by Dr. Heather Monthie
Even if you don’t have any cybersecurity experience, it’s not impossible to land a job in the field! This article will discuss five tips from two Offensive Security employees who successfully transitioned into their careers as cybersecurity professionals. These simple guidelines can help you land an entry-level security position, even if you lack formal education or training in cybersecurity.
Marissa Chamberlain and Abdullah Siddique (Sid) are two examples of professionals from another industry who successfully obtained their first job in cybersecurity with no experience. Marissa was an election administrator, who was well-versed in election law, communicating with the media, and ensuring that all systems were working correctly during an election in her community. Sid has a background in business, finance, and accounting, and worked for the stock exchange. Each of them came to the cybersecurity profession with a different background, yet you will find that many of their tips to get a cybersecurity job with no experience are the same.
Get a Cybersecurity Job with No Experience
Marissa and Sid have shared some experiences as they have pivoted their careers into the world of information security. While it can be challenging to start the transition without formal education or certifications, there are some things you can start doing right away to prepare you for the next stage in your career.
1
Build your foundational knowledge of technology and information security.
One of the best ways to improve your security knowledge is through self-study. Sid recommends studying and learning the skills you need to build a strong foundation that will help your future learning endeavors. For example, understanding how software is developed and deployed for end users can be very helpful in a career in cybersecurity. While working for the stock exchange in Pakistan, Sid obtained a lot of valuable experience with financial software and the data stored and transmitted via this software. He also looked for technology-related projects where he could contribute. He found opportunities to help make the data portal more accessible, make the user interface more dynamic, and create data filters and graphs to help analyze the data more efficiently. Sid also learned Python to help with some of the daily tasks in this role. He suggests Python as a great programming language to learn first. Once you know one programming language, it’s much easier to pick up others very quickly.
In her role as an election administrator, Marissa was able to build her technology and security foundational skills. She was responsible for ensuring that the voting machines were working correctly; quite the hot topic in election security right now! Marissa also decided to enroll in a master’s program where she studied the human factors in cybersecurity and the technical aspects of security. Combining her work as an election administrator and as a cybersecurity graduate student, she wrote papers on election security topics including breaches in voter registration systems.
Sid and Marissa are just two examples of how you can use your current experience to start building a foundation in cybersecurity knowledge.
2
Focus your time on achieving your goal. Eliminate distractions.
Focusing your time and energy on your goal is essential when you’ve decided to find your first cybersecurity job with no experience. Sid recommends eliminating distractions to focus your efforts on gaining the necessary skills to land the job you want. He spent most of his time studying, practicing the hands-on skills required for the OSCP exam, taking notes, and building a good repository of information to show himself everything he had learned. He was very intentional about what he did with his time because he knew what he needed to do to be successful in making the transition.
Like Sid, Marissa recommends focusing on your goal and eliminating distractions. When she decided to transition into cybersecurity, she enrolled in school while working full-time. She also took the initiative to network and meet people already working in the field, which allowed her to learn more about cybersecurity and build relationships with other professionals who could guide her on this new career path.
3
Showcase the skills you already have.
If you’ve already had a career outside of information security, you likely already have some in-demand professional skills required to succeed in security. You may be in the process of learning the hands-on technical skill set for which many employers are looking, but you have other areas of expertise that can be valuable in a cybersecurity role.
In her role as an election administrator, Marissa gained a lot of valuable experience in writing, communicating with the media, data privacy, and working with software vendors. She knew the importance of communicating complex technical information so that people could easily understand it, even if it was their first time learning about it. She highlighted these transferable skills and her continued education in cybersecurity when she was interviewing for her first position in cybersecurity.
Sid also leveraged his experience working with financial software when he transitioned into cybersecurity. He knew that the knowledge he had gained in software management, data transmission, and user interface/user experience would be valuable in a cybersecurity role. He also highlighted his self-direction, ability to learn a new programming language, and his curiosity for learning technology when interviewing for his first position.
If you have experience in a different field, think about how you can highlight these skills when looking for your first cybersecurity job. Are you great at problem-solving? Can you work independently? Do you have strong communication skills? How do your skills align with what employers are looking for in a cybersecurity professional?
4
Pursue certifications that demonstrate your competence.
Sid knew he needed hands-on experience to obtain his first job in cybersecurity with no experience. He initially enrolled in a boot camp but decided he wanted to work at a much faster pace and set out on his own. After researching individuals who were employed in penetration testing and noting the skills and certifications they possessed, Sid decided to get the OSCP to demonstrate his skills to potential employers. To hold himself accountable in his journey, and set small goals to help him reach the larger goal of earning the OSCP, he focused on learning the material, practicing, and taking notes to track everything he knew to help him reach his goal.
Employers value certifications that display your abilities and often consider them when making a hiring decision. Certifications are a great way to demonstrate your skill set and knowledge base to potential employers. Earning a certification also shows employers that you’re willing to put in the extra effort to learn new things and expand your skill set.
“These certifications stand out in the workplace”, says Optiv’s Eidelberg. “Professionals—namely, practice directors and hiring managers—know they’re backed by hands-on lab environments and live exams, as opposed to multiple-choice tests…Professionals with an OSCP have shown the aptitude and grit required to grind through difficult offensive engagements.”
5
Build a strong network of cybersecurity professionals and learn from their successes and mistakes.
As an election administrator, Marissa had the opportunity to network with cybersecurity professionals working within the Cybersecurity and Infrastructure Agency (CISA) and the Department of Homeland Security (DHS) in the United States. She suggests reaching out to directors in other departments and getting to know them. Marissa was even able to make some great cybersecurity connections at her gym, proof you can network just about anywhere! She made an effort to build those connections and meet new people, which helped her learn about the field and get advice and guidance on her career path.
When starting in a new field, it’s essential to have a strong network of people to help you navigate the waters. Networking with professionals in the security field is a great way to learn from their successes and mistakes. It can also help you build relationships that could lead to future job opportunities.
Consider attending a cybersecurity event to build your network. Cybersecurity organizations provide sponsorships to help local community chapters operate their conferences and meetups. CFP Time is a website that lists security conferences from across the globe. Cybersecurity Conferences is another resource that covers all information security niches.
Bonus Tips
Both Sid and Marissa had very different backgrounds prior to their moves into the cybersecurity field. Still, their bits of advice for those of you who are trying to transition into cybersecurity are the same. In addition to the above five tips to get a cybersecurity job with no experience, both Sid and Marissa leave you with a few bonus tips.
Marissa offers up three additional suggestions when you’re looking for a position where you know you don’t have the necessary background:
- You might already have some relevant experience for that new job.
- Remember that you’ll get the experience the employer is looking for on the job.
- Keep doing things that help build your resume. Keep stepping forward!
Sid notes that it can be scary when you change your career field, but you need to decide to do it. Once you make the decision to do it, don’t give up on your goal. Trust the process. In the end, the worst that can happen is that you end up with new skills at your disposal. The best skill to have is the ability to acquire new ones!
Cybersecurity Training and Certifications
If you’re looking to transition into a cybersecurity career, Offensive Security has hands-on training that will help get you to your career goals. Check out our course offerings here!
Practice your skills in our virtual labs with real-world vectors. Try Proving Grounds Play for free.
As you transition into cybersecurity, you’ll notice how important Kali Linux is to cybersecurity professionals, especially penetration testers. Kali Linux is an open-source operating system geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. It has over 600 preinstalled applications for information gathering, vulnerability analysis, exploitation, and reverse engineering. Learn more at kali.org.
FREE Whitepaper - How to write entry level cybersecurity job descriptions
Check out the guide where you will find:
- Current state of the cybersecurity skills gap
- Solution for the increased demand of cybersec professionals
- Entry-level job postings template download
- Customization suggestions for job postings
About the Author
Dr. Heather Monthie is a leader in Cybersecurity and IT education dedicated to developing workforce-ready professionals for the future. With a diverse background in education, leadership, and technology, she has worked with various businesses and educational institutions to develop successful cybersecurity education programs. She has served in various leadership roles within organizations that are committed to cybersecurity and STEM workforce development. She currently serves as the Head of Cybersecurity Training, Education, and Innovation at Offensive Security.