Career Stories

12 min read

How to start a career in cybersecurity with no experience

Landing your first entry-level cybersecurity job can seem like an impossible task but there are many paths into the industry, even with little to no experience.

g4rg4m3l avatar

g4rg4m3l,
Feb 14
2024

The talent shortage in cybersecurity is one of the main concerns expressed by industry leaders globally. IBM reports that currently there are "over four million unfilled cybersecurity jobs worldwide."

These numbers represent not only a challenge but an opportunity. An opportunity to fill this gap with highly talented individuals who will make a difference. In sum, we need a new generation of cyber warriors dedicated to combating cyber threats.

The field of cybersecurity has a certain mystique around it, making it highly appealing to many. However, this allure comes at a cost–the perpetuation of various "cybersecurity career myths." 

“Cybersecurity is for computer geniuses. It's an extremely hard field to get into. There are no entry-level jobs. Formal advanced academic training is mandatory.”

Cybersecurity career myths
 

Aspiring professionals often wonder if a career in cybersecurity is possible without prior experience or superhuman abilities due to these common misconceptions.

Some of these myths are directly related to a general lack of a clear understanding of the various cybersecurity roles.

In reality, cybersecurity is a field that encompasses several job roles related to protecting the digital realm. Different roles in cybersecurity require different skill sets and levels of expertise.

What does a career in cybersecurity look like?

If you're interested in starting a career in cybersecurity with no prior experience, a good place to start is by learning about jobs suitable for newcomers in the field.

Often, cybersecurity roles are divided into defensive (blue) or offensive (red). Defensive roles focus on protecting systems while offensive roles aim to expose vulnerabilities by attacking systems. 

An example of a blue role would be a SOC analyst and a red role a penetration tester. 

While there isn't a formal consensus or a strict method to classify entry-level positions, there are some widely accepted industry and community approaches to starting a cybersecurity career without prior experience.

Note💡: We contributed to this discussion by polling 11,498 members of the community on LinkedIn about the best entry-level cybersecurity jobs.

Wondering which path to take? Read our guide on the main cybersecurity career paths.

SOC Analyst

SOC analyst vs. penetration tester
 

One of the most common starting job roles in the field of cybersecurity is that of a Security Operation Center (SOC) analyst.

A SOC analyst (or cybersecurity analyst) is a cybersecurity professional responsible for daily security-related operations. They monitor systems looking out for suspicious activities and potential threats to effectively respond when the alarm sounds!

Junior SOC analysts begin by carrying out routine tasks like determining if an alert really means that a potential attack is happening. (Alerts are flagged as true or false positives, this process is called triage.) 

Working alongside experienced professionals, dealing with cyber threats, and utilizing various tools and methods daily, provide ample opportunities for growth and learning within the cybersecurity analyst role.

This is what makes it a popular entry-level position in cybersecurity, especially for those entering the field without prior experience. 

A SOC analyst is often the first step in what's known as a blue team career. This team is responsible for defense and quick action in response to any incidents. Guardians of all things digital.

Furthermore, the security analyst career path is often used as a stepping stone for professionals who aspire to work in a red team role. It provides foundational skills needed to transition smoothly into the offensive side of cybersecurity.

Related read: How to become a cybersecurity analyst.

  • Learn core security monitoring and security analysis concepts. You’ll gain a deep understanding of tools, attack tactics, and methodologies used by cybercriminals.

  • Practice with hands-on exercises. Put theory into practice with plenty of exercises to push your knowledge to its limits!

  • Leave with the right mindset. Becoming a SOC analyst is about the mindset, you’ll learn how to think like a hacker so you can defend against them.

Penetration tester

The red team is usually responsible for testing the security posture of an organization from the perspective of the attacker. That means imitating the behavior of potential threats to advise the organization on how to enhance its defenses.

One popular, if not the most popular, job role related to a red team path is penetration tester.

Traditionally a penetration tester is not considered to be an entry-level job, as it requires a substantial skill level to mimic real-world threats and reproduce all kinds of attacks.

But here's where things get interesting...

According to Market Research Future, the penetration testing market is expected to expand rapidly and reach USD 8.13 billion by 2030. As a result, there has been a substantial increase in the number of entry-level penetration tester job roles.

This growth is related to the proven efficacy of this security activity, meaning that the demand for professionals is rising and new job opportunities appearing as a result. Yes, even for those with no prior experience.

Note💡: HTB asked the cybersecurity community on LinkedIn if securing a pentesting role as a first job was possible, 67% said yes.

Many professionals have succeeded in landing their first penetration tester role without prior experience by following content structured and curated by experts, and putting in the work on practical real-life scenarios.

This is where new education methods and high-quality learning platforms such as Hack The Box (HTB) play a crucial role.

I recently spoke to Francisco Santos, a penetration tester for a renowned company, who was hired fresh out of high school without any previous job experience in cybersecurity or other areas. 

 

With his dedication and focus he spent countless hours learning and practicing on these platforms and ended up landing his first job as a web application penetration tester.

  • Learn core security assessment concepts by using specialized tools, attack tactics, and methodologies.

  • Get all the necessary theoretical background with practical exercises.

  • Obtain the practical skills and mindset necessary to perform professional security assessments against enterprise-level infrastructures.

Modern platform-based education provides accessible training with hands-on experience and updated content. 

This is particularly relevant in the field of cybersecurity, as traditional education methods have a slower curriculum update process, whereas the cybersecurity landscape constantly evolves. 

For example, at HTB, we produce new Machines weekly, so when a new CVE is discovered, you’ll be able to find it in our practical content. Like we did with the Looney Tunables vulnerability

Tip💡:  Interested in landing a job as a pentester? Brush up on these 30 critical cybersecurity interview questions!

Although these two career paths are popular, it's important to know that there are many other options available. Robert Theisen (Ltnbob), IT Program Director & Cybersecurity Professor, does a stellar job going into detail in 4 of the best entry-level cybersecurity jobs for aspiring hackers.

No experience = no shortcuts

entry-level cybersecurity jobs
 

While you can start a career in cybersecurity with no experience, that  does not mean you can take shortcuts. Cybersecurity is a demanding field that will thoroughly test your skills.

This is why identifying what skills and experience you currently have that translate to a career in cybersecurity is essential—everyone has a different starting point.

Starting with no IT background

If you don't have any IT knowledge it’s really important to first learn basic computer operations:

  • Hardware.

  • Software.

  • Operating systems basics.

Take free online courses, watch YouTube videos, just dive into free available resources and take it from there.

Consider starting with an entry-level IT job, such as a help desk position. This will provide you with experience, and a learning opportunity to familiarize yourself with fundamental IT concepts and workflows.

Note 💡: A way to identify your starting point is to use the following ESE framework (experience, skills, and end goal) to assess your current skills and experience against your cybersecurity career goals

Key distribution center
 

What if you have an IT background?

With a background in IT, you should evaluate your current skill level and proceed to study areas that are common to several cybersecurity job roles:

  • Networking.

  • Systems administration.

  • Operating systems.

  • Cybersecurity fundamentals.

If you read “CIA” without immediately thinking about a secret government agency, you’re ready for the next step. I would personally recommend getting familiar with a programming language, like Python. Although not strictly necessary, it can't bite, right?

I also recommend exploring the Introduction to Network module on Hack The Box Academy, regardless of your background. 

A solid understanding of this topic is going to make a difference in your cybersecurity career. So much so that organizations such as CompTIA call computer networking a “feeder role” that will lead you to more advanced cybersecurity jobs down the line.

Test your might

A solid foundation makes a solid career. But don't forget to consider your existing soft and hard skills.

Perhaps you have experience in communicating with clients on customer service. Maybe you had to come up with out-of-the-box solutions to handle hungry customers at a restaurant. 

You might be surprised by the skills you already possess that can be applied to starting your new career in cybersecurity.

  • Communication: If you're good at communicating you're halfway there. It's hard to effectively communicate security. Especially if you have to communicate to a both technical and non-technical audience.

  • Teamwork: You'll be working with a team. Collaboration is key. 

  • Creativity: If you like to come up with non-conventional ways to solve problems you're an asset.

  • Unquenchable curiosity and willingness to learn: I consider this to be the most important one. You'll always be learning. If acquiring knowledge is your life mission, cybersecurity is for you. 

Practice makes perfect

Cybersecurity is all about getting down to business. Especially if you don't have previous experience, you must put all your learning into practice.

Fortunately, you don't have to invest in fancy equipment or elite cyber ranges and you don't have to impersonate Elliot from Mr. Robot and risk getting yourself and others in trouble.

You can gain practical experience by completing challenges on HTB Labs and the HTB Academy, which provide interactive exercises against real-world applications and infrastructures.

Customize these challenges to fit your current skill level using features like Starting Point or the comprehensive guided mode for a smooth enriching learning experience.

  • Guided Mode, our new premium feature. A set of questions acting as guidepaths will appear to show you the intended path for each Machine, coaching you along to the root flag.

  • By offering more guidance, users can advance their training with additional context and have a better sense of progress.

This kind of practice is indispensable to brush up your skills and stay relevant in today's job market companies worldwide are looking for this kind of training as a pool of talent.

Tip 💡:  Job posts on Hack The Box’s Talent Search, allow players to apply for jobs directly through the job board.

Get that flag

Capture the Flag (CTF) competitions are an exciting and engaging way to gain hands-on experience in real-life scenarios. These challenges require you to find a specific text in compromised systems, known as the flag, which serves as proof that you have completed the task.

You can participate in these competitions alone or as part of a team. They are a great way to have fun, showcase your skills, and connect with other professionals who share your interests.

CTF competitions are highly addictive and offer a unique opportunity to learn and grow in a supportive environment.

Get involved and join the cybersecurity community

With no background and no prior experience, it’s really important to get involved with the cybersecurity community. This is a great way to learn from experts, share knowledge, and stay updated on the latest trends.

Be part of the HTB Community, share experiences on Discord, and on HTB forum.

Look for, and attend meetups in your area. These are great to get first contact in person with fellow professionals. 

Put yourself out there and don't be afraid to share your passion with the world. By connecting with both aspiring and seasoned professionals, you'll not only learn and gain experience, but you'll also open yourself up to working opportunities and receive support that will stay with you throughout your career. 

Certifications

Certifications are indeed a popular topic. The truth is that these are not a must-have to get a job. Many professionals take their first certifications while already working on cybersecurity jobs. 

Having certain badges on your resume can help you stand out, but their true value lies in the knowledge and experience gained during your journey to earn them. Additionally, they can assist you in passing the recruiter's screening process.

Foundational certifications such as CompTIA A+ or Network+ are valued for those entering the field without prior experience, they can demonstrate an understanding of key concepts in IT.

If you work in IT, obtaining CompTIA Security+ certification is highly respected and can demonstrate to an employer that you have essential skills and a solid overall understanding of the field of cybersecurity.

Prioritize practical certifications

When entering the field without prior experience it is important to choose a certification that tests your practical skills. As Itnbob says in Is a cybersecurity certification worth it? (Here’s how to decide), "practical cybersecurity certifications are favored by recruiters."

Our Certified Penetration Testing Specialist (CPTS) is a perfect example of both theoretical and practical certification as you will be required to perform actual penetration testing activities against real-world networks.

If you aim to secure a position as a cybersecurity analyst, the Certified Defense Security Analyst (CDSA) certification could be ideal.

This certification is known for its practical approach, evaluating candidates' skills in security analysis, SOC operations, and incident handling.

The road ahead

Cybersecurity is an exciting and rapidly growing field that requires trained professionals. However, with modern learning methods and platforms, you can enter the industry even without prior experience if you have a passion for it and are willing to put in the effort. 

There are numerous opportunities available to land your first job and jumpstart your career.

Evaluate your current experience and skills relevant to making a career transition into cybersecurity. Don’t overlook your soft skills. Consider how your problem-solving abilities, attention to detail, and communication skills can be valuable assets in the field.

Build a solid foundation in basic IT skills. Put these skills into practice by leveraging online platforms and CTF events. Focus on certifications that have a strong practical application.

Engage with the community and share your journey; remember, you're not alone.

Hack The Box is always there to support you on your path, no matter which direction you decide to take. Red or blue, make your journey unique, just like you!

Author bio: Pedro Correia (g4rg4m3l), Cybersecurity Lead, Red Teamer, and Instructor at Code For All_

Pedro Correia is a cybersecurity professional with a strong commitment to both learning and teaching. He currently serves as a Cybersecurity Lead, Red Teamer, and Instructor at Code For All_. He oversees a specialized team focused on penetration testing and cybersecurity assessments, with years of experience in educating students from diverse backgrounds worldwide in the domains of cybersecurity and programming.

He also creates content specializing in various cybersecurity domains under the alias of “Cybersecurity Paladin.” As a Hack The Box Ambassador, Pedro hosts meetups, showcases, and live hacking demonstrations, making cybersecurity concepts more accessible to a wider audience. You can find him on HTB as “g4rg4m3l.”

Pedro has embarked on a self-imposed delusional mission to infiltrate every Active Directory environment. Join him on this crusade.

Feel free to connect with him on LinkedIn.

 

Hack The Blog

The latest news and updates, direct from Hack The Box