How to get into cyber security

Cyber security offers an exciting, varied career with great opportunities to increase your earnings and move up the ladder. But if you're looking to enter the field for the first time - whether you're starting from scratch or transitioning from another area of IT - there's a lot to learn, and you'll find there are many routes into the different professions.

So what will you need to know to start a cyber security career and ensure you can enjoy success in this sector for years to come?

 

Why get into Cyber Security?

The threat of attacks is vast and affects all organisations, both in the private and public sectors.  Across the last two years, over 80 per cent of UK organisations fell victim to a successful hack, according to the CyberEdge 2022 Cyberthreat Defense Report. With breaches being so prevalent, it’s no surprise that 11.3 per cent of IT budgets in the UK are spent on security.

There is a huge role for cyber security experts to play in keeping companies and citizens safe. The sector has a shortage of professionals and combines excellent job prospects with high salaries, making it the perfect option for candidates with transferable skills looking for a lucrative career change.

 

How to pivot your career to cyber security

While there is no single path into cyber security, but certain skills and certifications are a baseline for entry.

There are three main attributes you’ll need:

  1. Comprehensive IT skills
  2. Specific soft skills
  3. Qualifications and certifications that demonstrate your abilities

It’s important to understand the holistic nature of information security work: it's a large area of expertise and there's no such thing as a one-size-fits-all cyber security professional. This means that alongside broad skills, you will also need to specialise in a certain area.

 

Essential IT skills for the cyber security job market

Cyber security is rooted in technology so you will need an excellent general understanding of computer systems and potential security flaws – no matter what particular role you seek.

The most common pivot into dedicated cyber security roles is from people with a background in IT, particularly those who have experience in networking.

 

IT skills

The IT basics you will need are:

  • A firm grasp of using various operating systems – Windows, Mac OS and Unix-like systems such as Linux, BSD etc
  • Strong experience of networking – ideally of running a network or having certifications to show that you can
  • Experience of handling virtualisation software such as Virtual Box or VMWare
  • A basic knowledge of the security and networking apparatus of enterprise systems, firewalls and network load balancers
  • Some experience of setting up and running databases such as MySQL
  • A familiarity with interpreted and compiled programming languages such as PHP, Python, Perl, or Java, C/C++ etc is useful.

If your IT skills are not up to par, there are a range of certifications that you can pursue. But you may need to commit to a few years of study to get your skills up to scratch.

 

Soft skills

Cyber security professionals need more than just technical knowledge. They also must be able to:

  • Pitch security requirements to different stakeholders in an organisation who may have conflicting requirements and priorities
  • Understand how security fits the business goals of their employer or client – and be able to compromise
  • Understand the human requirements, as well as the technological ones

 

Problem-solving

Strong problem-solving skills – to spot potential problems for computer systems and their human operators – are often as important as technical nous when it comes to working in cyber security.

It’s vital that experts are able to predict, identify and mitigate a myriad of risks before they become a reality that could cripple an organisation.

Knowledge about the server environment and the exploitable loopholes in software isn’t enough – professionals need to innovate to stay ahead of the criminals and develop solutions quickly.

 

Creativity

The ability to think “outside the box” and pre-empt weaknesses in your company or client’s security system requires creativity.

It’s not just about taking a methodological or systematic approach to a problem – sometimes you need to flex your creative muscles and put yourself in an attacker’s shoes, particularly when considering weaknesses in the human element of the network.

Some of the most damaging cyber-attacks have bypassed systems and targeted employees – known as “social engineering”. Examples include a $47 million theft from US hardware manufacturer Ubiquiti and the breach of 3 billion Yahoo accounts.

So while you might not think that creative types would find fulfilment in internet security, you might be surprised.


The ability to educate

While a lot can be done to protect a system against an external threat, the main line of defence is its users. This means it’s vital you can effectively communicate the intricacies of information security to a range of staff.

This is more than just creating IT handbooks or staff policies. You will need to engage potentially uninterested people in the importance of security and support those who aren’t tech-savvy.

This requires buckets of patience; if your security policies are to be implemented correctly, you need everyone to be aware and invested.


Project management

If you have project management experience, especially if you deal with a lot of IT as part of your job, you’ll find these skills come in very handy in cyber security roles.

The most successful cyber security professionals understand the wider business context of their role. Solving a security issue can involve taking down important systems, leading to loss of revenue or cascading delays to other projects.

You must be able to effectively plan and forecast the impact your cyber security recommendations might have on the business – or quantify the consequences that a breach might bring.

Such skills are the core of project management, making it a valuable transferable skill.


Presenting/pitching

It’s no use being able to understand systems, attackers and users unless you can communicate and sell the benefits of your security proposals.

You need to be able to persuade stakeholders at all levels that it’s worth making certain compromises for improved security. For senior people, this might also come with the added difficulty of having a cost or other delay attached.

The role is more than just holding ad-hoc workshops and supporting non-tech-savvy people to understand the need to take action. You’re going to have to continuously sell the benefits of a security policy if you want it to be followed.

 

Certifications

There are a number of IT certifications with industry-wide acceptance. Acquiring these is a great starting point for changing your career.

You’ll probably need to start out with IT-focused certifications and gradually bring more security expertise into the mix.

None of these certifications on their own will be enough for getting into cyber security, but they’re a great way to improve your chances of landing a role.


Non-vendor specific

CompTIA is an internationally recognised non-profit trade association. It offers four training options – their A+, Network+, Security+ and CASP+ qualifications are highly valued worldwide.

The CompTIA A+ course is a common baseline certification for IT professionals, especially technicians. The exams cover the maintenance of PCs, mobile devices, laptops, operating systems and printers. Dell, Lenovo and Intel all require this for their technicians, and it’s recognised by the US government among others.

Meanwhile, the CompTIA Network+ is a certification that tests a professional’s knowledge of data networks. This includes building, installing, operating, maintaining and protecting networking systems.

Security+ is a great introduction to cyber security. It emphasises practical skills and is a well-recognised entry point into the profession. CASP+ is a more advanced certification, aimed at senior security engineers and security architects. It might not be perfect for starters, but it’s worth keeping in mind for when you’ve gained more experience in the industry.

There are other training options, including the CSX Cyber Fundamentals, run by ISACA, a professional association for those working in information security. This is a useful entry-level course that takes you through the basics ­– from cyber security principles to incident response.

The Information and Cyber Security Foundation (ICSF), developed by The Chartered Institute of Information Security (CIISEC), covers key competencies – from risk assessment to compliance. Those who pass the exam successfully also gain accredited affiliate membership to the CIISEC for one year.

You can find over 1,200 courses across more than 20 providers by visiting CyberSecurityTrainingCourses.com, ranging from incident response to foundation training. Regardless of what stage your career is at, there’s something for everyone to learn and improve.


Vendor-specific

Cisco is a respected vendor in the IT networking and security world.

Networking newbies should consider the Cisco Certified Entry Network Technician (CCENT) programme. This covers networking fundamentals and is a prerequisite for their other courses.

Following the Cisco path would then involve completing the Cisco Certified Network Associate (CCNA) courses. You could earn a CCNA Security certification before going on to do the Cisco Certified Network Professional Security (CCNP) courses.

The CCNP series is an industry standard in IT and networking. It’s a well-respected certification for those looking to demonstrate that they have security expertise.

For anyone interested in courses offered by Microsoft, you should know that the company has moved from product-based certifications to role-based versions. There are twelve paths, all with three levels - fundamentals, associate and expert. These are as follows:

  • Administrator
  • AI engineer
  • App maker
  • Business user
  • Data analyst
  • Data engineer
  • Data scientist
  • Developer
  • Dev ops engineer
  • Functional consultant
  • Solutions architect
  • Security engineer

 

Apprenticeships

Learning on the job is a great way to earn while you start, or transition into, your cyber security career. Academic study doesn't suit everyone, so if you prefer a more hands-on approach, a cyber security apprenticeship can offer a range of benefits. 

Some of the benefits of these courses include:

  • Start working straight away. While you'll spend some time in a classroom, an apprenticeship gives you the opportunity to get out and experience working in the real world quickly.
  • Be part of a team. Working alongside other employees gets you more involved in the business and lets you learn directly from more experienced colleagues.
  • Get practical experience. Getting to see first-hand exactly how the skills you're learning can be applied to real-world situations gives you valuable insight those based solely in classrooms may not have.
  • Earn while you learn. An apprenticeship will be a paid position that will entitle you to at least the National Minimum Wage, ensuring you earn at the same time as you build your education. You'll also enjoy many other employment rights and benefits, such as holiday pay.


If you are interested in starting a career in cyber security, head to CyberPathways.co.uk to find apprenticeships, internships and graduate jobs available to you. Additionally, you can head to one of the events to network with universities, highly accredited professionals and well-respected organisations within the industry. 

You can see the full range of training options available to you, including industry qualifications, university degrees and apprenticeship programmes, on CyberSecurityTainingCourses.com.

You can also browse our full range of jobs to see the skills and experiences employers are looking for, and register your CV so recruiters can easily find you.