Career Stories
g4rg4m3l,
Feb 14
2024
The talent shortage in cybersecurity is one of the main concerns expressed by industry leaders globally. IBM reports that currently there are "over four million unfilled cybersecurity jobs worldwide."
These numbers represent not only a challenge but an opportunity. An opportunity to fill this gap with highly talented individuals who will make a difference. In sum, we need a new generation of cyber warriors dedicated to combating cyber threats.
The field of cybersecurity has a certain mystique around it, making it highly appealing to many. However, this allure comes at a cost–the perpetuation of various "cybersecurity career myths."
“Cybersecurity is for computer geniuses. It's an extremely hard field to get into. There are no entry-level jobs. Formal advanced academic training is mandatory.”
Aspiring professionals often wonder if a career in cybersecurity is possible without prior experience or superhuman abilities due to these common misconceptions.
Some of these myths are directly related to a general lack of a clear understanding of the various cybersecurity roles.
In reality, cybersecurity is a field that encompasses several job roles related to protecting the digital realm. Different roles in cybersecurity require different skill sets and levels of expertise.
If you're interested in starting a career in cybersecurity with no prior experience, a good place to start is by learning about jobs suitable for newcomers in the field.
Often, cybersecurity roles are divided into defensive (blue) or offensive (red). Defensive roles focus on protecting systems while offensive roles aim to expose vulnerabilities by attacking systems.
An example of a blue role would be a SOC analyst and a red role a penetration tester.
While there isn't a formal consensus or a strict method to classify entry-level positions, there are some widely accepted industry and community approaches to starting a cybersecurity career without prior experience.
Note💡: We contributed to this discussion by polling 11,498 members of the community on LinkedIn about the best entry-level cybersecurity jobs.
Wondering which path to take? Read our guide on the main cybersecurity career paths.
One of the most common starting job roles in the field of cybersecurity is that of a Security Operation Center (SOC) analyst.
A SOC analyst (or cybersecurity analyst) is a cybersecurity professional responsible for daily security-related operations. They monitor systems looking out for suspicious activities and potential threats to effectively respond when the alarm sounds!
Junior SOC analysts begin by carrying out routine tasks like determining if an alert really means that a potential attack is happening. (Alerts are flagged as true or false positives, this process is called triage.)
Working alongside experienced professionals, dealing with cyber threats, and utilizing various tools and methods daily, provide ample opportunities for growth and learning within the cybersecurity analyst role.
This is what makes it a popular entry-level position in cybersecurity, especially for those entering the field without prior experience.
A SOC analyst is often the first step in what's known as a blue team career. This team is responsible for defense and quick action in response to any incidents. Guardians of all things digital.
Furthermore, the security analyst career path is often used as a stepping stone for professionals who aspire to work in a red team role. It provides foundational skills needed to transition smoothly into the offensive side of cybersecurity.
Related read: How to become a cybersecurity analyst.
Learn core security monitoring and security analysis concepts. You’ll gain a deep understanding of tools, attack tactics, and methodologies used by cybercriminals.
Practice with hands-on exercises. Put theory into practice with plenty of exercises to push your knowledge to its limits!
Leave with the right mindset. Becoming a SOC analyst is about the mindset, you’ll learn how to think like a hacker so you can defend against them.
The red team is usually responsible for testing the security posture of an organization from the perspective of the attacker. That means imitating the behavior of potential threats to advise the organization on how to enhance its defenses.
One popular, if not the most popular, job role related to a red team path is penetration tester.
Traditionally a penetration tester is not considered to be an entry-level job, as it requires a substantial skill level to mimic real-world threats and reproduce all kinds of attacks.
But here's where things get interesting...
According to Market Research Future, the penetration testing market is expected to expand rapidly and reach USD 8.13 billion by 2030. As a result, there has been a substantial increase in the number of entry-level penetration tester job roles.
This growth is related to the proven efficacy of this security activity, meaning that the demand for professionals is rising and new job opportunities appearing as a result. Yes, even for those with no prior experience.
Note💡: HTB asked the cybersecurity community on LinkedIn if securing a pentesting role as a first job was possible, 67% said yes.
Many professionals have succeeded in landing their first penetration tester role without prior experience by following content structured and curated by experts, and putting in the work on practical real-life scenarios.
This is where new education methods and high-quality learning platforms such as Hack The Box (HTB) play a crucial role.
I recently spoke to Francisco Santos, a penetration tester for a renowned company, who was hired fresh out of high school without any previous job experience in cybersecurity or other areas.
With his dedication and focus he spent countless hours learning and practicing on these platforms and ended up landing his first job as a web application penetration tester.
Learn core security assessment concepts by using specialized tools, attack tactics, and methodologies.
Get all the necessary theoretical background with practical exercises.
Obtain the practical skills and mindset necessary to perform professional security assessments against enterprise-level infrastructures.
Modern platform-based education provides accessible training with hands-on experience and updated content.
This is particularly relevant in the field of cybersecurity, as traditional education methods have a slower curriculum update process, whereas the cybersecurity landscape constantly evolves.
For example, at HTB, we produce new Machines weekly, so when a new CVE is discovered, you’ll be able to find it in our practical content. Like we did with the Looney Tunables vulnerability.
Tip💡: Interested in landing a job as a pentester? Brush up on these 30 critical cybersecurity interview questions!
Although these two career paths are popular, it's important to know that there are many other options available. Robert Theisen (Ltnbob), IT Program Director & Cybersecurity Professor, does a stellar job going into detail in 4 of the best entry-level cybersecurity jobs for aspiring hackers.
While you can start a career in cybersecurity with no experience, that does not mean you can take shortcuts. Cybersecurity is a demanding field that will thoroughly test your skills.
This is why identifying what skills and experience you currently have that translate to a career in cybersecurity is essential—everyone has a different starting point.
If you don't have any IT knowledge it’s really important to first learn basic computer operations:
Hardware.
Software.
Operating systems basics.
Take free online courses, watch YouTube videos, just dive into free available resources and take it from there.
Consider starting with an entry-level IT job, such as a help desk position. This will provide you with experience, and a learning opportunity to familiarize yourself with fundamental IT concepts and workflows.
Note 💡: A way to identify your starting point is to use the following ESE framework (experience, skills, and end goal) to assess your current skills and experience against your cybersecurity career goals