Alex - stock.adobe.com
How to get into cybersecurity with no experience
Cybersecurity needs new talent now more than ever, but landing that first job without a computer science degree can still be difficult. Here are five tips for getting in the door.
The security field has a much-discussed skills shortage and an abundance of job openings. Experts regularly urge hiring managers to consider a broader, less homogenous pool of candidates. Yet, many aspiring cybersecurity professionals still find it challenging to break into the field without traditional credentials.
The following five tips can help you get into cybersecurity with no experience.
1. Research, research, research
A successful cybersecurity career requires curiosity and a love of learning. It makes sense, then, that one of the first steps in breaking into the field involves research. Read widely, and dig deep to learn about the following:
- cybersecurity roles you might want to one day hold; and
- companies where you might want to one day work.
Eventually, the typical practitioner focuses on developing expertise in one area of cybersecurity. But, to start, pursue a broad understanding of a variety of security domains, which, in turn, helps inform your future career choices.
Aim to learn something about each of the following:
- data governance and regulatory compliance
- security operations
- access control
- help desks
- penetration testing
- security product development
- ethical hacking
- digital forensics
- IT security
- network security
Each of these areas requires different soft and hard skills and suits certain personalities and preferences better than others. Seek out expert content on blogs, podcasts and YouTube -- try Gerald Auger's and TechTarget's channels -- to help you home in on which specialties resonate most.
After identifying a position that interests you, such as cybersecurity analyst or pen tester, for example, search social media for folks who currently hold similar titles. Message and politely ask for 15 minutes of their time.
If they agree, go to the appointments prepared to pick their brains about their day-to-day tasks, what they like and dislike about their jobs, and how they have navigated their cybersecurity career paths to date. Their insights could help you decide if a particular role is right for you and, if so, how to achieve it.
A good way to learn about potential employers is to read online posts by current and former employees. Search social media sites, such as LinkedIn and Twitter, as well as smaller, security-focused communities on Slack, Discord, GitHub, etc.
2. Cybersecurity skills development
After identifying an area of cybersecurity that interests you, start working to master the fundamentals and acquire technical skills.
While many entry-level security hires today do have bachelor's degrees in computer science or a related subject, some combination of self-directed learning, cybersecurity boot camps, online courses and professional certifications can provide the necessary educational and hands-on experience to help land that first job.
The educational resources that are most relevant vary depending on your target domain and its associated skill set. For instance, if becoming a security analyst in a security operations center is the goal, start by studying data security, as well as common cybersecurity threats. Check out resources such as LetsDefend, RangeForce and TryHackMe.
If you want to become an incident responder, you need a deep understanding of network security, computer forensics, cybercrime and attack techniques.
Aspiring pen testers should consider learning a programming language, such as Python or Java. They also need several other skills, including a solid understanding of web application security, network security and OSes, including Windows, macOS and Linux.
3. Cybersecurity certifications
Some of the most successful cybersecurity professionals don't have industry certifications, so they are certainly not necessary to succeed. That said, certifications are helpful in catching the eyes of recruiters and hiring managers and getting past automated resume screening systems.
For someone just getting started in cybersecurity and looking for entry-level positions, investing in an educational curriculum that culminates in an evaluation and certification may well be beneficial. CompTIA Security+ is one such offering that provides a solid baseline understanding of the field and has a high degree of professional credibility.
Other reputable certifications include CISSP, Certified Information Security Manager and Certified Ethical Hacker.
4. Soft skills
While the cybersecurity community doesn't often discuss soft skills, they can set job candidates apart from the competition.
Consider those with work experience as sales clerks in the retail industry, for example. They could apply their customer service expertise in a user-facing security role and their social skills in building relationships and bridges among security colleagues and other organizational stakeholders.
Highlighting such soft skills in entry-level job applications, during the interview process and on social media can help an aspiring security professional stand out from the crowd.
5. Social engagement
In today's digital environment, social media isn't just for socializing. LinkedIn, for example, is a great place to network with security pros, learn about the field and build a professional brand. Consider these tips for getting the most out of the platform:
- Follow strategically. To generate a curated feed, try subscribing to the following:
- Relevant hashtags. The Top-Hashtags site has a good list for cybersecurity.
- Cybersecurity industry leaders and practitioners. Identify individuals whose points of view interest you, and hit the bell icons on their profile pages to get notified when they share new information.
- Industry organizations. Professional groups, such as Information Systems Security Association International, (ISC)2 and ISACA, regularly post helpful educational and informational content on their pages.
- Engage. Make meaningful comments on others' content, and contribute to professional conversations.
- Share. Consider posting about your professional journey and what you learn as you progress, with the goal of sharing information and demonstrating expertise. Many potential employers and partners appreciate an active professional presence on social media.
For instance, you might consider writing about past or current work experience and exploring how it overlaps with information security. Military, legal and law enforcement professionals, for example, often have strategic know-how and investigative skills that readily translate to the field.
LinkedIn and Twitter can also be good places to learn about community groups and events, both digital and in person. In addition, DEF CON groups, BSides, Meetup and others offer educational and networking opportunities for everyone from beginners to seasoned cybersecurity professionals.
Security will almost certainly continue to see a growing job market in the years and decades to come. Being purposeful, thoughtfully investing time and energy, and keeping an open mind can go a long way in opening doors to a new career in the cybersecurity field.
A guide for how to become an ethical hacker