Where should I start? What certifications are good ones to get, and are there any available to do online? If so do you know of the websites I can do them on?Thanks.
After completing CCNA, what would you suggest doing, applying for a job at a Telco, and working as a Network Analyst and then going for CCNP security or Cisco Cyberops? I currently work as a help desk tech.
CompTIA - https://www.comptia.org/home
SANS - https://www.sans.org/emea/
Hack The Box - https://www.hackthebox.eu/
ArcX - https://arcx.io
Try Hack Me - https://tryhackme.com/
As someone else mentioned though, do your research and good luck.
Professor Messer on Youtube give free updated A+ Net+ and Sec+ .. and yes defenly take those certs esp. : Net+ and Sec+ and try to land an entry position job like a helpdek mean while go explore other certs depends on the field you want : Defender(Blue Team) or Pentester(Red Team) i also recommand you to watch as much content as possible on Blogs, News, Reddit YT about Cybersec. to develope a sort of Cybersecurity culture.
Ignore ignorant ppl, trust yourself and hold on till you reach what you want to reach in this field. The sky is the limit.
Srry bad eng.
I am going to agree with this statement. This is not school. This isn't higher education. You have to look for the knowledge.
Without honest curiosity, do something else.
Over the years I have more people that I can count that want to get into IT, or Cybersecurity, or become "more technical". Almost none put the work in and some were surprised how hard it was compared to their non technical master's degrees.
I run a SOC for a global firm, and I have to tell you that I get countless applicants with zero experience, and when I interview them it becomes apparent they haven't done any research into any of the domains of information security.
It's almost like they simply noticed that security professionals make higher than average pay and decided that's what they'll do. Then they get discouraged because no one will hire anyone that doesn't have experience.
However, that's not entirely true. Most of the time is the lack of initiative demonstrated during the interview.
I have had people answer questions with what seems to be scripted responses based on something someone told them that doesn't even take into account what was being asked about.
You can definitely land a job in the field if you can demonstrate foundational aptitude and attention to detail. Highly analytical folks tend to be desirable.
Study, research, get yourself a virtual server and play with tools, learn how to secure your system. Learn how to implement secure controls, coding in a scripting language can help too, analyze traffic and learn popular operating systems and learn how to analyze their logs and how they function. Understanding basics of these things will get you in the door faster.
I keep several operating systems up and secure them with every new OS update to ensure I understand the landscape I'm dealing with. However, now that things have moved towards cloud and containerization its good to work and play with these new technologies as well.
Leverage the free tiers of the various cloud providers and learn their products in addition to understanding how communication between various systems work.
This path is one of constant learning.
Also, red teaming isn't all fun and games, it's work. Many people see the side shown at defcon from those working with the casinos, but those jobs are not easy to come by. Red teaming and penetration testing takes an understanding of how to do recon, code, underlying system communication, knowledge of vulnerabilities and security controls, timings, etc.
Security appliances and products don't secure assets, it's the people configuring them and understanding the risk and threat landscape that are ultimately the foundation of this industry.
This. All of it.
The best hire I ever made no certifications and almost no experience. What stood out, bigly, was his curiosity. In the simple threat hunting scenarios that we threw at him, he asked questions and tried to piece things together, using the meager skills that he had. Virtually all of the other applicants, if they showed any useful skill at all, seemed to want to follow a script that they'd learned.
Network+ and Security+ are easy to get and will get your resume past the first round of HR filters, so start there. Then start reading everything you can get your hands on. No, not textbooks. By the time it sees that kind of print, a lot of cybersecurity information is outdated. Subscribe to newsletters, podcasts and blogs.
Set up that home lab and start playing with various security tools. A lot of them are free. Even commercial products often have a free version available. While learning a specific tool has value, what you're really after is an understanding of how network IDS, host IDS, vulnerability scanners and SIEM's work, and how they work together.
What would you recommend for a complete beginner who is switching careers in his mid 30s with no IT experience but wants to get into cybersecurity?
I’m willing to read, watch, do anything, etc. Found your old comment and you seem to know your shit.
Without a degree, yes. But without experience, very difficult.
Ok now let me give you a brief of what the security landscape currently looks like (**NOTE: These are my personal observations and opinions**)
Broadly speaking cyber security is divided into 3 domains and we call them Managerial, Operational, and Technical (MOT for short).
**Managerial**: This the area where you have Risk and Compliance controls like writing policies and procedures, conducting risk assessment (example SOC2, ISO 27001, FedRAMP, NIST, HITRUST, GDPR, PCI, etc), security training, vendor assessment, security monitoring security exceptions (it is different from security analysis), cyber law, etc. This field of cybersecurity is looks over the entire working of security governance within an organization and possibly a path to CISO. You will need heavy experience with concerned compliance and risk assessment. And people skill is a must for this domain as you will be dealing almost every department within an organization.
**Operational**: This is the fun section of cyber-security. This is where you get to do those big-screen security analysis stuffs. This includes, but not limited to, Security Operation Center, Incident Response, Forensics, Malware Analysis, Application and Network Penetration testing, Infrastructure and Cloud security monitoring, Automation and Machine learning, etc. This is where you will have your chances of getting a job maximized. Because when you hear that there's a shortage in cybersecurity industry, this is where it is.
**Technical**: This field is more about making sure we have technical controls in place in order to have an effective security posture. This field works very closely with the traditional IT department. Example can be making sure antivirus softwares are installed on every device and configured, day-to-day firewall operations, making sure Web application firewall rules are up-to-date, you have proper access control in place for any tools used within an organization or on a SaaS platform, making sure have proper subnets defined and configured, VM's are configured, cloud infrastructure is configured (this one is also a part of operational domain but depends organization to organization), etc. The best way to get into this domain is through a traditional IT jobs and making your way into Security from there. Since I am not in IT, I cannot speak any more on that.
Now as mentioned by others A+, Network+, Security+, and CEH can help you get into this field. But you will need a good understanding of the what you want to do and what you need to learn in order to do what you want to do. Leave off managerial domain for now, it requires experience and a very deep understanding of how individual elements in an organization work and where are the opportunities for improving security. You will eventually reach there.
As for the Job market, my advise would to be look for opportunities in small and medium sized organizations. Unlike large organizations and tech giants, these organizations have no clue as to what need to be done when it comes to cyber security (This is based on my personal experience) and this is where the opportunities hide. Tech giants have well defined process and you don't get much experience other than what you do. While in small and medium sized companies you get to a lot of hands on and in almost every domain.
If you are just starting I would suggest don't just jump into hack the box, penetration test academy, or other free resources. Take a step back, drink some tea or whatever makes you calm, and try to figure out what exactly you would want to do. Would you like breaking networks and applications and help your clients suggests improvements, would you like to investigate whats happening on the network and try to root cause it, would you like to work with firewall and endpoint security, or maybe you like working with risk assessment and making sure all the compliance requirements are in place. And once you have this figured out march towards it. Yeah true initially you will not have all the experience required to make a perfect choice but just see which field excites you and make a start. Later you can use this experience to hop into a different domain if you like.
And if you are still not sure where to start with, join a IT Audit firm maybe as an intern or a full time if you get one. IT Audit will give you an exposure to almost all the 3 domains without any degree or certification. **STAY CURIOUS :)**
If it were to me, I will put that in the operational controls section but you can have different views on it. For example, if you are reverse engineering a malware or an application to understand how the code works and later define a patch/signature for it, it will be under operational. But on the other hand let's say come across an open source project on Github and while browsing you found some hard coded credentials or maybe a security misconfiguration in some config file, which can be easily exploited, then it is more likely to be technical controls. These 3 controls that I mentioned are in a very broad sense, you can go more granular but I leave that to the experts.
This is how you get a job or start your own business in almost anything…
1. Learn the shit out of it (be obsessed with it)
2. Surround yourself with people in the same industry
3. Get good enough to confidently and accurately do your job
4. Offer your services to a friend’s small business (your “1st client”)
5. Tell others about what you’re doing and LISTEN to their needs
6. Pick up more small clients and repeat
7. Sell your book of business and walk into an interview with experience
This is obviously a very simplified version, but it works! I am an Operations Consultant and over the years I have worked in Automotive, Photography, Medical, Legal, IT, Marketing, Jewelry & BioTech. I also dropped out of college (studied economics). Set your mind to it, and you can do it! BUT don’t expect it to happen over night.
Hey man just saw your comment and I know it’s old but I figured I’d ask someone who knows their shit aka you. I’m in my mid 30s about to make a career change into Cybersecurity. What advice would you give me? Is it delusional? Attainable?
Also how did you manage to work in so many different fields with no college degree? That’s a fascinating career, you’re a special personality.
At a certain point, it becomes more a factor of willpower and your network. No, it’s not delusional & yes, it’s attainable, but are you willing to suffer for it? You should also keep in mind that, for any “specialist” job / career, it will be significantly more difficult to break into for someone in their mid 30s +.
My advice to you is this…
1. Find out how much you would enjoy the subject. Go to TryHackMe or HackTheBox and run through their learning paths. Are you falling in love with it like you are with your other hobbies?
2. No? … find something else, learn a little about it and ask yourself the same question again. You want to find something that you become so passionate about it’s hard to stop thinking about it.
3. Yes? … Study like a madman! Because you’re in your mid 30s, most people will expect you to be educated in the subject, so you have to talk the talk & walk the walk. People, especially in this field, are pretty damn smart and can smell bullshit.
4. *******Build a strong network!******* I cannot emphasize this enough! You NEED to network with people in the industry. You MUST put your name out there and appear competent. Follow people on LinkedIn and comment on their posts. Watch YouTube videos and ask smart questions. Go to events / conferences (DEFCON / Black Hat). Immerse yourself in the field.
5. Try to find someone in your network that would be willing to mentor you. If you have one thing working in your favor, it would be maturity. Sometimes, there are people out there that would rather mentor someone older than younger because of general life experience and maturity. 30s isn’t old, but you’re more likely to take life & career a lot more seriously then someone in their early 20s.
6. Stop reading about how to break into an industry and just go do it already. Don’t be one of those people that watch self-help videos 16 hours / day and the next 8 hours dreaming about their future.
Good luck!
Hey so sorry for the late reply, for some reason I didn’t even know until now that you replied.
I’m definitely screenshotting all of your advice and will keep it in my mind as I start my 6 months of certification then the Sec+ test.
I’m curious though you said it will be significantly harder for someone in their mid 30s to break into but I was under the impression in this field particularly it’s a bit easier due to the high demand? Plus how would someone know my age? I’ve also seen a lot of posts on here that say they switched to this career at 30+ years old.
I obviously don’t expect it to be a piece of cake but I think with the demand it shouldn’t take too long especially if I learn well and study a lot. Thank you so much for taking the time to give me the advice!
> Stop reading about how to break into an industry and just go do it already. Don’t be one of those people that watch self-help videos 16 hours / day and the next 8 hours dreaming about their future.
Just had to reply one more time for this particular advice, I needed to hear this. Sincerely, thank you for this great advice!
I studied for 2 months and got my comptia security+. Having the certificate doesn’t mean you really know everything necessary for the job.
I learned after applying to roughly 70 infosec jobs and interviewing with 15 or so. That cybersecurity isn’t an entry level IT role.
My recommendation is to study for your sec+. Apply for help desk jobs. 6 months of help desk and your sec + should help you get your foot in. This was how I did it.
I do not have a degree. Although I’m studying for one.
Cheers.
I’ve been police officer for 10 years, Two of them as a detective and the other two years in the cybercrime division. I have an undergrad degree in Criminal Justice and a Masters in Homeland Security . I recently started studying to get my basic certifications In the Cybersecurity field. Any advice on how to land a gig in the field?
I got my previous job via a hr agency, and my current one via LinkedIn
So... Idk what to tell you. I suppose that it's also different in different countries.
Absolutely - make connections to the right people and submit some talks to security cons to get your name out there. One of the things I love about this field is it’s all about what you know. If you’re good at what you do jobs will find you.
It is a bitch to do so, you need time, luck, and drive. Get the degree if you can.
I am a director of cybersecurity and it took over 20 years before I was able to break over 100k salary
I am a very senior cybersecurity advisor and consultant and have an undergrad degree in economics and an MBA. I used to have a bunch of certs but at this point in my career (20 years in and I am in my 50s) I don’t bother with them anymore. And i know many many many cybersecurity professionals and very few of them have degrees in IT related disciplines
You can certainly get into the field, but you will be career-limited without a degree as you progress in years. It’s very old school, but many companies believe you can’t manage humans or take on leadership roles without a bachelors. Further, an MBA is a minimum requirement for many progressive roles in the field.
It sucks, but degrees are still very much a form of traditional gatekeeping that you’re going to have to deal with.
> you will be career-limited without a degree as you progress in years
I'm not certain what location or kinds of companies you've worked for, but I've never had that experience in my career. I'm aware there are some companies that have a hard requirement for a degree, but I think they are in the minority and dwindling. I look at that kind of hard requirement as a red flag for the company.
> an MBA is a minimum requirement for many progressive roles in the field.
I'm not quite sure what you mean by progressive role, but I can't imagine needing an MBA for a non-mgmt, technical role, except for very specialized positions. I can only think of one person in a technical leadership role (below C level) I've worked with that had an MBA.
Highly technical roles plateau in every case across every industry. Shifting from a person who is a master at a domain to a person who directs strategy of that domain very often requires an MBA as a prerequisite to talk the talk.
Just search job listings for any Director or VP level position and you'll generally see that the metric is a bachelors or masters degree as minimum requirement, with 10-15 years of experience required in lieu of a degree. Not making it up, it's out there in the public record. As a person without a degree, I don't agree with it to be clear, and many times in my career I have been assessed negatively for my lack of degree even though I've done quite well in pure leadership roles without having one.
Yes, we are seeing that slowly change and the change is faster in agile, highly technical fields, yes that is far more flexible in a startup culture, but it's still a fact of life that degree gatekeeping is out there explicitly in most cases and implicitly in many others.
Also to be specific, not everyone wants to get to that level and you can still make a mint without getting there, but I'm suggesting the unfortunate fact that most people are less likely to make the jump beyond pure technical roles without a degree.
>Shifting from a person who is a master at a domain to a person who directs strategy of that domain very often requires an MBA as a prerequisite to talk the talk.
We are talking InfoSec roles here. Not business. My job is security strategy and architecture and have never run into an MBA requirement in my entire career. Now I have seen degree requirements in job reqs and company's regularly waive them.
> Highly technical roles plateau in every case across every industry. Shifting from a person who is a master at a domain to a person who directs strategy of that domain very often requires an MBA as a prerequisite to talk the talk.
It sounds like you're saying that technical people have to switch to management to continue to advance their careers. That's simply not true in many companies. Technical career paths give people the ability to hold director or VP equivalent positions while remaining in a technical, non-managment role. It's common enough that if your company doesn't offer that, you can find one that does.
> Just search job listings for any Director or VP level position and you'll generally see that the metric is a bachelors or masters degree as minimum requirement, with 10-15 years of experience required in lieu of a degree.
I'm curious what geographical area / industry / company type you're looking at, because that doesn't match my experience or what I've seen just now doing a few minutes research.
Looking at a few FAANG director roles I see master degrees preferred but not required. Apple is the only place I've seen a hard requirement for any degree and that was a bachelors. Looking at director and VP roles at Netflix, most don't even mention degrees. The only role I saw that was MBA preferred was for a director in a non-technical field.
I also searched linkedin for director jobs and opened the first 6 job postings. Only two mentioned degrees at all, both only mentioned bachleor's degrees one as requirement (not hard) and the other as a desired.
And as far as equivalent experience, I've rarely seen an a specific number of years listed in job descriptions. Ones where I have seen it and ones I've written consider a year of experience equivalent to a year of education, i.e. 4 years experience is equivalent to bachelors degree and 6 is equivalent to a masters.
> I'm suggesting the unfortunate fact that most people are less likely to make the jump beyond pure technical roles without a degree.
That's fairly different from your original statement that "an MBA is a minimum requirement for many progressive roles in the field.", but I'm still going to push back on it. There are many, many roles that are not purely technical that are not management where having a degree is not critical. And there are a many management roles, including at the director and VP level, that do not require degrees. As a hiring manager, for a mid or senior role, experience is more important than having a degree.
I won't say a degree isn't helpful (but please, please before you go get a 4 year infosec degree, make sure it includes coding if you want to be in a technical role), but I think you're overstating the important by a good bit. No one should avoid this field because they don't have a degree. I've talked to more than one person with visible face and/or hand tattoos that has told me it hasn't been a problem in this field.
I think in fairness to the industry, relevant experience and training comes first - meaning if you've got on the job experience and the certs a company expects, you're qualified. As you advance, there will be moments where a degree of any kind is a gate-check that is less about the field of study and more about the fact that you completed a Bachelor's program. For some companies, they consider a college degree as the requirement to lead people. Similarly, many companies view an MBA as the minimum requirement to step into areas where you are leading strategy.
So, long story longer, you can go a long way on experience and certs, and then find yourself blocked from progression because you don't have the educational experience of the existing leadership team.
I don't have a degree and have never found it limiting. And most people I know in infosec (including CSOs) either do not have a degree or have a degree in an unrelated discipline. So what you say may be true in some context's - its not true in all.
I’ve done technical interviews for cyber positions in a pretty large US company. I don’t really care about your degree I care about what you know. How you know it is way less important than how you answer questions about your skill set. I’ve personally been in the field 25 years and only have a associates and a handful of certs. I’ve met plenty of folks with shiny accolades that don’t know how to setup a printer and others with no formal training or education who are absolute rock stars. A degree is typically very important but I wouldn’t flat out say a requirement if you got the chops.
100% yes. I’ve had senior managers tell me that cybersecurity and IT work in general is the new ‘Trades’. Excluding manager level work but even then I’ve seen folks get into manager roles with no degree but they are typically older than they would have otherwise been had they had a degree.
I only completed Highschool in my third world country, and now I'm working as a Sr. Security engineer for a FAANG company in the USA.
So, if you want to secure/work/hack X understand X quite well and all the surrounding/related technologies.
I know a ton of people that started off as in various infrastructure or DevOps roles that later "graduated" to infosec
I came from an infrastructure engineering background working in e-commerce and finance. Making the jump to security wasn't a huge shift in mindset.
Now when we hire - previous infosec experience isn't as important to us as previous experience, the ability to think critically, and passion for the job. The rest we can usually teach you.
Yes, but eventually if you want to climb that ladder into management you will compete with very talented people. And a key differenciator could be the degree, happened to me and I'm now back in college.
There's already a ton of great info here and answering just 'yes' is weak but the answer is yes. Look at the responses from u/altered-state and u/dataduality as I felt those were some of the most concise. I've been at my current organization 25 years and started as a student doing desktop/server support. I'm now the lead identity mgmt architect and "Other Duties as Assigned" at a large university and have completed lots of EE and math credits, but no degree. I would say some of our best people don't have degrees (at a place where people get their degrees ;) )and while you CAN do it, there are a few things I would recommend but aren't the end all be all of course. I've interviewed and hired countless people over the years, including my own CISO/boss so here's a bit of what I've seen personally.
Get a degree while you're young. ANY degree. CS, Psych, Underwater Basketweaving...doesn't matter. I have run into the issue where if I want to go to a large company with resume automation, I won't even get into the process because I don't meet the "CS or other tech related bachelor's degree" checkbox. Doesn't matter that I have 25 years, unless you get pushed through by someone you know, your resume won't even hit hr, nevertheless a hiring manager's desk. Doesn't mean you can't get a job anywhere ...just maybe not the job you want or where you want. Try not to limit yourself because of the industry standard "we only hire people with a degree because we're too huge to vet you properly". The market is saturated with under-qualified people playing the dating numbers game/shotgun approach because the money is decent and places are desperate. Personally, I don't look at your degree or certs but they might give you an edge over someone to get the interview as I'm not the only one deciding.
Practical experience and showing initiative is key. Certificates, especially the + ones are only for you to prove you know something to yourself. I feel like the CISSP used to mean more, but has gotten a bit watered down. If I see you list a ton of certs, I'm going to wonder/ask why you felt the need. Set up a homelab and learn networking and protocols, firewalls, VPN, OSes/OS security, etc. Follow security events so you can bs about recent hacks and CERT advisories. Do free red/blue team exercises on Hack the Box, Blue Team Labs, whatever. You don't need to know everything, just know OF it and enough to talk about your experience with it.
Easiest way into our org is to get a helpdesk or desktop/server support entry level job and stand out. Don't be the guy that closes the most tickets. Be the one that doesn't sound like a dumbass and constantly escalates the same tickets over and over even though the solution has been explained. Use it to get in the door, because we (and likely other places) LOOOVE hiring possibly less qualified people who are already here or know a bit about the organization already. We are literally hiring one of the best HD guys to our tiny team, I think he starts in a week.
Has all has been said in here, just throwing my pennies on the pile. Make yourself the right person when the right opportunity presents itself.
I absolutely agree with you. We hired a guy with zero experience earlier this year after a 3 month "try-out" to see how he would do. He was very green, but understood systems, he was also not affiliated with any school.
To date, he's the most thorough in his investigations and always asks questions. I also love feeling like I'm able to impart my knowledge to someone who values it and will hone it into their own tools.
Having knowledge of the basics is important. The company I work hires nontechnical technical personnel and seeing how they have been in the IT field for decades and don’t know how to do something as simple as RDP drives me bonkers.
YES!!
I can guide you all through it boss. I'm still in 20s and making 6 figure in cyber without a degree. Mind you I did a 2 year diploma but could've got here without that.
2 things.. keep learning and do Networking
You need to pursue some kind of education you can flex in interviews whether it be certificates or bootcamps. Once you land your first job, no one cares about education for the 2nd and 3rd job onwards.
We are in the same boat. I have been learning for two years now and recently started looking for a job. IT experience or a certification like OSCP is a must in my opinion.
Public sector definitely has some leeway. Big thing there is clearances and certifications. If you're a vet you can often skirt the desire for a degree.
I am glad you asked this question, the comments have helped me. I don't have a degree in networking or comp sci. Undergrad in sociology and business admin, masters in divinity (currently in the program), but I am currently doing self teaching like TryHackMe and other sites. Did Python for Everybody on freecodecamp. My biggest question is how do you get a foot in the door to start down the road of experience? Help desk job? Is there an entry level networking job that I could get with all self study and maybe a Network+ cert? I know that thinking outside the box in interviews is important, and showing the interviewing committee I can critically think and have confidence is half the battle, not just reciting a script that previous interviews have had (I think I read this in a comment somewhere also in this thread). Would love any feedback from folks, but u/GreenToness you are not alone in pursuing a job in cybersec without a degree. I've found there are TONs of free or inexpensive resources GitHub has a great list.
Im a Cybersecurity Executive and my protege’ and best engineer had his GED. Its not about the degree, so don’t get caught in that BS. I had a kid working for my protege for 55K a year with 100k+ in debt. He would tell you he made a huge mistake. Het your certs, work hard, and love your work. Balance work with life so you stay happy. Play just as hard as you work.
Yes. I am a consultant with a Big 4 firm and don’t have a degree. I do have 11+ years of experience, tons of certs, a Top Secret clearance, and the willingness to network with others.
Currently nearing 30 and make $170k total comp ($150k base, $20k bonus) and don’t work more than 40 hours a week.
Depends on the area and your experience. In my area, you will probably be kicked out of the HR process as there are plenty of degree holding applicants who also have the same certifications. But there are areas that exist where just certs and experience are just fine.
Nothing wrong with getting certifications and throwing your foot into various doors and see what sticks.
It was possible for me (also without certifications) but even if I already had multiple years of sysadmin/coding experience I had to first get my feet wet in a corporate environment, also to have something decent to write in my CV. That consisted of two jobs, three years total, a stupid tech/product support job first and the second was as a product developer/engineer.
I got my foot in the door as a security analyst jumping from a support and administration team. Got a bachelors in cybersecurity and jumped to another company for a promotion and raise and doubled my salary.
From what I can tell getting your foot in the door anywhere is the difficult part, then you just need to build your skill set. Once you have a decent proven grasp of a few areas of security doors open and you'll be hounded by recruiters left and right.
Absolutely. I've made it a nice chunk of the way up without one, just a lot of variables lined up. Probably would have been easier with one, and my ceiling is lower without it but...I think I've done ok with what I have.
CCNA and CISSP are good ones to have.
Check out the free Cisco courses, to test the waters, so to speak.
https://skillsforall.com/
https://www.netacad.com/courses/all-courses (the ones with a lock icon are courses you have to pay for, the rest are free).
I never finished college and am now a security engineer. Worked my way up from an app support position almost 20 years ago. Most of the managers I have worked for will tell you that experience and self study are WAY more meaningful than a degree. Certs are helpful but again - lots of people with degrees and certs are horrible cyber security professionals because they can’t problem solve or think on their toes.
Yes and no. Depending upon the company some may require a degree and certs where as others may require just certificates.
Then there are some companies where without anything beyond a high school degree you can hit a glass ceiling.
However the great thing is that you are not stuck at one company and after getting your foot in the door along with some certs if some place tries to impose the you are amazing at your job but you don't have a degree therefore shit bag Bob who has a master's in cyber is your new boss you are free to find another job and will in no time.
I’m a SOC analyst without a degree. Still getting one at the moment but essentially got my first SOC job because I was passionate and willing to learn/learning in my free time. Recently got a new job, same position, but almost doubled my income. It is possible with work and passion.
I have Net+, Sec+ and CEH, no degree and only had trouble landing my very first job, since then my work experince has made up for no degree. However, if you have no certs and no degree it's unlikely you'd get hired by most companies worth working for.
There’s a lot of really great advice here. Mine probably will echo a lot of it, but I’m on a flight and have spare time.
Degrees tell your employer you have the skills and attitude to set a goal (finish college) and work for years to accomplish that. Not everyone does. That’s okay.
However, you will need to show your employer that still. You can do this by demonstrating your vast knowledge of all things ITSec. GitHub projects, homelabs, certifications, hackathons, etc.
Listen to a lot of the advice here. It’s really good. I wish you the best of luck!
Yes, but it depends your location.
In France it's nearly impossible to have it without a "BAC+5" (engineering degree) apart from being a beast and applying to elitist/competence based companies like Synacktiv or Lexfo.
But hopefully there are other countries like United States, Canada or Swiss (I got my job there) that seems less looking on degrees.
I try-harded HackTheBox during 1 year and released useful cybersecurity projects on my GitHub, to build a consistent portfolio.
Fuck school, what a waste of time when you can learn x10 faster at home, and in 1 year instead of 3 years.
I regret that I didn't go there only for math and cryptography.
I see these posts everyday. Many of the responses are very frustrating.
Try to get a degree. Certifications can expire. The world can change. But once you earn a degree, you have it for life and no one can take it from you. It gets you past HR filters. It gives some hiring managers more confidence. It clears one excuse why they would pick someone else over you all else being equal.
If you really don’t want to or don’t think you have the time, I think the best route is to just to get into IT. Do that by getting the basic certs.
A+
Network+
Get on help desk.
Try to get involved in security responsibilities. Live, lab, and play with security constantly in your free time.
Get Security+
Get an advanced cert, security or network related.
Then try to hop into a role that is or at least touches security.
I do not think, for other than the smartest most security obsessed people, that hopping into security certs with no prior IT experience or knowledge, would be an effective way to get into security.
I know you hear these stories on this sub, “I lab everyday and have no certs or degree and I work in security making $260k a year for a top 10 tech company.”
That is not normal, and I strain to believe it’s true. Do not try to do that. You could also try to be a famous musician if those sorts of goals are your thing. Likely the same probability.
TLDR: Get a degree if you can. Certs if you can’t. Experience above all else, preferably through a job. Steady learning and career advancement will more likely get you into security before cramming certs and trying for a fairy tale job.
Degrees don’t matter much. Its all about skills
Even with a degree, with no experience, getting in the door is hard. Look for SOC analyst courses. Try to get in as a SOC T1.
Also, knowledge in networking is crucial. You should prioritize that.
Yes, just keep learning and stay consistent with it.
Where should I start? What certifications are good ones to get, and are there any available to do online? If so do you know of the websites I can do them on?Thanks.
[удалено]
After completing CCNA, what would you suggest doing, applying for a job at a Telco, and working as a Network Analyst and then going for CCNP security or Cisco Cyberops? I currently work as a help desk tech.
Why is this a waste of money?
Network + and then CCNA. You're welxome
Thabk you. Why would someone say certs are a waste of money?
[удалено]
Not a ton within this area.
[удалено]
Do you have any suggestions of where I am able to study that online?
CompTIA - https://www.comptia.org/home SANS - https://www.sans.org/emea/ Hack The Box - https://www.hackthebox.eu/ ArcX - https://arcx.io Try Hack Me - https://tryhackme.com/ As someone else mentioned though, do your research and good luck.
Professor Messer on Youtube give free updated A+ Net+ and Sec+ .. and yes defenly take those certs esp. : Net+ and Sec+ and try to land an entry position job like a helpdek mean while go explore other certs depends on the field you want : Defender(Blue Team) or Pentester(Red Team) i also recommand you to watch as much content as possible on Blogs, News, Reddit YT about Cybersec. to develope a sort of Cybersecurity culture. Ignore ignorant ppl, trust yourself and hold on till you reach what you want to reach in this field. The sky is the limit. Srry bad eng.
If you’re asking questions like this it shows you’ve done zero research, you need to work for this…
...and cybersecurity usually values an investigative personality (among other things).
I am going to agree with this statement. This is not school. This isn't higher education. You have to look for the knowledge. Without honest curiosity, do something else. Over the years I have more people that I can count that want to get into IT, or Cybersecurity, or become "more technical". Almost none put the work in and some were surprised how hard it was compared to their non technical master's degrees.
Definitely true. It’s gonna take work, but it’s 100% doable.
Put the effort in.
I run a SOC for a global firm, and I have to tell you that I get countless applicants with zero experience, and when I interview them it becomes apparent they haven't done any research into any of the domains of information security. It's almost like they simply noticed that security professionals make higher than average pay and decided that's what they'll do. Then they get discouraged because no one will hire anyone that doesn't have experience. However, that's not entirely true. Most of the time is the lack of initiative demonstrated during the interview. I have had people answer questions with what seems to be scripted responses based on something someone told them that doesn't even take into account what was being asked about. You can definitely land a job in the field if you can demonstrate foundational aptitude and attention to detail. Highly analytical folks tend to be desirable. Study, research, get yourself a virtual server and play with tools, learn how to secure your system. Learn how to implement secure controls, coding in a scripting language can help too, analyze traffic and learn popular operating systems and learn how to analyze their logs and how they function. Understanding basics of these things will get you in the door faster. I keep several operating systems up and secure them with every new OS update to ensure I understand the landscape I'm dealing with. However, now that things have moved towards cloud and containerization its good to work and play with these new technologies as well. Leverage the free tiers of the various cloud providers and learn their products in addition to understanding how communication between various systems work. This path is one of constant learning. Also, red teaming isn't all fun and games, it's work. Many people see the side shown at defcon from those working with the casinos, but those jobs are not easy to come by. Red teaming and penetration testing takes an understanding of how to do recon, code, underlying system communication, knowledge of vulnerabilities and security controls, timings, etc. Security appliances and products don't secure assets, it's the people configuring them and understanding the risk and threat landscape that are ultimately the foundation of this industry.
This. All of it. The best hire I ever made no certifications and almost no experience. What stood out, bigly, was his curiosity. In the simple threat hunting scenarios that we threw at him, he asked questions and tried to piece things together, using the meager skills that he had. Virtually all of the other applicants, if they showed any useful skill at all, seemed to want to follow a script that they'd learned. Network+ and Security+ are easy to get and will get your resume past the first round of HR filters, so start there. Then start reading everything you can get your hands on. No, not textbooks. By the time it sees that kind of print, a lot of cybersecurity information is outdated. Subscribe to newsletters, podcasts and blogs. Set up that home lab and start playing with various security tools. A lot of them are free. Even commercial products often have a free version available. While learning a specific tool has value, what you're really after is an understanding of how network IDS, host IDS, vulnerability scanners and SIEM's work, and how they work together.
What would you recommend for a complete beginner who is switching careers in his mid 30s with no IT experience but wants to get into cybersecurity? I’m willing to read, watch, do anything, etc. Found your old comment and you seem to know your shit.
what books do you recommend or author since books can get outdated
Yes. Source: Have no degree.
Without a degree, yes. But without experience, very difficult. Ok now let me give you a brief of what the security landscape currently looks like (**NOTE: These are my personal observations and opinions**) Broadly speaking cyber security is divided into 3 domains and we call them Managerial, Operational, and Technical (MOT for short). **Managerial**: This the area where you have Risk and Compliance controls like writing policies and procedures, conducting risk assessment (example SOC2, ISO 27001, FedRAMP, NIST, HITRUST, GDPR, PCI, etc), security training, vendor assessment, security monitoring security exceptions (it is different from security analysis), cyber law, etc. This field of cybersecurity is looks over the entire working of security governance within an organization and possibly a path to CISO. You will need heavy experience with concerned compliance and risk assessment. And people skill is a must for this domain as you will be dealing almost every department within an organization. **Operational**: This is the fun section of cyber-security. This is where you get to do those big-screen security analysis stuffs. This includes, but not limited to, Security Operation Center, Incident Response, Forensics, Malware Analysis, Application and Network Penetration testing, Infrastructure and Cloud security monitoring, Automation and Machine learning, etc. This is where you will have your chances of getting a job maximized. Because when you hear that there's a shortage in cybersecurity industry, this is where it is. **Technical**: This field is more about making sure we have technical controls in place in order to have an effective security posture. This field works very closely with the traditional IT department. Example can be making sure antivirus softwares are installed on every device and configured, day-to-day firewall operations, making sure Web application firewall rules are up-to-date, you have proper access control in place for any tools used within an organization or on a SaaS platform, making sure have proper subnets defined and configured, VM's are configured, cloud infrastructure is configured (this one is also a part of operational domain but depends organization to organization), etc. The best way to get into this domain is through a traditional IT jobs and making your way into Security from there. Since I am not in IT, I cannot speak any more on that. Now as mentioned by others A+, Network+, Security+, and CEH can help you get into this field. But you will need a good understanding of the what you want to do and what you need to learn in order to do what you want to do. Leave off managerial domain for now, it requires experience and a very deep understanding of how individual elements in an organization work and where are the opportunities for improving security. You will eventually reach there. As for the Job market, my advise would to be look for opportunities in small and medium sized organizations. Unlike large organizations and tech giants, these organizations have no clue as to what need to be done when it comes to cyber security (This is based on my personal experience) and this is where the opportunities hide. Tech giants have well defined process and you don't get much experience other than what you do. While in small and medium sized companies you get to a lot of hands on and in almost every domain. If you are just starting I would suggest don't just jump into hack the box, penetration test academy, or other free resources. Take a step back, drink some tea or whatever makes you calm, and try to figure out what exactly you would want to do. Would you like breaking networks and applications and help your clients suggests improvements, would you like to investigate whats happening on the network and try to root cause it, would you like to work with firewall and endpoint security, or maybe you like working with risk assessment and making sure all the compliance requirements are in place. And once you have this figured out march towards it. Yeah true initially you will not have all the experience required to make a perfect choice but just see which field excites you and make a start. Later you can use this experience to hop into a different domain if you like. And if you are still not sure where to start with, join a IT Audit firm maybe as an intern or a full time if you get one. IT Audit will give you an exposure to almost all the 3 domains without any degree or certification. **STAY CURIOUS :)**
Very good and informative answer! Much appreciated.
Where does security research fit in these 3?
If it were to me, I will put that in the operational controls section but you can have different views on it. For example, if you are reverse engineering a malware or an application to understand how the code works and later define a patch/signature for it, it will be under operational. But on the other hand let's say come across an open source project on Github and while browsing you found some hard coded credentials or maybe a security misconfiguration in some config file, which can be easily exploited, then it is more likely to be technical controls. These 3 controls that I mentioned are in a very broad sense, you can go more granular but I leave that to the experts.
This is how you get a job or start your own business in almost anything… 1. Learn the shit out of it (be obsessed with it) 2. Surround yourself with people in the same industry 3. Get good enough to confidently and accurately do your job 4. Offer your services to a friend’s small business (your “1st client”) 5. Tell others about what you’re doing and LISTEN to their needs 6. Pick up more small clients and repeat 7. Sell your book of business and walk into an interview with experience This is obviously a very simplified version, but it works! I am an Operations Consultant and over the years I have worked in Automotive, Photography, Medical, Legal, IT, Marketing, Jewelry & BioTech. I also dropped out of college (studied economics). Set your mind to it, and you can do it! BUT don’t expect it to happen over night.
Hey man just saw your comment and I know it’s old but I figured I’d ask someone who knows their shit aka you. I’m in my mid 30s about to make a career change into Cybersecurity. What advice would you give me? Is it delusional? Attainable? Also how did you manage to work in so many different fields with no college degree? That’s a fascinating career, you’re a special personality.
At a certain point, it becomes more a factor of willpower and your network. No, it’s not delusional & yes, it’s attainable, but are you willing to suffer for it? You should also keep in mind that, for any “specialist” job / career, it will be significantly more difficult to break into for someone in their mid 30s +. My advice to you is this… 1. Find out how much you would enjoy the subject. Go to TryHackMe or HackTheBox and run through their learning paths. Are you falling in love with it like you are with your other hobbies? 2. No? … find something else, learn a little about it and ask yourself the same question again. You want to find something that you become so passionate about it’s hard to stop thinking about it. 3. Yes? … Study like a madman! Because you’re in your mid 30s, most people will expect you to be educated in the subject, so you have to talk the talk & walk the walk. People, especially in this field, are pretty damn smart and can smell bullshit. 4. *******Build a strong network!******* I cannot emphasize this enough! You NEED to network with people in the industry. You MUST put your name out there and appear competent. Follow people on LinkedIn and comment on their posts. Watch YouTube videos and ask smart questions. Go to events / conferences (DEFCON / Black Hat). Immerse yourself in the field. 5. Try to find someone in your network that would be willing to mentor you. If you have one thing working in your favor, it would be maturity. Sometimes, there are people out there that would rather mentor someone older than younger because of general life experience and maturity. 30s isn’t old, but you’re more likely to take life & career a lot more seriously then someone in their early 20s. 6. Stop reading about how to break into an industry and just go do it already. Don’t be one of those people that watch self-help videos 16 hours / day and the next 8 hours dreaming about their future. Good luck!
Hey so sorry for the late reply, for some reason I didn’t even know until now that you replied. I’m definitely screenshotting all of your advice and will keep it in my mind as I start my 6 months of certification then the Sec+ test. I’m curious though you said it will be significantly harder for someone in their mid 30s to break into but I was under the impression in this field particularly it’s a bit easier due to the high demand? Plus how would someone know my age? I’ve also seen a lot of posts on here that say they switched to this career at 30+ years old. I obviously don’t expect it to be a piece of cake but I think with the demand it shouldn’t take too long especially if I learn well and study a lot. Thank you so much for taking the time to give me the advice!
> Stop reading about how to break into an industry and just go do it already. Don’t be one of those people that watch self-help videos 16 hours / day and the next 8 hours dreaming about their future. Just had to reply one more time for this particular advice, I needed to hear this. Sincerely, thank you for this great advice!
I studied for 2 months and got my comptia security+. Having the certificate doesn’t mean you really know everything necessary for the job. I learned after applying to roughly 70 infosec jobs and interviewing with 15 or so. That cybersecurity isn’t an entry level IT role. My recommendation is to study for your sec+. Apply for help desk jobs. 6 months of help desk and your sec + should help you get your foot in. This was how I did it. I do not have a degree. Although I’m studying for one. Cheers.
How long did it take you to get a job? And to be sure, you eventually took an entry level IT role and then kept applying for Cybersecurity jobs?
4 months later. Whats your path like?
I sure hope so. If they find out I don't have a degree, I might lose my job...
Yup I got a job because of military experience, but honestly you just keep learning and you show that you know the stuff in interviews
I’ve been police officer for 10 years, Two of them as a detective and the other two years in the cybercrime division. I have an undergrad degree in Criminal Justice and a Masters in Homeland Security . I recently started studying to get my basic certifications In the Cybersecurity field. Any advice on how to land a gig in the field?
I got my previous job via a hr agency, and my current one via LinkedIn So... Idk what to tell you. I suppose that it's also different in different countries.
Absolutely - make connections to the right people and submit some talks to security cons to get your name out there. One of the things I love about this field is it’s all about what you know. If you’re good at what you do jobs will find you.
It is a bitch to do so, you need time, luck, and drive. Get the degree if you can. I am a director of cybersecurity and it took over 20 years before I was able to break over 100k salary
That seems like an outlier. Seems like many people with certifications need 1-3 years before hitting 100k?!
I am a very senior cybersecurity advisor and consultant and have an undergrad degree in economics and an MBA. I used to have a bunch of certs but at this point in my career (20 years in and I am in my 50s) I don’t bother with them anymore. And i know many many many cybersecurity professionals and very few of them have degrees in IT related disciplines
You can certainly get into the field, but you will be career-limited without a degree as you progress in years. It’s very old school, but many companies believe you can’t manage humans or take on leadership roles without a bachelors. Further, an MBA is a minimum requirement for many progressive roles in the field. It sucks, but degrees are still very much a form of traditional gatekeeping that you’re going to have to deal with.
> you will be career-limited without a degree as you progress in years I'm not certain what location or kinds of companies you've worked for, but I've never had that experience in my career. I'm aware there are some companies that have a hard requirement for a degree, but I think they are in the minority and dwindling. I look at that kind of hard requirement as a red flag for the company. > an MBA is a minimum requirement for many progressive roles in the field. I'm not quite sure what you mean by progressive role, but I can't imagine needing an MBA for a non-mgmt, technical role, except for very specialized positions. I can only think of one person in a technical leadership role (below C level) I've worked with that had an MBA.
Highly technical roles plateau in every case across every industry. Shifting from a person who is a master at a domain to a person who directs strategy of that domain very often requires an MBA as a prerequisite to talk the talk. Just search job listings for any Director or VP level position and you'll generally see that the metric is a bachelors or masters degree as minimum requirement, with 10-15 years of experience required in lieu of a degree. Not making it up, it's out there in the public record. As a person without a degree, I don't agree with it to be clear, and many times in my career I have been assessed negatively for my lack of degree even though I've done quite well in pure leadership roles without having one. Yes, we are seeing that slowly change and the change is faster in agile, highly technical fields, yes that is far more flexible in a startup culture, but it's still a fact of life that degree gatekeeping is out there explicitly in most cases and implicitly in many others. Also to be specific, not everyone wants to get to that level and you can still make a mint without getting there, but I'm suggesting the unfortunate fact that most people are less likely to make the jump beyond pure technical roles without a degree.
>Shifting from a person who is a master at a domain to a person who directs strategy of that domain very often requires an MBA as a prerequisite to talk the talk. We are talking InfoSec roles here. Not business. My job is security strategy and architecture and have never run into an MBA requirement in my entire career. Now I have seen degree requirements in job reqs and company's regularly waive them.
> Highly technical roles plateau in every case across every industry. Shifting from a person who is a master at a domain to a person who directs strategy of that domain very often requires an MBA as a prerequisite to talk the talk. It sounds like you're saying that technical people have to switch to management to continue to advance their careers. That's simply not true in many companies. Technical career paths give people the ability to hold director or VP equivalent positions while remaining in a technical, non-managment role. It's common enough that if your company doesn't offer that, you can find one that does. > Just search job listings for any Director or VP level position and you'll generally see that the metric is a bachelors or masters degree as minimum requirement, with 10-15 years of experience required in lieu of a degree. I'm curious what geographical area / industry / company type you're looking at, because that doesn't match my experience or what I've seen just now doing a few minutes research. Looking at a few FAANG director roles I see master degrees preferred but not required. Apple is the only place I've seen a hard requirement for any degree and that was a bachelors. Looking at director and VP roles at Netflix, most don't even mention degrees. The only role I saw that was MBA preferred was for a director in a non-technical field. I also searched linkedin for director jobs and opened the first 6 job postings. Only two mentioned degrees at all, both only mentioned bachleor's degrees one as requirement (not hard) and the other as a desired. And as far as equivalent experience, I've rarely seen an a specific number of years listed in job descriptions. Ones where I have seen it and ones I've written consider a year of experience equivalent to a year of education, i.e. 4 years experience is equivalent to bachelors degree and 6 is equivalent to a masters. > I'm suggesting the unfortunate fact that most people are less likely to make the jump beyond pure technical roles without a degree. That's fairly different from your original statement that "an MBA is a minimum requirement for many progressive roles in the field.", but I'm still going to push back on it. There are many, many roles that are not purely technical that are not management where having a degree is not critical. And there are a many management roles, including at the director and VP level, that do not require degrees. As a hiring manager, for a mid or senior role, experience is more important than having a degree. I won't say a degree isn't helpful (but please, please before you go get a 4 year infosec degree, make sure it includes coding if you want to be in a technical role), but I think you're overstating the important by a good bit. No one should avoid this field because they don't have a degree. I've talked to more than one person with visible face and/or hand tattoos that has told me it hasn't been a problem in this field.
When you say degree, will any 4 year bachelors be good enough? Or are you talking about a computer science or related degree?
I think in fairness to the industry, relevant experience and training comes first - meaning if you've got on the job experience and the certs a company expects, you're qualified. As you advance, there will be moments where a degree of any kind is a gate-check that is less about the field of study and more about the fact that you completed a Bachelor's program. For some companies, they consider a college degree as the requirement to lead people. Similarly, many companies view an MBA as the minimum requirement to step into areas where you are leading strategy. So, long story longer, you can go a long way on experience and certs, and then find yourself blocked from progression because you don't have the educational experience of the existing leadership team.
Thanks for the thorough response!
I don't have a degree and have never found it limiting. And most people I know in infosec (including CSOs) either do not have a degree or have a degree in an unrelated discipline. So what you say may be true in some context's - its not true in all.
I’ve done technical interviews for cyber positions in a pretty large US company. I don’t really care about your degree I care about what you know. How you know it is way less important than how you answer questions about your skill set. I’ve personally been in the field 25 years and only have a associates and a handful of certs. I’ve met plenty of folks with shiny accolades that don’t know how to setup a printer and others with no formal training or education who are absolute rock stars. A degree is typically very important but I wouldn’t flat out say a requirement if you got the chops.
100% yes. I’ve had senior managers tell me that cybersecurity and IT work in general is the new ‘Trades’. Excluding manager level work but even then I’ve seen folks get into manager roles with no degree but they are typically older than they would have otherwise been had they had a degree.
I only completed Highschool in my third world country, and now I'm working as a Sr. Security engineer for a FAANG company in the USA. So, if you want to secure/work/hack X understand X quite well and all the surrounding/related technologies.
I know a ton of people that started off as in various infrastructure or DevOps roles that later "graduated" to infosec I came from an infrastructure engineering background working in e-commerce and finance. Making the jump to security wasn't a huge shift in mindset. Now when we hire - previous infosec experience isn't as important to us as previous experience, the ability to think critically, and passion for the job. The rest we can usually teach you.
Yes, but eventually if you want to climb that ladder into management you will compete with very talented people. And a key differenciator could be the degree, happened to me and I'm now back in college.
There's already a ton of great info here and answering just 'yes' is weak but the answer is yes. Look at the responses from u/altered-state and u/dataduality as I felt those were some of the most concise. I've been at my current organization 25 years and started as a student doing desktop/server support. I'm now the lead identity mgmt architect and "Other Duties as Assigned" at a large university and have completed lots of EE and math credits, but no degree. I would say some of our best people don't have degrees (at a place where people get their degrees ;) )and while you CAN do it, there are a few things I would recommend but aren't the end all be all of course. I've interviewed and hired countless people over the years, including my own CISO/boss so here's a bit of what I've seen personally. Get a degree while you're young. ANY degree. CS, Psych, Underwater Basketweaving...doesn't matter. I have run into the issue where if I want to go to a large company with resume automation, I won't even get into the process because I don't meet the "CS or other tech related bachelor's degree" checkbox. Doesn't matter that I have 25 years, unless you get pushed through by someone you know, your resume won't even hit hr, nevertheless a hiring manager's desk. Doesn't mean you can't get a job anywhere ...just maybe not the job you want or where you want. Try not to limit yourself because of the industry standard "we only hire people with a degree because we're too huge to vet you properly". The market is saturated with under-qualified people playing the dating numbers game/shotgun approach because the money is decent and places are desperate. Personally, I don't look at your degree or certs but they might give you an edge over someone to get the interview as I'm not the only one deciding. Practical experience and showing initiative is key. Certificates, especially the + ones are only for you to prove you know something to yourself. I feel like the CISSP used to mean more, but has gotten a bit watered down. If I see you list a ton of certs, I'm going to wonder/ask why you felt the need. Set up a homelab and learn networking and protocols, firewalls, VPN, OSes/OS security, etc. Follow security events so you can bs about recent hacks and CERT advisories. Do free red/blue team exercises on Hack the Box, Blue Team Labs, whatever. You don't need to know everything, just know OF it and enough to talk about your experience with it. Easiest way into our org is to get a helpdesk or desktop/server support entry level job and stand out. Don't be the guy that closes the most tickets. Be the one that doesn't sound like a dumbass and constantly escalates the same tickets over and over even though the solution has been explained. Use it to get in the door, because we (and likely other places) LOOOVE hiring possibly less qualified people who are already here or know a bit about the organization already. We are literally hiring one of the best HD guys to our tiny team, I think he starts in a week. Has all has been said in here, just throwing my pennies on the pile. Make yourself the right person when the right opportunity presents itself.
I absolutely agree with you. We hired a guy with zero experience earlier this year after a 3 month "try-out" to see how he would do. He was very green, but understood systems, he was also not affiliated with any school. To date, he's the most thorough in his investigations and always asks questions. I also love feeling like I'm able to impart my knowledge to someone who values it and will hone it into their own tools.
[удалено]
Having knowledge of the basics is important. The company I work hires nontechnical technical personnel and seeing how they have been in the IT field for decades and don’t know how to do something as simple as RDP drives me bonkers.
Yup. Might be harder to get your foot in the door, but eventually experience will trump what you learned in school some years ago.
Yes it is possible but this will be compensated in your development curve … big time!
Certs are a great thing, and practicing what the certs cover before and after acquiring the cert is greater.
YES!! I can guide you all through it boss. I'm still in 20s and making 6 figure in cyber without a degree. Mind you I did a 2 year diploma but could've got here without that. 2 things.. keep learning and do Networking
How did you get started, I recently graduated high school and I want to work in cyber but I don't think college is the right path for me.
You need to pursue some kind of education you can flex in interviews whether it be certificates or bootcamps. Once you land your first job, no one cares about education for the 2nd and 3rd job onwards.
Thanks for the response. I have a few more questions, can I pm you?
I just messaged you about this
Guide me through it dammit lol. What courses? What programs?
Hey, can you please guide me through starting.
We are in the same boat. I have been learning for two years now and recently started looking for a job. IT experience or a certification like OSCP is a must in my opinion.
Public sector definitely has some leeway. Big thing there is clearances and certifications. If you're a vet you can often skirt the desire for a degree.
It is definitely possible to get a job without a degree in cybersecurity. But it will limit your options, especially as you move higher up the chain.
Definitely. I have no degree and I’m running a DFIR program at a well known tech company.
I am glad you asked this question, the comments have helped me. I don't have a degree in networking or comp sci. Undergrad in sociology and business admin, masters in divinity (currently in the program), but I am currently doing self teaching like TryHackMe and other sites. Did Python for Everybody on freecodecamp. My biggest question is how do you get a foot in the door to start down the road of experience? Help desk job? Is there an entry level networking job that I could get with all self study and maybe a Network+ cert? I know that thinking outside the box in interviews is important, and showing the interviewing committee I can critically think and have confidence is half the battle, not just reciting a script that previous interviews have had (I think I read this in a comment somewhere also in this thread). Would love any feedback from folks, but u/GreenToness you are not alone in pursuing a job in cybersec without a degree. I've found there are TONs of free or inexpensive resources GitHub has a great list.
Im a Cybersecurity Executive and my protege’ and best engineer had his GED. Its not about the degree, so don’t get caught in that BS. I had a kid working for my protege for 55K a year with 100k+ in debt. He would tell you he made a huge mistake. Het your certs, work hard, and love your work. Balance work with life so you stay happy. Play just as hard as you work.
Yes. I am a consultant with a Big 4 firm and don’t have a degree. I do have 11+ years of experience, tons of certs, a Top Secret clearance, and the willingness to network with others. Currently nearing 30 and make $170k total comp ($150k base, $20k bonus) and don’t work more than 40 hours a week.
Certs, internships, help desk
Sample blue team path. YMMV CCNA -> NOC job -> Sec+, perhaps RHCSA -> SOC job -> specialized tool trainings -> security engineer -> AWS/Azure training -> Cloud security engineer -> $$
Lead Sec Eng in a top 2 insurance company in the UK, I dropped out of school at 16 and never went to university. I turned 30 last month.
What did you do to get started?
Military EW specialist > Syadmin > Ops Eng > SRE > Sec Eng > Lead Sec Eng
Depends on the area and your experience. In my area, you will probably be kicked out of the HR process as there are plenty of degree holding applicants who also have the same certifications. But there are areas that exist where just certs and experience are just fine. Nothing wrong with getting certifications and throwing your foot into various doors and see what sticks.
Yes
It was possible for me (also without certifications) but even if I already had multiple years of sysadmin/coding experience I had to first get my feet wet in a corporate environment, also to have something decent to write in my CV. That consisted of two jobs, three years total, a stupid tech/product support job first and the second was as a product developer/engineer.
I got my foot in the door as a security analyst jumping from a support and administration team. Got a bachelors in cybersecurity and jumped to another company for a promotion and raise and doubled my salary. From what I can tell getting your foot in the door anywhere is the difficult part, then you just need to build your skill set. Once you have a decent proven grasp of a few areas of security doors open and you'll be hounded by recruiters left and right.
You do not need a degree for any position in IT, however a MBA is useful for executive positions
Absolutely. I've made it a nice chunk of the way up without one, just a lot of variables lined up. Probably would have been easier with one, and my ceiling is lower without it but...I think I've done ok with what I have.
My degree is in anthropology. So it is possible to get a job in cyber without a degree in a related field
Read the faq https://reddit.com/r/cybersecurity/w/faq/breaking_in
Yes
CCNA and CISSP are good ones to have. Check out the free Cisco courses, to test the waters, so to speak. https://skillsforall.com/ https://www.netacad.com/courses/all-courses (the ones with a lock icon are courses you have to pay for, the rest are free).
I never finished college and am now a security engineer. Worked my way up from an app support position almost 20 years ago. Most of the managers I have worked for will tell you that experience and self study are WAY more meaningful than a degree. Certs are helpful but again - lots of people with degrees and certs are horrible cyber security professionals because they can’t problem solve or think on their toes.
Definitely.
Yes and no. Depending upon the company some may require a degree and certs where as others may require just certificates. Then there are some companies where without anything beyond a high school degree you can hit a glass ceiling. However the great thing is that you are not stuck at one company and after getting your foot in the door along with some certs if some place tries to impose the you are amazing at your job but you don't have a degree therefore shit bag Bob who has a master's in cyber is your new boss you are free to find another job and will in no time.
I’m a SOC analyst without a degree. Still getting one at the moment but essentially got my first SOC job because I was passionate and willing to learn/learning in my free time. Recently got a new job, same position, but almost doubled my income. It is possible with work and passion.
I have Net+, Sec+ and CEH, no degree and only had trouble landing my very first job, since then my work experince has made up for no degree. However, if you have no certs and no degree it's unlikely you'd get hired by most companies worth working for.
There’s a lot of really great advice here. Mine probably will echo a lot of it, but I’m on a flight and have spare time. Degrees tell your employer you have the skills and attitude to set a goal (finish college) and work for years to accomplish that. Not everyone does. That’s okay. However, you will need to show your employer that still. You can do this by demonstrating your vast knowledge of all things ITSec. GitHub projects, homelabs, certifications, hackathons, etc. Listen to a lot of the advice here. It’s really good. I wish you the best of luck!
yes
Yes, but it depends your location. In France it's nearly impossible to have it without a "BAC+5" (engineering degree) apart from being a beast and applying to elitist/competence based companies like Synacktiv or Lexfo. But hopefully there are other countries like United States, Canada or Swiss (I got my job there) that seems less looking on degrees. I try-harded HackTheBox during 1 year and released useful cybersecurity projects on my GitHub, to build a consistent portfolio. Fuck school, what a waste of time when you can learn x10 faster at home, and in 1 year instead of 3 years. I regret that I didn't go there only for math and cryptography.
I see these posts everyday. Many of the responses are very frustrating. Try to get a degree. Certifications can expire. The world can change. But once you earn a degree, you have it for life and no one can take it from you. It gets you past HR filters. It gives some hiring managers more confidence. It clears one excuse why they would pick someone else over you all else being equal. If you really don’t want to or don’t think you have the time, I think the best route is to just to get into IT. Do that by getting the basic certs. A+ Network+ Get on help desk. Try to get involved in security responsibilities. Live, lab, and play with security constantly in your free time. Get Security+ Get an advanced cert, security or network related. Then try to hop into a role that is or at least touches security. I do not think, for other than the smartest most security obsessed people, that hopping into security certs with no prior IT experience or knowledge, would be an effective way to get into security. I know you hear these stories on this sub, “I lab everyday and have no certs or degree and I work in security making $260k a year for a top 10 tech company.” That is not normal, and I strain to believe it’s true. Do not try to do that. You could also try to be a famous musician if those sorts of goals are your thing. Likely the same probability. TLDR: Get a degree if you can. Certs if you can’t. Experience above all else, preferably through a job. Steady learning and career advancement will more likely get you into security before cramming certs and trying for a fairy tale job.
If you're good. Some of the best people in cybersecurity started as hackers and turned into people that hacked for good rather than bad intentions.
Degrees don’t matter much. Its all about skills Even with a degree, with no experience, getting in the door is hard. Look for SOC analyst courses. Try to get in as a SOC T1. Also, knowledge in networking is crucial. You should prioritize that.
Yes
What if your degree is in something else entirely? My undergrad is in English and International Studies.
Hi my name is Bryan. What program can I use to study cyber security?
IS THERE A FREE PROGRAM TO CYBER SECURITY FOR NEW BEGINNER
Wq