Getting Your First Cyber Security Job 

Uploaded on 2023-08-09 in Education & Research

Getting Your First Cyber Security Job 

Student Report: This article is exclusive to premium subscribers For unrestricted website access please Subscribe: £5 monthly / £50 annual.

Cyber security has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data and they need cyber trained people to help. 

As a result, the demand for cyber security professionals has skyrocketed and the demand for cyber security is greater than ever, due to an evolving threat landscape with attacks that are more difficult to detect and defend. 

But the available potential workforce isn’t keeping pace with that demand, largely because of a lack of interest from young people entering the job market. 

The cyber security skill shortage is a pressing concern for businesses, with the current shortfall estimated to be around 3.4 million unfilled positions in 2023 which has increased by 26% in two years. The upside to this shortage, it is that for those interested in a career in cyber security, there are many opportunities to enter this vast and interesting field. 

If you’re starting out on your first career or wishing to transition into cyber security from other IT-related work such as software development or network administration, then read on.

With such a wide variety of roles and positions, there is an equally large set of KSAs (Knowledge, Skills and Abilities) required to suit various positions, and each field of expertise naturally has its own requirements. 
However, there are some essential skills that are pretty much appropriate for any job in cybersecurity and the more of these you can tick off, the better your chances of attracting an employer. Among these key skills are your knowledge of operating systems, programming languages and networking. In almost every job in cybersecurity you’ll be expected to use some programming languages and to be able to understand programming concepts. 
Let’s take a closer look at each. All the resources we’ll suggest are free unless otherwise stated.

How To Enter Cyber

If you want to learn how to get into cyber security as a career, here are the steps you can take:

1. Get a Bachelor's Degree:   Most positions in the IT industry require at least a bachelor's degree. Consider getting an undergraduate degree in technology, engineering, computer science, or another related field to help you develop technical skills and gain industry knowledge. Some schools offer specific programs in IT, although employers may also consider degrees from other relevant fields.

2. Choose a Specialty:   IT professionals take various computer courses during their undergraduate programs, but you may choose to specialise in one area. Choosing to specialise in the early stages of your career can help you hone relevant technical skills and gain professional experience in that area. When selecting your area of specialty, consider your skills, interests, and available employment opportunities. Some common areas of specialty include:  

  • Network administration
  • Front-end development
  • Business analysis
  • Development operations
  • Cloud computing
  • IT project management
  • Software analysis and development

3. Look for Internships:   During your undergraduate program, you can apply for internship positions in technology companies or any related industry. Applying for internship programs is an excellent opportunity to gain relevant work experience and develop technical skills. Internship programs can also help you develop interests, choose an area of specialty, and give you an excellent foundation to ensure your career growth.

4. Earn a Graduate Degree:   Some positions in the information technology industry may require or prefer a master's degree. Earning a graduate degree can help you advance professionally while qualifying you for more challenging positions. When selecting your graduate program, consider your specialty, interests, and career goals. 
For example, if you want to become a business intelligence analyst, you may get a master's degree in data analytics and finance. Some graduate degrees to consider include:   

  • Cyber security
  • Data engineering
  • IT security management
  • Computer science
  • Gig data and analytics
  • Data science
  • Information management
  • Information technology  

5. Create a Resume:   When applying for IT jobs, include only information relevant to the particular position. This includes your educational background, professional experience, technical and soft skills, and volunteer work. 
If you have little relevant experience, highlight your educational qualifications, achievements, and relevant certifications. You can also get an academic reference letter to support your resume.

6. Apply for Entry-Level Positions:   Many professionals start their careers in entry-level positions. These positions can give you an excellent opportunity to develop within a particular industry. Consider applying for local or remote entry-level job opportunities if you're a recent graduate or if you're switching from another field to IT.

7. Prepare for the Interview:   As part of your application process, prepare for technical and industry-related interview questions. Practise common IT interview questions, research the latest developments in the field, and read about the company's work culture. Then, think of example answers to demonstrate your skills, technical knowledge, and expertise to the hiring manager.

8. Consider Freelancing Opportunities:   Freelancing is an excellent way for you to earn money while developing your skills in IT. Consider gaining professional experience and developing your skills while working as a freelancer for multiple companies. In addition, you can join various freelancing platforms and offer your services to clients.

If you're looking to transition from another industry into information technology, here are some tips to ease the process:

Get Industry Certification:   To transition to IT, getting industry-related certifications can help speed up your process. While getting a bachelor's degree may take up to four years to complete, it may only take a few weeks to obtain a certification. In addition, you can gain technical skills from various certified learning platforms that can serve as a foundation for your career. With these certifications, you can show potential employers you have the required technical skills to complete the tasks.

Apply Your Past Qualifications:   If you decide to transition into IT, focus on how your past qualifications and experiences can apply to your new career. Some employers may value your qualifications and expect you to bring new approaches to solving IT problems. For instance, a person with a degree in marketing can have the skills to analyse customer data and create effective strategies to improve business output. Specific adaptability skills you might have developed in your previous career may also help ease your transition into IT.

Look for Crossover Positions:   As the IT industry is relevant in almost every sector, look for positions that align with your previous career and use it as your pathway into IT. For instance, if you used to work in finance, it may be easier for you to look for an IT position in the financial sector as a business analyst. Having a foundational understanding of the sector makes you a valuable employee and increases your chances of success.

Cyber Security Analyst:   A cyber security analyst is responsible for identifying and mitigating cyber threats to an organisation’s network and data. They examine system logs and network traffic to find and fix security holes. Additionally, they create and implement security policies and processes to defend the company against future cyber attacks.  Cyber security analysts often require a bachelor’s degree in cybersecurity or a related discipline. They may also hold certifications like compTIA security+, certified information systems security professional (CISSP) or certified ethical hacker.

Potential Jobs To Consider

Cyber Security Engineer:   A cyber security engineer is responsible for designing and implementing security measures to protect an organisation’s network and data. They assess the security requirements of the company and create security tools, including firewalls, intrusion detection systems and encryption software. To make sure security solutions are effective, they test and assess them.  Cyber security engineers often require a bachelor’s degree in cybersecurity or a similar discipline. They may also hold certifications like certified information security manager (CISM) or CISSP. 

Security Consultant:   A security consultant advises organisations on the best security practices and strategies. They conduct risk assessments and audits to find weaknesses and provide security solutions. They also create security policies and processes and train staff members on best practices.
Security consultants frequently hold qualifications like the CISSP or CISM and a bachelor’s degree in cybersecurity or a related profession.

Information Security Manager:   An information security manager manages an organisation’s information security program. They create and put into practice security policies and processes, supervise security audits and assessments, and guarantee that all legal requirements are met. They also manage security incidents and collaborate with other departments to ensure that security precautions are incorporated into every facet of the company. Typically holding a bachelor’s degree in cyber security or a similar profession, information security managers may also have credentials like CISSP, GIAC Security Essentials or CISM.

Penetration Tester:   A penetration tester tests an organisation’s network and systems for vulnerabilities. They run simulated attacks to find gaps in the company’s security measures. To address discovered vulnerabilities, they also create and implement security solutions. Penetration testers typically hold a bachelor’s degree in cyber security or a closely related discipline. They may be certified as an ethical hacker or have the CISSP certification.

Security Architect:   A security architect is responsible for designing and implementing security solutions for an organisation’s network and data. They create security designs and architectures and assess new security technology. Additionally, they ensure that security precautions are included in all procedures and systems the company uses. Security architects commonly hold a bachelor’s degree in cyber security or a closely related discipline, and they may be certified in positions like CISM or CISSP.

What Does A Hiring Manager Look For?

When evaluating your cyber security experience, a hiring manager will look for:

Technical Skills:   Most cyber security jobs require strong technical experience. Highlight skills such as network forensics, intrusion detection, malware analysis, vulnerability assessment, database security, and penetration testing. Remember, an important cyber security resume objective is to demonstrate your ability to identify and mitigate security threats. Pay close attention to the cyber security job description and try to match your skills to their requirements.

Information Security Expertise:   Showcase your knowledge and experience in information security, including understanding security vulnerabilities, implementing security measures, and safeguarding sensitive data. 
Familiarity with industry-standard security frameworks and compliance regulations is highly valued, even in entry level cyber security positions.

Cyber Security Certifications:   Certifications like Certified Ethical Hacker (CEH), Certified Information Systems Security (CISS), Offensive Security Certified Professional (OSCP), or any other relevant certifications validate your expertise in specific areas of cybersecurity and can enhance your credibility and prove your value to the cyber security team.

Cyber Security Experience:   Showcase your relevant experience in the field of cyber security, highlighting specific projects, achievements, and outcomes. This can include incident response, security architecture design, policy development, or implementing security controls, or anything else you may have done during your time working in the cyber security field.

Education & Qualifications:   Include your educational background, particularly if it includes a degree in computer science, information technology, or a related field.  Mention any additional certifications, training, or workshops you have completed to stay updated on the latest trends and technologies in the cyber security industry.

Understanding Security Threats:   Cyber security engineers and cyber security analysts have to stay on top of their game. Demonstrate your knowledge of current and emerging security threats, such as cyber attacks, malware, social engineering, or insider threats. Showcase your ability to proactively identify and mitigate potential risks.

Experience With Security Tools & Software:   Mention any experience you have with security software, intrusion detection systems, firewalls, encryption technologies, or other relevant tools commonly used in the cyber security industry.

Penetration Testing Skills:   Highlight your experience in conducting penetration tests to identify vulnerabilities and assess the overall security posture of systems and networks. Emphasize your ability to think like a hacker to uncover potential weaknesses while working as a cyber security engineer.

Awareness Of Security Policies & Compliance:   Highlight your understanding of industry-specific security standards, regulations, and best practices. This can include knowledge of frameworks like ISO 27001, NIST, GDPR, or HIPAA. Remember to tailor your resume to each job application, highlighting the skills and qualifications that align with the specific job requirements. 

Use bullet points to clearly present your skills and experience, making it easy for the hiring manager to identify your strengths

Even you don’t get a specific job, your cyber security resume will be kept in the company’s applicant tracking systems, you never know when a new job will pop up, but when it does here are the things you can expect.

What Is The Pay & Conditions? 

Salaries vary depending on a range of factors including your skills, experience and qualifications, your location, the type of employer you work for (e.g. in-house or consultancy) and the sector you work in (e.g. financial services). 
You'll usually receive a range of employee benefits that may include a bonus, company pension scheme, private medical insurance, gym membership, and sponsored training and development opportunities.  

  • Starting salaries for cyber security analysts typically fall between £25,000 and £35,000.
  • Experienced and senior cyber security analysts can expect to earn from around £35,000 to in excess of £60,000.
  • In higher-level leadership or managerial roles, you may receive salaries up to, and in excess of, £70,000.

Working Hours:   Working hours are typically 35 to 40 hours per week, Monday to Friday. You may need to work outside of 9am until 5pm depending on projects and the specific nature of the work. Some companies may require you to work on a shift basis, which can include evenings, nights and weekends. You may need to work as part of a 24/7 call-out rota, to allow for quick responses to cyber security incidents. 

Job sharing and part-time work are not common. However, some companies offer flexible working arrangements. Short-term contract work is possible, particularly through recruitment agencies or if you work on a self-employed basis as a consultant.

What to Expect:     Work is likely to be office-based and you'll typically be using a computer for extended periods of time. However, if you work as a consultant then you may need to travel to meet with clients. Self-employment is an option for experienced analysts. You could set up your own cyber security company or work as an independent cyber security consultant. You could also work as a contractor through an agency. 

Some roles will require you to have security clearance, particularly if they're for a government agency or private organisation which handles highly-sensitive information. You may also be restricted in terms of what you can say about your work.

There are a higher proportion of roles in major cities. In Britain many roles arebased in the South East of England including London and the business centers in Manchester, Birmingham and Bristol. In Scotland, many roles are found in Edinburgh and Glasgow. In Wales, roles are typically found in Cardiff, Swansea and Newport. 

As a consultant working for a company you'll have to travel within the UK and possibly internationally. As an independent consultant you can be based anywhere, work securely online and travel to meet clients as needed.

References

indeed:     ISACA:  

Sentinel One:  Prospects:

ZETY:   Cybersecuritydive

Springboard:   Coin Telegraph:

Image: Tim Gouw

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Generative AI Tools Help Criminals Launch More Sophisticated Attacks
What’s The Problem With Open-Source Software & Cybersecurity? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Luxar Tech

Luxar Tech

Luxar's network visibility products enable enterprises and service providers to monitor network traffic, improve security and optimize efficiency.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

InsightCyber

InsightCyber

InsightCyber is on a mission to keep the world’s critical infrastructure, supply chains, and manufacturing operations cyber-safe, helping to prevent attacks that can have catastrophic impacts.

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

SEEDS conducts research and develops innovative cybersecurity technologies, tools, and methodologies that advance the energy sector’s ability to survive cyber incidents.

Cyber Security Cooperative Research Centre (CSCRC)

Cyber Security Cooperative Research Centre (CSCRC)

The CSCRC provides frank and fearless research and in-depth analysis of cyber security systems, the cyber ecosystem and cyber threats.

SecureStream Technologies

SecureStream Technologies

SecureStream Technologies have built the IoT SafetyNet - the Network Security Analytics platform to Eliminate Security Threats, Guarantee Privacy, Ensure Compliance, Simply & Easily.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

Bluerydge

Bluerydge

Bluerydge specialises in cyber security and technology, focusing on the delivery of innovative sovereign solutions through trusted, cleared and experienced professionals.

Pixee

Pixee

Pixee fixes vulnerabilities, hardens code, squashes bugs, and gives engineers more time to focus on the work that counts.