How Do I Get Into Cybersecurity?

As an information technology educator, and cybersecurity trainer, speaker and blogger, I am often asked how to get into a cybersecurity career, or how difficult is it to get into a cybersecurity career.  Here’s what I can tell you.

You will almost in all cases need to start your cybersecurity career in a general information technology role, and work in that capacity for three to five years.  Many colleges are offering bachelors and masters degrees in Information Security and similar educational tracks, but my experience, and the feedback I get from peers, is that cybersecurity is only open to people with strong experience in general IT and networking, and a proven interest and aptitude for security work.  Even with a degree in hand, expect to start in an entry level job and work your way up.

Certifications can help.  Especially the CompTIA A+, Network+ and Security+ triad.  Maybe the EC-Council Certified Ethical Hacker (CEH).  But even with a security certification, you will still need lots of practical experience.  I’ve seen some schools offering their own home-brewed certifications, and my opinion is that these are crap.  Get only industry recognized certifications.

It might take you a few years to get a job in cybersecurity, but the process would be to get an entry level certification like the CompTIA A+, get an entry level computer support job, and never pass up an opportunity to work on anything security related, even installing and configuring anti-malware software is better than no experience.

Work on the CompTIA Network+ and Security+ certifications.  Plan to do a lot of outside reading on cybersecurity.  Buy some books.  Read some blogs.  Some of my favorite blogs on this subject are :,, (I write the last one)

Join one or two cybersecurity professional associations such as (ISC)2 or ISSA and start attending meetings.  You will learn new and important issues about security, but more importantly, you will meet people who are already in the business you want to be in.  They can help you get there, they may be able to refer you into an interview opportunity.

Get your LinkedIn profile set up to announce an interest in cybersecurity, and start to document your progress in this field by keeping your profile current as you advance through your certifications.  If you do it right, 3 years of focused effort might just get you there.  If you are looking for education, a technical school or college will be more than adequate.  You DO NOT need a degree, unless you want one for some reason, or your end goal is to get into senior management roles (CIO, CISO).

Make sure your own technology world is fully secured.  You can get experience by hardening your home network and personal gear.  Use a password manager, set up two-factor authentication, learn how to detect and defend against phishing emails and social engineering.  Share you learning with others, get on the platform and offer free cybersecurity informational and training classes.

Good luck on your new career.  Hope to see you when you get there.




About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.