So, you’ve never held an IT job but want to break into the cybersecurity field? No problem. Don’t talk yourself out of taking the plunge.
That’s the attitude adopted by a majority of Gen Z and millennials, and these increasingly divergent career pathways work, according to cybersecurity hiring managers and experts.
Entering a cybersecurity career through a non-IT industry path, such as pursuing a cybersecurity college degree, certification or bootcamp are viable career pathways into the field, they note. Other cybersecurity career paths also include showcasing your passion for the industry via cybersecurity hackathons or GitHub projects.
Entry Level Cybersecurity Roles:
- Junior information security analyst: Identifies and corrects bugs in existing security systems.
- Cybersecurity technician: Responsible for securing an organization’s computer information systems.
- Incident analyst: Determines circumstances of an attack or incident, evaluates what data is compromised and maps out follow-up actions.
- Junior pen tester: Battle-tests organization’s security controls.
- IT auditor: Checks IT processes to ensure they are complying with risk management requirements.
Entering the cybersecurity field via IT experience is still the single most popular path. Forty-seven percent of cybersecurity professionals, across generations, come from IT, according to a 2021 cybersecurity workforce report by (ISC)2, a cybersecurity trade group. But slightly more than half of respondents in the survey launched their cybersecurity careers through a non-traditional path that doesn’t rely on IT experience.
How the Career Path Has Changed
“Cybersecurity is an extremely broad and varied domain that needs a diversity of people and skill sets, so all paths to cybersecurity are valid and vital to filling the talent gap,” said Lisa Ho, academic director for the cybersecurity program at the University of California at Berkeley’s School of Information.
The IT-to-cybersecurity path is easy to understand because the field evolved from folks who took on security tasks as part of their IT jobs managing servers and networks, she said.
As the IT role expanded to encompass protection of information and data stored and transmitted over systems and networks, issues such as business risk and other factors emerged, in addition to the technical aspects of the role, Ho added.
“I’ve seen different college majors from physics, math, art majors and others to people with consulting backgrounds getting cybersecurity certifications or attending cybersecurity bootcamps. I’ve also seen people getting cybersecurity degrees,” said Dhaval Parekh, director of information for cybersecurity company Zscaler, based in San Jose, California. “That’s how people are basically getting into the cybersecurity field, and it’s a trend I’ve seen the industry moving towards over the last three to four years.”
Catalysts Driving Changes to Cybersecurity Career Paths
A severe cybersecurity worker shortage is driving the change in the way the industry is hiring workers, said cybersecurity experts. Currently, the cybersecurity industry is short 2.7 million workers, according to the 2021 (ISC)2 report.
“Employers are having to think differently about how they hire because of the workforce gap. These employers are finding that if they hire people with strong non-technical skills, like problem solving, curiosity, eagerness to learn and strong communication and strategic thinking skills, they can train them on the technical skills,” said Clar Rosso, chief executive of (ISC)2.
With employers willing to consider job seekers who lack IT experience, it has opened the door for alternative paths to a cybersecurity career, Rosso added.
That, in turn, has led to the recent emergence of cybersecurity college degrees and cybersecurity bootcamps.
“In the last two or three years, I’ve started seeing more candidates with specific cybersecurity degrees,” Parekh said. “It hasn’t even been five years.”
Pros and Cons of Taking a Traditional IT-to-Cybersecurity Career Path
Advantages of moving into cybersecurity from an IT background include already having an overall understanding of the IT infrastructure, its architecture, the different systems and services and, in some cases, even some of the business processes, Parekh said.
As for the disadvantages, IT is project-driven and carries a variety of initiatives, whereas cybersecurity is a different beast.
“Cybersecurity is all about ongoing attentiveness and an organizational goal for data protection,” Parekh said. “It’s basically, how do we protect the key assets or crown jewels? It’s more of a philosophy than being project-focused.”
In the coming years, Rosso predicts that, as the number of people entering the cybersecurity field increases, the percentage of people transitioning from an IT background to a cybersecurity career will decline.
“I don’t think that pathway will go away, but I do think we will see an increase in people from diverse backgrounds over the next several years, and I think we’re going to see people use all sorts of different pathways to move into the profession,” Rosso said.
Jumping From an Industry Outside of IT Can Launch Your Cybersecurity Career
Launching your cybersecurity career if you have a non-IT background has its advantages, cybersecurity experts said.
“Whether it’s finance, retail, marketing or some other industry, it basically allows you to look at cybersecurity in a different way,” Parekh said. “And that brings value to the cybersecurity organization because it shows them how to protect those systems better.”
The retail industry, for example, translates well into a cybersecurity career because it uses intricate payment systems, like point-of-sale systems, where consumers conduct transactions by swiping or tapping their debit, credit, or payment card like Apple Pay. Cyberattackers love to target financial systems, such as these.
After the IT industry, the banking, insurance and finance industry, followed by the retail-wholesale industry, tend to be the most popular industries from which people transition to cybersecurity, according to (ISC)2’s 2021 Build Resilient Cybersecurity Teams report.
Hitting the Books Can Open Your Cybersecurity Career Chapter
As the cybersecurity domain has matured, cybersecurity degree programs have also developed and become more available to those interested in entering the sector, said Ho.
“There are so many subdomains within cybersecurity, that in most job settings, it would be difficult to attain an equivalent breadth of knowledge to what students in the university setting access through their faculty and practitioner instructors,” Ho added.
Forty percent of cybersecurity professionals hold a master’s degree, according to the (ISC)2 2021 workforce report, while 38 percent hold bachelor’s degrees as their highest level of education. Eight percent hold a doctorate degree, and 7 percent hold an associate’s degree and 6 percent a high school diploma as highest education level, the report states.
Cybersecurity certifications also require cracking the books, but can also lead to a direct path to a cyber career. Certifications and bootcamps often provide a more affordable means to enter the field and tend to be a popular path for those from low-income backgrounds.
Although Gen Z and millennials are embracing the education route to a cybersecurity career, baby boomers are less enthralled with going back to school.
“I’ve seen some older employees getting into cybersecurity through certifications, but that shift is very, very small,” Parekh said.
Hackathons, GitHub and Passion
Taking the initiative to tinker around with cybersecurity via hackathons or GitHub projects can help get you a cybersecurity career, said hiring managers and cybersecurity experts.
“Younger millennials and Gen Z are the YouTube generation. They are totally accustomed to self-learning,” Rosso said, in reference to the DIY videos on YouTube. “Young adults are becoming skeptical about the benefits of a four-year degree.”
Attending cybersecurity hackathons or putting an open source cybersecurity project on GitHub can draw interest from employers who may hire you.
“That’s really another common way of hiring some of the experienced individuals who might not have a degree, but they have that hands-on experience,” Parekh said.
Hands-On Experience Catches Attention
Take a two-pronged approach to developing your cybersecurity career, Parekh advises.
In addition to coming from an IT background or having a cybersecurity degree, fortify that experience with hands-on cybersecurity work through either a cybersecurity hackathon or GitHub project, he said.
“If I’m hiring an individual for a senior role, I would look for experience, whether they are coming from an IT background, or have some other experience. I would also look at how much experience they’ve had in the cybersecurity area, like what type of certifications do they have?” Parekh said.
If Parekh is hiring for a junior cybersecurity role, he would consider their hands-on experience, such as participation in a cybersecurity hackathon or bootcamp and hire based on that kind of experience.
Soft skills, however, also play a huge role in determining whether you get hired, he added.
Indeed, the (ISC)2 2021 workforce survey bears that out. The four most important non-technical qualities that employers seek are strong problem-solving skills (38 percent of respondents), followed by curiosity and eagerness to learn, as well as strong communication skills, which both scored 32 percent. Strong strategic thinking skills came in at 23 percent, according to the survey.
“It’s very, very important for an individual to be a good communicator, a good problem solver, have an analytical mindset where they can analyze a lot of data and inputs and then make a decision,” Parekh said. “All of those things are very important, especially being a go-getter and taking initiative.”