How to start a career in the security industry

In the previous blog post we discussed what working in cyber security and information security was like. What the benefits are and what the costs are, but a question we’re asked on a frequent basis is “how do I get into the industry?”, so today we’ll try and answer this question with more than just one option.

There’s usually three ways into any job role, irrelevant of what the industry is or what the role involves, and they are education, experience and self study. Lets look at how they work in the cyber and information security industry.


Colleges and universities provide a great place to study for people of all ages. They will often run some great courses, which go all the way up to bachelors and masters levels, that are built around the security industry. To make these courses even more valuable, they speak to the industry and they ask about what skills people should be taught that will benefit them in future jobs. These courses can run from a couple of months through to 5 years depending on the level being studied.

A few really good examples are listed below, which I’ve broken down into levels.


The open university provides a section of free courses, and if you search for cyber security, there are some courses that appear. These courses provide a great starting point, and you get a certificate at the end.


A quick search on google can provide some great results for BTEC and NVQ level security courses. We wont list them all because it depends where you reside as to what’s best, but here are a few examples. The great thing about these courses, is that you can attend them as soon as you finish school, all that’s required usually are a few GCSEs.


The more advanced courses, are the university level, which include postgraduate and undergraduate courses. They’ve become increasingly popular in universities and they can teach a lot. Simply google “bsc cyber security” or “msc cyber security” depending on which level you’re interested in. From here you’ll be capable of finding the best location to study for yourself. A few examples again are listed below.


Assuming you’re not interested in going down the education route, because you may not be able to commit years of your life to studying full time, you can always start introducing security into your job role. This usually means that you need to be in an IT based role, or risk and compliance based role.

Some of the things that you can do, is review security on technologies inside of the company you’re currently working for, through to performing gap analysis’ on ISO27001 or CIS conrtols. In doing so, you’ll be both educating yourself and benefiting the company in regards to information security.

The only requirement behind these, is that you may need to sell it to your manager, but in the IT world this is not so hard any more, due to the increasing amount of threats.

Self Study

This category is where I fall into. I worked in IT and I studied everything I could relating to cyber security so I could improve my job prospects. However, you dont need to work in IT to self study. There is a very good chance that you can still find work in cyber or information security once you have passed a few qualifications/certifications. You may not get a huge salary, but you’ll be ale to gain the experience that will make you great at what you do.

What can you self study? It’s probably best to break this down like the education part into beginner, intermediate and advanced.


The best place to start is the Comptia Security+ certification, because it gives a really good overview of security and doesnt cost a fortune. Sometimes when you buy the books you also get a discount on the exam.


Comptia run a couple of intermediate courses, which include CySa+ CASP+ & PenTest+, all of which cover different aspects of the security industry but are great courses. It’s likely that after the security+ you’ll know which one of these you want to fall into. There’s a link below to the website for these three.


There are obviously some really great courses, at all levels, but the most diverse tends to be in the advanced areas. The most popular ones which are sought after, appear on a lot of job advertisements, so if you’re seriously interested in a career in cyber or information security, have a look at what employers want. You will then be able to aim for what’s in demand. A few at present include:






To add to the information above, there is always the opportunity to improve skills and knowledge through different channels of information. For example if your interest is in penetration testing, then look into playing some security capture the flag games, and if your interest is in getting certified then register with CBT Nuggets or Cybrary and start watching security tutorials to help prepare for exams. If you have an interest in the cyber or information security fields, then there are plenty of ways to get into the industry and no one can stop you from learning. Good luck.

Related Articles


Back to start
aberdeen skyline graphic