How to break into cybersecurity in under a year: A guide to career transitions
Continue reading
How people are transitioning into cybersecurity
The cybersecurity workforce is changing. Entry-level jobs are not full of young professionals who’ve spent the formative years of their lives hunched in front of a computer screen learning information technology. In 2023:
- 80% of new cybersecurity entrants were over the age of 30
The cybersecurity industry needs more professionals. According to the latest ISC2 Workforce Study, the U.S. cybersecurity workforce grew 11% last year, but that rise is not enough to match the demand. There are just 82 workers available for every 100 current roles, according to CyberSeek, which tracks cybersecurity job listings.
This is good news for those looking to break into cybersecurity — even if you have no experience. In fact, more than 50% of hiring managers in that same ISC2 study say their organizations are shifting hiring requirements to recruit more professionals with non-cybersecurity backgrounds.
In this guide, we’ll look into how people with little or no cybersecurity experience are breaking into the industry and reinventing themselves for a second, third, or fourth career — and how you can do the same.
How people are transitioning into cybersecurity
The cybersecurity workforce is changing. Entry-level jobs are not full of young professionals who’ve spent the formative years of their lives hunched in front of a computer screen learning information technology. In 2023:
- 80% of new cybersecurity entrants were over the age of 30, and 48% were over 39
- 45% percent new entrants didn’t work in IT before getting into security
- Top three reasons for entering the cybersecurity workforce were career advancement opportunities, the high demand for skills and the belief they would enjoy the work
There are multiple paths to cybersecurity. Although working in IT is still the most common path, 51% reported earning a cybersecurity certification before landing their first job — and the number one certification to get for beginners is the CompTIA Security+.
What should you learn next?
Security+: Career stepping stone for many
The Security+ certification is the most popular entry-level cybersecurity certification, with over 700,000 holders. That equates to over 24% of the employed cybersecurity workforce. These numbers are driven by demand — 63,345 U.S. job openings request Security+, making it second only to the more advanced CISSP certification, which 66,000 positions ask for.
The popularity of the Security+ certification has resulted in many career transition programs being built around it. One of the primary drivers of its popularity is that it covers a broad base of cybersecurity knowledge. In this way, the certification provides evidence that you have a baseline understanding of a wide range of cybersecurity topics, such as:
- Detecting different kinds of attacks
- Installing, configuring and deploying network components and troubleshooting issues
- Installing and configuring identity and access control systems, wireless security settings and public key infrastructures
- Implementing secure architecture
- Finding and remediating vulnerabilities
- Implementing best practices for risk management
The CompTIA career pathway is set up to make it easy for folks to jump in wherever it makes the most sense for them.
For instance, newcomers to the field can start with the A+ or Network+ certifications, which provide a foundational understanding of basic computing, networking, defense and configuration. Then you can get a solid baseline of how to defend networks and organizations with Security+. After that, you can move into a more specific branch of cybersecurity, such as cyber defense or penetration testing by earning your CySA+ or PenTest+ certification.
While there are many potential entry points for a career in cybersecurity, the Security+ certification has been a stepping stone for hundreds of thousands of professionals — CompTIA puts that number at over 700,000 — who’ve come before you.
VetsinTech: How Security+ launches cybersecurity careers
VetsinTech is a non-profit organization that helps Veterans advance or establish careers in tech. Infosec partners with them to create a pathway for Veterans and their spouses to earn their Security+ — and launch their cybersecurity careers.
Vets can take online training courses to learn the basics of A+ and Network+. Then, they attend a live Security+ Boot Camp to round out their training and prepare to pass the Security+ exam.
This approach has been very successful for a range of vets, including:
- Jason Mondragon, an Army veteran who was in the medical field for more than 20 years. He began building his knowledge through university courses on network and cloud security. Then he used VetsinTech to enroll in a Security+ Boot Camp, got certified and started getting real-world experience through an internship performing cloud migrations.
- John Ligon, a junior guardsman in the Army National Guard. He transitioned from pursuing a career in liberal arts and literature into a career in IT. After earning his Security+, he was able to continue learning and line up a job with a defense contractor after his military service concluded.
- Ricalyn Pascua, a U.S. Army medical logistics specialist. She was inspired to pursue cybersecurity after seeing so many high-profile breaches making the news. That path led to her eventually becoming a security analyst for a multinational supply chain management company.
How can you break into cybersecurity?
One of the most common paths to build your skills and land an entry-level cybersecurity role is by earning a certification. For many technical and non-technical roles, understanding how networks and infrastructure work is key. This is why following the path of VetsInTech has proven successful — it involves building a foundational knowledge of the concepts that underpin cybersecurity.
Earn a cybersecurity certification
You also have several options when it comes to how you can train for your first certification:
- You can self-study using a combination of free materials. This is low cost and gives you freedom over how and when you learn, but it lacks the structure many beginners desire. There’s also the risk of improperly identifying what you need to learn or in what order, resulting in wasted time and effort.
- You use self-paced courses to train in a more structured way but still on your own schedule. You have the option of using multiple courses that progress your skills over time. If you understand exactly what’s on the exam, this can be effective, but you may also benefit from having a live instructor to help guide you through some training and exam-prep best practices.
- You can use live certification boot camps that include everything you need to prepare for and pass the exam. These boot camps usually include around three to seven days of live instruction, training materials, practice exams, the cost of the exam voucher and some additional assurances like an Exam Pass Guarantee.
What should you learn next?
Take an immersive boot camp
The above methods are great if you're looking to get certified and use that certification to help open potential career doors. However, if you’re looking for a more transformational career program, there are long-form, guided training programs called immersive boot camps.
These involve a significantly longer commitment (for example, this beginner cybersecurity program is 26 weeks), but they come with some unique advantages, especially for those new to the industry sector. You’ll get much more time to sit with the material and interact with the instructor and your classmates, more hands-on projects to build a portfolio you can share with employers, services like career coaching and more.
For career switchers and complete novices, an immersive boot camp can still help you earn a certification like Security+ — but it also offers a more transformational, career-focused experience to help set you up for success.
Leverage your unique background
Successful cybersecurity professionals hail from a range of backgrounds, and you likely have several skills that are applicable in this field. For instance:
- Those in the legal profession may already be used to the importance of compliance issues and the role regulations play in strengthening an organization’s security posture.
- Finance professionals may already be familiar with the auditing process.
- Law enforcement officials might be comfortable with forensic skills, which are necessary when identifying root causes and discovering ways to prevent future attacks.
- Business professionals may already be skilled when it comes to project management and working both alone and in teams.
It’s important to remember that you don’t need a 1:1 correlation between what you currently do and cybersecurity. For instance, Keatron Evans, a long-time instructor and current VP Portfolio and Product Strategy of Infosec, said that the top penetration tester he hired came to him with a liberal arts background. So, embrace your background and forge your own path!
FREE role-guided training plans
Start your cybersecurity career
As more services move online and the number of attack vectors increases, so does the need for cybersecurity professionals to secure all those systems. More cybersecurity professionals are joining the ranks every year, but it’s still not enough to keep up with demand.
Thousands of professionals from a variety of backgrounds are making the switch to help close that gap, and you can, too. The most important thing is to get started. With the right focus and preparation, you could start an exciting new career in less than a year.