How to Start a Career in Cyber Security with no Experience

Are you struggling to break into a career in cyber security with no experience? Are you struggling to get a job after your cyber security degree? Do you have beginner-friendly cybersecurity certifications like CompTia Security+, GSEC, or SSCP and still not land an entry-level job in the field?

This article will cover a five-phase path to follow in order to land your first entry-level role or begin your career in cyber security if you are in any of the above-mentioned categories. 

Five-Phase Path to Career in Cyber Security

Phase 1: Pick a cybersecurity role

Understanding your career interest in cybersecurity should be the first phase of your cybersecurity career journey.

Would you like to perform a technical or non-technical role? Below is a list of non-technical and technical cyber security roles you can chose from and a brief description of what they do. Some role names and tasks might be organization-dependent.

Non-Technical Cyber Security Roles:

1. Security Awareness and Training Specialist (Security Awareness Specialist): Develops and delivers security awareness training programs to employees in order to create a culture of cybersecurity within an organization. They teach employees how to protect themselves and the organization from cyber threats, such as phishing, ransomware, or social engineering.
   
2. Security Project Manager (Technical Project Manager): Plans, executes, and monitors security projects or develops and manages IT project plans, including tasks, milestones, status, and allocation of resources. They coordinate with stakeholders, vendors, and technical teams to ensure the successful delivery of cybersecurity projects, such as implementing new security tools, conducting security audits, or responding to incidents.
   
3. Threat intelligence analyst (threat intelligence specialist): Identify threats through intelligence analysis and support incident response and forensics efforts. They collect, process, and disseminate information about current and emerging cyber threats, such as threat actors, attack vectors, indicators of compromise, or mitigation strategies.
   
4. Cyber policy analyst (Security Policy and Compliance Specialist): Research and analyze cybersecurity policies, laws, regulations, and standards. They provide recommendations and guidance on how to comply with cybersecurity requirements and best practices. They also evaluate the impact of cybersecurity policies on the organization and its stakeholders.
   
5. Technical writer (Security Content Writer): Create and maintain documentation for cybersecurity products, services, processes, or procedures. They write clear and concise instructions, manuals, reports, proposals, or other types of documents for various audiences, such as technical staff, end-users, customers, or regulators. This role also creates content about cybersecurity topics for a variety of audiences. 
   
6. Incident Response Specialist: Develops and implements incident response plans and procedures.
   
7. Security Risk Manager: identifies, assesses, and mitigates security risks to an organization’s assets. 
   
8. Security Sales Representative: Sells cybersecurity products and services to clients.
   
9. Security Operations Center (SOC) Analyst: Analyzes security data and alerts for suspicious activity, with less emphasis on technical aspects of specific threats. 
   
10. Cybersecurity Lawyer: Advises clients on legal issues related to cybersecurity. 
    
11. Cybersecurity consultant: Provide expert advice and guidance on cybersecurity issues, such as risk assessment, security audits, policy development, incident response, and security awareness.
    
12. Cybersecurity auditor: Evaluate and verify the effectiveness of security controls and compliance with security standards, such as ISO 27001, NIST, PCI DSS, and HIPAA.
    
13. Chief information security officer (CISO): Establish and direct the vision and strategy for cybersecurity within an organization, align security initiatives with business objectives, and communicate with senior management and stakeholders.

Technical Cybersecurity Roles:

1. Penetration Tester (Pen Tester): Evaluates systems and networks for vulnerabilities by simulating real-world attacks. 
   
2. Vulnerability researcher: identifies and analyzes new vulnerabilities in software and systems.
   
3. Security Engineer: Develop, implement, and maintain security systems and applications, such as firewalls, antivirus software, encryption tools, and access control systems.
   
4. Incident Responder: Responds to and resolves security incidents. 
   
5. Forensic Analyst: Collect, preserve, and analyze digital evidence from devices and systems involved in cybercrime, such as malware, phishing, fraud, or hacking.
   
6. Cryptographer: develops and implements cryptographic solutions to protect information. 
   
7. Malware Analyst: Reverse engineer and analyze malicious software, such as viruses, worms, trojans, ransomware, and spyware, and develop countermeasures and signatures to detect and prevent them. 
   
8. Reverse Engineer: Analyzes software to understand its functionality and identify vulnerabilities. 
   
9. Security Analyst: identifies, assesses, and mitigates security risks. 
   
10. SOC Analyst: Monitors security systems and networks for suspicious activity. 
    
11. Security Automation Engineer: Automates security tasks to improve efficiency and effectiveness.
    
12. Cloud Security Engineer: Secures cloud-based infrastructure and applications.
    
13. Data Security Analyst: Protects sensitive data from unauthorized access, use, disclosure, disruption, modification, or destruction. 
    
14. Identity and Access Management (IAM) Specialist: Manages user identities and access to systems and resources. 
    
15. Security Architect: designs and implements secure architectures for systems and networks. 
    
16. Application Security Engineer: Secures web applications and APIs. 
    
17. Network Security Engineer: Secures networks and network devices. 
    
18. Wireless Security Engineer: Secures wireless networks. 
    
19. IoT Security Specialist: Secures Internet of Things (IoT) devices and systems. 
    
20. Operational Technology (OT) Security Specialist: Secures industrial control systems and other operational technology. 
    
21. Information security analyst: Monitor networks for security breaches, investigate and report incidents, research security trends, and develop security strategies.
    
22. Information security specialist: Implement and maintain security solutions, such as firewalls, antivirus software, encryption tools, and access control systems.
    
23. Security manager: oversee security measures within an organization, manage IT teams, write security policies and regulations, and ensure compliance with security standards.
    
24. Security architect: plan, design, and optimize the security architecture of an organization, such as network security, cloud security, application security, and endpoint security.
    
25. Law enforcement/counterintelligence forensics analyst: Conduct digital forensics investigations on devices and systems involved in cybercrime or cyber espionage, and provide evidence and intelligence to support law enforcement or counterintelligence operations.

Phase 2: Research for job availability and requirements for the role in your interest location

There is no need to pursue a cybersecurity career that has no demand in your area or country of work authorization. 

Once you identify the cyber security role you want to venture into, search for the recent job availability in your area and note down the common requirements to get into the role. 

If there is a high demand for the role, then you can go ahead to the next phase. If not, you will have to choose another role.

Phase 3: Get Trained, Certified or A Degree Depending on your findings

After you know for sure the kind of requirements to land a job in your chosen cybersecurity role, that will also give you clues on the needed certifications and knowledge for the role.

You can start with free resources on YouTube, TryHackMe, SANs, Edx, Hacker 101,offsec, Vunhub or HackTheBox to gain some knowledge.

Below are list of 23 free cybsersecurity courses you can start with, chose the one related to your intended role;

• Foundations of Cybersecurity for Managers
• Fundamentals of Cyber Risk Management
• 101 Reverse Engineering for the Public 
•  Cryptography I at Stanford
• Hardware Security at University of Maryland
• Network and Security Foundations at Western Governors University
• Network and Computer Security at MIT
• Computer Networks at MIT
• Cybersecurity Management at Charles Sturt University
• Certified Information Systems Security Professional at Charles Sturt University
• Pen Testing at Charles Sturt University
• Understanding Web and Email Server Security
•  Cloud Computing Security
• Cryptocurrency for Law Enforcement for the Public
• Cyber Supply Chain Risk Management for the Public
• Digital Forensics by Open Learn
• Vulnerability Management
• Risk Management by Open Learn
• loT Privacy 
• Android Bug Bounty Hunting: Hunt Like a Rat
• Port Swigger Web Hacking
• Policy Compliance
• Endpoint Detection & Response

Aside from college degree, below are the some common certifications that will mostly pop up on job requirements;

Entry-Level Certifications:

1. CompTIA Security+:
   • Cost: $375 USD
   • Benefits: Vendor-neutral, globally recognized, covers core security concepts, no prerequisites.
   • Recommended for: Beginners with no prior experience.
2. GIAC Security Essentials (GSEC):
   • Cost: $899 USD
   • Benefits: Broader security understanding, ideal for IT professionals.
   • Recommended For: IT professionals with some IT knowledge
3. Certified Ethical Hacker (CEH):
   • Cost: $1,199 USD (exam and course)
   • Benefits: Penetration testing focus, hands-on oriented.
   • Recommended For: Aspiring penetration testers with some IT security knowledge
4. Security+ Certified Cyber Security Analyst (CySA+):
   • Cost: $395 USD
   • Benefits: Security operations and analysis focus, in-demand skills, builds on Security+ knowledge.
   • Recommended For: Individuals with foundational cybersecurity understanding.
5. eLearnSecurity Certified Professional Penetration Tester (eCPPT):
   • Cost: $499 USD (exam only)
   • Benefits: Performance-based exam focused on practical skills, good for beginners with some IT security knowledge.

Mid-Level certifications:

1. (ISC)² Certified Information Systems Security Professional (CISSP): 
   • Cost: $699 USD.
   • Benefits: Focus on comprehensive security knowledge and is industry-recognized, ideal for security managers.
   • Drawback: Requires experience and other certifications.
2. GIAC Certified Incident Handler (GCIH):
   • Cost: $979 USD
   • Benefits: In-depth coverage of incident response, forensics, and malware analysis. Valued by organizations dealing with security incidents. Good option for cybersecurity professionals transitioning to incident response roles.
   • Drawbacks: High cost and challenging exam. Requires some hands-on experience in incident response.
3. Offensive Security Certified Professional (OSCP):
   • Cost: $2,499 USD (self-guided course and one exam attempt) to $5,499 USD (Learn Unlimited subscription with unlimited attempts)
   • Benefits: Highly respected certification, performance-based exam focused on real-world penetration testing skills.
   • Drawbacks: Requires significant hands-on experience and technical knowledge, high cost.
4. Certified Information Systems Auditor (CISA):
   • Cost: $765 USD.
   • Benefits: Focuses on information systems auditing, compliance, and control frameworks. Ideal for internal auditors and IT security professionals involved in compliance. Well-respected and recognized by regulators.
   • Drawbacks: Requires 5 years of experience in information systems auditing or related fields.
5. Certified Cloud Security Professional (CCSP): $699 USD (Cloud security focus)
   
6. SANS Institute Certified Information Systems Security Professional (GISP): $699 USD (Similar to CISSP, emphasis on SANS methodology)
   
7. SANS Certified Information Security Manager (CISM):
   • Cost: $799 USD
   • Benefits: Focuses on information security management skills, ideal for security leaders and managers. Demonstrates ability to develop and implement security programs. Well-respected in the industry.
   • Drawbacks: Requires 4 years of experience in information security management.

Expert-Level Certifications:

1. Offensive Security Certified Expert (OSCE):
   • Cost: ~$2,349 USD (Minimum: self-guided course + 1 exam attempt).
   • Benefits: Rigorous, hands-on exam simulating real-world penetration testing scenarios. Highly respected in the industry, demonstrating advanced penetration testing skills. Opens doors to senior-level pen testing roles and consulting opportunities.
   • Drawbacks: Requires prior OSCP certification and relevant experience (minimum 2 years).
2. GIAC Exploit Researcher and Advanced Penetration Tester (GXPN):
   • Cost: ~$2,500 USD (Estimate: GIAC courses + exam fees).
   • Benefits: In-depth coverage of exploit development, advanced penetration testing techniques, and research methodologies. Demonstrates expertise in exploit research and advanced attack methods. Geared towards experienced pen testers and security researchers.
   • Drawbacks: Requires significant prior experience (minimum 5 years) and GXPN-related training.
3. GIAC Certified Enterprise Defender (GCED): $899 USD (Advanced network defense).
   
4. EnCase Certified Forensic Examiner (EnCE): $699 USD (Digital forensics).
   
5. Certified Information Systems Security Manager (CISM): $599 USD (Security management).
   
6. Certified Cloud Security Architect (CCSA): $699 USD (Advanced cloud security architecture).
   
7. GIAC Certified Enterprise Penetration Tester (GCEH): $899 USD (Advanced penetration testing).

Phase 4: Gain experience

Depending on the role you are vying for, below are few common ways you can gain experience;

• Get entry level non-cybersecurity IT roles with transferable experience into cybersecurity, like system administrator, helpdesk role etc.
• Through volunteering or unpaid internships.
• By gaining practical experience through setting up your own home labs or utilizing existing virtual labs.
• Downloading and hacking known vulnerable machines and documenting your actions.
• Through sharing your knowledge via blogging or youtube channels.
• Enrol in free bug bounty programs in platforms like Intigriti, Bugcrowd, Hackerone or Huntr.

Phase 5: Build your resume, and portfolio, package your experience well and start applying.

How you package your resume and portfolio matters. It is one thing that will take you across the gatekeepers. If you are applying for a US Federal jobs, you can use this Sample Federal resume.

As you get that ready, join and contribute to forums in the industry and connect with other professionals in the field.

You can also read our post on Two Wrong IT Skills To Learn If You Want Immediate Financial Gain.