Cyber Security Resources » ​How to Enter the Cybersecurity Field with No Experience

How to Enter the Cybersecurity Field with No Experience

A 2017 report by the Center for Cyber Safety and Education projects a global cybersecurity workforce shortage of 1.8 million by 2022. New research by (ISC)2, an international, nonprofit membership association for information security leaders, suggests we’ve already surpassed that number. Globally, (ISC)2 estimates the current shortage of cybersecurity professionals at just under 3 million, with roughly 500,000 of those positions in North America.

The lack of qualified talent is unfortunate for those organizations vulnerable to cyber-attacks, but at the same time provides a tremendous opportunity for those looking to enter the field. If you have a bachelor’s degree in cyber security or a related field such as computer science or computer engineering, you may have an easier time getting into IT security than your peers, but even then, you may still have a hard time getting a job with no experience to point to on your resume.

Online Master’s in Cybersecurity, No Work Experience Required (as of 11/2018)
School Program Length (Credit Hours)
UC Berkeley* 27
Syracuse University* 30
New York University 30
Pennsylvania State University 33
Grand Canyon University 34
Saint Louis University** 36
Drexel University 45
Colorado Technical University 48
DePaul University 52

*Sponsored program

**Work experience of at least three years is strongly recommended

If you’re ready to apply what you know and start working in the field, this resource will provide some tips on how to start. Lack of experience is a hurdle, but it’s easy enough to overcome if you have the drive and the determination to work in cyber security.

Get Certified in Cybersecurity

If you understand the basics of information security but don’t have the experience to prove it, getting certified is one way to assure employers that you have the skills they are looking for. Certifications can also help get your foot in the door by demonstrating your drive to learn and showing that you’re serious about entering the field. In fact, 61% of Information Systems Security Association (ISSA) members believe that cybersecurity certifications are far more useful for getting a job than they are for doing a job.

Entry-level cybersecurity certifications

The easiest certifications to get are the “entry-level” cybersecurity certifications that test your basic skills and foundational understanding, such as the MTA Security Fundamentals and CompTIA Security+.

Overview: The MTA Security Fundamentals recognizes knowledge of core security principles as well as the basics of operating systems and network/software security. The exam validates that a candidate has “fundamental security knowledge and skills.”

Cost: $127

Training Materials:

Overview: Cybersecurity Fundamentals is an introductory certificate in the concepts that frame and define the standards, guidelines and practices of the cybersecurity industry. The certificate is aligned with the National Initiative for Cybersecurity Education (NICE) and the Skills Framework for the Information Age (SFIA).

Cost: $150

Training Materials:

Overview: Some would argue this is the most well-known entry-level security certification. CompTIA Security+ covers a wide array of security and information assurance topics, including network security, access control, risk management, data security, and vulnerability testing. This certificate validates the baseline skills you need to perform core security functions.

Cost: $311

Training Materials:

Global Information Assurance Certification

If you know more about cybersecurity than your resume suggests, either because you have a bachelor’s degree in information security or because you’re a self-taught IT pro, you may be interested in a more advanced certification. The Global Information Assurance Certification (GIAC) was founded in 1999 to “validate the skills of information security professionals.” No specific training or experience is required for any GIAC certification. Below are some introductory/intermediate GIAC cybersecurity certifications to consider:

Level: Introductory

Description: GISF candidates will learn and be able to demonstrate key concepts of information security including: understanding the threats and risks to information and information resources, identifying best practices that can be used to protect them, and learning to diversify our protection strategy.

Timeframe: 4 months

Level: Intermediate

Description: Candidates for the GIAC Security Essentials (GSEC) certification exam are interested in demonstrating their skills to show they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

Timeframe: 4 months

Level: Intermediate

Description: The GICSP bridges together IT, engineering and cyber security to achieve security for industrial control systems from design through retirement. GICSP will assess a base level of knowledge and understanding across a diverse set of professionals who engineer or support control systems and share responsibility for the security of these environments.

Timeframe: 4 months

Level: Intermediate

Description: Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. The GCIH certification focuses on detecting, responding, and resolving computer security incidents.

Timeframe: 4 months

Level: Intermediate

Description: The GISP certification is for security professionals that want to fill the gaps in their understanding of technical information security and understand information security beyond simple terminology and concepts. The GISP certification is also for anyone new to information security with some background in information systems and networking.

Timeframe: 4 months

Focus on Developing In-Demand Cybersecurity Skills

Perhaps you have some IT skills related to information security, but do you have the right skills? In an attempt to capture the voice and thoughts of cybersecurity professionals regarding the state of their profession, the ISSA surveyed information security professionals and asked about the biggest shortage of cybersecurity skills in their organizations.

This infographic reflects information up to 06/11/2018. Percentages and amounts are subject to change.

These results can be very useful to the motivated cybersecurity job seeker since they show where the biggest skills gaps are. As you learn the foundations and look to gain experience and on-the-job training, try to focus on the areas where the most help is needed—and where the most demand is. For example, if one-third of organizations say they have a shortage of security analysis and investigation skills, look for opportunities to develop these skills yourself. And how do you increase your cybersecurity knowledge, skills and abilities? The ISSA asked about that, too.

This infographic reflects information up to 06/11/2018. Percentages and amounts are subject to change.

You can also refer to the Cybersecurity Workforce Framework for a list of knowledge, skills and abilities required for 50+ work roles in cybersecurity. The Framework was designed by the National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST). You can also use the NICE Framework for help figuring out which area of cybersecurity is right for you.

Land Your First Job in Cybersecurity

There are many different career entry-points in cybersecurity. The most common entry-level roles in the cybersecurity “ecosystem” are cybersecurity specialist, cyber crime analyst, incident analyst and IT auditor.

Description: Your day-to-day duties and responsibilities will vary, but as a cybersecurity specialist/technician you will largely be responsible for designing, testing, implementing and monitoring security measures for an organization’s computer systems. Such responsibilities may include:

  • Establish network/system security requirements
  • Configure security tools such as firewalls, anti-virus software, etc.
  • Define and monitor access privileges and licenses
  • Oversee and monitor routine security administration
  • Design, conduct and report on security audits
  • Research, recommend and implement security upgrades

Total Job Openings1: 6,111

Common Job Titles2:

  • Information Security Specialist
  • Cybersecurity Specialist
  • Information Technology Security Specialist

Requested Education3:

  • Sub-Bachelor’s Degree: 16%
  • Bachelor’s Degree: 59%
  • Graduate Degree: 25%

Top Certifications Requested4:

  • GIAC
  • CISM
  • CISA
  • Security+
  • Cisco Certified Network Associate

Description: As a cybercrime analyst/investigator, you will help law enforcement agencies solve crimes committed in the cyber-space and prevent future incidents by analyzing the who/what/when/where/why of a cybercrime. Some of the responsibilities of a cybercrime analyst/investigator include:

  • Recover data that was either destroyed, damaged or stolen
  • Reconstruct damaged computer systems
  • Prepare expert reports on highly complex technical matters
  • Analyze, preserve and present computer evidence
  • Train law enforcement on computer-related issues

Total Job Openings1: 564

Common Job Titles2:

  • Security Analyst
  • Computer Forensics Analyst
  • Senior Investigative Agent
  • Cyber Forensics Analysts

Requested Education3:

  • Sub-Bachelor’s Degree: 9%
  • Bachelor’s Degree: 71%
  • Graduate Degree: 20%

Top Certifications Requested4:

  • CISSP
  • CISA
  • Certified Ethical Hacker
  • Security+
  • Cisco Certified Network Associate
Description: Incident analysts/responders, also known as intrusion analysts, serve on the “front-lines” of cybersecurity. As a first responder, you will use a host of forensic tools to identify security incidents and threats as quickly as possible in order to limit the damage and prevent such incidents from happening again. Your day-to-day responsibilities may include:

  • Actively monitor computer systems and networks for intrusions
  • Identify security flaws and vulnerabilities
  • Perform security audits, penetration testing and network forensics
  • Establish and test communication protocols (in the event an incident is detected)
  • Produce detailed incident reports and technical briefs

Total Job Openings1: 13,833

Common Job Titles2:

  • Information Security Analyst
  • Information Security Project Manager
  • Cyber Defense Center Analyst
  • Cybersecurity Project Manager
  • IT Security Project Manager

Requested Education3:

  • Sub-Bachelor’s Degree: 9%
  • Bachelor’s Degree: 71%
  • Graduate Degree: 20%

Top Certifications Requested4:

  • GIAC
  • CISM
  • CISA
  • Security+
  • Cisco Certified Network Associate
Description: As an IT auditor, you will be responsible for collecting and evaluating evidence of an organization’s information systems, practices and operations. Essentially, IT auditors make sure that organizations are compliant with IT legislation (HIPPA, Sarbanes-Oxley, etc.) and that there are no glaring holes in their information security network. Sample responsibilities may include:

  • Coordinate, plan and execute IT audits within an organization
  • Develop and implement tools to analyze data to improve audit efficiency
  • Communicate audit findings and recommendations
  • Stay up-to-date with local, federal and global IT regulations

Total Job Openings1: 6,673

Common Job Titles2:

  • IT Auditor
  • IT Audit Manager
  • Internal IT Auditor

Requested Education3:

  • Sub-Bachelor’s Degree: 3%
  • Bachelor’s Degree: 76%
  • Graduate Degree: 22%

Top Certifications Requested4:

  • CISSP
  • Information Systems Certification
  • CISM
  • ITIL
  • Certified Internal Auditor (CIA)

Source: CyberSeek, Cybersecurity Career Pathway

1 Online job listings from April 2017 through March 2018

2 Common job titles employers list in job openings

3 Percentage of online job listings requiring either less than a bachelor’s degree, a bachelor’s degree or a graduate degree

4 Certifications most commonly requested by employers in job listings

Expand Your Knowledge with a Master’s Degree

Graduate degrees are becoming a requirement for even some entry-level positions. If you want to give yourself the best shot at landing the best job in cybersecurity, a master’s degree can help you stand out from other inexperienced applicants. An online master’s degree program in cybersecurity can provide the advanced knowledge, skills and abilities you need to get ahead in cybersecurity, with the added flexibility and convenience of going to school without putting your life on hold. Browse online graduate-level cybersecurity programs.

Engineering@Syracuse
No experience needed! Take the first step toward a career in cybersecurity.

Explore Online Program
Sponsored Program
2019-02-21T20:41:25+00:00