How to get started in cybersecurity: The best tips from a seasoned professional

In the April 2023 Official Cybersecurity Jobs Report by Cybersecurity Ventures, sponsored by eSentire, it was reported that the number of unfilled jobs in the cybersecurity field leveled off in 2022 and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S. 

It is important to note that, in my personal experience, there are a lot of positions open for experienced cybersecurity professionals. Still, a bit of a gold rush to learn cybersecurity has created many entry-level or inexperienced people that companies aren't necessarily looking for. 

Before you get into cybersecurity, be aware that getting your foot in the door somewhere will be one of the most complex parts of starting your career and should be the main focus of everything you do as you learn the ins and outs of cybersecurity. This means you need to network with everybody you meet and look for mentors who can teach you and help open doors when you're ready.

With that being said, there are still ways to stand out of the crowd, and the need for experienced, knowledgeable, and trustworthy cybersecurity all-stars will only increase as AI and other new technologies progress, introducing new threats and vulnerabilities.

How to get started in cybersecurity

There are two main routes that you can take as you go down the path to gain knowledge and expertise in cybersecurity. The conventional approach is to get a bachelor's degree or even a post-graduate degree in cybersecurity, and the other is to focus on prestigious certifications. 

Many successful candidates looking to get started in cybersecurity will sometimes do a combination of both. What are the pros and cons of each option? Is it worth doing both at once, and how can you do that efficiently? Let's take a look. 

Should I go to school for cybersecurity?

There are now hundreds of cybersecurity programs in Universities throughout the country. USNews has a list of the best undergraduate cybersecurity programs, which is a good starting point, but for most people, these schools will be out of reach. Some of the best success stories I have heard about come from local universities focused on technology, similar to the University of Advanced Technology in Arizona. 

The best way to find out about great school programs in your area would be to contact cybersecurity professionals in your personal circles or on LinkedIn and ask what schools they would recommend. 

Another point of discussion is whether online or in-person programs are better. I think that to be successful in cybersecurity, it needs to become a lifestyle, hobby, and obsession because it takes that level of commitment to excel in this industry and to be able to fight burn-out once you finally do get your foot in the door.

That being said, in my opinion, if it is within your means to go to an in-person program where you will get to go through classes with a group of people, get to know and network with your professors, and learn beyond the simple curriculum provided in the course material it will be a huge benefit. This kind of learning is challenging with online courses because most people, including the professors, are fitting these courses into their other responsibilities.

Are online classes good to learn cybersecurity?

Online courses can work if going to an in-person program is impossible. I believe the best online courses focus on getting certifications, like at Western Governors University. Each class you take will teach and train you to pass a useful and valuable certification that can translate to actual job offers. Several other universities offer similar types of classes, but if you're looking to go to school for cybersecurity, earning a degree that helps you get certifications as you progress is a huge bonus. 

You might also look to stay away from cybersecurity boot camps. While they could be an excellent place to start and get your journey started, for most employers, they don't really equate to useful experience or training. 

A final word on going to school to learn. This is the classic path, and there are surely companies that won't hire an applicant if they don't have a bachelor's degree. However, the cost of a bachelor's degree has skyrocketed in the United States, and with interest rates as high as they are, be very careful taking out loans for a degree you're not sure if you are going to end up using. It is usually smarter to start out studying for a beginner-level certification, watching YouTube videos from channels like John Hammond, David Bombal, or Professor Messer to see if this field is something you actually enjoy. 

What are the best certifications to get to start in cybersecurity?

The nearly universally agreed upon best place to start your certification journey is with CompTIA. They offer industry-recognized certifications that are in-depth, up-to-date, and challenging enough that if you can get certified, it shows employers that you have a good basic understanding of the concept. 

If you are new to computer security, having a sound foundation in networking is essential. For this reason, it is an excellent idea to go for the CompTIA Network+ certification first. If you're a certified networking guru and can name each port and its function and explain each layer of the OSI model and how they are used, then you can start studying for the CompTIA Security+ certification. This certification is the baseline required for most companies. I've been told that most government contractors with security clearance will require this certification for hiring an applicant. 

After you get this baseline, you must decide where you want to go in cybersecurity. The red team, or penetration testers, is the most well-known group and gets to live out the hacker fantasy, but for each member on the red team, there are dozens on the blue team or defenders. On the blue team, you have security operation center (SOC) analysts, threat hunters, incident responders, and vulnerability management analysts. These people are actually handling an organization's day-to-day defense. Still, an entire group of engineers must configure firewalls, write code for proper alerting, and set up security in each layer of the company's infrastructure.

The real question you need to ask is, do you want to be a penetration tester? If not, do you want to be an analyst dealing with actual threats or an engineer building the back-end security and infrastructure? Once you know those questions, you can focus more on which certifications you will need. Indeed.com has compiled a list of some of the most popular certifications and how they can help you in your career.

How much do cybersecurity professionals make?

Salary.com states that the average salary for an Entry Level Cyber Security is $99,164 in the United States. This can fluctuate widely based on which state you are in, and also will go up for engineers and more tenured, experienced analysts. Cybersecurity is a great field to be in. Still, as more and more schools and organizations have turned to monetizing the teaching of cybersecurity and advertising the positive sides of the industry, there is a flood of people running to learn the skills of the trade. 

I love being a cybersecurity incident responder. Having a career that gives me a sense of accomplishment as well as doing something every day that makes a difference is the best feeling in the world, but if you get into this industry with the expectation to have a guaranteed job making easy money, you might be barking up the wrong tree. That being said, if you love computers, programming, investigating, and being meticulous in what you do, there could be a place in the cybersecurity field for you. 

Are you interested in cybersecurity? What questions do you still have about the industry? Let me know in the comments.