How to Start Your Career in Cyber Security

So, you want to get into Cyber Security? You have seen all the hype on LinkedIn and the amazing stats about salary and career opportunities. Well you are right to want to. With the never-ending media that circulates the Cyber industry, it makes it a sure-fire career choice for those who want to join the cyber security community.

Cyber security has been booming over the past few years with it being predicted to hit a staggering 3.5 million job openings in 2021. That would mean a growth of 350% in open cyber security positions from 2013 to 2021.

If you do want to join the millions who are already in cyber security but have no clue where to start, you have come to the right place. In this article we will give you a clear, more concise understanding of the cyber security market, some harsh truths about the industry and what it really takes to be at the top of the cyber security career ladder.

Skills required for Cyber Security

One of the huge benefits of a career in cyber security is you don’t always require a university degree or certifications. Meaning you can start your journey right out of school and you wont have to pay the £9,000+ a year.

Some of the key skills in cyber security that employees look for are not always technical, this is because technology alone is insufficient, and a broader response is needed. Let’s take a bank as an example. A bank will have a large budget for security, they will have all the latest SIEM tools, firewalls & Antivirus Software the market has to offer. However, Karen from HR still keeps her password on a post-it note on her desk. Couple this up with the business having a poor password policy (i.e. insufficient complex passwords & infrequency of password changes) the technology might as well be made redundant.

Other softer skills like attitude & aptitude are a must, cyber security is very much a mindset and a belief, helping everyday users make more conscious choices about personal data. Along with problem solving, attention to detail, curiosity, communication and a desire to learn, these skills are well suited to someone who wants to pursue a career in cyber security. Again, this is because cyber security needs a much broader approach and there is no one solution that will work.

Communication is a major part of being a good security professional. Understanding your audience and being able to articulate yourself without drowning your words in technical jargon helps people understand what you do and what your job means to a business or department. You’ll be speaking to people who have literally no idea what cyber security is and why it matters, frustrating yes, but it is going to happen. So being able to communicate with people across the spectrum is a very good skill to have, being able to articulate tech to non-tech and non-tech to tech is essential in most environments.

Certifications that can help you

Now, let’s take a look at some of the certifications that are out there for beginners and what they cost.

The most basic cyber security course and one that is worth investing in is the CompTIA Security+, it is a globally recognised foundation certification, and at around £200 it is a great first certification.

Next up is a CISMP (Certificate in Information Security Management Principles) which come in at circa £2,000. The CISMP is also an internationally recognised foundation-level qualification, it is regarded as the qualification of choice in the UK for people wanting a successful career in information security. You will learn the basics of security management, risk management, legal frameworks, business continuity and security standards like ISO 27001.

You may also want to look at getting CEH (Certified Ethical Hacker) however the course comes in at over £2,000, so it isn’t for everyone. You’ll learn about real world corporate network scenarios and you will learn about threat vectors, network scanning, vulnerability analysis and system hacking.

We would definitely recommend any courses on edX and Coursera as well, there are some really cost-effective exams that you can do to show you passion for the industry. The Open University also have a great free course “Introduction to cyber security: stay safe online” that gives a really good intro to the industry and what you can expect.

There is so much more you can do to brush up on your technical skills & knowledge without breaking the bank; books, free online courses, joining online communities like ‘Hack The Box” or even following some of the amazing security influencers on LinkedIn. ‘Cybersecurity for Beginners’ by Raef Meeuwisse is a really good book to start with. Not only does it have real world case studies like The Edward Snowden fiasco from 2013 and the large Sony data breach in 2014, but it speaks to the reader without being to technical. It also has a great index at the back explaining all the buzz words you hear in the industry.

Remember cyber security is never ending. For as long as humans have access to the internet there will be people looking to exploit personal data, either for political or financial gain. And with technology continually evolving, what might work now won’t work in a year’s time. So, although certifications are a good way to show people your eagerness and willingness to make a difference, don’t think certifications alone will make you successful.

Cyber Security job roles and description

After reading up on all things security and know that this is the path for you, there is still a big step. Deciding exactly what job you are going after.

There are numerous paths into security and choosing the right one for you is an important part of defining your cyber security career. Let’s take a look at some of the job roles that are out there.

Job RoleDescription
Junior Penetration TesterA penetration tester is a type of network security consultant that tries to break into or find possible exploits in different computer systems and software. You can think of them as a type of ethical hacker.
SOC Analyst Level 1A SOC analyst is a cybersecurity professional who works as part of a team to monitor and fight threats to an organization’s IT infrastructure, and to assess security systems and measures for weaknesses and possible improvements. Typically, part of a 24/7 operation team.
Security AnalystJunior Security Analysts are very similar to a SOC Analysts. You will monitor computer networks for security issues, install security software, and document any security issues you find. The biggest difference being that a SOC Analyst is normally part of a 24/7 operation.
Junior Network Security EngineerNetwork security engineers are responsible for the provisioning, deployment, configuration, and administration of many different pieces of network and security-related hardware and software. These include firewalls, routers, switches, various network-monitoring tools, and virtual private networks Ju
Security ResearcherSecurity researchers take apart malware to see what vulnerabilities the malicious software is exploiting and glean intelligence out of the malware – how it communicates and how it is structured. They use that information to track adversaries and groups by the attack methods they have deployed
Junior Malware AnalystA malware analyst examines malicious software, such as bots, worms, and trojans to understand the nature of their threat. Security product companies, in industries such as anti-virus or network intrusion prevention, may hire malware analysts to develop ways of blocking malicious code

These are some of the most common jobs that come up for people starting their career in cyber aecurity and the data from suggests the median annual salary in the UK for a junior is £25,500.

Your first job in Cyber Security

Looking for your first job in cyber can be tough and it may seem like and endless road of applying for jobs, filling out application forms and generally spending your time not having much fun. However, with a bit of a focus and being proactive in what you want to do, you can certainly give yourself a better chance.

Cyber security has a pretty big political agenda in many organisations so if you are thinking that everyone has great security and you’re there to be an advocate, enforcing the best policies and practices and everyone gets along…you may want to rethink your choices. Although many businesses now recognise security as a key risk, this doesn’t mean that it’s a key focus. Especially when security isn’t exactly a revenue generator.

Cyber security is BROAD! Some organisations will have risk teams, governance teams, policy teams, SOC teams, project management teams, threat teams, penetration teams . . . the list goes on. It’s important to find out what you enjoy the most in security and carve out a career that way, don’t just follow the paycheques, you might end up in an area of security you don’t enjoy.

Now what?

Well now it is all up to you. After reading this does a career in cyber security sound good or is it something that you will be steering well away from?

Hopefully we have given you enough information to get started but now it is up to you. Start reading some free online resource, then look at some courses and certificates and once you are 100% certain that a career in cyber security is for you, we can help. We specialise in cyber security recruitment and we are certain we can find you your dream job.

Looking for some tips and hints on landing your first cyber role? Our Director Ryan was asked to give his advice on a podcast which you can listen to it here.