A Step-By-Step Guide To Breaking Into Cybersecurity in 2024

Are you eager to join the exciting world of cybersecurity but overwhelmed by the plethora of information online? Fear not. This article provides a detailed, step-by-step guide to help beginners break into the cybersecurity industry. Whether you're considering a cybersecurity career or looking for the best cybersecurity courses for beginner, this article has you covered.

Note: This guide assumes minimal information technology experience.

Not from a Cybersecurity Background?

There is no fixed path to becoming a cybersecurity professional. Some of the best people I've worked with have come from diverse backgrounds. From specialisms in geography to self-taught experts, and even a former human resources professional who re-trained as a penetration tester, the industry benefits from academic and professional diversity. Do not consider your previous experience, either professionally or academically, as a blocker to entering the cyber industry.

Should I Pursue a Career in Cybersecurity?

The U.S. Bureau of Labour Statistics has projected that the cybersecurity industry will grow by 32% between 2022-2032. Cyberseek.org, an organisation that tracks the overall supply and demand of cybersecurity jobs, stated that the overall US 2024 supply/demand ratio was 85%. Meaning that there are only enough cybersecurity workers in the US to fill 85% of the cyber security jobs that employers demand.

The cybersecurity industry has experienced rapid growth in recent years, with the available jobs and requirement for skilled workers completely outweighing the available professionals. Hacks are more common than ever, artificial intelligence (AI) has introduced an entirely new suite of hacking tradecraft, geopolitics is both being heavily influenced by, and influencing nation state objectives. The demand for skilled cybersecurity professionals has no sign of slowing. To the contrary, all signals are pointing to continued growth.

So is it a good join to join the cybersecurity industry? Absolutely.

Step 1: The Psychology of Starting in Cybersecurity

Cybersecurity is a broad domain encompassing all aspects of information technology. It's easy to be overcome by the vast amounts of knowledge required to become a cybersecurity professional but with time and patience, you can succeed and achieve in this industry.

As a beginner, allocating dedicated time to studying is necessary. Don't be overcome by the vastness of knowledge, approach everyday with a renewed appetite to learn. As your knowledge grows, things will begin to fall into place. Problems will become solutions. The perceived difficult challenges will become easy.

Persistence and hard work will pay off. Don't give up. See problems as a challenge and not a blocker.

Step 2: Immerse Yourself in the World of Cyber

If you speak with anyone that's learned a language, they will frequently say that fully immersing yourself in the language you're trying to learn significantly increases the rate of progress. Despite not learning a new language (unless you consider cyber as a language), immersing yourself in cyber security content can significantly increase your rate of learning.

Immersing yourself can take different forms with some resources that may suit you better than others. I personally would listen to podcasts on my train journeys to and from work, and scroll through social medias when I had down time. By following the right accounts, and blocking out the noise, social media can be an extremely useful information source.

The table below details my, extremely opinionated, favourite resources to help you begin immersing yourself in cyber security.

Step 3: Building the Foundations to a Chosen Specialism

Building a successful career in cybersecurity is akin to building a house. You wouldn't build the walls without laying strong foundations. Moreover, without strong foundations a house is prone to problems during later stages of the construction process. Albeit a metaphor, this same philosophy applies to cybersecurity. Building practical knowledge across core computing subjects is not only beneficial but often a necessity prior to selecting a chosen specialism (more on specialisms later).

Broad in definition, although simpler to understand, I believe the two most important subjects to focus efforts during the start of any cybersecurity career are:

1. Networks: Understand how computers communicate and the components of a computer network.
2. Operating Systems: Learn how to navigate within an OS, manage file systems, and understand the role of servers.

Granted, this is just a small snippet of the subjects you'll study when becoming a cybersecurity professional but it provides two key focus areas that are foundational to a career not only in cyber but in the wider information technology domain.

But where to start? Both subjects are specialisms made up of sub-specialisms. As a beginner wanting to break into cyber, you are not seeking to ascertain detailed knowledge in either subject. More specifically, you want to ensure you have a good grasp of the foundational topics.

At the early stages of your learning journey, online courses can provide a far greater structured journey than attempting to follow blogs / youtube videos / or other unstructured content. With so much information readily available online, it's possible to quickly become inundated with information that becomes difficult to dissect and learn from. Courses solve this problem by breaking topics into logical syllabus.

As such, the table below contains a series of courses where the content is freely available to begin your journey towards being a cybersecurity professional.

The Importance of Practical Exercises

Irrespective of the specialism you later decide to pursue (see more later), I have consistently seen those that have practical hands-on experience tend to have greater knowledge, provide more valuable input and generally gain greater respect within cyber teams. In addition, having hands-on practical experience may be a competitive advantage for you during the job application and interview process.

There is by no means an expectation that someone performing a cyber audit role will be able to decompile malware to determine how it functions. It's simply not necessary for the job. However, a basic understanding of how to navigate operating systems, setup simple infrastructure, and very basic scripting knowledge is beneficial.

In conjunction with the courses listed above, the table below describes a series of exercises to enhance your hands on practical knowledge targeting specific elements of corporate networks.

As a complete beginner, some of the tasks listed above will be challenging. Continue to read the resources, watch tutorial videos and through sheer persistence, you can achieve them. There are thousands of resources online - Google is your friend.

Step 4: Identify Your Specialism

The term cybersecurity is an all-encompassing term for an industry formed of a variety of different specialisms. The path you choose to pursue in cyber should ultimately be determined by your own interests. At the start of your cyber journey, it's unlikely you've formed an opinion on what interests you but with time, study and experience, you will begin to understand what excites you on a day-to-day basis.

You may already have an idea on the type of specialism you'd like to pursue. You equally may not. As a beginner, you may choose a specialism but later down the line opt for another. However, I suggest trying to focus on one. You will naturally gain exposure to other specialisms as there tends to be overlap between them. For example, by learning about penetration testing, you will learn about risk management as organisations will often take risk based decisions on penetration testing findings.

So what specialisms exist? There is no definitive list of specialisms but the following are common:

• Security Architecture and Engineering: Creation and implementation of frameworks and assessments to ensure that an organisations infrastructure and applications are secure, scalable, and resilient against potential cyber threats. They eliminate or reduce the risk of security breaches through the design process.

  Roles in Security Architecture and Design often require extensive knowledge and experience in cybersecurity. Such roles are generally not considered entry-level. You may wish to consider architecture and design as a career path after gaining experience across other specialisms.

• Security and Risk Management: Aligning cybersecurity policies and standards with business objectives, managing risks, and ensuring compliance with laws, regulations, and industry standards to protect an organisations assets. Often considered the 2nd and 3rd line of defence in the three line defence model.

  Evaluation of organisations security practices and controls through systematic reviews and assessments to ensure they are effective, compliant, and aligned with best practices and regulatory requirements. Often considered the 3rd line of defence in the three line defence model (see above).

• Communication and Network Security : Safeguarding personal, business and sensitive data through policies, technologies, and practices that ensure data confidentiality, integrity, and compliance with privacy laws and regulations.

  The designing, development, testing, implementation and operation of a system or product to provide cryptographic and/or secure communications.

• Identity and Access Management (IAM) : Managing user identities and controlling access to resources within an organisation, ensuring that only authorised individuals can access specific data and systems.
• Security Operations: Investigating cybersecurity incidents, analysing digital evidence, and responding to security breaches to mitigate damage, recover data, and prevent future incidents.

  Collecting, analysing, and sharing information about current and emerging cyber threats to help organisations proactively defend against potential attacks.

• Security Assessment and Testing (e.g. ethical hacking): Often involves simulating cyberattacks on systems, applications, and networks to identify vulnerabilities and weaknesses before they can be exploited by malicious actors. Common roles include penetration testers and red teamers.
• Software Security: Also known as Secure Software Development, integrates security practices into the software development lifecycle to create applications that are resilient to attacks and vulnerabilities from the outset.

Selecting a specialism will come natural as you further develop in cybersecurity. Don't be afraid to study different areas to understand out what is aligns to your personality, skills, interests and strengths.

Interested in further step-by-step guides on each specialism, drop us a message on Mastodon at @TotalCyber.

Step 5: Further Develop Hands-On Cybersecurity Experience

At this stage, you've already established a good foundational skillset across different core computing domains and began thinking about your chosen specialism. Irrespective of your chosen specialism, the next step on your journey is to build your cybersecurity skills.

This step is focused on building offensive knowledge. Whilst some specialisms such as Security Audit and Assurance do not necessarily require deep technical knowledge on offensive cybersecurity, my personal opinion is that everyone within cyber should have some basic form of offensive knowledge. For example, how to conduct a port scan, the top web application vulnerabilities and how to exploit them, the methods for exploiting vulnerabilities on old Windows servers.

An excellent starting point to build offensive knowledge is with virtual labs and exercises, coupled with Youtube tutorials and hacking blogs. Your first attempts at these challenges will be difficult. You will be forced to learn new tools, new skills and even a new mindset. Start initially with following learning path and walkthroughs before attempting them yourself. Simply Googling “*name of challenge* walkthrough” will result in hundreds of blogs.

The table below includes some of my favourite platforms:

Step 6: Acquire Relevant Education and Certifications

By now you are months into your cybersecurity journey and have acquired skills and knowledge across core computing and cyber subjects. Now it's time to build your accreditations in your chosen specialism to differentiate yourself during the interview process.

As described in the foreword, there is no fixed path to becoming a cybersecurity professional. You may already be working on accreditations/certifications far earlier on your journey. This is perfectly okay. Whatever the case, you should now consider acquiring relevant accreditations/certifications in your chosen specialism.

An excellent interactive roadmap of cybersecurity certifications is available at:

Consider certifications on the most left-side of each specialism. While some courses may have a cost, this may be associated with the exam and certification while the course content could be free. In some cases, studying the course content alone can be beneficial for job applications and interviews.

Step 7: Preparing for the Job Market

If you've completed all of the steps above, you are more than ready for entry-level job positions in cybersecurity.

Follow along in part 2 where we discuss preparing for the job market.

Liked the content of this article? Have a question or simply want to connect? Drop me a message on Mastodon @TotalCyber.