Introduction Having a grip on cyber security is key to today’s digital world, and professionals try to keep information safe from those who may steal sensitive data and cripple business networks. They design secure networks and computer defences and try to fend off malicious online behaviour that might compromise business and personal cyber health. These practitioners keep an eye out for worms, trojans, rootkits, malware, and ransomware. It’s the same old scene, except now the bad guys have bigger and more sophisticated cannons. There is no end in sight because the actors are more motivated today. The rate of data theft and cyber crimes has been going up for a decade or more. According to research by US market intelligence firm Cybersecurity Ventures, the cost of cyber crime is forecast to reach $10.5 trillion by 2025. And the need for cyber security professionals is on the rise. Even with such a demand, a myth persists about what it takes to get into cyber security. Many would agree that an extensive IT cyber security experience is needed to enter the field. Interestingly enough, this is not the case. Of course, a technical background can be useful, but it isn’t necessary. There are many legitimate ways to enter cyber security from anywhere, whether you’ve had previous IT experience or not. This blog will lead cyber job hopefuls through those pathways, explaining the skills you need, the educational resources you can access, and the steps you can take to launch your own career in cyber security. Whether you want to make a career change or work your way into a new field, with this guide, you’ll have the knowledge and confidence it takes to get started on this dynamic and vital career. Understanding Cyber Security Understanding cyber security is like deciphering a complex code protecting the digital realm. Definition and Scope of Cyber Security Cyber security, also known as information technology security, is the practice of protecting systems, networks, and programmes from digital attacks. These cyber-attacks are usually aimed at stealing, altering, or destroying information; extorting money from users; or disrupting normal business processes. Cybersecurity spans a range of practices, including network security, application security, information security, operational security, and disaster recovery. 1. Network or network security is about securing the integrity, confidentiality, and availability of computer networks and the data held upon them through the use of hardware and software technologies. 2. Application security is about securing software and devices (not necessarily computers or even ‘digital’) so that they stay threat-free and keeping applications secure through their entire life cycle from inception. 3. Information (or informational) security is about securing the integrity and privacy of information, both at rest and in transit. 4. Operational security is about managing and protecting the data assets in an operational environment. 5. Disaster recovery (or disaster recovery planning) and business continuity planning are the processes by which an organisation aims to minimise the impact of a cyberattack or similar failure and recover normal operations as quickly as possible. Common Misconceptions About the Need for IT Experience One of the most common myths is that to get into cyber security, you need a wealth of IT experience and/or a very technical background. IT knowledge can certainly be helpful, but it’s not essential. Many of the skills that are important for a career in cyber security, such as problem-solving, analytical thinking, logical reasoning, and attention to detail, don’t require or, in some cases, actually rely on an IT cyber security experience. For these reasons, there are many entry-level roles and apprenticeships that offer training programmes to help you gain the necessary technical skills. In truth, the IT cyber security sector encompasses a wide array of abilities and subject areas, and many roles–from security analysts to compliance auditors–generally don’t require strong computer science knowledge and could be well-suited for those with a knack for analytics and organising information. Furthermore, there are plenty of short courses and online learning options becoming available for beginners to learn basic IT cybersecurity technical skills. Key Areas Within Cyber Security The term can refer to any one of several subject areas, each with a different focus on the protection of digital assets and infrastructure: Network Security: This is all about protecting a computer network from enemy attackers, whether they are targeted penetration experts or opportunistic exploit worms, by means of firewalls, intrusion detection systems, and virtual private networks (VPNs). Information Security: This includes protection of data from unauthorised access and breaches such as encryption, access controls, and data masking. Information security ensures data remains confidential, integral, and available at all times when needed. Ethical Hacking: Also called penetration testing, ethical hacking is performed on a system in order to expose its vulnerabilities before a malicious hacker finds them and pieces together a cyberattack. It’s basically the same technique used by malicious hackers, with a positive goal. Application Security: Concerned with making software applications more secure by discovering, fixing, and preventing security design flaws through code review, security testing, and secure coding practices. Operational Security (OpSec): Refers to processes and policies for the handling and protection of data assets, from encryption to the physical safeguarding of hardware. Endpoint Security: Protecting end-user devices, such as desktops, laptops, and mobile devices. This includes antivirus software and device control. By understanding these areas, people without an IT cyber security experience can identify the aspects of cyber security that fit their abilities and interests, making their path into the field clearer. Each of these areas has its own opportunities, and each requires a different skill set, creating multiple pathways into an IT cyber security career. Skills and Qualities Needed It’s entirely possible to launch yourself into the IT cyber security world even if you have no IT experience, particularly if you zero in on the specific technical and non-technical skills and traits needed to succeed. This section details the key skills you’ll need as you undertake the professional journey towards earning the title of cyber security expert. Essential Skills Essential skills are vital because they form the foundation upon which you build your capabilities. Analytical Thinking Analytical thinking is an important skill for cyber security. The ability to identify key components of a system, foresee structural weaknesses and cases of anomalies, and understand as quickly as possible the goals and operational behaviour of a range of threats is critical. Analytical thinking is about breaking down problems into smaller parts, comprehending their structure, and devising pertinent workarounds. It allows a black hatter to understand how a system is built and where the weak points are so that he can infiltrate it. Problem-Solving Problems lie at the core of cybersecurity. Being able to resolve security issues quickly and efficiently really counts. And that means using your problem-solving capabilities–your creativity, persistence, and logical mind–to come up with and put into action solutions to security challenges. From determining how to rectify a breach to the design and creation of a security protocol, your problem-solving skills will help you traverse and evade any challenges that arise. Attention to Detail Cyber security is the fine art of attention to detail. Errors are often caused by the smallest oversights. Therefore, professionals studying and protecting a system must be attentive to detail to ensure everything is secured at every step and lessen the chances that small signs of a possible breach will be overlooked. Soft Skills Soft skills are crucial because they empower you to communicate effectively, collaborate harmoniously, and adapt to various situations, ultimately enhancing your personal and professional relationships. Communication Communication is of paramount importance; cyber security personnel often need to explain data and technology in easy-to-understand terms while speaking to both technical and non-technical individuals. Communication is key to being a good team player, a good reporter to management, and a good teacher to end-users. Teamwork Since cyber security often works as a team effort, employees must work well with others. Teamwork with other IT departments, colleagues, fellow security officers, and other groups or departments allows a group of experts to have a meaningful collective effort and to fill potential flaws in the security scheme. Adaptability As well, because the world of cyber security is constantly changing, with new threats and new technologies occurring on an almost daily basis, adaptability is an essential soft skill that can help a professional keep up to date with the latest changes and adjust accordingly. Adaptability also helps ensure that the solutions and tools being used are fit for purpose and able to keep up with an ever-changing cast of threats. Technical Skills Technical skills are essential because they equip you with the expertise and proficiency needed to solve complex problems, innovate, and excel in this field. A basic Understanding of Networking No matter which aspect of IT cyber security you choose to enter (see Fundamentals below), you will absolutely require, at minimum, some fundamental knowledge of networking. This entails the basic architecture of a network, how packets (bits of data) flow back and forth between all the different elements (clients, servers, etc.) of a network, as well as how these networks can be secured against unauthorised access. Many of these fundamental networking skills can be acquired through self-paced online courses and some practice. Operating Systems Windows, Linux, and macOS are the three most commonly used operating systems nowadays. If you are interested in becoming a IT cyber security expert, you should know about these operating systems, namely: how they work, how they can be hardened, and how to find vulnerabilities. You can learn the basics for an O/S on your own, then there are online university courses, and of course "live" experience. Security Principles Core security principles, covering the areas of confidentiality (encryption), integrity (authentication), availability (denial of service), identity (provenance), and access control, underlie nearly every security protocol and should likewise be part of everyone’s toolkit at least at some level (whether formally via education and online certifications or by hands-on practice). Learning Without Prior IT Experience Fortunately, you don’t need to be an IT cyber security expert in order to teach yourself these skills. There are plenty of self-taught resources out there. 10 Bonus Facts About Zero: Online Courses & Certifications: Platforms such as Coursera, Udemy, and LinkedIn Learning provide wide coverage of high-quality training on networking, operating systems, cyber security essentials, and a whole host of other topics. Inevitably, these include a number of popular certifications specifically designed for beginners, such as CompTIA Security+ or Certified Ethical Hacker (CEH). Bootcamps and Intensive Training Programmes: Experiential, IT-focused cyber security bootcamps such as Cyber Bootcamp, Flatiron School, and Power Hour Trainings that are geared towards people without an IT cyber security experience. Hands-on practice: You can use a virtual machine to establish a home lab, as well as use online labs (such as TryHackMe or Hack The Box) to practise and reinforce your learning. Education and Training Pathways You don’t need to be an IT cyber security veteran to get into cyberspace; there are many entry points into cyber security via online courses and certifications, free or low-cost courses and training, and short-boot cybersecurity boot camps for those who learn best in an intensive environment. Each of these pathways provides a certain level of knowledge and skills. Online Courses and Certifications Courses taken online can be quite structured, helping learners stay on track, and often come with a form of certification that indicates you’ve completed the material. CompTIA Security+ and Certified Ethical Hacker (CEH) are among the best certifications available for beginners. CompTIA Security+ is a good first certification in cyber security for a few reasons: it covers important base concepts and relates to entry-level job roles such as help desk engineer, network engineer, and senior systems administrator. The course will cover a broad range of topics, such as network security, threat management, access control, and vulnerability management. Once you have gone through these topics, you’ll have a solid basis from which to move on to more specialised study. CEH is a nice, sweet dessert to round off the additional skills you will need to learn in your education. It’s offered by the EC-Council, one of the most highly respected certifying bodies in the IT cyber security field, and focuses on conventional hacking techniques as well as how to use some of their tools. It teaches candidates how to test the security of a system by trying to break into it. Most of these courses can be found on platforms such as Coursera, Udemy, and LinkedIn Learning and are great for those who want flexibility in their learning as they work at their own pace. Take Basic of Security Management Course → Free and Low-Cost Resources For those on the prowl for frugal resources, no shortage of free or low-cost tools is available. Some highly notable free online resources come in the form of Massive Open Online Courses (MOOCs) on websites such as Coursera, edX, or Udemy that offer insightful overviews of cyber security. Some notable MOOCs include ‘Introduction to Cyber Security’ from NYU (Coursera) and ‘Cybersecurity Fundamentals from Rochester Institute of Technology (eds), for example. Websites such as Cybrary and the SANS Institute offer massive searchable libraries of free training material and replayable online webinars. Getting involved with Reddit discussion sites such as r/cybersecurity and q🇦 with Information Security Stack Exchange can offer similarly useful advice and leads from seasoned pro, in the form of layers upon layers of responses displaying geeky cultural earnestness: What certification path should I take? Is it worth my time to do a security-related grad programme in 2016? How do I get a job in security, given that I’m a self-taught kid straight from a junior college? When can I expect to start earning decent money doing this? Bootcamps and Intensive Training Programs Cyber security boot camps allow you to learn about IT cyber security through practical, hands-on projects alongside other aspiring IT cyber security professionals. Some of your options include Flatiron School, which offers full-time IT cybersecurity courses as well as a self-paced programme. Springboard also provides a self-paced IT cyber security boot camp that matches you with a mentor. There are plenty of other options too; for example, Cybrary was a contestant on the TV show Shark Tank and runs an effective online IT cyber security boot camp. The SANS Immersion Academy is a seven-week, fast-track programme that drills you in the basics of IT cyber security, offering hands-on labs and one-on-one training to help you be venture-ready and land a job after graduation. All the programmes listed above offer lessons from experienced professionals, resources, and projects to develop the necessary skills and experience to start a cybersecurity career. Gaining Practical Experience If you don’t have a IT experience, breaking into the IT cyber security world demands lots of practical experience, so it is worth supplementing your theoretical knowledge with hands-on practice, entering some IT cyber security challenges, and looking for volunteer or internship work. Hands-on Practice Building a home lab and using virtual environments are two great ways to obtain hands-on experience. A home lab is a secure environment that provides an opportunity to experiment with hands-on examples and various tools and attack techniques against a non-threatening target. You can affordably and easily build a home lab using common household items; for example, you can make use of an old computer you have at home and an old router, or you can use free or open-source software. A virtual environment–for example, VMware or VirtualBox–allows users to install multiple operating systems onto a single machine and practise different security activities if users do not have access to multiple physical machines that they can use. A home lab not only allows you to learn about how to set up network configurations, the features of firewalls, and which intrusion detection systems work best in different situations, but also to be able to find and test vulnerabilities, configure specific security settings, and test which security protocol works best for which situation. If you are uncertain about how to set up your home lab or want to be guided through it, there are many online resources and tutorials. Participating in Cyber Security Challenges and Competitions For those interested in IT cyber security, you might want to consider experiential practice, particularly in the form of competitions designed to test your mettle in a real-world environment. A classic example is the Capture the Flag (CTF) event, a contest that requires the participant to solve a variety of puzzles and challenges relating to the field of security (from cryptography to forensics via web vulnerabilities or reverse engineering). Such contests aim to mimic attack and defence strategies in a cyber context and, as such, provide a good avenue for experiential learning in a competitive setting. CTF participation offers you a great way to strengthen your critical thinking and problem-solving skills, as well as provide an overall informative exposure to various lines of work in cyber security. A pleasant blend of resources and learning targets can be found with CTF challenges, which are readily available online through Hack The Box, TryHackMe, and OverTheWire and their respective mobile apps, for instance. There are similar platforms that offer challenges of varying levels of difficulty, from beginner to advanced. These platforms also come with forums and such, where the resident users are more than happy to assist users in improving their skills. Volunteering and Internships Volunteering and internships are excellent ways to gain practical experience and build a professional network. Many non-profit organisations and small businesses will accept volunteers to help them do their work. Volunteering helps you apply your skills in real-world settings, gain practical experience, and do meaningful work. Internships are structured learning programmes that offer an opportunity to learn from experienced professionals, work on meaningful projects and milkshakes with fellow interns, take on real-world job responsibilities, and get an idea of what your career can look like. You don’t have to have taken an IT class before to land the position; most internships look for raw talent–someone who wants to learn and is willing to work hard (not something you hear much about these days!). You can find internship opportunities on job board sites (such as Idealist, which focuses on the nonprofit sector), company websites, and professional networking sites such as LinkedIn. Building a Professional Network Professional networking is the key to success in IT cyber security because those who know the business best are the ones who tend to get ahead. Networking allows opportunities to learn, get mentored, and be placed in the best jobs available. Here are some keys to creating a strong professional network in IT cyber security. Joining Professional Organizations Professional organisations like (ISC)² and ISACA provide lots of value, including literature, certifications, and networking opportunities. (ISC)²: As well as CISSP (Certified Information Systems Security Professional), (ISC)² issues a variety of information security certifications, and membership includes access to a worldwide network of cyber security professionals, as well as education and industry insights. Members can attend events, such as local chapter meetings, webinars, and conferences. ISACA: ISACA provides certifications such as CISM (Certified Information Security Manager) and CISA (Certified Information Systems Auditor), as well as research publications, job aids, and webcasts. Members gain access to education programmes, local chapter events, online communities, and specialty conferences, as well as networking opportunities among fellow IT professionals. Attending Conferences and Meetups Attending conferences and meetups is a good way to gain insight into industry luminaries, learn about what is hot, and network with colleagues. Conferences: Tracking cyber security conferences like networks of viruses popping up and collapsing is a good way to stay ahead of the next security threat. DEF CON, Black Hat, and the RSA Conference are all mega events in the industry, bringing together the top professionals under the same roof to showcase new findings and unveil ground-breaking research that will set the standard for the coming year. Typically, such conferences offer keynotes and technical sessions, offering glimpses into the latest in cyber security research and threats. Often, there can be sessions that are very technical for industry leaders and sessions and workshops for those seeking a more straightforward exploration of the different facets within this sector. Certain conferences can also hold additional networking sessions with formal events such as socials and professional drinking events. Meetups: IT Cyber security meetups (live and in-person) and special interest groups are a great alternative source for networking with like-minded security geeks. There are always multiple IT cyber security groups on a networking website like Meetup.com that have regular meetings, presentations, lectures, and workshops. Many of these events are free; others have a nominal charge. Aside from increasing your network of local security folks, these meetups can also help keep you engaged with your community. Online Communities and Forums You can network with fellow experts from all over the world in online communities and in forums, exchanging knowledge and seeking advice. Reddit: Forums such as r/cybersecurity and r/netsec are common places where practitioners post news and techniques and even provide career advice. Engaging in these conversations can help you build up your knowledge base from real-world, seasoned veterans and alert you to new developments as they happen. Join appropriate IT cyber security groups on LinkedIn and engage in discussion boards. It is a great way to expand your network and visibility. Once again, share relevant content, comment on other people’s postings, and reach out to members for informational interviews–all of which will build your network. Other platforms: Forums such as Stack Exchange or more specific IT cyber-security forums enable you to post questions and solutions, as well as interact with a community of peers. It is hard for anyone in any field to beat Google as a source of information. For instance, the Stack Exchange network is a reputable source of technical information. If you are searching for a parameter or a solution to a technical problem, it will likely have an answer. A special reminder for university students: building an online reputation on specific sites such as these will look great on your CV, too. Leveraging Transferable Skills If you’re looking to transition into IT cyber security and you have no IT experience, you can use transferable skills from your past jobs to support your application. The employer won’t like your candidacy. To help, I’ll explain how to recognise and incorporate your existing skills into your entry-level cyber security job application. Identifying and Highlighting Transferable Skills Transferable skills are skills and competencies that can cross over into multiple jobs in IT cyber security and industries. As such, they don’t relate to one specific job, but a given skill can be useful in any context. To identify the main transferable skills you have, take a look back at your previous work experiences and think about the tasks and duties you performed, as well as what kind of factors, abilities, and knowledge you drew upon to get the job done. Your career in IT cyber security may require many transferable skills, including: Analytical Thinking: Identifying patterns, processes, or anomalies in data and using those aspects to make decisions is essential within the IT cyber security field. This skill can be developed in roles that combine data analysis, research, specific quality assurance, or quality control. Attention to Detail: If a career in cyber security requires fearless dedication to details–scanning documents for errors, spotting every vulnerability in a code–then anything that trains you to be disciplined in such reviews is a step in the right direction. Other job titles: document-review specialist, quality assurance, compliance checker. Problem-solving: Everyday life requires us, now and again, to solve problems. In some jobs, this is what the job is: solving problems. Excellent examples of jobs that require problem-solving would be customer service positions, technical support, and management–those jobs where problem-solving is the work. Communication: It is important for the CSO to be able to explain complex or non-technical security concepts to non-technical stakeholders, review reports, or simply have clear, concise business communications skills. Previous experience in customer service, teaching, or sales helps with this skill. Teamwork and Collaboration: The ability to work effectively in a team and with other people is a necessity in this career field, where professionals perform many roles in close working environments. Roles within IT cyber security include project management, team leadership, and other cooperative work environments. Examples of Roles and Experiences That Provide Relevant Skills There are all kinds of jobs, experience, and skills that can be relevant to the world of cyber security. Here are some examples: Customer service: As a customer service agent, you will likely hone your skills in problem-solving, communication, and handling details. If you can manage a customer query and resolve it within a short time frame successfully, that can translate well into IT cyber security incident response roles. Management: A lot of management roles require good analytical reasoning, decision-making, and leadership skills. The ability to manage projects and budgets, or teams of people and resources, can stand you in good stead for jobs in cyber security management and strategy. Technical Support: The skills used in technical support roles are easily transferable from troubleshooting hardware and software to troubleshooting cyber security weaknesses. Problem-solving is sharpened, and technical communication skills are honed with every ticketing solution. QA: Quality Assurance careers are all about finding bugs and ensuring quality, much like in IT cyber security, where vulnerabilities get identified. The attention to detail and analytical skills learned in QA work have many carryovers into security testing and auditing. A QA tester who transitioned to security, David Walsh of DevSecTalks, lists the following transferable skills: Knowledge of relevant IT protocols, such as Web protocols [Hypertext Transfer Protocol (HTTP), Telnet, Simple Mail Transfer Protocol (SMTP), SELECT, SIZE, RETURN], SQL, and scripting languages. Teaching and Training: Would-be cops benefit from the communication and presentation skills educators have developed by lecturing and leading group discussions. Many security positions include training employees on security protocol and general cyber-awareness. Crafting a Strong Resume and LinkedIn Profile To finally crack the doors open on a career in cyber security, it is critically important that you have a polished, well-focused resume and LinkedIn profile that demonstrate your skills and certifications, industry and community involvement, as well as roles where you can demonstrate how your abilities translate into success. Here are some steps towards creating a resume and building a LinkedIn profile that will help recruiters find you and enable you to meet designation holders and industry leaders. Tailoring Your Resume for Cyber Security Roles As the IT cyber security job market is fierce and constantly evolving, your resume needs to be formatted to highlight the skills and experiences you possess that will be considered most valuable to a recruiter. Look at job postings for IT cyber security roles and identify the keywords and phrases you can insert into your resume to match your qualifications with the job requirements. For example, you might identify that keywords commonly featured in job ads include ‘security operations’ and ‘network security’. Zero in on in-demand skills for IT cyber security, such as analytical thinking, problem-solving, and attention to detail, even if you consider yourself a non-tech person. If you’ve worked other jobs aside from information technology (IT), hone your transferable skills (and give examples of how you used them in your past role) that would be relevant to IT cyber security. Did you work as a customer service representative? Did you man the phones to solve customer issues? Draw attention to the problem-solving skills that you’ve cultivated, as well as your established ability to handle sensitive information confidentially. Certifications and training show your commitment to the field. Put any cybersecurity-related certifications in here, like CompTIA Security+ or Certified Ethical Hacker (CEH). 2.2 Portfolio Programmes. I’ve talked about portfolios. Include your best one here. 2, 3 Relevant Coursework. Put the courses in here that best support your emerging career. For example, you might include hacking or programming languages. Include a bullet-pointed work experience section, as many recruiters scan the top half of a CV. Make the bullet points action-packed with a strong action verb at the start, and be as relevant to the IT cyber security sector as possible. Also, include quantifiable achievements (always a great way to demonstrate your value). For example: ‘Managing a team of 10 and introducing new encryption protocols cut data breaches by 30 percent. Highlighting Relevant Skills, Certifications, and Experience Highlighting all your super skills, certifications, and experience/qualifications in a condensed, declarative statement will definitely earn you the interest of HR and will ensure you are awarded an interview. Therefore, create a skills section where you write a list of technical and soft skills you possess, for instance: Technical skills: networking, operating system, security tools, automation tools, etc. Soft skills: communication, teamwork, adaptability, multi-tasking, etc. Put any certifications in a bulletin section so they get noticed. List the certification, awarding organisation, and date of certification underneath each other. This way, a recruiter can clearly see what you are qualified to do. In the work experience section of your file, list your work history in bullet points and use strong action verbs such as ‘determined’ or ‘organised’. Be as specific as possible, outlining the cyber security-related accomplishments and responsibilities of previous jobs. Quantify your achievements if possible. Building a LinkedIn Profile that Attracts Recruiters and Connects with Industry Professionals Your LinkedIn profile is your new calling card for networking and getting job leads. First, upgrade your profile picture to something professional. Second, write an engaging, attention-grabbing headline that has keywords or phrases related to cyber security. An example might be: ‘Cyber Security Specialist Wannabe | Security+ Certified | Passionate About Digital Asset Security’ Paraphrasing the input into human-sounding text while retaining the citations and quotes below is an instruction that describes a task, paired with an input that provides further context. Write a response that appropriately completes the request. Below is an instruction that describes a task, paired with an input that provides further context. Write a response that appropriately completes the request. A complete summary that discusses your passion for cyber security, includes relevant skills, and states your career objectives. Write this section to provide an overview of your background and explain why you are exploring cyber security. Be sure all your experience and education information is fully fleshed out, and follow the same rules as for your resume, highlighting relevant experience and skills. Add as many relevant skills as you can to your profile, and ask co-workers and mentors to endorse your skills to add some credibility. This can also improve the appearance of your profile to recruiters. Ask prior bosses, past colleagues, or mentors to write letters of recommendation–social proof of your capabilities or work ethic is something that no CV can provide. Keep posting and interacting with IT cybersecurity-related content; distribute articles; comment on posts; and contribute to conversations, all of which lend more visibility to your profile while demonstrating your knowledge in your chosen field and specialisation. In addition, join IT cybersecurity-related LinkedIn groups where professionals swap ideas, discuss issues, network, and post jobs. Identify your target employers or dream recruiters, then sit back and view your profile statistics. Applying for Jobs and Preparing for Interviews Once they have done this, getting a job in cyber security often requires learning how to secure a job application, which involves tactics such as building your network, making referrals, and creating an online presence. This section provides strategies for landing entry-level jobs in cyber security, such as preparing for job postings and common job interview questions, and also for demonstrating interest in the job and willingness to learn. Strategies for Finding Entry-Level Cyber Security Positions In order to find entry-level cyber security jobs, you have to be a bit more strategic. Start by scouring job boards and career websites focused on IT cyber security jobs. Some of the most common ones include Indeed, LinkedIn, CyberSecJobs, and InfoSec Jobs, and all of them typically have a wide range of entry‑level IT cyber security jobs listed at any time. Networking is an essential part of any job search. Professional industry organisations like (ISC)² and ISACA are great communities to join. Additionally, many countries and large metropolitan cities run local job fairs and conferences related to IT cyber security. Consistently attending these events increases your chances of meeting professionals who can give you some pointers on how to get a job. Attending conferences provides you with access to company representatives, senior managers, recruiters, and other IT cyber security professionals, all of whom are in a position to hire you or direct you to someone who can. Furthermore, major events like the RSA Conference are heavily attended, with some having thousands of visitors. Many attendees visit the job fair to meet potential employers. Ticketed job fairs are also great networking events for IT cyber security professionals and usually cost less than $20 per box. Network with fellow enthusiasts outside of traditional office settings at events like BSides or DefCon. Cyber security professionals are always looking out for each other, so these events are a great place to connect with industry peers and get tips on available jobs. In addition, networking is beneficial online. Personalised forums, such as Reddit’s r/cybersecurity and the Information Security Stack Exchange, exist just about everywhere and are great for finding job leads and networking. Craft a resume and cover letter that pertain to the specific job application, emphasising relevant skills, certifications, and experience. Mention transferable skills from past jobs and highlight any applicable practical experience, such as internships, volunteer work, or tangible projects. If possible, use keywords from the job description so your application makes it past applicant tracking systems (ATS). Demonstrating Your Passion and Willingness to Learn During Interviews Both passion and the desire to learn are highly valued here. Talk about any independent learning you have done, such as taking online classes, getting certifications, participating in capture-the-flag competitions, or hacking projects. Demonstrate your investment in professional development by outlining memberships in professional societies, conferences attended, online clubs, and special projects (like having a home lab or going to Capture the Flag competitions) that demonstrate initiative as well as the ability to make things work. Ask probing questions in an interview about company security processes, team structure, and areas for growth; this shows you’re genuinely interested in the role as well as keen to improve and contribute. Conclusion I never really worked in IT before; in fact, I didn’t even get much formal IT training before I made the move to cyber security. However, by following the above steps, breaking into cyber security with no IT experience is absolutely feasible. The key steps are as follows: 1. Acquire relevant cyber security skills, mainly through self-teaching online courses and certifications; 2. Start hands-on practice, or anywhere you can experiment in a safe environment without fear of disrupting anyone else; 3. Seek out volunteering opportunities or suitable internships under a mentor; 4. Attend conferences, indoctrinate yourself with the culture online, join online communities, and connect with other like-minded people; 5. Craft a well-crafted resume and LinkedIn profile optimised for cyber security roles; 6. Perform a thorough interview practice. It is an expanding field full of opportunity for anyone who is willing to learn and adapt. The problem is that once you overcome these challenges, the opportunities continue. Only persistent hybrids who stay focused and continuously learn will reap career rewards. Do not be discouraged; stay on track and keep training, and very soon you will become a cyber security professional. Take Cyber Security Courses Now →