin learning cybersecurity, I began thinking about what the most successful students had done to learn the topic, even when they were starting with no background at all.

So, what is the best way to learn cybersecurity?  The best way to learn cybersecurity is not just from taking college classes – but from getting a combination of education and experience.  The means following a process to supplement college coursework with preparation for certifications, internship and volunteer experiences, cybersecurity competitions, and hands on practice.

This sounds fine in theory, but most of us would still wonder how to even get started in gaining that combination of education and experience.  Without a doubt, the process of getting started can feel overwhelming, so below I’ve laid out a step by step plan that anyone can follow.

Step 1 – Enroll in a College Cybersecurity Program

Many people are probably wondering if enrolling in a college program is an important step in learning cybersecurity.  The answer is yes.  There are three reasons why enrolling in a college-level cybersecurity program is a good idea, even given the costs associated with attending college.

1. Approved and vetted curriculum. College-level cybersecurity programs are a great place to start because their programs are almost always vetted by outside accreditors or advisory boards.  Colleges have a reputation of learning to uphold and they are increasingly choosing to connect with experts in the field to validate their programs and content.  Colleges know that their students need to get jobs after graduation, so they benefit by keeping their programs relevant.  Because of this, they have a stake in maintaining quality.
2. Enrolling places you around others that want to learn the field. There is a great benefit in getting out of the house and into a classroom.  Besides the engagement and effort that attending college requires, it also puts you in a room with a diverse group of people that want to better themselves and have a passion for learning cybersecurity too.  The connections you can make with fellow students are powerful, motivating, and are a good source of networking connections that you can leverage down the line.
3. Learn from local experts. Enrolling in a college program gets you face to face with instructors, who often are local experts in the field.  College instructors may have connections to employers or internships and are good resources for career advice.  They are also a good source of networking connections that you can leverage when looking for a job later on.

With these benefits laid out, it’s important to consider a few factors when looking into a college program.  Begin by researching college cybersecurity programs in your area and consider enrolling in one that matches your goals and financial means.  For most people, a community college or junior college is probably best.  Community colleges are cheaper, government supported, and student focused.

If you decide to enroll, just be sure that the coursework in the program is hands-on.  Even though it’s all the rage now, you may be better off avoiding college cybersecurity programs that are fully online.  These programs must resort to simulators and virtualized learning systems to provide the necessary educational environment, which is never going to be the same as working with the real thing.  These programs don’t exist because they are better, they exist because they are more convenient.

At this step, many people will wonder how difficult a cybersecurity degree will be to complete, or whether they need to get a bachelor’s or master’s degree to have a shot to get into cybersecurity.  Going to college, especially when you haven’t been in school for a while, can be a challenge, but is probably going to be worth the effort in the long run.  Check out our post about getting into cybersecurity without a degree to gain some perspective before you decide.

Step 2 – Get Involved in Extracurricular Learning Opportunities

Once you get enrolled in a college program, begin immediately to get involved in extracurricular learning opportunities.  The magnitude and scope of outside-the-classroom learning opportunities available within the typical college environment today is incredible.  Here are a few to look into ASAP:

1. Student clubs and student chapters of professional associations.  Cyber and tech related student clubs are popping up everywhere, and many technology companies and associations are now sponsoring college student clubs.  They don’t cost anything to join but provide additional learning opportunities and look good on a resume.
2. Check into scholarships and grant programs. Many colleges have additional agreements or scholarships with outside organizations that can provide external learning experiences.  Check with the career development or advising offices at your college to find out what they can offer.  Check back frequently as new opportunities can pop up quickly.
3. Sign up for a cybersecurity competition. Cybersecurity competitions such as hackathons and capture the flag events are everywhere now.  They usually don’t require a great deal of background knowledge and are a great learning opportunity.  Employers also love to see these on a resume.

The StartaCyberCareer.com Cybersecurity Career Roadmap.

You can download a copy of the Cybersecurity Career Roadmap here.

Step 3 – Study for and Pass a Certification

If you’ve followed steps 1 and 2, you’re now formally pursuing your education and building some basic experience, which are the two pieces to the “combination of education and experience” puzzle that we discussed earlier.  Now it’s time to take your cybersecurity learning to the next level.

For the next step, consider selecting and studying for (and obviously passing) a cybersecurity certification.  There are many to choose from that are entry level (here are the ones we recommend.)  Here are two reasons why you should pursue a certification:

1. Certifications force you to focus and gain a deeper understanding of cybersecurity. Certifications are effective in that, if you’re truly studying like you should, you’re forced to dig deep into the information.  By studying to the point that you can pass a certification, you’re moving yourself to a level of solid understanding and learning.
2. Certifications prove to yourself that you’re learning cybersecurity. When you pass a certification exam, not only does the world know you’re knowledgeable in that topic, but you know it too.  There is a lot of power in achieving a certification and knowing you’ve met that learning goal.

As you can probably tell by now, I am pro-certification.  While they can be overdone, they are still undeniably effective in building your resume and differentiating you from your peers.  And the level of learning you must achieve to pass them proves your learning is occurring.

Step 4 – Get Volunteer and Part-Time Entry Level Experience

Now we’re finally to the step where it’s time to get out into the world and learn cybersecurity by providing value to others.  Regardless of whether you get paid or not, applying the knowledge you’ve gained in the prior three steps in a real-world environment is crucial for your learning.  Here are a few thoughts to keep in mind as you pursue this step.

1. Every nonprofit and religious facility in your town lacks technical support but needs it. Religious centers, non-profits and other similar organizations use computers and technology, but nearly all cannot afford on-staff technical support.  Tech support is expensive.  Is there a way for you to help and get some technical experience?  Even basic IT support will help you as you learn cybersecurity.
2. Many employers can’t find full time employees and will settle for part time workers. The cybersecurity field is red hot right now.  The unemployment rate is low for cybersecurity professionals, which means employers are in a tough spot.  Many employers who intend to hire full time and experienced workers are forced to adjust to hiring part time and entry level.  This could be you.  And it can be you, because if you’ve been following the steps above, you’re now a cybersecurity student with a certification that has shown passion for the field through your extra-curricular activities.
3. Your college may offer part time and student worker opportunities in the technology department. These opportunities are often good because the college will work around your class schedule and provide you with a good technical learning experience in a non-competitive environment.
4. Don’t get focused on pay for your first gig. Remember, we’re just looking for learning opportunities, so it’s not to your advantage to become too concerned about pay for your first opportunity.

The steps outlined above do take time, dedication and determination, but that’s the nature of learning cybersecurity, or anything else for that matter.  The most important thing is to get started and take the first step.  You can check out our strategy to find a volunteer cyber or IT opportunity here.

Step 5 – Supplement with Online Course Options

There are a lot of great online courses that cover cybersecurity basics, and many of those are free or nearly free.  Taking an online course, even if you’re already enrolled in college courses (see step 1 above), is a great way to reinforce and expand your knowledge.  Online courses from platforms like Cybrary and Udemy have a lot of benefits that will help you in your pursuit of learning cybersecurity, such as:

1.  Huge variety of course topics available.  If you go to a site like Udemy and search for cybersecurity, you’ll see hundreds of different courses that cost as little as $10 each on nearly every facet of cybersecurity.  For that price, you can skip the sections that don’t interest you or that are already a review and not feel bad about the financial investment you made.  Even reviewing just one section of a full course and gaining knowledge from that can be worth the money.
2. Learn on the go.  One of my favorite things about online courses is that I can stream them from my cell phone from wherever I am, at any time.  And in many cases, I don’t need to actually watch the videos, but can just listen to the audio.  This has been a great option for me to keep my cyber knowledge always improving, even if I’m at the gym or driving.
3. Learn what you want when you want.  This has been a great strategy for me.  I have a whiteboard in my office with a list of topics I need or want to learn, in the order of importance of learning them.  I can pick up a course on each of those topics, one by one, and don’t need to wait for the most important topic to me to come up, as I would if I was taking a college class.

Related Questions

If I can’t afford college right now, how else can I get started learning cybersecurity?

Several companies have come out with online cybersecurity learning options that are pretty impressive.  PluralSight and SafariBooksOnline are two favorites, but they do charge a monthly fee.  For the quality they provide and the amount of pay cybersecurity professionals can earn, the cost is worth it.  Free videos on YouTube often have questionable quality, which means you’re going to acquire questionable learning, so these should be avoided in the long term.  Instead of YouTube, a better bet is Cybrary, which has a very nice library of free courses.

What certifications are best for beginners?

There are several (you can check out recommendations here.)  Consider your discipline in cybersecurity first, then do your research into related entry level certifications.  Decide if you want to pursue network security, forensics, penetration testing, etc., and go from there.  To vet the certification, look for what experience is required or recommended to sit for the certification.  Cross check those certifications with a search on Career Builder or Monster to determine demand in the marketplace.

What careers are available in cybersecurity?

Cybersecurity has proven to be an amazing field that continually provides new and exciting opportunities for professionals that are qualified and keep their skills up to date.  You can learn more about the many career options available to you in the cybersecurity field here.