How to start a Career in Cyber Security with no experience
From the outside, the cyber security industry can seem like a complex web of information with no clear path to get started. ‘How to get into cyber security?’ can be a question with no clear answer when not already in the industry.
However, there is a range of freely accessible information, training material, and introductory qualifications and courses, that can help you get started with some of your first entry-level cybersecurity jobs in the industry, whether you already work in a technical field or are looking to start learning the fundamentals.
It is possible to start a career in cyber security with no degree or experience. If you can find companies that offer training programs, junior positions, apprenticeships, or entry-level cybersecurity jobs and you have a passion for learning, there should be nothing stopping you from applying.
With many of these positions, it is often favorable if you have already started to learn on your own and can demonstrate a grasp of the fundamentals of relevant technologies.
It can take time to start a career in cyber security, before investing your time and resources into a career, you should also consider if this is the type of career you want, and the information in the following post may help you to decide, detailed here.
Begin teaching yourself through digital resources
You can greatly increase your likelihood of success by demonstrating your interest in and knowledge of the industry.
With a little time invested into some useful free online tutorials or some beginner courses, you can develop some cybersecurity skills and give yourself the best chance to get into cybersecurity, setting yourself up for some nice salary ranges after gathering a little experience.
This can be achieved using readily available online resources, many of which can be accessed and used for free.
Technical Skills for Professional Development
Let’s start with some fundamentals for topics and subjects that will be useful to have some understanding of.
Typically with many cybersecurity jobs, it is good to have an understanding of a range of subjects, because not only do you need to understand how these technologies work, but also where the security issues can arise, and how to communicate these security issues to others, including the risks they pose, and provide advice on how to resolve these issues.
While that can seem like a lot on the face of it, many things can be relatively straightforward and even quite simple if you have a good grasp on a few fundamentals. Some of the topics to start learning are covered in further detail here.
Technical skills for cyber security professionals
For a relatively broad starting place, it can be useful to have a good baseline knowledge of the following topics.
Web Applications
Networks and Infrastructure
Programming Languages
Databases
Communication Protocols
Operating Systems and commands
Although there is quite a range of other topics that can be covered for cyber security, which can range from reverse engineering to cloud computing, the above topics can provide a good foundation to understand some of the fundamentals of the industry and help you develop your security skills.
While you shouldn’t be expected to be an expert in any one of these topics, when applying for more junior positions, demonstrating a level of familiarity and willingness to learn independently will help you stand out from others when looking to start your cybersecurity career.
These topics also interact and overlap when conducting security assessments, so only focusing on one area can be detrimental and it can be useful to have a good understanding of how these technologies work together in addition to the cyber threats and cyber-attacks that can be present.
For example, a modern web application will consist of multiple layers of technologies that work together to present a user interface to you within a web browser.
Your device will use various communication technologies to securely interact with a web server, this web server could be running one of several different operating systems and utilizing different web technologies and programming languages. The web server could also be communicating with other systems such as a database, and authentication system to authenticate users to the web application.
So, let’s cover these topics and what resources you can turn to for what they are, how they work, and how they relate to cyber security.
Starting your CyberSecurity Career with no formal education
Building up your core technical skills
First of all to gather an overview of all subjects, if you have no formal education or prior experience and have the time to dedicate to a degree, a computer science degree can be incredibly useful and will teach several transferable skills when moving into cybersecurity.
If you review the modules and topics that you’ll be covering beforehand and ensure you are getting a good range of experience, understanding these fundamentals through a reputable degree can be invaluable.
Many modern computer science degrees also contain modules for cyber security as well, and while not as in-depth as a focused cyber security degree, if you first need to understand the basics this can be a good place to start.
A university degree will inevitably take time and money, and so an online degree can be a cheaper option if you feel you are capable of mostly self-motivated, independent learning.
Be sure to identify a reputable course, offering the same relevant subjects and which has largely positive reviews.
Develop your information security knowledge
If you already have a technical background and a good grasp on the fundamentals of how different systems and technologies work, you could also complete a cybersecurity degree, provided by universities and online courses, which specialize in cybersecurity.
If you have the time and resources available to complete one of these degrees, it can be a great starting point on your career path in the industry. Again, take some time to review the course material to ensure you are getting a good range of subjects included, and that the course is reputable and highly recommended.
If you don’t have the option to go through another degree, then the following options can be useful to start your education and cyber security career path.
Two common starting points for career paths
Two of the most common fields within the offensive cybersecurity industry involve web applications and network systems. A great entry-level for many cybersecurity professionals is to understand the concepts of each technical field and the types of cyber-attacks that are prevalent in each.
1. Learning Web Application Security for your CyberSecurity job
Assuming you have a general overview of how web applications work, but need to learn security concepts and how security tests are conducted there are some useful online resources.
Online resources for cybersecurity skills
Firstly the Open Worldwide Application Security Project (OWASP) is an invaluable resource for learning and understanding security issues and vulnerabilities that can impact web applications.
The OWASP Top Ten is a particularly useful resource that provides insight into some of the most common security issues that affect web applications today.
Books to help get into cybersecurity
One of the most popular books to read, providing a detailed overview of security issues for web applications, is the Web Application Hackers Handbook, Volume 2. If you have the money to spare for this book, it is one of the first books often recommended for people to get started with learning about cyber security.
Once you have a theoretical understanding of some of the issues that can impact web applications, practical education is the next step.
It is highly recommended to read the relevant laws for your country related to hacking and unauthorized access to computer systems. Before you even begin your career, you don’t want to inadvertently break the law.
Thankfully there are some great training materials available for free online, which can allow you to practice security testing in a controlled and legal way.
Online training and cybersecurity bootcamp
The set of training labs provided by PortSwigger is an incredible free resource for getting started with practical skills and learning to apply theoretical knowledge to practical scenarios.
For tools to use for testing web applications, PortSwigger, also provides a great tool, BurpSuite, which can help gain practical experience with a tool with is commonly used within the cybersecurity field.
Multiple online boot camps are also available which aim to teach you the fundamentals skills needed to begin your career in cyber security.
The cost and timeframe for boot camps should always be considered before committing your finances towards these courses and further information on enrolling on bootcamps is provided here.
2. Learning Network Security for your CyberSecurity job
Similarly, if you have established a good grasp on the fundamental concepts for different operating systems, how network technologies work, and how devices communicate, such as through training courses like the Cisco Networking Academy, getting to grips with the security issues and cyber threats that can impact these systems is the next step to get into cybersecurity and getting started as a cyber security professional.
Books to help get into cybersecurity
To understand network security concepts and common issues, the O’Reilly Network Security Assessment book is always a good starting point.
This can be a great introduction to some fundamentals for security tests that can be conducted and tools that can be used.
Again, always ensure an understanding of the laws for cyber security within your country and make sure you aren’t doing anything that can be considered illegal.
Only ever conduct security tests on systems where you have been provided with permission to do so.
Online training and cybersecurity bootcamp
Once you are familiar with the security concepts then practicing your practical skills is also important. Another invaluable and free resource is Hack the Box and Try Hack Me.
This provides a wide range of tutorials and practice labs, where you can familiarise yourself with how these security issues can be identified and exploited.
There are a range of different tools that can be used for different purposes for both web applications and network security, so following through all the training labs is recommended, to familiarise yourself with these different tool sets.
Paid-for online bootcamps can also provide the foundational knowledge needed as well, although similarly, you should consider the cost of such boot camps and the training curriculum before committing a large amount of money towards the training course, as discussed here.
Train Yourself with Bug Bounties
An additional training ground for practicing your practical skills and to help get into cybersecurity can be one of several bug bounty platforms.
What and why companies run Bug Bounty programs
Some companies hire a specific company and cybersecurity professional to conduct security audits or risk assessments over a set period, paying for the cybersecurity specialist and their time. Other companies open up security audits to the world at large and pay a bounty or reward when a specific security issue is identified and reported to them, paying for results rather than time.
While it is important to adhere to the rules of the bug bounty programs, it can be a great opportunity to practice your ethical hacking skills with information gathering, testing, and reporting outside of a training lab and in a real-world scenario.
Bug Bounties can be quite competitive, so don’t get discouraged starting out if you don’t find anything when testing advertised systems.
Many experienced cyber security professionals build an entire career and their income around these reward platforms, so as someone new to the industry getting the practice and experience is more important than getting the rewards.
Focusing on bug bounties without large cash payouts, minimal reported issues, and some of the most recent companies to list a bug bounty can help to minimize the number of cybersecurity analysts who have already reviewed the security controls in place for the company, increasing your chances of identifying network vulnerabilities to report.
An additional benefit of participating in bug bounty programs is that if you are in a position to report an issue to a company, this can help you to develop your soft skills, such as clear and concise report writing, demonstrating a knowledge and understanding of security issues and the risks they pose, as well as being able to use your communication skills to effectively relay this information.
What Cyber Security Tools you can use for free
As part of working within cyber security, several common testing and scanning tools are used.
Demonstrating prior knowledge and understanding of what these tools are and what they can be used for can also greatly benefit your application process and provide you with an advantage over others who have never encountered these tools before.
Tools used by CyberSecurity Professionals
Some of these tools have already been covered, through the use of the PortSwigger and HackTheBox training labs, your familiarity with some industry-standard tools will be in place.
Other common scanning tools that are used regularly for conducting a vulnerability assessment can include Nmap, Nessus, OpenVas, Qualys most of which are available or have freely accessible community versions allowing you to review how they work and what exactly they do.
A more complete guide on setting up your first Nessus scan is provided here, to gain more familiarity with using the free version of the scanning tool, and to set up authenticated scans you can use the following guide on credentialed Nessus scans.
Most cyber security companies will utilize a combination of manual testing techniques in addition to cyber security tools, and so having experience with the security training labs in addition to some of the most common tools used, will provide you with a wealth of experience before even starting your career within the industry.
Using the tools themselves can come with a learning curve, and so the more experience you have from the start the better you will come across.
Which CyberSecurity certifications you can take
If you have already started to learn a range of material on your own, have an understanding of different technologies, their security issues, and common risks, several introductory qualifications can be useful as a starting point to demonstrate your established knowledge and to place you in a better position to launch your cyber security career path.
Depending upon your available time and resources these qualifications can also have training courses available alongside them, which for some additional time and cost, can help to prepare you before the exam if you feel you still need some further education before the test.
It is recommended to review the syllabus for each exam to ensure you feel confident with each of the topics that are covered before booking your exam date.
Investigate Employed training options
Additionally, if you are already employed within the information technology industry and can demonstrate a benefit to your current employer, some companies may be prepared to invest some of your time and their own money into helping you achieve the qualification.
Some of the more popular qualifications that can act as a starting point for cybersecurity include
Certified Ethical Hacker, found here, https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/
Comptia security+, found here, https://www.comptia.org/certifications/security
CREST Practitioner Security Analyst, found here, https://www.crest-approved.org/skills-certifications-careers/crest-practitioner-security-analyst/
A more detailed list of available cybersecurity qualifications can also be found here.
Starting your CyberSecurity Career
So, while you can start applying for careers immediately, gathering the knowledge of how things work and how security issues can be introduced, will provide you with a great advantage in starting your cyber security career.
Making connections for your first cybersecurity role
Now it’s time to start getting in touch with different companies. The good news is that cyber security is a growing industry, and there is a skills shortage, so you’re already in a great position having undergone some self-learning exercises.
There are the standard approaches you can take to search on job advertisement websites for anything with entry-level cybersecurity roles referencing, security analyst, security consultant, cyber security, security tester, and penetration testing.
Similarly searching for companies based in your area and contacting them directly to enquire for positions, even if none are advertised can be a good starting point.
Additionally, if you are comfortable talking to people, multiple security conferences occur around the world, and many people who work in the industry will attend. Socializing with the attendees, the people hosting the event, and those giving talks on security can lead to opportunities in the industry.
If you attend these talks and can start some conversations with others attending, you may find yourself talking to someone who works in the industry, can give you a recommendation, put your name forward, or introduce you to someone else who can launch your career.
Contact Security Teams on Social Media
Of course, if you’re a little more introverted, talking to strangers at a conference may not be your thing. If this is the case, then try a similar outreach process, but on X (Twitter) or Linkedin.
If you ask people in the industry if they have any advice or recommendations for starting or even know of any career options, a lot of people will likely give you some feedback or pointers.
Maintain Persistence and Perseverance
Also when starting this process of reaching out and contacting people, try not to get too discouraged if you don’t get a response straight away.
Many people start their careers later on and can struggle with that first step of getting into cyber security, and often don’t hear back from initial emails or applications.
Be persistent, reach out to the same people and companies multiple times, and keep trying to learn new things on your own.
The cyber security industry is constantly evolving, changing, and reacting to new security threats, understanding the fundamentals will get your foot in the door, but continually learning new information and skills will allow your career to progress.
