How Can I Get an Entry-Level Cybersecurity Job?
Experts describe the cybersecurity job landscape as “a seller’s market” with zero percent unemployment, as organizations across all industries offer high salaries for top talent. Salaries for entry-level cybersecurity jobs also run significantly higher than in many other industries — attracting new talent to this exciting, vitally important and fast-moving field.
However, research shows that even many entry-level cybersecurity jobs require 3-5 years of related experience. According to a “State of Cybersecurity Hiring Report” from Burning Glass Technologies, “Most cybersecurity employers aren’t looking for newbies, and they aren’t looking for those without a college degree, either. Some 88% of cybersecurity postings specify at least a bachelor’s degree or higher, and roughly the same percent demand at least three years of experience.”
So how do you to get your foot in the cyber door? Read on for tips and strategies on how to position yourself for entry-level IT security jobs.
The Cyber Security Talent Shortage
One thing that is definitely working in your favor: Businesses and government agencies of all shapes, sizes and missions are in need of cybersecurity professionals — and there just isn’t enough talent to go around.
In fact, one notable and oft-reported estimate forecasts 3.5 million unfilled cybersecurity jobs by 2021. SecurityMagazine.com puts the situation in blunt terms: “The Cybersecurity Talent Gap = an Industry Crisis.” In other words, this is definitely a time of opportunity.
7 Key Cybersecurity Workforce Categories
There is a broad range of different categories of cybersecurity jobs, and it is often said that the list of job duties and responsibilities is particular to the position and the organization in question.
One helpful resource comes from the U.S. government, among the world’s largest cybersecurity employers (see: cybercareers.gov). As part of its National Initiative for Cybersecurity Education (NICE), the National Institute of Standards and Technology (NIST) created a detailed set of guidelines to help private-sector organizations assess and improve their ability to prevent, detect and respond to cyberattacks.
This NICE list from NIST breaks down cybersecurity roles into seven key “workforce categories.”
- Securely Provision (SP) — Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development.
- Operate and Maintain (OM) — Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security.
- Oversee and Govern (OV) — Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.
- Protect and Defend (PR) — Identifies, analyzes, and mitigates threats to internal IT systems and/or networks.
- Analyze (AN) — Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
- Collect and Operate (CO) — Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
- Investigate (IN) — Investigates cybersecurity events or crimes related to IT systems, networks, and digital evidence.
Cybersecurity Career Paths: Feeder Roles into Entry-Level Cyber Jobs
Your pathway into an entry-level cybersecurity job can include work experience in a variety of different domains. However, these are generally considered to be the top five so called “feeder roles.”
- Software development
- Systems engineering
- Financial and risk analysis
- Security intelligence
One outstanding resource to better understand such feeder roles and how they create opportunities to transition into entry-level and then upper-level cybersecurity jobs is provided by CyberSeek.org. Their Cybersecurity Career Pathway tool includes detailed information about the salaries, credentials and skillsets associated with various roles.
List of Entry-Level Cyber Security Jobs
CyberSeek’s Career Pathway tool lists four fundamental entry-level cybersecurity jobs. Here is a quick look at each of them:
Cybersecurity Specialist / Technician
- Key skills and knowledge requested: information security, information systems, information assurance, network security, security operations, vulnerability assessment, project management, Linux, NIST cybersecurity framework
- Related job titles: information security specialist, IT security specialist, IT specialist – information security
- Top certifications requested: CompTIA Security+, Certified Information Systems Security Professional (CISSP), SANS/GIAC Certification, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)
- Average salary: $92,000
Cyber Crime Analyst / Investigator
- Key skills and knowledge requested: computer forensics, Linux, information security, consumer electronics, hard drives, information systems, forensic toolkit, UNIX, malware engineering
- Related job titles: digital forensics analyst, cyber forensic specialist, cybersecurity forensic analyst, computer forensics analyst
- Top certifications requested: SANS/GIAC Certification, CISSP, EnCase Certified Examiner (EnCE), GIAC Certified Forensic Analyst, GIAC Certified Incident Handler (GCIH)
- Average salary: $94,000
Incident Analyst / Responder
- Key skills and knowledge requested: information security, project management, information systems, Linux, network security, technical support, intrusion detection, UNIX, security operations
- Related job titles: information security analyst, disaster recovery specialist, network technical specialist, audit project manager – information security
- Top certifications requested: CompTIA Security+, CISSP, SANS/GIAC Certification, GIAC Certified Incident Handler, IT Infrastructure Library (ITIL) Certification
- Average salary: $89,000
- Key skills and knowledge requested: internal auditing, audit planning, information systems, Sarbanes-Oxley (SOX), accounting, risk assessment, information security, COBIT, business process
- Related job titles: IT audit consultant, IT audit manager, IT internal auditor, senior IT auditor
- Top certifications requested: Certified Information Systems Auditor (CISA), CISSP, CISM, ITIL, Information Systems Certification
- Average salary: $98,000
Other entry-level cybersecurity jobs include:
- Information security analyst
- Junior penetration tester
- Systems administrator
- Security technician
- And more
How to Position Yourself for an Entry-Level Cybersecurity Job
As you already know, the bar for what constitutes an “entry level” position in cybersecurity tends to be significantly higher than in many other industries. According to the National Security Agency (NSA), “entry level” for many cybersecurity positions means:
- Bachelor’s degree plus 3 years of relevant experience
- Master’s degree plus 1 year of relevant experience
- Doctoral degree and no experience
- Associate degree plus 5 years of in-depth experience clearly related to the position
The NSA is also a high-profile example of how the ongoing need for talent has inspired numerous organizations to recruit and groom people for entry-level cybersecurity that can positions you for many career opportunities going forward.
On its Cyber Careers page, the NSA tells potential cyber recruits that “you will become a part of a tradition of excellence, poised to lead the nation in the protection of our country’s national interests in cyberspace for years to come.” Its recruiting efforts place particular emphasis on skills in computer science, intelligence analysis, mathematics and engineering.
The agency offers well over a dozen paid, three-year career development programs in cybersecurity and other fields designed to “help employees enhance their skills” and cross-train for new careers. Such programs represent an excellent opportunity to gain the type of experience that so many cybersecurity-focused employers are looking for.
Cybersecurity certifications: Industry certifications have become an essential component of the cybersecurity ecosystem. They help current and aspiring cybersecurity professionals gain knowledge and sought-after skills in key areas, they enhance your profile when reaching out to prospective employers and are often listed as required or preferred for some jobs.
To learn more about some of the leading programs, check out: “Top Cybersecurity Certifications: Which Ones Are Right for You?”
Advanced degree programs: In addition to offering opportunities for current and future cybersecurity professionals to gain both theoretical knowledge and hands-on experience, cybersecurity master’s degree programs are increasingly regarded as a providing a powerful competitive edge in the employment market.
Capstone-type programs that simulate real-world cybersecurity projects are designed not only to give students valuable experience, but also the ability to demonstrate a meaningful work product to potential employers during a job search.
Internships: As is the case in many fields, internships are a great way to build some experience in cybersecurity. And it isn’t such the tech companies that are offering cybersecurity internship opportunities.
Search “cybersecurity internship” and you’ll see listings on LinkedIn, Indeed and elsewhere, and you’ll find interesting opportunities in a wide variety of fields from healthcare, insurance and consumer products to nonprofits and sports. Government agencies from the CIA to the Department of Homeland Security are also seeking interns.
How to Stand Out When Applying | Cybersecurity Job Search Tips
Speak the language – Develop a thorough understanding of all the key industry terms and acronyms. It’s essential that you work toward becoming fluent in the technical language used by cybersecurity professionals.
Get qualified – Take the initiative to do some self-learning. Chuck Bane, academic director of the University of San Diego’s online master’s degree in cyber engineering, recommends getting your CompTIA Security+ certification.
Do some networking – Whether through school, certification programs or old-fashioned legwork, look for and leverage opportunities to converse with people who are working in the field. Seek out cybersecurity groups and meetups, both in-person and virtual.
Document your training and skills – Put extra effort into making sure that your resume strongly showcases the work you have put in to prepare yourself for cybersecurity opportunities. Another great way to stand out is to have the sharpest-looking personal webpage so you can engage potential employers with not only your qualifications but your online creativity.
Be prepared – When applying for a specific job, do some homework to gather information on what the job is all about. Knowing what the job requires enables you to develop strategies for talking about your abilities to do the work.
Ask intelligent questions – In many interviews, the interviewer will invite you to ask him or her any questions. So don’t be caught off guard; ask something that shows an understanding of and a curiosity about the role for which you’re applying.
Stay informed – The University of San Diego’s online cybersecurity master’s degree program regularly publishes informative articles to connect you with additional cybersecurity job tips and resources such as the top cybersecurity blogs and websites to keep an eye on.