One question that I get asked all the time goes something like this: “How can I break into the cybersecurity field without any experience?” We hear the stats all the time about zero-percent cybersecurity unemployment and over a million job openings, but is it actually possible to get into this sector with little or no real-world exposure?

Just as with many other careers, I think cybersecurity (and IT in general, I would argue) suffers from unrealistic expectations, particularly at the entry level. I’ve had discussions with so many students who are shocked that employers aren’t beating their door down, after they’ve obtained legitimately difficult and prestigious certifications. The truth is that competition is fierce. Degrees and certifications guarantee nothing, in reality. That’s why it’s so important to be well-prepared in every possible way. 

So, the short answer is yes, it is possible to get into the cybersecurity field with limited experience, if you’re willing to work hard and realize that it may be a long climb to the top. Here are a few tips that I would offer:

1. General IT knowledge is important. I see folks all the time who admit that routing and switching just doesn’t give them warm, fuzzy feelings, so they turn to a more interesting focus for them – cybersecurity. While this is certainly understandable, and we should all pursue areas of interest, fundamental IT concepts are still the backbone of our trade. Having experience administering networks, or even in a help desk role, may very well be the edge you need to move into a security role.
2. Obtain entry level certifications. There are many reputable vendors out there providing great entry-level security certifications that are respected by employers. These include Cisco’s CCNA Security and CCNA Cyber Ops, CompTIA’s CySA+ and Security+, and many vendor-neutral paths such as CISSP and CEH.
3. Focus your career path. Determine your ideal or dream cybersecurity job and seek entry-level employment in a position that can help lead you down this path. For example, if you are interested in email security, find a job that gives you exposure to email systems. This path could look something like General Help Desk -> Exchange Administrator -> Email Security. Any experience is good experience! Research job listings and see what kinds of experience they are looking for, and then figure out how you can get THAT experience.
4. Setup a home lab environment. Home labs can be very easy and inexpensive to setup, particularly with virtualization methods. This can be a great way to gain practical knowledge if you don’t have access to a production environment. General network security, penetration, and forensics can all be modeled easily on home labs.
5. Don’t forget to brush up on your soft skills. I can’t tell you how many times I’ve had conversations with hiring managers about the importance of interpersonal (people) skills. I’ve seen brilliant minds turned away because they lacked listening and communication skills, both of which are desperately needed in any job, even one where most of the daily interactions are with systems and computers.

In addition to these tips, there are many ways to gain exposure through volunteer experiences, or through networking with other security professionals. I know lots of folks who have pivoted into cybersecurity from other sectors or moved up from entry-level positions. As a late bloomer myself who didn’t start in IT until my late twenties, I can promise you that this really is possible if you’re willing to make some sacrifices and put in some hard work. Good luck in your efforts!

All the best,

Charles Judd - Instructor
CCNA R/S, BS Network Security