Decided you want to enter the cyber security field?
Your chance of landing a cyber security role is determined by four factors: experience, education, certifications, and networking.
The below diagram shows a typical progression of roles within IT. Whilst the “Information Security” section stands out as the most relevant for cyber security roles, all professions on the graph can be relevant to cyber security.
IT positions are famously ambiguous. This roadmap uses titles represented on popular job boards.
These are not silos. You can, should, and will move inbetween categories. This is intended to give you an idea of what is "next". Just try to move generally to the right side of this roadmap as you go.
It is important to understand that during a cyber security career, professionals will often pivot between the different IT fields. An experience in numerous IT fields allows for a greater understanding of systems, networks and environments. Knowledge in all these areas will aid you in your career in cyber security, as well as prove to potential employers that you have the necessary skills.
If you have zero knowledge, learning from the sites listed below will allow you to test the waters and see if you enjoy the content. All the sites listed below have free options, which gives you room to try them out before committing to this path of learning. These will be your best option before considering the formal education, experience, and certifications.
Hands-on cyber security learning.
You can access many free modules.
Option for premium learning pathways to reinforce your knowledge.
Good for learning networking.
Good for learning offensive security.
Also gives you access to learning pathways for blue team/cyber defenders.
A good starting point for beginners.
Good for learning offensive security.
Does not hold your hand or guide you too much.
Less beginner friendly than TryHackMe, maybe move onto this after you gain some knowledge.
Hands on.
Blue team training.
Simulated Security Operations Centre environment.
Gamified platform.
Good for learning: Incident Response, Digital Forensics, Security Operations, Reverse Engineering, and Threat Hunting.
If you’re still interested in cyber security after completing some initial work, focus on the four key factors to land a role.
It first must be established that whilst there are some entry-level roles in cyber security, many cyber security professionals will enter the field on the back of experience in IT. This is because it is difficult to ensure the security of something that you don’t have a detailed understanding of.
Working in an IT role prior to entering the cyber security field allows you to gain a practical understanding of technological infrastructure and networks, which are vital foundational blocks in cyber security. This is not a necessity, but technical experience is a powerful factor that you are able to leverage.
You can also gain tangible experience by completing bug bounties. Bug bounty programs offer rewards to ethical hackers for discovering vulnerabilities in their systems. This is especially applicable to those who are interested in penetration testing as a career, as there is a significant amount of overlap in the two skills. You can use websites like Bugcrowd, which will give real experience in discovering real vulnerabilities for companies (plus you get paid, which is a bonus).
A degree in cyber security or a related field will be beneficial to finding a role. This includes but is not limited to computer science, ethical hacking, cloud computing, and information security.
Other options of education include apprenticeships and degree apprenticeships. These are ideal as they give you both an education, often formal qualifications, as well as real-world experience.
If you are based in the UK, you can find apprenticeships here.
The UK government is offering funded “skills bootcamps” for those who wish to learn IT and cyber security skills. These courses can be up to 16 weeks long and may be helpful if you prefer course-style teaching.
Certifications are proof that you are capable of certain industry tasks. They are one of the most important factors that employers will look at on your CV. If you don’t have the relevant formal education, such as a degree, certifications may be the best option for you.
Relevant beginner-level certifications include:
CompTIA Network+.
CompTIA Security+.
CCNA (Cisco Certified Network Associate).
Certified Ethical Hacker.
You should branch out to others in the cyber security space to increase your chances of being employed. LinkedIn is a good platform to do this – regularly post your accomplishments from HackTheBox, or your bug bounties. You should try and contribute to the community, so that you can become recognised.
Another way of networking is physically attending events. You can search here (Eventbrite link) to find cyber security events local to you, purchase a ticket and then engage with local leaders. The more often you show your face, the higher chance that someone will be interested in what you have to offer. Ensure that you show enthusiasm for the sector and a willingness to learn.
Have you got your education, experience, certifications, and now you’re ready to network?
Build a portfolio. A detailed portfolio, demonstrating your applied skills, as well as projects you have worked on, will give you the best chance of landing a role.
