How to start your career in cyber security

There has never been a better time to get into cyber security. There is a growing demand for experts, leading to increased salaries and job opportunities.

If you’re thinking about starting a career in cyber security, here are five things you should do.

Get work experience

As with most industries, you’re much more likely to get ahead in cyber security if you have experience. Even though the industry skills gap means organisations are more likely to take on less experienced people, practical knowledge is a huge advantage.

Internships and entry-level jobs are ideal starting points, but if your current commitments mean this isn’t an option, you could look for volunteer positions. Similarly, you could offer to help your employer or academic institution’s IT department in your spare time.


Cyber security isn’t something you can pick up quickly. There are a lot of complex topics that you need to at least be aware of. Rod Rasmussen, vice president of cyber security at Infoblox, told Forbes:

“If you aren’t in the IT space at all, start with learning IT fundamentals. We’ve seen this as necessary for even folks like FBI or other law enforcement officers who have the investigatory or ‘finding bad guys’ part down really well. That will serve you well in cyber, but regardless of your background, you need those building block fundamentals in IT in order to create an effective new career in cybersecurity.”

You might find university or night school helpful, but academic qualifications aren’t necessary for most employers. Books and e-learning courses might be better options, as they allow you to study specific topics at your own pace.


Meeting people and making connections is sometimes essential for getting your foot in the door. Networking websites such as LinkedIn can also be helpful, but face-to-face meetings are much more effective. Forbes recommends that people “get involved in meetups, attend conferences [and] ask for tips over coffee with current security professionals of local tech companies”.

Get qualified

You need qualifications in your chosen field to advance your career. The qualifications you need will depend on your career path. For example, if you want to be an information security manager, a relevant ISO 27001 qualification is a must. If you’ll be helping an organisation comply with the Payment Card Industry Data Security Standard (PCI DSS), you’ll need to develop PCI DSS implementation skills.

As you develop your career and accumulate experience, you can consider gaining more senior qualifications, such as CISA®, CISM®, CISMP and CISSP®.

Of these, the CISM (Certified Information Security Manager) qualification is the most versatile. It’s the globally accepted standard of achievement among information security, information systems audit and IT governance professionals. Information security is generally the most sought-after field, and this often begins with ISO 27001.

ISO 27001 is the international standard that describes best practice for an information security management system (ISMS). We have many resources to help you learn about ISO 27001, but for a thorough introduction, you should attend our ISO 27001 Certified ISMS Foundation Training Course.

This one-day course is delivered by an experienced information security practitioner, and combines formal training, practical exercises and relevant case studies. At the end of the course, attendees sit an exam, and if they pass, they are awarded a qualification by the International Board for IT Governance Qualifications.

Find out more about our ISO 27001 Certified ISMS Foundation Training Course >>