How to get into cybersecurity: A guide for career building

From entry-level to more advanced career paths, there are plenty of opportunities for figuring out how to get into cybersecurity.

Consider the latest cybersecurity job numbers:

• Get exposure
• Pick a path
• Diverse paths
• Unconventional experience

Cybersecurity remains a critical topic of discussion in tech today. From ransomware attacks taking down entire hospital networks to data breaches impacting hundreds of millions of people at a time, these challenges are constantly in the news.

Companies are scrambling to find productive ways to combat cyber-attacks. Successful management of cyber risk means having the right team of experts on board to execute on a robust security strategy. 

The challenge, however, is that the industry is experiencing a mass shortage of talented and qualified cybersecurity professionals. Now is a great time to build a career in cybersecurity to meet this demand. But how do you know where to start? Here are a few tips:

Ad

cybersecurityguide.org is an advertising-supported site. Clicking in this box will show you programs related to your search from schools that compensate us. This compensation does not influence our school rankings, resource guides, or other information published on this site. Got it!

Featured Cybersecurity Training

Get exposure to the various domains of cybersecurity 

When someone introduces themselves as a doctor – a curious person who knows anything about the industry will likely ask, “What kind?” Eye doctor? Foot doctor? Pediatrics? The list goes on and on. The same logic applies to cybersecurity. 

Depending on who you talk to, there are at least 15 to  20 different domains in cybersecurity and dozens of roles to choose from. Each requires a different skill set and thought process. This guide contains examples of different cybersecurity career paths. The bottom line is that it’s hard to know where your passions and skills may align unless you get the exposure and try different things. 

I suggest taking a brief online class that can give you a fundamental overview of what cybersecurity is. You can find classes through online training platforms like Udacity, Cybrary.it, Coursera, Udemy, Khan Academy, etc. This guide contains more specific info about finding cybersecurity courses online.  If you are a formal student currently, see if your school offers cyber security classes and consider taking one! 

It’s also common to categorize domains in three areas: 

1. Management 
2. Technical 
3. Senior leadership

The management domain is all about the oversight of cybersecurity within the organization. Though it’s important to understand as much as you can about technology and the technical nuances behind cyber risk, this area tends to be less technical than others. Instead of configuring systems or getting deep into operational support, a career path in this space entails using business savviness, organizational management, and soft skills to programmatically manage security. 

In the technical domains, you’d likely be digging into systems, data, tools, and networks a lot more with the aim to technically prevent, detect, and respond to cyber threats. Finally, like any industry, company culture and leadership plays a critical role in the success of the business, making the senior leadership domain very important.

Pick a career development path or, better yet, mix it up 

There are so many ways into security. I know people like me who studied it in school and got in. I know people who were once nurses, biologists, historians, law enforcement officials, lawyers, and more who now work in the cyber security space. There isn’t really a preferred path. The truth is that the majority of the people who are leaders in cyber security today don’t have formal education backgrounds in the disciplines because it simply didn’t exist a few years ago. 

With that in mind, below are a few options for building your path.

Consider diverse paths into a cybersecurity career

1. The formal education route: Today, more schools are offering degrees in cyber security. I ended up getting a master’s degree in Information Security from the University of Houston and a Ph.D. in Security Engineering from the University of Colorado that really helped catapult my career in cyber. If you want to take the education route, look into programs at various schools, read reviews, and determine if that’s an investment you can and want to make.

2. Alternative program/training route: If a formal degree isn’t an option or desire for you, there are also technical programs that are surfacing to help people fast track their careers in cyber security. Below are a few examples, but there are tons of others. Do your research:

• EC-Council
• Department of Homeland Security
• Year Up
• Cybersecurity-related bootcamp training programs

3. The self-taught route: Leverage Google to do research on the industry. There is a lot of free information online regarding cybersecurity. When I wanted to build my expertise, I used them all. For example, the greatest hackers aren’t just learning how to hack in school. Many of them are self-taught. The same can apply to other domains as well. You can read content online, set up your own lab, and try teaching yourself about the industry. One challenge to keep in mind is that while many companies are progressive and focus more on competency than credentials, many still have stringent degree and certification requirements. This doesn’t mean that hope is lost. It means that first, you need to make sure you are really good at what you do. Secondly, you need to seek out progressive companies that are open-minded about qualifications.

4. The certification route: There are cybersecurity certifications that can help you build your credential pool and skill set, whether you’ve chosen any of the paths above. Some examples include CISSP, Security+, CEH, and CISM, and tons of others. 

5. The hybrid route: Lastly, there is the hybrid route. I’d say this is the path that I took and probably the best option. Doing a mix of formal education, self-taught learning, technical trade classes, and certifications allowed me to learn as much as possible about the industry and grow at a faster pace. Doing so gave me exposure to so many different domains of cybersecurity, and it allowed me to discover what I loved in the industry quickly. Once I found that sweet spot, I began to excel even more because I loved what I was doing and got pretty good at it.

Unconventional paths to experience

A big challenge in cyber security is that it’s such a high-risk area that companies tend to prefer people who have done the work before. It’s a Catch 22 because there aren’t enough experienced professionals without jobs to fill that need. 

What it means for people early in their careers is that having a degree or certification helps, but experience talks! I got creative to solve this problem for myself by always interning or working full-time in cyber security while learning at the same time. I did this by shadowing professionals, doing internships, apprenticeships, and more. I also volunteered to do cybersecurity projects for non-profits and startups who were more willing to take a chance on me while I built up experience. 

No matter what industry or path you are transitioning from, these are great ways to start building up experience.

Conclusion

Building a career in cybersecurity can be extremely rewarding. With the right exposure to the various domains and career paths, along with a creative strategy for building up experience – you’re well poised to succeed! 

Frequently asked questions