How to get into cyber security | A clear career guide
Cyber security offers an exciting, varied career with great opportunities to increase your earnings and move up the computer science ladder. But if you're looking to enter the field for the first time - whether you're starting from scratch or transitioning from another area of IT - there's a lot to learn, and you'll find there are many routes into the different professions.
So what will you need to know to start a cyber security career and ensure you can enjoy success in this sector for years to come? From getting a degree in cyber security to taking one of the less academic cyber security career paths via work experience or entry-level positions, here’s how to get into a cyber security job.
Research the cyber security landscape
Take a look at the cyber security roles out there and decide which ones might appeal to you. This should be in line with any skills and interests you already have, but don’t be put off if there are any gaps, as all cyber security professionals have to start somewhere.
Develop your technical and soft skills
Try to develop a varied skill set filling in some of the gaps you identified in your research. Entry-level cyber security jobs don’t require you to have all the desirable skills from day one, but the more you can do to show your dedication to the field, the easier your progression through the career path will be.
Get cyber security work experience
Gaining hands-on experience is one of the most valuable things you can do at the beginning of this process. Understanding situations in real life is different to studying them and many hiring managers will appreciate the difference. Getting cyber security work experience can differentiate you from other candidates at interviews.
Study for an industry certification
Backing up your work experience with a relevant certification is a good way to prove your credentials. If you haven’t yet decided which area of cyber security you want to specialise in then a general entry-level option that will serve you well is the CompTIA Security+.
Familiarise yourself with cyber security tools and software
Like everything in cyber security, there is a vast array of security tools and software available. You won’t be expected to have a high level of understanding of any of them at the beginning, but general knowledge of one or two that are used for a number of cyber security jobs like Azure, AWS or Google Cloud is a good place to start.
Network within the industry
When thinking about how to get into a career in cyber security, don’t overlook networking. Not only will talking with others in the industry have the potential to open doors, it’ll also help you to sound knowledgeable on the subject and can lead you towards an area of specialism in the long run.
Update your cyber security CV
Before you can start applying for information security roles or other jobs within the industry, you need to update your CV to highlight all the hard work you’ve put in. Once that’s in order, positions such as junior cyber security analyst could be perfect to start your career.
Why get into cyber security?
The threat of attacks is vast and affects all organisations, both in the private and public sectors. Across the last year, 82 per cent of organisations fell victim to a successful hack, according to the CyberEdge 2024 Cyberthreat Defense Report. With breaches being so prevalent, it’s no surprise that IT security budgets have risen by 5.7 per cent in the UK this year.
There is a huge role for cyber security experts to play in keeping companies and citizens safe. The sector has a shortage of professionals and combines excellent job prospects with high salaries, making it the perfect option for candidates with transferable skills looking for a lucrative career change.
How to pivot your career to cyber security
While there is no single path into cyber security, certain skills and certifications are a baseline for entry.
There are three main attributes you’ll need:
- Comprehensive IT skills
- Specific soft skills
- Qualifications and certifications that demonstrate your abilities
It’s important to understand the holistic nature of information security work: it's a large area of expertise and there's no such thing as a one-size-fits-all cyber security professional. This means that alongside broad skills, you will also need to specialise in a certain area.
Your cyber security salary will reflect your seniority, but there’s no reason you can’t get a relatively well-paid entry-level role by backing yourself. That means applying for jobs once you’ve developed your skills and gained additional certifications that show recruiters hiring you will add value to the team.
Essential IT skills for the cyber security job market
Cyber security is rooted in technology so you will need an excellent general understanding of computer systems and potential security flaws – no matter what particular role you seek.
The most common pivot into dedicated cyber security roles is from people with a background in IT, particularly those who have experience in networking.
1. IT skills for cyber security
The IT basics you will need are:
- A firm grasp of using various operating systems – Windows, Mac OS and Unix-like systems such as Linux, BSD etc
- Strong experience of networking – ideally of running a network or having certifications to show that you can
- Experience of handling virtualisation software such as Virtual Box or VMWare
- A basic knowledge of the security and networking apparatus of enterprise systems, firewalls and network load balancers
- Some experience of setting up and running databases such as MySQL
- A familiarity with interpreted and compiled programming languages such as PHP, Python, Perl, or Java, C/C++ etc is useful.
If your IT skills are not up to par, there are a range of certifications that you can pursue. But you may need to commit to a few years of study to get your skills up to scratch.
2. Soft skills required for a cyber security professional
Cyber security professionals need more than just technical knowledge. They also must be able to:
- Pitch security requirements to different stakeholders in an organisation who may have conflicting requirements and priorities
- Understand how security fits the business goals of their employer or client – and be able to compromise
- Understand the human requirements, as well as the technological ones
Problem-solving
Strong problem-solving skills – to spot potential problems for computer systems and their human operators – are often as important as technical nous when it comes to working in cyber security.
It’s vital that experts are able to predict, identify and mitigate a myriad of risks before they become a reality that could cripple an organisation.
Knowledge about the server environment and the exploitable loopholes in software isn’t enough – professionals need to innovate to stay ahead of the criminals and develop solutions quickly.
Creativity
The ability to think “outside the box” and pre-empt weaknesses in your company or client’s security system requires creativity.
It’s not just about taking a methodological or systematic approach to a problem – sometimes you need to flex your creative muscles and put yourself in an attacker’s shoes, particularly when considering weaknesses in the human element of the network.
Some of the most damaging cyber-attacks have bypassed systems and targeted employees – known as “social engineering”. Examples include a $47 million theft from US hardware manufacturer Ubiquiti and the breach of 3 billion Yahoo accounts.
So while you might not think that creative types would find fulfilment in internet security, you might be surprised.
The ability to educate
While a lot can be done to protect a system against an external threat, the main line of defence is its users. This means it’s vital you can effectively communicate the intricacies of information security to a range of staff.
This is more than just creating IT handbooks or staff policies. You will need to engage potentially uninterested people in the importance of security and support those who aren’t tech-savvy.
This requires buckets of patience; if your security policies are to be implemented correctly, you need everyone to be aware and invested.
Project management
If you have project management experience, especially if you deal with a lot of IT as part of your job, you’ll find these skills come in very handy in cyber security roles.
The most successful cyber security professionals understand the wider business context of their role. Solving a security issue can involve taking down important systems, leading to loss of revenue or cascading delays to other projects.
You must be able to effectively plan and forecast the impact your cyber security recommendations might have on the business – or quantify the consequences that a breach might bring.
Such skills are the core of project management, making it a valuable transferable skill.
Presenting/pitching
It’s no use being able to understand systems, attackers and users unless you can communicate and sell the benefits of your security proposals.
You need to be able to persuade stakeholders at all levels that it’s worth making certain compromises for improved security. For senior people, this might also come with the added difficulty of having a cost or other delay attached.
The role is more than just holding ad-hoc workshops and supporting non-tech-savvy people to understand the need to take action. You’re going to have to continuously sell the benefits of a security policy if you want it to be followed.
3. Certifications that can help you get into cyber security
There are a number of IT certifications with industry-wide acceptance. Acquiring these is a great starting point for changing your career.
You’ll probably need to start out with IT-focused certifications and gradually bring more security expertise into the mix.
None of these certifications on their own will be enough for getting into cyber security, but they’re a great way to improve your chances of landing a role.
Non-vendor specific certifications
CompTIA is an internationally recognised non-profit trade association. It offers four training options – their A+, Network+, Security+ and CASP+ qualifications are highly valued worldwide.
The CompTIA A+ course is a common baseline certification for IT professionals, especially technicians. The exams cover the maintenance of PCs, mobile devices, laptops, operating systems and printers. Dell, Lenovo and Intel all require this for their technicians, and it’s recognised by the US government among others.
Meanwhile, the CompTIA Network+ is a certification that tests a professional’s knowledge of data networks. This includes building, installing, operating, maintaining and protecting networking systems.
Security+ is a great introduction to cyber security. It emphasises practical skills and is a well-recognised entry point into the profession. CASP+ is a more advanced certification, aimed at senior security engineers and security architects. It might not be perfect for starters, but it’s worth keeping in mind for when you’ve gained more experience in the industry.
There are other training options, including the CSX Cyber Fundamentals, run by ISACA, a professional association for those working in information security. This is a useful entry-level course that takes you through the basics – from cyber security principles to incident response.
The Information and Cyber Security Foundation (ICSF), developed by The Chartered Institute of Information Security (CIISEC), covers key competencies – from risk assessment to compliance. Those who pass the exam successfully also gain accredited affiliate membership to the CIISEC for one year.
You can find over 1,200 courses across more than 20 providers by visiting CyberSecurityTrainingCourses.com, ranging from incident response to foundation training. Regardless of what stage your career is at, there’s something for everyone to learn and improve.
Vendor-specific certifications
Cisco is a respected vendor in the IT networking and security world.
Networking newbies should consider the Cisco Certified Entry Network Technician (CCENT) programme. This covers networking fundamentals and is a prerequisite for their other courses.
Following the Cisco path would then involve completing the Cisco Certified Network Associate (CCNA) courses. You could earn a CCNA Security certification before going on to do the Cisco Certified Network Professional Security (CCNP) courses.
The CCNP series is an industry standard in IT and networking. It’s a well-respected certification for those looking to demonstrate that they have security expertise.
For anyone interested in courses offered by Microsoft, you should know that the company has moved from product-based certifications to role-based versions. There are twelve paths, all with three levels - fundamentals, associate and expert. These are as follows:
- Administrator
- AI engineer
- App maker
- Business user
- Data analyst
- Data engineer
- Data scientist
- Developer
- Dev ops engineer
- Functional consultant
- Solutions architect
- Security engineer
Getting into a cyber security apprenticeship
Learning on the job is a great way to earn while you start, or transition into, your cyber security career. Academic study doesn't suit everyone, so if you prefer a more hands-on approach, a cyber security apprenticeship can offer a range of benefits.
Some of the benefits of these courses include:
- Start working straight away. While you'll spend some time in a classroom, an apprenticeship gives you the opportunity to get out and experience working in the real world quickly.
- Be part of a team. Working alongside other employees gets you more involved in the business and lets you learn directly from more experienced colleagues.
- Get practical experience. Getting to see first-hand exactly how the skills you're learning can be applied to real-world situations gives you valuable insight those based solely in classrooms may not have.
- Earn while you learn. An apprenticeship will be a paid position that will entitle you to at least the National Minimum Wage, ensuring you earn at the same time as you build your education. You'll also enjoy many other employment rights and benefits, such as holiday pay.
If you are interested in starting a career in cyber security, head to CyberPathways.co.uk to find apprenticeships, internships and graduate jobs available to you. Additionally, you can head to one of the events to network with universities, highly accredited professionals and well-respected organisations within the industry.
You can see the full range of training options available to you, including industry qualifications, university degrees and apprenticeship programmes, on CyberSecurityTrainingCourses.com.
You can also browse our full range of jobs to see the skills and experiences employers are looking for, and register your CV so recruiters can easily find you.