A Guide to get into cybersecurity with no experience 2025

AJ, a seasoned cybersecurity professional, outlines a strategic roadmap for breaking into the cybersecurity field by 2025, even without prior experience. He emphasizes the importance of staying updated with industry trends through resources like Bleeping Computer and Krebs on Security, and engaging with experts on platforms like X (formerly Twitter). AJ recommends acquiring foundational knowledge in computing, networking, and security through certifications like CompTIA Network+ and Security+, and suggests developing basic programming skills. He advises gaining hands-on experience with security tools and projects, tailoring resumes for specific roles, and persistently applying for jobs while networking on platforms like LinkedIn. AJ also highlights the value of joining communities like CyberHub for additional resources and support.

• Staying informed about the cybersecurity world is crucial due to its constantly evolving nature.
• Begin by reading cybersecurity articles and following security researchers on platforms like Twitter (referred to as X).
• Recommended sources include Bleeping Computer and Krebs on Security, which provide insights into vulnerabilities and industry trends.
• Engaging with this content helps determine if cybersecurity is a field you enjoy and are naturally inclined towards.
• Understanding that it's not necessary to know everything at the start; the focus is on developing a tech mindset.
• Following cybersecurity educators and threat intelligence updates on X can aid in staying informed and assessing personal interest in the field.

"First of all, you want to figure out is something that you're going to actually enjoy, and the best way to do that is to start reading through some cybersecurity articles, following security researchers on X on Twitter, for example."

• Emphasizes the importance of exploring cybersecurity content to assess personal interest and enjoyment in the field.

"You just want to try to make sure that you can kind of stay informed about what's going on in cybersecurity and actually stay up to date."

• Highlights the necessity of staying informed about industry developments to succeed in cybersecurity.

• Basic computing, networking, and security knowledge are fundamental for entering cybersecurity.
• Certifications like CompTIA Network+ and Security+ are valuable for building foundational knowledge.
• Understanding how computers communicate and network operations is essential for protecting networks.
• Basic programming skills are beneficial but not mandatory; tools like ChatGPT and Grok can assist with programming tasks.
• The ability to read and understand code is crucial to avoid implementing potentially malicious scripts.

"You need to know how networks work; you'll understand about the different devices, firewalls, for example, different servers, endpoints that we're all on a network."

• Stresses the importance of understanding network operations and components as a cybersecurity professional.

"It's not a must-have, but many companies may ask for it, but it doesn't mean that they will always get analysts or cybersecurity professionals who can code."

• Indicates that while programming skills are beneficial, they are not always a requirement for cybersecurity roles.

• Security-specific credentials and hands-on experience are vital for becoming a cybersecurity professional.
• Certifications like CompTIA Network+ and Security+ help build foundational knowledge.
• Hands-on labs provide practical skills necessary for cybersecurity roles.
• These credentials and experiences are not tailored towards specific jobs but build general cybersecurity fundamentals.
• The pathway to becoming a cybersecurity professional involves gaining credentials and practical experience.

"This is what we call the pathway to becoming a cybersecurity professional, and this one tailored towards becoming a cybersecurity analyst like myself."

• Describes the process of gaining credentials and experience as a structured pathway to becoming a cybersecurity professional.

"The only thing about these two, they're not tailored toward specific jobs, so this is where you need to gain security-specific credentials and some hands-on security experience related to a particular job."

• Highlights the need for specific credentials and experience tailored to particular cybersecurity roles.

• The recommended starting point in a cybersecurity career is as a Cybersecurity Analyst, SOC Analyst, or Threat Analyst due to the lower barrier of entry.
• Focus on researching specific job roles within cybersecurity to align learning and skill acquisition with the desired career path.

"Once you get to this point of the pathway is where we recommend picking a specific job, the one that we suggest is cybersecurity analyst or SOC analyst or threat analyst."

• The emphasis is on choosing a role with a lower entry barrier to facilitate easier transition into the cybersecurity field.

• SIEM tools are essential for daily operations of cybersecurity analysts, with Microsoft Sentinel, Splunk, and Elastic being popular options.
• Gaining hands-on experience with SIEM tools is crucial for career development in cybersecurity analysis.

"The type of things that you would want to focus on are listed here, so SIEM stands for Security Information Event Management tool."

• SIEM tools are foundational in cybersecurity analysis, serving as the primary technology for monitoring and managing security events.

• Familiarize with the SANS Incident Response Plan, a standard framework used by many companies.
• Understanding the steps in preparing for and responding to cybersecurity incidents is vital.

"What I use is the SANS Incident Response Plan, and this is what most companies use."

• The SANS plan provides a structured approach to incident response, detailing necessary steps for effective management of cybersecurity incidents.

• Understanding cloud attack and defense strategies is becoming increasingly important as more operations move to cloud platforms like AWS and Azure.
• The MITRE ATT&CK framework is a valuable resource for learning about cloud-specific attack vectors and defense mechanisms.

"Attackers and companies are all moving to the cloud, your AWS, Azure for example, we need to understand how to actually defend the cloud as well."

• As cloud adoption increases, cybersecurity professionals must be adept at identifying and mitigating cloud-specific threats.

• Stay informed about the latest and most common attack types, using resources like the MITRE ATT&CK framework.
• Develop skills to detect and mitigate attacks on various operating systems and platforms.

"Understanding the latest attacks that are out there and the most common attacks and how to actually defend against them."

• Knowledge of attack types and defense strategies is crucial for cybersecurity roles, enhancing the ability to protect against evolving threats.

• Explore SIEM detection rules, also known as correlation rules, which are used to identify potential malicious activities in network logs.
• Experience with configuring and managing these rules is important for identifying and responding to threats.

"The SIEM detection rules ultimately are the rules in the SIEM used to detect malicious activity or potential malicious activity."

• SIEM detection rules are critical for monitoring network security and alerting analysts to potential threats.

• Threat intelligence involves using open-source information to learn about new attacker techniques, often tailored to specific industries.
• Threat hunting uses this intelligence to proactively search for potential threats within a network.

"Threat intelligence is usually using open-source information to try to figure out the latest attacker techniques."

• Threat intelligence and hunting are proactive measures to identify and mitigate threats before they cause harm.

• Besides SIEM, other essential tools include firewalls, network intrusion detection systems, endpoint detection systems, and antivirus solutions.
• Gaining experience with these tools enhances the ability to detect and respond to malicious activities.

"Get experience with setting this up at home, getting some hands-on experience in the SIEM is always going to be beneficial."

• Proficiency in using various cybersecurity tools is essential for effective threat detection and management.

• Customer service skills are important, especially when starting out in managed security service companies, which often have lower entry barriers.

"People always wonder why we add that on here when you're starting out, especially as a cybersecurity analyst."

• Strong customer service skills can facilitate entry into cybersecurity roles and improve interactions with clients and stakeholders.

• Effective communication is crucial for translating complex technical issues into simplified terms for customers.
• Strong customer service skills are essential for cybersecurity analysts to engage with clients effectively.

"You need to have good customer service mainly you need to have the ability to kind of detail complex technical issues in a simplified way and relay that back to the customer."

• Emphasizes the necessity of breaking down complex issues for clients to understand, highlighting a core skill for cybersecurity professionals.

• Home projects provide practical experience necessary for job applications in cybersecurity.
• Projects should align with specific job roles, such as setting up cloud infrastructure or security labs.

"Home projects need to relate to each one of these areas so your home projects need to give you experience related to a particular job."

• Stresses the importance of aligning personal projects with job requirements to gain relevant experience.

"Setting up your own cloud infrastructure with AWS trying to attack it and defend against it."

• Illustrates a practical example of a home project that can provide hands-on experience in cybersecurity.

• Joining communities like Cyberhub can provide access to courses and resources for skill development.
• Cyberhub offers free access to cybersecurity fundamentals and project-based learning.

"In the Cyberhub you can come and join the other members... you get access to cybersecurity fundamentals course that we created."

• Highlights the value of community resources in gaining knowledge and practical experience in cybersecurity.

• Tailoring your resume and CV to each job application is crucial for passing through application tracking systems.
• Use tools like Gro or ChatGPT to assist in customizing resumes for specific job descriptions.

"You need to tailor each one of your CVs and your resumes to that particular job."

• Underlines the necessity of customizing application materials to improve job application success rates.

"You can use things like Gro chat GPT to be able to help you with that."

• Suggests leveraging AI tools to aid in the resume customization process, ensuring relevance to job postings.

• A well-optimized LinkedIn profile is essential for networking and job applications.
• Engage with recruiters and industry professionals on LinkedIn to build connections.

"Make sure that your LinkedIn is up to speed and it looks the best that it can be."

• Emphasizes the importance of maintaining a professional and updated LinkedIn profile for career advancement.

"You want to be trying to contact the recruiters on LinkedIn as well connecting with other recruiters."

• Encourages proactive networking on LinkedIn to enhance job search efforts and industry connections.

• Perseverance and consistency are key in the challenging job market.
• Continually apply and tailor applications to increase chances of landing a role.

"You need to be consistent it takes time to apply for jobs but you need to tailor each resume or CV to a particular job application."

• Highlights the importance of persistence and customization in the job application process to achieve success.

• Apply consistently with tailored job applications and resumes to increase chances of success.
• Connect with recruiters regularly to build relationships and increase visibility.
• The job market is challenging, especially for beginners, but opportunities exist for skilled professionals.

"When I first started, I failed countless interviews, failed many job applications. I applied for hundreds and hundreds of jobs."

• Consistency is key; persistence through failures is necessary to eventually succeed.

"You need to make sure that you're applying for these jobs and you're tailoring your resume."

• Tailoring applications and resumes to specific jobs is essential for standing out to employers.

• Preparation for interviews includes anticipating both behavioral and technical questions.
• Use resources like ChatGPT to generate potential interview questions based on job descriptions.
• Behavioral questions often require drawing from past projects and experiences.

"This is where you can draw from your projects and you can say this is what I did in my vulnerability management project."

• Use past project experiences to effectively answer behavioral interview questions.

"Using the STAR method to answer them as well, describing the situation, the task, the action, and the result."

• The STAR method is a structured way to respond to interview questions, ensuring clarity and completeness.

• Networking is crucial for discovering job opportunities and gaining industry insights.
• Platforms like LinkedIn and Twitter are valuable for connecting with professionals and recruiters.
• Engaging in communities like CyberHub can provide access to experienced professionals and valuable knowledge.

"LinkedIn is the great place to do this, connecting with recruiters, connecting with other professionals."

• Building connections on LinkedIn can lead to job opportunities and industry insights.

"You can get access to our CyberHub community... it doesn't cost anything to be in here, doesn't cost anything to gain the knowledge from us."

• Joining communities offers free access to a wealth of knowledge and networking opportunities.

• Stay informed about industry trends and developments.
• Build foundational knowledge and practical skills through home projects.
• Consistently apply for jobs while maintaining and expanding your professional network.

"Those are the seven steps to getting into cyber security in 2025 without any experience."

• A structured approach can guide beginners in entering the cybersecurity field effectively.

"You want to learn your fundamentals... polish up your resume and then be consistent with job applications."

• Mastering the basics and maintaining consistency in applications and networking are vital for success.