When people ask, “Can I get into cyber security with no experience?” the answer depends on how you define a couple of key terms:
- “Experience” – Most of the time, people mean paid experience. While this is what hiring managers are typically looking for, you don’t need a job title to build relevant experience. You can create it for yourself.
- “Get into cyber” – Usually, this means landing a job in the cybersecurity industry. But it could also mean building skills as a hobby, contributing to open-source projects, or volunteering for nonprofits.
If you’re asking whether you can break into cybersecurity with zero skills, zero effort, and zero learning, the answer is a hard no. But let’s suppose you somehow manage this feat. You will likely have a rough couple of months on the job, followed by a serious inquiry into your ability to perform said job and your future with the organization.
If you are trying to obtain a position in the field of cyber security you don’t have to have paid experience, but you do need some form of experience. Luckily, there are a few ways to earn this experience and some other tricks that help in the process of “getting into” cyber security.
Paid Experience vs. Demonstrated Ability
As we’ve already covered, when a job posting says “experience,” the HR department is more than likely referring to “paid experience” (ie, “Was someone willing to pay you to do this thing?”). If you are brand new or are making a career switch, then you are probably not going to have this, but you might be able to achieve the essence of what is really being asked for, which is: “Are you competent enough in these skills that we would be willing to pay you to do this thing?”
How can you do this? By demonstrating ability. And this will require some effort on your part that you will more than likely not be compensated for monetarily, but it can pay off in the long run. When you can say, “Here’s a project I built, here’s what I learned, and here’s how it applies to your role,” you stand out far more than someone who just lists buzzwords.
With that out of the way, we will move forward under the assumption that we are discussing entering into the field without paid experience in cyber security on your CV, and not just trying to enter without knowing anything about cyber security.
“Do I Need a Degree to Get into Cyber Security?”
This is another common question amongst those who are considering a career in cyber security, and the answer is “no” with a couple of provisions. Many people have careers in the field of cyber security who do not have degrees, so we can dismiss the notion that it is necessary. Curiosity, tenacity, and a drive to learn can take you a long way on the technical front.
So now the provisions. 1) Your resume will look better with a degree. This is just the nature of hiring. 2) Some organizations require a certain level of education to work in certain roles. Again, rather arbitrary. This does not mean that you are at a severe disadvantage without a degree. If you obtain the knowledge and skills required, you can do the job. You just need someone to give you a chance.
The “Networking and Community” topic below suggests some ways around the red tape, formality, or chance involved in job hunting.
Build Your Own Cyber Security “Experience”
The fastest way to gain credibility is to get your hands dirty. There are many tutorials and resources for projects in the various disciplines of cyber security. Pick one based on your interests and abilities, take off, and see it through.
Build a homelab by using an older computer you have lying around, or use the free tier of a cloud service like AWS or Azure to simulate a real-world environment. This is an excellent way to get hands-on experience with networking, pentesting, or security analysis work, and documenting your process is useful for the community and good practice for a professional setting.
Becoming familiar with security tools by actually using them is another way to develop the skills that employers want. This works for red team and blue team alike. Red team tools, such as Nmap and Metasploit, and blue team tools, like Splunk and Wazuh, are used by professionals every day. Learn them. Use them.
If you want to check two boxes at once, volunteer projects can demonstrate your technical ability while also indicating community-minded helpfulness. Assisting schools, non-profits, or small businesses with tasks such as vulnerability scans, securing a wi-fi network, or hardening endpoints not only protects your community but also gives you experience you can list on a resume or discuss in interviews.
If you are still in the early stages of learning, check out this article discussing getting started in cyber security for free. This is a way of checking out the career you are considering before you make any major financial investments.
Networking and Community
While we’re talking about “getting into cyber without experience,” it would be a mistake not to mention one of the best shortcuts to “getting into” any field.
Knowing someone.
Cyber security is a community. Becoming a part of that community is so beneficial for growing in your abilities and opening professional opportunities that it is almost detrimental not to. It may not be your thing, or it may seem like wasting time that could be spent training or scouring LinkedIn for job postings, but I can’t stress enough the value of becoming involved in cyber security communities.
Developing skills allows you to perform the job, but in many, many cases, networking with people is what gives you the best chance of getting a job. Networking is a force multiplier for your chances at breaking into cyber security.
Participate in AMAs. Find people who are studying the same subjects or preparing for the same exams you are. Lurk in Discord channels and around LinkedIn until you find an opening and join the discussion. GO to that local conference or BSides or Meetup!
If you’re looking for just such a community, the TCM Discord channel is a good place to get started. This article offers some excellent tips for networking on social media.
Cybersecurity is a relationship-driven field. The more people know who you are, the more opportunities you’ll find.
- LinkedIn: For all its flaws, it’s still the professional hub. Follow practitioners, share your projects, and comment on posts to start building a reputation.
- Conferences and Meetups: Local BSides events, DEF CON groups, and larger conferences are great for meeting peers and mentors.
- Communities: Join Discord or Slack groups for cyber learners. Having peers keeps you motivated and exposes you to resources you might not find alone.
- Share your journey: Write blogs, record walkthroughs, or post short videos explaining what you learned. Hiring managers love to see proof of consistent effort.
IT as Entry-Level Cyber
This does not quite fit with the concept of “no experience cyber security entrance,” but if you’re interested in a method that has a pretty successful conversion rate, entry-level IT positions are more easily obtained and can quickly build a foundation of experience that makes you a more attractive candidate. We have covered the concept of using entry-level IT as a springboard into cyber security, so it’s advised to check out that article, but we’ll cover a few of the high points here:
- Gaining a strong understanding of operating systems, networking, and computer software/hardware, which are the bedrock for cyber security concepts
- Developing the ability to professionally and diplomatically interact with customers and colleagues
- Learning how to document correctly, which is an underappreciated and essential facet of offensive and defensive security
- Daily opportunities to hone your problem-solving and troubleshooting skills and develop your own methodologies
- Hands-on experience with various technologies, software, or hardware
There are a couple of common sayings regarding IT and getting into cyber security:
“You don’t need IT experience to get into cyber, but it helps,” or the more hard-line “Entry-level cyber security is intermediate level IT.”
Taking a help desk job is by no means a requirement for entry into cyber security, but the skills and knowledge you pick up in that role make up the bedrock for a career in cyber security. It’s a natural stepping stone, and we’ll leave it at that.
Certification as Experience?
Certifications aren’t magic, and different types have different functions and benefits, but they can open some doors, especially in government or large organizations. They can also be indicators of experience if the person/organization on the other end of the job application is familiar with the certification.
Certifications generally fall into three categories:
- HR / ATS Keys – These certs are established and well-known in HR circles and can help with appeasing Applicant Tracking Systems. In some cases, specific certifications are required (ie, government positions), and they can also fall into one of the following two categories.
- Knowledge Tests – Multiple-choice exams that measure how well you can recall information regarding facts about cyber security. This category usually has little to no hands-on elements included, but ok for testing internal knowledge.
- Hands-On / Skill-Based – Practical examinations where you prove your ability to perform tasks associated with a particular cyber security role. These are a great way to learn and prove skills that are immediately applicable in a professional setting.
Determining which certification(s) may be right for you can depend on your technical ability, level of experience, and the jobs you are applying for. Ideally, you get a mix: whatever will get you past HR filters, and something to prove technical skill. In the end, you want to meet as many of the requirements as you can, though don’t let requirements keep you from applying. But also know what you’re doing, and maybe be able to display those skills for a hiring manager at a glance with a certification.
TCM offers fully practical certifications for offensive and defensive cyber security that require and demonstrate proficiency in the tools of the trade and real-world methodology in red and blue team disciplines. Take a look at one of our most popular certifications, the Practical Network Penetration Tester, and what it can offer in terms of increasing your technical skills and appeal to employers.
Tips for Breaking Into Cyber Security
Here are a few rapid-fire tips for job hunting in general.
- Look for hybrid or on-site roles. They often have less competition than fully remote jobs.
- Apply for cyber-adjacent roles. Think compliance analyst, risk management, vulnerability management, or even sales at an MSSP. Whatever can get your foot in the door.
- Don’t be scared by job descriptions. “Qualifications” are often a wish list, not a strict checklist. If you meet ~50% apply. If you don’t, apply anyway.
- Job hunt like a hacker. Jason Blanchard’s approach, treating the job search like a recon and exploitation challenge, can give you a competitive edge.
Find Jason on LinkedIn or streaming his job hunting show on Twitch under “BanjoCrashland”
Final Thoughts
Breaking into cybersecurity with “no experience” is really about learning, creating your own experience, and networking. The strategies above can help, but a significant portion of the responsibility lies with you.
If you want it, are willing to work for it, and tenacious about it, finding a job in cyber security is doable. Learning the skills, practicing them in the most real-world context you can manage, and plugging into the community give you a pretty solid chance of getting into cyber security… even with no “experience”.
Good luck out there. We’re rooting for you!
About the Author: Josh Daniels
Josh is an avid storyteller and writer who loves learning about the behind-the-scenes of the digital world we live in. While his professional experience is in content marketing, Josh began pursuing a career in cybersecurity in 2022, gaining a Sec+ certificate along with other training from industry professionals and a life long learner attitude.
When he is not writing, Josh enjoys outdoor adventures with his family, watching movies, reading, and an unofficial (unpaid) side gig as a Game Master Consultant for several friends who play table top RPGs. At TCM, Josh has found a home where his passion for storytelling and cybersecurity meet.
“Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.”
– Frank Herbert
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers. Pentest Services: https://tcm-sec.com/our-services/ Follow Us: Email List | LinkedIn | YouTube | Twitter | Facebook | Instagram | TikTok
Contact Us: [email protected]
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.