How to break into cybersecurity without any experience – Fortune

Can you break into the world of cybersecurity without experience? It’s a question that’s been searched countless times according to Google Trends—even peaking in recent years.
Ultimately, it’s doable, at least to a certain extent, according to Tia Hopkins, Field CTO and Chief Cyber Resilience Officer at eSentire. “Yes, you can get into cybersecurity if you have no experience, but not if you stay in a place of no experience. Do things to build your understanding and capabilities continuously—you can’t be a locksmith if you never learn anything about locks.”
Global cybersecurity non-profit ISC2 says the total gap of cybersecurity professionals is around 4 million. According to Fortune Business Insights, by 2028, the cybersecurity market is forecasted to reach $366.10 billion. 
So, if you want to learn how to safeguard digital assets on the offensive or the defensive, the work is out there. But, with layoffs looming, you have to keep learning or “evolving,” as Hopkins puts it—turning your zero experiences into opportunities.
Cybersecurity is the protection of data, networks, and important information stored online, in servers, and in the cloud from criminals. It can take an offensive stance, too, trying to find hidden vulnerabilities in existing systems and poking holes to avoid shortfalls in networks. 
The good guys in this industry, or white hats, are trying to achieve network nirvana—the balance between protection and penetration.
From credit card details to medical records, private information holds immense value when in the wrong hands. That’s why when you’re logging into a device or website, you’re asked to create a strong password or forced to double authenticate. 
Fortinet’s 2023 Cybersecurity Skills Gap Global Research Report reveals a compelling trend: 90% of cybersecurity industry leaders prefer to hire those with tech-related certifications, a leap from 81% in 2021. That same number of leaders are also willing to invest in their employees’ cybersecurity certifications.
This means that companies see value in experts, but they’re also willing to hire a good candidate with less knowledge and then train and certify them up to standard as time comes. Here’s how to show potential employers that you’re the teachable even if, right now, you’re in a place of no experience: 
Start with figuring out what you’re good at, and ask yourself what the world needs and what you can get paid for. 
“That’s when you land on your purpose,” Hopkins explains. “Combine all of that to find out the types of roles that you’d even like.” There are a lot of transferable skills that you might not think would help you in the job search. For example:
What you’re good at: “You might even have a knack for breaking things,” says Chris Evans, Chief Hacking Officer and CISO at HackerOne. Cybersecurity leaders might use a trait like your inherent clumsiness, for example, as a reason to hire you. 
What the world needs: That’s because of the popular term “penetration testing” or “pen testing” for short. It’s the offensive method of identifying holes and weaknesses in a company’s security network, breaking the system before malicious hackers can. 
Pen testing is a form of ethical hacking—a certifiable skill that hiring managers seek in information security and security operations center analysts. According to the U.S. Bureau of Labor Statistics, the information security analyst growth market is expected to expand 32% by 2032.
What you can get paid for: Indeed shows that in the U.S., penetration testers with 1–2 years of experience earn an average of $171,000—this can be the job you migrate to after getting one of the following entry-level ones. With less than a year of experience, information security analysts earn around $75,000 annually, while security operations center (SOC) analysts earn approximately $87,000. 
You might already have the soft skills people are looking for. Here are some notable ones:
Communications and emotional intelligence: According to Hopkins, chief information security officers (CISOs) and technical leaders struggle to speak through the lens of the people listening. “If a CISO is talking tech, speaking in bits and bytes, to a CFO listening in dollars and cents, that communication will go nowhere, right? Know your audience and speak the language that needs to be spoken. Then actively listen.”
Curiosity: “For me, it means you’ll keep up with the industry on your own time. You can’t get complacent,” Hopkins says. The ability to speak about the latest technology or newest cyber threats, like artificial intelligence, quantum computing, and blockchain, will help you stand out among other applicants.
Acting like an owner: Evans says he looks for ethical hackers who can be future leaders. “Someone who, when a problem comes up, can charge into it and think of ways forward and new solutions—whether it’s a technical problem or even if it’s their job. I’m looking for someone who doesn’t make excuses.”
Passion: For Hopkins and other higher-ups, passion is the linchpin. She says, “You gotta love it, or you’ll get burnt out quickly.” Active participation in the community is paramount. Hack the Box’s Capture the Flag (CTF) tournaments are great for technical practice and growing online clout. Also, being active on blogs and forums such as 0x00sec and Reddit’s r/blackhat provides valuable networking opportunities, the opportunity to learn and ask questions, and places to make your name more well-known.
There are a lot of domains and departments inside the cybersecurity sector. But knowing what each sector does will help you narrow down a career trajectory you’d be interested in pursuing. It’s worth noting that some of these domains have overlap.
Focussing on safeguarding an organization’s info-tech infrastructure, assessing weaknesses, and implementing security measures. Job titles: Security analyst, security engineer, security administrator

Managing and analyzing firewalls, VPNs, intrusions, and general user traffic along a wired or wireless network. Job titles: Network security engineer, network security analyst

Designing cloud architectures and managing cloud-specific security compliance requirements. Job titles: Cloud security architect, cloud security specialist

Collaborating with stakeholders to assess and mitigate organizational risks, developing risk-management strategies, and identifying potential issues. Job titles: Risk manager, risk analyst, information risk consultant

Educating and training employees, creating awareness campaigns, and providing safe-computing seminars. Job titles: Security awareness trainer, security awareness specialist

Investigating, monitoring, and responding to alerts, threats, and incidents. Job titles: Security awareness trainer, security awareness specialist

Forgot your password? This is the team that provides technical support to users. Job titles: Help desk technician, user support specialist

Deciding which certifications and skills are standard to enter and grow in the industry. Job titles: Skills development advisor, certification manager

Designing, coding, testing, and making software, hardware, tools, and services better. Job titles: Security software developer, product security engineer

Handling legalities and establishing policies, overseeing data handling practices, and ensuring companies are following laws. Job titles: Compliance officer, data privacy manager

Investigating cyber incidents and collecting evidence by recovering deleted files, sometimes even being asked to testify in legal proceedings. Job titles: Digital forensic analyst, incident response specialist

Next, after researching a role that interests you, it’s time to learn how to do the job. Some of the best ways to learn without first-hand, on-the-job experience are to study for and to complete certifications. 
Certifications enhance your job prospects and showcase your dedication to learning. The entry-level ones are particularly valuable for high schoolers and career changers entering new fields. While exploring, remain vendor-agnostic, opting for more general knowledge and commonly accepted certs. 
“If you’re chasing a random certification that someone online tells you to get, you’re wasting time,” Hopkins says. “It’s okay to explore and figure out where you want to go. But until you’ve done that, I never recommend anyone go beyond these certs at first.” 
Here are the initial certs to consider applying for:
Keep in mind that many of the most prestigious entry-level certifications will waive degrees and work experience requirements. Some of them, like the Certified Ethical Hacker certification from the EC-Council, require you to take one of their training courses. 
If everyone has the same certifications and skills, what separates you from another applicant? Many people face this problem as they look to enter the workforce. 
 “We’re in a world where we’re just too over-rotated on credentials,” Hopkins says. That’s where volunteer work, bug bounty hunting, and exploring content come into play.
Both volunteering and interning are great ways to get your questions answered while getting hands-on experience and adding to your network. Companies like ISC2 and the Women Cybersecurity Society offer a range of opportunities, from performing cybersecurity health checks on small businesses to writing blogs. 
“Every opportunity to interact is an opportunity,” says Hopkins. “It wasn’t about how much they are going to pay me or how much visibility I am going to get,” for her, it was about getting involved and practicing with real systems, dealing with real clients, and learning the language. 
Getting your hands dirty is something Jason Rader, VP and Chief Information Security Officer at Insight Enterprises, recommends, too. “Go to the careers page and look at everything they say they do—not just the security jobs, but the engineering jobs and the developer jobs—because you’ll figure out the systems they use. Then figure out if you know anything about them.”
Afterward, you can try to hack them and find vulnerabilities. Ethical hacking might lead to reporting real issues inside a company’s security network. The practice of discovering a bug or exploit, reporting it to the company, and receiving a reward is commonly known as a “bug bounty.” Many organizations, from Microsoft to Google, have established bug bounty programs to incentivize freelancers to find and report bugs and exploits. 
Legally speaking, bug bounty hunters need consent and proper authorization to infiltrate a company’s software defenses, but there’s a lot of money to be made if you stay within the scope of your assigned task. 
One of the benefits of social media is the abundance of information on all kinds of subject matter. You can learn much from industry experts after you sift through the good and the bad. 
Evans says that if Fortune magically wiped his brain tomorrow, he’d first voraciously consume YouTube content as a fast track to getting his career back. “When I started 25-plus years ago, there was almost nothing [available in terms of online education], and now there is. I’d probably go into a deep rabbit hole of spending months reading everything, watching everything. There’s just so much out there. It’s like Candyland for hackers these days.”
You can dive into your own rabbit hole, learn as much as possible about a subject, and then upload your findings to social media. One quick scroll through apps like TikTok and Instagram, and you’ll find that people who upload useful content are perceived as knowledgable authorities in a subject and typically gain audiences.
Now that you’ve learned what role you’re aiming for and how to do it, you need to freshen up your resume and create a portfolio to showcase your knowledge, skills, findings, and newfound certifications. This is the action plan you need to take to get your first cybersecurity job. 
Step one in resume building is understanding that you’re up against a robot. According to the experts Fortune interviewed, the cybersecurity industry is one of those industries that uses automated resume parsing to sift through candidates. These systems are looking for keywords and phrases in your documents, and if you don’t have them, sadly, you’ll be tossed in the garbage pile. 
However, job descriptions tell you exactly what they’re looking for, keywords and all. Rader advises people to use it to beat the bot: copy and paste and ChatGPT. “It takes about two minutes to figure it out. Grab the job description, put it into AI, and design your resume bespoke for that particular job to get the interview.” 
According to an experiment conducted by MIT Sloan Ph.D. student Emma Van Inwegen and her co-researchers, job applicants who had algorithmic assistance received 7.8% more job offers and were more likely to be hired in their first month on the platform than the unassisted control group applicants. 
Just make sure your resume does not sound overly AI-generated. Be sure to provide or add accurate information about your past experiences to avoid getting caught in a lie during interviews with potential employers or hiring managers.
When garnering attention from hiring managers, your online portfolio takes center stage. If you don’t have an elaborate web presence, a simple website or online profile showcasing your code snippets, reports, case studies, and presentations will suffice.
Or, even easier, ensure your GitHub and LinkedIn accounts are up-to-date and well-organized. A hiring manager should be able to grasp your professional identity at a glance. Highlight your certifications, competition victories, blog contributions, relevant internships, and volunteer work.
Being active on these sites, posting about your work, and commenting on other people’s posts are good ways to get the algorithm to notice you, thus placing your profile in the hands of potential employers.
After you create your resume and portfolio, it’s time to apply and interview until you get hired. According to a report from Lehigh University, it generally takes between 100 and 200 applications to land a job. Remember, you’re starting from scratch. So, be realistic, look for entry-level positions, and reach out to your network for leads—keep applying and learning.  
“You can’t necessarily expect to have success overnight,” Evans says. “All of the best hackers I’ve seen had tenacity, and they worked hard at the beginning. They read a lot of free resources. If, at first, you don’t succeed, try, try again, and success will come.”
© 2024 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information | Ad Choices 
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *