Professional development

How to get started in cybersecurity: Career tips and advice for beginners

Kurt Ellzey
July 21, 2021 by
Kurt Ellzey

“Thank you for taking time out of your day to attend this interview for chief security officer of the company. We know everyone’s work schedule is packed, so we’ll try to make this brief. Now your resume says that your previous job was in… the mailroom?” 

“Oh yes, I’m very good at sorting through threats quickly.” 

“I see…” 

When you're first trying to move into a new career, it can be an almost insurmountable goal sometimes. Yet it is something that is done by people every day, and while it's not easy, it is certainly possible. To that end, we're going to focus on three particular categories that you can work on which will certainly help you pursue a cybersecurity role: what you know, who you know and what makes you unique.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

What you know

Certifications and degrees help so much when it comes to gaining knowledge quickly about a particular subject. This isn't saying that you can't gain a world of information just from watching what goes on via different tech news websites, or even the nightly news when it comes to major breaches. Yet for quick, concise and accurate information for what you're going to use for a new career, certifications are the best bang for your buck. 

To decide on what works best for you, let’s take a look at a basic example. An easy river can help you travel from point A to point B without a lot of difficulties. It may take a considerable amount of time, but eventually, if you keep at it, you will get where you want to go. A fast river can be difficult, challenging you to keep up with its demands and forcing you to adapt to new situations very quickly. It will not be easy, it may even cause you to crash multiple times before reaching the end. But you will make it to your destination quickly.

Let's take that example and look at passive learning and certification-based training or specialized college courses. Passive learning allows you to gather information as you come across it, something like what you run into daily at work. It can be very effective, but can potentially take a significant amount of time before you reach a point where you are comfortable with the knowledge base you've built up.

If we compare that to preparing for a certification, this immediately takes us from passive “as we get to it” learning, to active “this is what we need to do” training. This gives you a specific pathway to follow. What can make this a challenge though is that certifications want to get everyone to a baseline, and that can be difficult depending on what your current skill level is. Thankfully, there are many certifications out there with multiple skill levels for you to choose from. If you're just starting in IT as a whole, it can be highly lucrative to go through the 1-2-3 certification combo of CompTIA's A+, Network+ and Security+. These certifications give you a tremendous boost to confidence and knowledge at each tier, as well as help to move you along your career track quickly. 

Certification bodies such as CompTIA will have study tools available on their websites such as beginner's guides or practice tests. YouTube can also give you an enormous amount of material to see if you're interested in a particular career track before you invest a lot of time and/or money into it. Once you decide on what certification you want to go with, the all-in-one book series is great as a reference guide and exam preparation tool and can be picked up from places like Amazon or your public library. 

Also while we’re on the subject, do not discount how much you can get out of taking a stroll around your local library's website. Even if the book you are looking for is not available on-site, you may be able to request it be transferred in from another location. It might take some time, but it can save you a significant amount of money in the short term. The all-in-one series also covers more advanced certifications such as (ISC)²'s CISSP certification. 

Shon Harris wrote the book on studying for this certification and is tremendously useful when starting to wrap your head around all of the content this certification covers. With the sheer amount of certifications present in IT and cybersecurity, however, some may have difficulty choosing which certification to go with, and what is treated as an industry standard. Who can you talk to about this? This brings us to our next topic.

Who you know

It seems like everybody knows at least one person working in cybersecurity now; the field has been around for some time, and demands for people to fill positions are expanding every year. If we're going for help with a new career path though, we need to try to contact as many people as possible to get plenty of insight into how we can go from where we are now to where we want to go. 

Thankfully there are plenty of resources online, and plenty of organizations that specialize in bringing together people in the cybersecurity field. LinkedIn is an excellent resource when it comes to networking, and it has a large number of security groups that can help with introducing you to people that have been in the field for a long time. Groups such as the information security community and the information security network can be huge when it comes to obtaining contacts. Others such as CompTIA Connect and the Cyber Security Forum Initiative (CSFI) can help with planning and preparations when it comes to certifications or future projects. Groups such as these can be especially useful if the certification you are going for requires a sponsor or someone who already has it to vouch for you.

Security conferences are also a great way to network and meet people in your area that do this work daily. SecureWorld for instance holds conferences around the United States at different locations regularly, which can be a great first step. Depending on your current field and region, however, there can be even more specialized security conferences based on what the primary industry of the area is. 

What makes you unique?

The thing that a lot of people mistakenly believe is that when you change careers, you leave behind all of that knowledge and experience to never be used again. In actuality, this can be a boon to you, due to knowing how to use additional tools and resources, which can give you a leg up once you begin working in cybersecurity. 

For example, say that you were previously in the service industry. You worked a day in and day out taking care of things for people. When you start working in cybersecurity, you can better understand just how dangerous certain things can be in that field and explain to others more easily how they can adjust certain practices to make the situations safer.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Begin your career in cybersecurity

It can be frightening to change career tracks, but it can be done and becomes significantly easier with the assistance of others who have already gone down this path. Be sure to use all of the resources you have at your disposal.



CISSP All-in-One Guide, Shon Harris

Kurt Ellzey
Kurt Ellzey

Kurt Ellzey has worked in IT for the past 12 years, with a specialization in Information Security. During that time, he has covered a broad swath of IT tasks from system administration to application development and beyond. He has contributed to a book published in 2013 entitled "Security 3.0" which is currently available on Amazon and other retailers.