How to start a career in the security industry

One of the questions we get asked most often is: how do I get into cyber security?

It is a fair question, because there is no single route into the industry. Some people come in through formal education, others build experience in IT or compliance roles, and many start through self-study before moving into an entry-level security position. That is still true today, even as the cyber security skills gap continues to keep demand high across the market. A UK cyber security career can lead into technical roles, governance and risk roles, security operations, awareness and training, consulting, and much more.

The good news is that you do not need one perfect path. In most cases, the three main routes into cyber security are still:

  • education
  • experience
  • self-study

The right route depends on your current situation, your budget, and the type of role you want to pursue.

Education

For many people, formal education is a strong starting point. Colleges, universities and online learning providers can help build a foundation in areas such as networks, operating systems, security concepts, governance, and risk.

Beginner level

If you are completely new to cyber security, free introductory learning can be a smart place to start before spending money on certifications or longer courses. The Open University’s OpenLearn platform still offers free cyber security learning, including introductory content designed to build confidence in core concepts.

Suggested wording with link markers:


This kind of learning is useful if you want to:

  • understand the basics
  • test your interest before committing further
  • build confidence with terminology and security concepts

Intermediate level

If you want a more structured route, college-level courses can still be a good option, especially for people moving into IT or security from school or from another career path. Rather than listing a large number of providers, it is usually better to focus on recognised local options and relevant course content.

Suggested wording with link markers:

When comparing courses, look for coverage in:

  • networking
  • operating systems
  • cyber security fundamentals
  • practical labs
  • compliance or risk basics
  • work placement or employability support

Advanced Level

Cyber security degree options remain popular, but they are not the only way in. A degree can be valuable, especially if you want a broad foundation or are aiming for certain graduate roles, but it is usually strongest when combined with practical skills and hands-on work.

Suggested wording with link markers:

  • University of West London cyber security course
    Glasgow Caledonian University cyber security and networks course
    Robert Gordon University cyber security course

    • https://www.uwl.ac.uk/course/undergraduate/cyber-security?start=183&option=33

    https://www.gcu.ac.uk/study/courses/details/index.php/P02276/Cyber_Security_and_Networks/

    https://www.rgu.ac.uk/study/courses/430-bsc-hons-cyber-security


    Experience

    Assuming you’re not interested in going down the education route, because you may not be able to commit years of your life to studying full time, you can always start introducing security into your job role. This usually means that you need to be in an IT based role, or risk and compliance based role.

    Some of the things that you can do, is review security on technologies inside of the company you’re currently working for, through to performing gap analysis’ on ISO27001 or CIS conrtols. In doing so, you’ll be both educating yourself and benefiting the company in regards to information security.

    The only requirement behind these, is that you may need to sell it to your manager, but in the IT world this is not so hard any more, due to the increasing amount of threats.


    Self Study

    This category is where I fall into. I worked in IT and I studied everything I could relating to cyber security so I could improve my job prospects. However, you dont need to work in IT to self study. There is a very good chance that you can still find work in cyber or information security once you have passed a few qualifications/certifications. You may not get a huge salary, but you’ll be ale to gain the experience that will make you great at what you do.

    What can you self study? It’s probably best to break this down like the education part into beginner, intermediate and advanced.


    Beginner

    The best place to start is the Comptia Security+ certification, because it gives a really good overview of security and doesnt cost a fortune. Sometimes when you buy the books you also get a discount on the exam.

    https://certification.comptia.org/certifications/security


    Intermediate

    Comptia run a couple of intermediate courses, which include CySa+ CASP+ & PenTest+, all of which cover different aspects of the security industry but are great courses. It’s likely that after the security+ you’ll know which one of these you want to fall into. There’s a link below to the website for these three.

    https://certification.comptia.org/certifications?level=cybersecurity


    Advanced

    There are obviously some really great courses, at all levels, but the most diverse tends to be in the advanced areas. The most popular ones which are sought after, appear on a lot of job advertisements, so if you’re seriously interested in a career in cyber or information security, have a look at what employers want. You will then be able to aim for what’s in demand. A few at present include:

    CISSP https://www.isc2.org/Certifications/CISSP

    CISA http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx

    CISM http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx

    CRISC http://www.isaca.org/Certification/CRISC-Certified-in-Risk-and-Information-Systems-Control/Pages/default.aspx


    Summary

    To add to the information above, there is always the opportunity to improve skills and knowledge through different channels of information. For example if your interest is in penetration testing, then look into playing some security capture the flag games, and if your interest is in getting certified then register with CBT Nuggets or Cybrary and start watching security tutorials to help prepare for exams. If you have an interest in the cyber or information security fields, then there are plenty of ways to get into the industry and no one can stop you from learning. Good luck.

    Related Articles

    CONTACT US TODAY:

    Back to start
    aberdeen skyline graphic
    x