I was asked how to get hired inro your first Cybersecurity role. There are lots of great blogs and opinions on this topic. This was my response (order of operations will be different based on where you are in the journey), I thought since I get asked this often from my students I would memorialize it in a blog post.
Please keep in mind that I work and teach cybersecurity and adjacent topics at a major US univeristy, I acknowledge that I have my own biases that influence my response to this question. The first thing you need to keep in mind as there is no ONE way, or RIGHT way to break into cybersecurity. just know since about 2023 the cybersecurity job market has been in complete chaos mode; in 2025 alone there were 150K tech layoffs and that talent is competing for all the open tech jobs, yes including cybersecurity roles. Whichever path you forge for yourself it is going to have lots ot twists and turns, some losses along the way and some milestones to celebrate. Some would tell you that cybersecurity is a sub-speciality to information technology, and with any speciality field you will need to master the fundamentals before entering into your dream role.
Keep in mind that the entry level space is very crowded and extremely competitive. There is no easy button. Cybersecurity is as much a lifestyle as it is a career. The social media influencers would have you believe that all you need is to take their cybersecurity course on LinkedIn, Udemy, or their privately hosted academy. They will follow-up that up with now you need to rack up a series of certifications. I am not here to sell you anything, but I am here to tell you that a bootcamp course and a Security+ certification isn't going to land you your first job. Are certifications required? No! Is a college degree required? No! HOWEVER, in a job market where canddiates are piling up certifications and seemingly well educated, not having industry recognized credentials sadly may drop you a notch or two on the candidate list. Employers are looking cyber unicorns, from my mouth to God's ears...THERE ARE NO ENTRY LEVEL CYBERSECURITY UNICORNS. Don't try to be one, you will fail. Hell, I would fail and I have 25 years working in cybersecurity.
1. Educational Foundation:
Start with a solid educational background in computer science, information technology, or a related field. Don’t discount fields such as business, math, physicis, and liberal arts!
A bachelor's degree is often preferred but not always mandatory which is a fairly new phenonenom. When a degree is not feasible showing evidence that you can learn new things is important. Take advantage of platforms like Cybary, Plurasight, TryHackMe, Hack The Box, Rangeforce, (there are TONS of these sites). Develop a personal learning plan that maps to your ideal cyber role and stick to it! To repeat myself, education doesn't always mean going to college, it's about learning a new disipline and showing you can learn.
2. Learn the Basics:
Gain a strong understanding of computer networks, operating systems, and programming languages like Python, Rust, and (yes) Java. Lots of roles will NOT require you to program or code. Having a solid understanding of OSes and Networks is important even in a no security engineering role. Scripting will allow you evaluate, streamline, and automate many cyber related tasks.
3. Cybersecurity Fundamentals:
Study the fundamentals of cybersecurity, including concepts like encryption, authentication, access control, and security protocols. You should be able to define and explain why the basics are important and they can be applied to a use case to protect people, systems, networks, applications and data.
4. Certifications:
- Consider earning entry-level certifications such as CompTIA Security+, Certified in Certifird in Cybersecurity (CC). AWS, Google and Microsoft have very strong cloud certification paths, which are free most of the time. Again, not easy, it will take EFFORT.
5. Hands-On Experience:
Set up a home lab to practice and experiment with different cybersecurity tools and techniques.
Participate in Capture The Flag (CTF) challenges and online platforms like National Cyber League, SANS netwars and SANS holiday Hack challenge. There are hundreds of CTFs annually.
6. Networking:
Attend cybersecurity conferences, workshops, and local meetups to network with professionals in the field.
Join online forums and communities to connect with like-minded individuals.
7. Online Resources:
Utilize online resources such as cybersecurity blogs, YouTube channels, and MOOCs (Massive Open Online Courses) to enhance your knowledge.
Remember that cybersecurity is a diverse field, and there are various career paths within it. Tailor your journey to your interests and strengths, and don't be discouraged by the challenges; they are part of the learning process. Good luck!
8. Internships and Entry-Level Jobs:
Look for internships or entry-level positions in IT departments, helpdesks to gain practical tech experience. There are still A LOT of hiring managers and recruiters that see Cybersecurity as a hard core IT discipline and getting pass these gateways to your new role may take a few years of general IT exposure.
9. Stay Updated:
Cybersecurity is a rapidly evolving field. Keep up-to-date with the latest threats, vulnerabilities, and security solutions by following news outlets, blogs, and industry reports. READ, READ, READ. And write about what you are learning. My PhD advisor (Melissa Dark) said to me repeatedly, if you're not writing about it, you're not thinking about it!!
10. Specialize:
Identify a specific area of cybersecurity that interests you, such as penetration testing, incident response, threat analysis, or cloud security, and aim to specialize in it over time.
11. Ethical Considerations:
Always adhere to ethical guidelines and legal boundaries in cybersecurity. Unauthorized hacking is illegal and unethical.
12. Build a Portfolio:
Create a portfolio showcasing your projects, certifications, and any contributions to open-source security tools or research.
13. Job Search:
Start applying for entry-level cybersecurity positions, such as junior security analyst, security technician, or IT support roles with a security focus.
14. Continuous Learning:
Cybersecurity requires continuous learning. Pursue advanced certifications and stay curious about emerging threats and technologies.
15. Professional Associations:
Consider joining professional associations like (ISC)², ISACA, or CompTIA to access resources and networking opportunities.
Remember that cybersecurity is a diverse field, and there are various career paths within it. Tailor your journey to your interests and strengths, and don't be discouraged by the challenges; they are part of the learning process. Good luck!
Want to FAST TRACK this? - Join the US Armed Forces! The US Air Force, US Space Force, US Army - All have cybersecurity jobs