Fancy a career change into cyber? How to get started...

"I am interested in joining cyber/information security, but I have no idea where to start..."

If the above is you, read on.

Anxious about changing career? I understand. Change can be scary.

The great thing is it's never too late to change your career, and you can start by taking small steps. Many people have been where you are now. People switch careers for a variety of reasons...many have developed new (or existing) interests, others may be financially driven (which is fine, but I think you should at least be interested in an industry/role), or others might have experienced a change in life circumstances (or a change in personal values), thus seeking a role that is better aligned.

Below I've listed some guidance on how you could approach your career change into cyber/information security.

Bear in mind that this is just my personal take on it, and that I am UK-based, so my content will be mostly (naturally) be UK-centric...although much of the online stuff stated below will likely be available globally).

1. Start learning and expand your knowledge

There is a wealth of tech/cyber learning material out there on the web, some paid, some free. The key is to start utilizing some of this to broaden your own knowledge.

"Which certifications should I pursue to get a cyber job?"

The above is one of the most common questions I'm asked by prospective new joiners. If you're asking this (and I understand why you're asking - many companies do still ask for certifications on entry-level job descriptions, much to my dismay), you're approaching this from the wrong angle.

Your focus should be on expanding your own knowledge and broadening your awareness, rather than being given a piece of paper (not slating certifications, they do have their uses). The key point is this: many people don't realize that evidencing to the right hiring manager that you've been studying towards a certification (and therefore increasing your knowledge) is often just as valuable as waving the piece of paper that says you've got it. It shows you're committed, self-motivated and possess a willingness to learn.

So switch your focus from passing a certification to increasing your knowledge, and you're already on a better path. Now...next question is...

"Which topics should I study?"

This depends on whether you already know which area of cyber/information security you wish to specialize in (the industry is incredibly broad). Some already know what area they are interested in, if you don't this is absolutely fine, there are broader security roles out there (that are more generalist). You can always decide if/when you want to specialize at a later date (and you don't have to either).

It's worth pointing out that there isn't one single "preferred" route or training pathway to get into cybersecurity - every cyber/infosec professional I know has joined via different paths, with their own unique approach to learning and qualifications. Likewise, various companies/hiring managers value different things. You'll want to try and find a company that places less emphasis on experience/qualifications as essential criteria, and more emphasis on skills/capabilities/potential (easier said than done, as many organisations still sadly opt for the former, but there are good eggs out there!). And whilst we're on this subject, if you find a role you think you'd be a perfect fit for (based on the role description), but you don't tick every single "essential/desirable criteria box", take a chance and submit an application anyway - these opportunities are worth taking! You never know what could happen. Remember: you have transferable skills from other employment and volunteering, mention these! Take care to also explain any gaps in knowledge/experience, but that you're willing to learn and apply yourself. Cyber/infosec roles are extremely competitive sadly, and there are still many barriers to entry. Try and put yourself out there, eventually the right role/company will come along.

Anyway, slight tangent there! Back to learning materials...approaching learning materials from a tech/security generalist angle, I can recommend studying towards the following entry-level tech/cyber certifications (all of which I've found useful myself, as both a cyber professional and a hiring manager):

• CISMP (BCS)
• ITIL Foundation
• CompTIA Security+ and Network+
• CompTIA IT Fundamentals+?
• ISO27001 Foundation
• ISC2 Certified in Cybersecurity
• CCNA
• AWS Cloud Practitioner
• AZ-900 Azure Fundamentals
• GCP equivalent of the above
• Microsoft 365 Fundamentals

Online resources to consider using (linked those that are harder to find):

• Professor Messer (can be found on YouTube or on his website)
• SANS Cyber Aces
• FutureLearn
• Pluralsight
• Cybrary
• Fortinet NSE Institute Self-Paced Content
• Coursera
• BrightTalk (for webinars)
• Security Podcasts (see this list )
• Udemy (some courses are better than others, exercise your judgement and read reviews)
• Jeremy's IT Lab
• TryHackMe
• HacktheBox
• OverTheWire
• Qualys Training
• GitHub GRC Repository
• Cisco Networking Academy
• Network Security (Ed X)

^ not an exhaustive list, but enough to get you started

2. Have you heard of these tech/cyber reskilling courses?

Aside from the available online self-paced/self-learning content, there are also tech/cyber reskilling courses or bootcamps out there which provide opportunities for career-switchers to upskill. Eligibility criteria for each course varies, and some are free, some are self-funded. I am not suggesting you need to (or should) do any of these courses or bootcamps, but it may be worth doing some research on them to see if any would be of interest to you. Some of which I've listed below:

• CAPSLOCK - Cyber Upskilling Bootcamp
• AWS re/Start - Cloud Upskilling Bootcamp
• Code Your Future - Coding Courses
• Code First Girls - Coding Courses
• GOV.UK Skills Bootcamps - Range of topics inc. tech/digital
• QA Digital Skills Bootcamps - Range of topics around tech/digital

This is not an exhaustive list - there will likely be more, but these are the ones I am aware of. Some of these organisations will work with employers to place individuals in roles at the end of the course, but this is never guaranteed.

It's also worth mentioning that many (but not all) apprenticeships also accept applications from people at all ages, so it's worth doing some research into this area too. It's a common misconception that apprenticeships are only available for people aged 16-19.

It may also be worth speaking to your current company (if already employed) to see if there are any internal learning opportunities, or any opportunities for cross-skilling or shadowing. If you don't ask, you don't know, right?

3. Expand your network and consider volunteering

When starting out in any industry, it's essential that you begin to expand your professional network. Start by building your online profile/personal brand on sites such as LinkedIn, and reach out to people that work within the industry.

Begin to share your enthusiasm for the industry - start conversations, ask people about their day jobs/what they enjoy about their work, post and comment about security/tech topics. The more you engage and build connections, the more likely your network will organically grow.

A few other things to consider...

• Go to tech/security conferences where possible
• Join networking groups (either internally within your current company or externally via social media/other online communities)
• Volunteer to help others and build connections - great if the opportunity is in tech/cyber or a related field, but it doesn't have to be as volunteering (in any capacity) can help you develop useful transferable skills

Some examples of voluntary opportunities (again, not an exhaustive list) can be found within the likes of:

• UK Cyber Security Council
• Cyber Peace Builders
• Code Your Future
• Prince's Trust
• WiCyS UK (Women in Cybersecurity UK) and WiCyS Global
• CAPSLOCK (Mentoring)
• Get Safe Online
• ISC2
• ISACA
• GOV.UK List of Volunteering Opportunities (known as "Do It")