Imagine waking up in a good mood because you’re excited to go to work. Does that sound like you? If not, do you want that feeling? Choosing the right job—or better yet, career—has a major impact on every facet of your life, including your overall happiness.
Happiness can come in part from knowing that your job is secure. And if you’re looking for job security, it’s worth exploring how to get into the cybersecurity industry. The U.S. Department of Labor expects employment opportunities for information security analysts to skyrocket by a whopping 28 percent from 2016 to 2026. And experts predict that there will be as many as 3.5 million unfilled cybersecurity jobs globally by 2021.
You might think a career in cybersecurity is only possible for people from adjacent fields who already have the technical proficiency needed to make software and applications more secure, but there are opportunities for those who want to transition from a non-technical background as well.
We’ve put together tips on how to get into cybersecurity for people from both technical and non-technical professional backgrounds. Let’s start with those who have technical expertise.
Getting into Cybersecurity From a Technical Background
Not surprisingly, having technical skills is a benefit if you’re trying to figure out how to get into cybersecurity. You’ll able to decode certain computer-related aspects of the job at a faster pace than those without an IT background.
Programmers, web developers, and software engineers are just a few of the technical jobs where the skills you already have will be transferable to a cybersecurity role. For example, being a programmer will help you know what malicious code looks like, and how to protect against it. Web developers will be quick to learn how to defend against cross-site scripting, if they don’t already know how to. And software engineers know how to mitigate vulnerabilities such as buffer overflows.
Related: Working with Tech Recruiters
Having a technical background doesn’t always mean you’ve had professional work experience. For example, you may be completing a technical-related degree in school. Or you may have programming or cybersecurity skills that you gained from a hobby. On-the-job experience may be more valuable from a hiring manager’s point of view, but all experience counts.
Cybersecurity Jobs to Target
Technical cybersecurity jobs require a detailed level of computer knowledge; however, here’s the good part: much of the work you do will be learned on the job. Therefore, don’t let a desired skill deter you from applying to certain jobs. As you’ll read later, there’s a difference between required skills and desired skills.
Like non-technical cybersecurity jobs, there are a variety of focuses for the technical ones. Some job titles include:
- Security engineer: In this role, you would test the network for vulnerabilities, monitor for security breaches, and develop security plans and policies. You would also mount an incident response in the event of any security breaches.
- Cryptographer: As a cryptographer, you would analyze, decipher, and perhaps even develop encryption algorithms. The goal of these encryption algorithms is to secure data. The idea is: even if a hacker steals the data, they wouldn’t be able to read it due to the encryption lock.
- Virus technician: Here, you would stay up to date on the latest viruses found in the wild. Your job would also be to help develop software that would fight or defend against these new viruses.
- Penetration tester: This is the ultimate security job if you associate cybersecurity with hacking. As a penetration tester, you become a hacker; however, you will be an ethical one who must follow strict rules governed by the agreements your company has with a client company. Every action you execute will be documented. Companies hire penetration testers because they want to make sure malicious hackers cannot exploit their networks.
Hard vs. Soft Skills
For the positions above, as well as other technical cybersecurity jobs, you’re going to require a certain set of skills before being hired. These can be divided into hard and soft skills.
Hard skills are those which you probably already have, coming from a technical background. For example, if you’re a programmer, you might use C++ as a software engineer. If you’re a web developer, you may already know how to defend against SQL injections, which will come in handy as a cybersecurity developer. If you’re a software engineer, you will already know how to mitigate weaknesses in software, which you’ll use as a security engineer.
Soft skills are typically intangible and difficult to quantify. For example, the ability to communicate technical topics to a non-technical person is an important soft skill. Others include the ability to work as part of a team and having a positive work ethic and attitude.
Since you already have a technical background, it would be beneficial for you to leverage your current skills. That’s if you have the specific skills already for a position you’re interested in. If you have web development experience but want to be a security analyst, many of your technical skills may not translate besides some coding knowledge. Let’s use this example to talk about how you would get a job such as a data security analyst.
First of all, you need to research the typical requirements to be a data security analyst. This would be a great time to review Becoming a Security Analyst: Requirements, Responsibilities, Salaries. As the post notes, “data security analysts are generally required to hold at least a bachelor’s degree in computer science, software engineering, information assurance, or a related field. However, many companies prefer candidates who hold a master’s degree in business administration in information systems.”
If you meet the requirements for a job, it’s time to apply. If not, you should obtain the skills you need. It might mean earning a cybersecurity certificate or two. Either way, it’s a great idea to start the conversation with a recruiter or hiring manager.
Recruiters and hiring managers will guide you in the right direction. Just the fact that you’re reaching out to them and are willing to obtain new skills indicates to them that you possess soft skills like motivation and discipline. You never know, a hiring manager may even be willing to wave a certain “required skill” based upon how you present yourself, your full resume, and other factors such as how formal or informal the hiring process is.
Networking is an integral part of any job search. Forbes offers this piece of advice: “In-person networking is ideal: get involved in meetups, attend conferences, ask for tips over coffee with current security professionals of local tech companies. If these things aren’t possible, online networking is a good idea too.”
Getting Started in Cybersecurity with a Non-Technical Background
When trying to determine how to get into cybersecurity, having a non-technical background doesn’t always put you at a disadvantage. You don’t even need to find a technical position if you want to work in the industry. We’ll talk about these positions later.
Having a non-technical background means you probably won’t have coding and development skills; however, it’s possible certain coding or development skills aren’t even necessary to be hired.
Cyber policy analyst and technical writer are examples of non-technical cybersecurity jobs. These are positions you could obtain with skills you might already have. For example, a college degree may be the only thing required for an entry-level policy analyst position. If you’re an avid writer and have a grasp on grammar, starting as a technical writer isn’t a bad idea to get your foot in the door.
Everyone starts somewhere and you could always get an entry-level technical position to start your cybersecurity career. Cybersecurity certifications—such as Security+ and Certified Ethical Hacker—can put you on the fast-track with getting a technical cybersecurity position. These certifications take a lot less time to earn than a college degree. Depending on your pace of study, you can earn these in just a few months.
Cybersecurity Jobs to Target
These jobs are a great way to get your foot in the door. Once you gain technical skills from any of these jobs, you’ll be able to move around easier in the cybersecurity industry.
- Network administrator: As part of your duties in this role, you’ll secure the company network by providing access to only those who need it. You’ll also gain first-hand knowledge of the ins and outs of a company’s network topology, which will come in handy once you obtain more complex cybersecurity positions.
- SOC analyst: As a security operations center analyst, you’ll work in a 24/7 unit and report on cyber incidents that threaten different areas of the government. You’ll also conduct vulnerability analysis and make recommendations to mitigate cyber threats.
- Cyber policy analyst: Here, you’ll develop strategies, procedures, and requirements for the government and public and private companies. You’ll also assist in the implementation of these policies for clients of your company.
- Vulnerability analyst: As a vulnerability analyst, you’ll use security tools—such as Nessus—to find critical flaws in networks, applications, and systems. You’ll also need to stay on top of the latest types of malware and any new vulnerabilities that are discovered. If identified, you’ll work to mitigate their possible impact on company assets such as the network.
Hard vs. Soft Skills
You’ll have fewer technical hard skills if you’re coming from a non-technical background; however, you can still find certain hard skills depending on what type of job you’re looking for. For example, if you want to be a cybersecurity technical writer, you may already have great written communication skills.
Your soft skills will be the same or similar as if you had a technical background. Namely, you might have great problem-solving or interpersonal skills.
You’re going to enter a technical industry from a non-technical background? Congratulations! Now, how do you do it? The best way is to figure out which position you want and then work backward while acquiring the required skills.
Make sure you also reach out to recruiters and hiring managers before you start. They’ll be able to point you in the right direction. Here’s one thing they’re going to tell you: Get some basic experience. This experience can come in the form of cybersecurity certifications.
Network+, Security+, and Certification Ethical Hacker are seen as beginner-level certifications. They are listed in the order you would obtain them. Network+ is optional and you’ll learn how computer networks interact. Security+, however, is when you really start to learn the basics of cybersecurity. (For this reason, we offer our Introduction to Cybersecurity course, a comprehensive resource to help you pass the Security+ exam.)
Here’s another way to get a cybersecurity position without any prior technical experience: Join the military. Each branch of the military—Army, Navy, Marines, Air Force, Coast Guard—offers positions in the cybersecurity field. If you served for a few years, you’d be able to make an easy transition back to civilian life with the marketable skills and experience you’d gain.
Have you thought about interning? This is another powerful way to gain on-the-job cybersecurity skills. Oftentimes, a company you intern with will hire you for a full-time position. Even if that’s not an option, you’ll gain something even more important: experience! You’ll be able to use your newfound experience to land a cybersecurity position elsewhere.
SANS has another take on gaining experience. They offer information to get you started right away in the comfort of your home:
“One of the best ways to learn all of the above is to set up your own lab at home. This is quite easy as you can create multiple virtual operating systems on the same physical computer at home, or set up a lab online through Amazon’s AWS. Once you get these systems up and running on your network, start interacting with them and learn everything you can.”
There are numerous paths you can take to get your first cybersecurity position. They include obtaining cybersecurity certifications, joining the military, interning, or simply reaching out to recruiters and hiring managers (which you should start doing anyway).
Continue to learn everything you can about the cybersecurity industry. That includes knowing what jobs are out there and what’s required to obtain them. ZDNet advises you to “read voraciously on the topic (news as well as tech stuff). Make yourself knowledgeable, read on daily if you can. The more you know, the more you’ll know who to try reaching out to.”
Finally, make sure you stay up to date with our cybersecurity content, as we share the latest information and tips.
Curious about the cybersecurity landscape, how much you can make in the field, and how certifications can impact your earning potential? Check out our free Guide to Cybersecurity Salaries.