How to Get Started in Cybersecurity: Steps, Skills & Resources

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Kickstarting a career in cybersecurity requires professionals to find opportunities, learn quickly, and adjust to a rapidly changing industry. While beginning this process can feel overwhelming, there are a variety of jobs and achievable steps you can take to make yourself a strong candidate. This guide to starting a career in cybersecurity walks you through those steps and helps you plan, gain practical experience, and make yourself a good hiring choice.

Career Paths in Cybersecurity

The security industry has a number of career paths, with slightly different focuses and levels of leadership. A few highlights include analysts, engineering roles in networking, IT system administration, pentesting, and leadership roles.

High-Level Job TasksBroad Salary Range
Information Security Analyst Studying security event logs
Monitoring alerts
Checking reports consistently
$90,000-$240,000
Network Engineer Setting and maintaining firewall rules
Configuring ports and routers
Testing networks and systems
$87,000-$183,000
System Administrator Overseeing network setup
Managing IT and security team members
Managing business security controls
$69,000-$177,000
Penetration Tester Performing regular pentesting assignments
Identifying infrastructure and network weaknesses
Recommending fixes to clients
$90,000-$190,000
Security Director Setting up networks and computer systems
Managing security budgets
Leading or assisting with business-wide compliance efforts
$59,000-$430,000

Information Security Analyst

Analysts play a largely strategic role. While they might find themselves in the trenches, hunting and eradicating threats, their main responsibility is monitoring information systems, researching threats, and developing cohesive strategies to eradicate those threats. This includes:

  • Watching event logs: Security analysts examine event logs for normal trends that indicate a stable environment and anomalies that could indicate a threat or vulnerability.
  • Monitoring alerts: Analysts might be responsible for checking security alerts, along with other members of a department, to identify which are truly an issue.
  • Examining reports: An analyst needs to be comfortable looking at reports and dashboards, drawing conclusions from those reports, noticing overall trends, and suggesting valid prevention methods.

An information security analyst could expect to earn between $90,000 and $240,000, considering prior work experience and the location of the role. Eventually, analysts may be expected to carry a lot of strategic weight within a security team or IT department.

Network Engineer

Network engineers and software engineers focused mainly on networking are responsible for the operations of a business network, as well as securing them. This role includes:

  • Setting firewall rules: Network engineers, usually administrative ones, configure rules for accepting and rejecting traffic on the network to protect its resources.
  • Helping to configure ports and routers: This network hardware needs to be properly set up to transmit data packets between the network.
  • Testing networks and connected systems: Engineers should test the security of their networks, including completing regular audits.

Senior network engineers will have similar tasks, but with more responsibilities and potential leadership opportunities.

Salaries for network engineer roles range from around $87,000 to $183,000 annually, depending on the employee and the company location. Senior network engineers can expect to make more than entry network engineer roles for a particular location, potentially between $120,000 and $245,000 per year.

System Administrator

System administrator roles often appear in IT departments, but often system admins play a major part in a business’s cybersecurity strategy, particularly if the business doesn’t have a dedicated security team. Sysadmin roles can involve:

  • Setting up networks and IT systems: These leaders manage setup processes for hardware, software, network connections, and user permissions.
  • Managing team members: System admins are often responsible for leading IT and security teams.
  • Overseeing security controls: System administrators typically set security rules or delegate those jobs to their direct reports.

System admins can expect to make between $69,000 and $177,000 annually, depending on location, company, and experience in the field.

Penetration Tester

Penetration testers and other types of ethical hackers improve organizations’ security infrastructures by acting like threat actors to attack systems, move laterally, and access data. Pen testers give their clients actionable information about their networks and IT systems so those users can further secure their systems.

Penetration testers and ethical hackers’ tasks can include:

  • Finding testing assignments: Pentesters, either internal or external, are given a specific network, system, or entire infrastructure to hack and may have a specific area to target.
  • Identifying weaknesses: These professionals are responsible for finding vulnerabilities and exploiting them as much as possible.
  • Making mitigation recommendations: Some pentesters may also provide a list of suggestions for clients to patch and mitigate the vulnerabilities they found in their work.

Penetration testers can expect to make between $90,000 and $190,000, depending on experience and role location. Some freelance or contract pentesters might make closer to $50,000-$60,000 when starting their career, but a couple years of experience will give them more financial opportunities.

Security Director

A director of cybersecurity, or potentially a director of IT who oversees security, manages all security initiatives within their organization. These initiatives are often strategic but can include basic tasks like setting firewall restrictions.

A cybersecurity director’s job includes:

  • Managing team members: Directors delegate tasks and the overall security posture of the team. Depending on the size of the company and team, a director’s direct reports may also have direct reports.
  • Handling budgets: A director is responsible overall for managing the financial expenses of a security team and coordinating that with the business’s overall budget.
  • Spearheading compliance efforts: A cybersecurity director leads regulatory compliance within the organization, ensuring that data processing and storage meet global, regional, and industry expectations.

The range of a security director’s salary is significant, starting around $59,000 annually and increasing up to $430,000. As always, location and experience affect these ranges. Job titles to look for include cybersecurity director and information security director.

To see what experts in the industry work on and live with day-to-day, look at our suggestions for the best cybersecurity Twitter accounts to follow.

6 Tips to Get Started in Cybersecurity

If you’re considering a career in security, I recommend earning certifications, taking available community courses, and using vendor resources. Additionally, look at opportunities within your own organization and consider the skills you already have that lend themselves to security.

Earn an Online Security Certification

The internet makes it easy to kickstart your learning without traveling to a physical classroom. However, the vast amount of content online also opens the door to training programs that potential employers may not view as legitimate. Steer clear of that unwanted outcome by researching courses from companies and organizations with well-known name value. Examples of legitimate and respected courses include:

  • IBM Cybersecurity Analyst Professional Certificate: This is an entry-level option for people without previous experience in the industry, offered through the online learning platform Coursera.
  • SANS Undergraduate Certificate in Applied Cybersecurity: This program, which offers a fully online option, is for undergrads or any student who already has at least two years of college credits.
  • CompTIA Security+ Certificate: Earned through a course and exam process, this famous certification tests people on the foundational skills needed to begin their cybersecurity careers.
  • Certified Information Systems Security Professional (CISSP) course: This free CISSP course from freecodecamp.org can help you prepare for a certification exam without having to pay for the preparatory work.

Also check out courses that teach skills to improve cybersecurity at enterprises. FutureLearn is geared toward people without experience or those looking for a refresher course.

Learn more about the best cybersecurity certifications for potential security employees.

Enroll in Community College Classes

A growing number of community colleges are offering cybersecurity classes to address the severe shortage of skills in the industry. Some community college programs even have accompanying apprenticeship and internship programs.

These are just a few examples, so look for similar opportunities in your own area and see what’s available. Although it’s sometimes possible to get real-world experience outside of a community college, finding prospects independently is harder. Community college coordinators and other education professionals can use their existing networks to help you.

Programs like this have helped existing security professionals get their start, including Lynn Dohm, executive director of non-profit organization Women in Cybersecurity (WiCyS). “My journey into cybersecurity began with an NSF-funded grant at Moraine Valley Community College,” she said. “Look for programs, internships, or entry-level positions that provide a solid foundation and introduce you to various aspects of cybersecurity.”

The more you can learn about different facets of the industry, the more you’ll understand about security, and the more options you’ll have when deciding the best roles for you.

If you want to immerse yourself in the security world to see if you really want to work in the industry, check out our list of the top cybersecurity podcasts. These range from serious to lighthearted and will give you a real-world idea of what happens in security.

Check Out Vendor-Provided Content

Well-known vendors in the cybersecurity space often provide free training to people without previous experience. Keep in mind that learning company-specific content could cause a steeper learning curve if you end up working for an employer that uses a different brand. In many cases, companies base the material around the products they sell.

That said, vendor-provided courses can be an excellent way to get a foothold in the industry:

  • Cisco Networking Academy: This program provides complimentary, mobile-first content on numerous tech topics, and the cybersecurity pathway prepares learners for jobs through vendor-agnostic material.
  • Varonis beginner security courses: These give students CPE credit and include PowerShell and Active Directory essentials and incident response.
  • Palo Alto Networks courses: PA provides courses like Fundamentals in Cloud Security and Fundamentals of Security Operations Centers.

A number of tech giants have pledged money and support for cybersecurity training as part of a Biden Administration push after the Colonial Pipeline ransomware attack in 2021. It’s possible the number of free or affordable courses will continue to increase in the next five years.

Pay Close Attention to Unique Practical Opportunities

Certifications and college courses are great, but they’re not the only way to gain experience in cybersecurity. If you’re looking for strategies to learn more, consider getting more hands-on and practice useful practical skills.

This is what Ilan Mindel, chief product and technology officer at ThriveDX, recommended for potential job hunters. “Engaging in activities such as setting up and managing a home lab environment, participating in capture-the-flag (CTF) competitions, and contributing to open-source security projects can provide invaluable experience,” he said.

Mindel also mentioned the importance of getting involved in security communities to learn more from professionals around you. “Networking with industry professionals and joining cybersecurity communities, both online and offline, can open doors to mentorship opportunities and job prospects,” he said.

“Attending conferences, webinars, and local meetups can help you stay informed about the latest trends and technologies while building a robust professional network.”

You might be surprised at the opportunities that arise if you connect with others, ask to attend meetings, and speak in-person with those who are already in the industry. They’ll have valuable insights to provide.

Consider Moving Laterally Within Your Current Workplace

Perhaps you already have a tech-based role at your current employer and have previously shown interest in cybersecurity. In such cases, it’s worth checking to see if you could move to a different role or department in your current company. If you already have a somewhat technical background, your employer may even pay for a continuing education opportunity, such as a cybersecurity boot camp program that gives fast-paced coverage of the foundational skills.

If your company has an existing cybersecurity department or team you want to join, consider asking your supervisor for cross-training or mentorship programs. For example, Women in Cybersecurity has a mentorship program for people at all levels of their careers. It’s a 12-month commitment, with mentors and mentees meeting in a virtual setting at least once a month.

Chris Campbell, chief information officer at DeVry University, highlights upskilling as a way to differentiate yourself from other potential candidates. “Companies are upskilling existing employees with core skill sets because cybersecurity, in general, is quickly becoming everyone’s responsibility,” Campbell said. “The weakest link in most cybersecurity situations is people. Therefore, everyone must be upskilled in understanding cybersecurity at some level.

“Not everyone needs to know how to be a cybersecurity engineer or a forensic analyst, but everybody can leverage a stronger understanding of cybersecurity, common attacks, and things they can do to protect themselves, their company, family, and friends.”

Employers often like it when workforce members look for existing gaps and put themselves forward to fill them, including problem-solving current security issues within the company. Maybe you have an upcoming supervisor check-in meeting and want to talk about your career goals. If so, it could be the perfect time to bring up your cybersecurity interest and explore ways to start your career in the field.

To familiarize yourself with current patterns in the industry, read our guide to the top cybersecurity trends, including growth in AI and advanced cybercrime.

Maximize Your Existing Skills

It’s important to understand basic security concepts and how IT environments work, but don’t overlook the other abilities that could make you a standout candidate or a promising security professional. Individuals with other abilities can succeed in security too, according to Campbell.

“Many of the core skills required are things like logical thinking, learning agility and pattern recognition,” Campbell said. “For instance, years ago people talked about how trained musicians would make pretty good cybersecurity analysts due mainly to pattern recognition.”

You have to be able to first recognize those abilities in yourself and utilize them well. But Cambell holds that security pros are open to individuals from other fields, as long as they can bring new and creative insights to the position.

“Cybersecurity is a technical field, and it can seem a little complicated for some people. But the reality is, we all have everyday skills, things we do in our job, that translate well to cybersecurity,” Campbell insisted. “Businesses and organizations are not just looking for computer science majors. We are having to think about other ways to fill these types of roles and think outside the box.”

Tools & Resources for Beginning Your Career

If you’re considering launching a career in security, first evaluate all the resources you currently have. These include free courses, potential certifications, and connections with professionals within the industry. The following list is a set of resources, some mentioned above, that you can consider when starting or changing your career:

If you’re considering using multiple resources, choose the ones that will best support your career goals. For example, if you’re interested in cloud security, check out ISC2’s cloud security professional certification. It’s also valuable to take courses on a couple different security topics so your knowledge is more well-rounded.

Frequently Asked Questions (FAQs)

What Are Some Reasons to Start a Cybersecurity Career?

The security industry is an incredibly important one because of the role it plays in defending IT environments. A security job requires quick thinking, analytical and predictive skills, and the desire to protect critical data and systems. A huge part of overall global operations, from corporations to individual homes, depends on safe networking, endpoint connections, and telecommunications. The entire industry is in high demand, and so are skilled employees.

Aside from high demand and a potentially lucrative career, security is an easy world to become passionate about because it involves protecting important assets. Sometimes that just means IT systems; but in certain cases, it can extend much further, like working in the healthcare field and protecting patient data and medical devices. If you’re looking for a meaningful career path, this is a great place to start.

Where Should Beginners Start in Cybersecurity?

If you’re a complete beginner with no technical experience, I recommend doing some reading and watching demos to make sure you understand the basic reasons security is so important. Gain a general understanding of attackers’ methods and preventative tactics. Understand the differences between network, endpoint, and application security, as well as the ways they connect to each other.

Reading will only take you so far, however. If you can apprentice with an IT or security expert or find an internship with a vendor, you’ll get more practical experience. Then you’ll better be able to visualize preventative and detective processes.

Is It Hard to Enter the Cybersecurity Industry?

It doesn’t have to be difficult to learn about security technologies, especially if you already have a somewhat technical background. But getting the role you want, especially a high-paying or management role, could be more challenging. This also depends on your skill sets, the companies you’re looking at, what they’re looking for in employees, and the area you live in.

In general, gaining experience, interning with experts, and learning technologies and tricks can be a matter of reaching out to people and taking advantage of free opportunities.

Bottom Line: Starting a Cybersecurity Career Requires Identifying Your Strengths

To begin a career in a new field, you must understand the basics of the industry and why it’s so important, but you also need to identify how your own abilities can best help the industry. Then you market yourself to companies based on those strengths. In cybersecurity, finances, data, and occasionally people’s health are affected by how successful cyberattacks and protective measures are. If you’re passionate about protecting those, you can succeed in the industry.

Next, read about protecting business networks and what that task involves, including network security controls and different network layers.

Jenna Phipps Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required