I love my job
This isn’t said sarcastically or trying to convince myself. I genuinely love my job. I love my company and coworkers and the ability to help clients. I think I have the best job out there and I feel blessed. Japanese ikigai describes the intersection of what you love, what you’re good at, what the world needs, and what you can be paid for. I have that.
And I’m always passionate about helping others find their way into security and dispelling myths and supporting underrepresented groups. Security professionals come from all walks of life, we need all perspectives to solve some of these challenging problems.
The Reality of the Cybersecurity Job Market
I saw the initial posts by ISACA about how there are 2 million openings in cybersecurity. I followed as the number bloomed to 4 million and regularly quote it. When people said they don’t believe it because they’ve been looking for a while and unsuccessful, I suggested that there may be other reasons they’re unsuccessful finding a job.
And the layoffs—previously they did not affect cybersecurity but now they definitely are. The job market is challenging, but I still believe that if you are a motivated individual, you can work your way to your dream job. I no longer believe that there are 4 million openings sitting vacant. Maybe that’s the number of cyber professionals the world needs, but I’d need to see data backing up claims that there are 4 million openings today.
Breaking Into Cybersecurity: A Realistic Approach
You do not have to have a degree in cybersecurity, but it certainly doesn’t hurt. Here are my 5 steps for becoming a security professional:
1. Learn to Speak the Language
Familiarize yourself with industry concepts and terminology through courses. Mike Chapple’s SSCP and CISSP courses are on LinkedIn Learning—often free with a library card. There are many free options here! This step helps you determine if security is truly your calling.
Don’t underestimate the value of understanding the fundamentals. Security is built on concepts like confidentiality, integrity, and availability. Knowing how to discuss these concepts intelligently will set you apart in interviews and networking events.
The security field has its own vocabulary, and fluency in this language signals to potential employers that you’ve done your homework. Terms like “threat modeling,” “defense in depth,” and “least privilege” should become second nature.
2. Network Relentlessly
Join organizations like ISACA (Information Systems Audit and Control Association), ISC2 (International Information System Security Certification Consortium), ISSA (Information Systems Security Association), or CSA (Cloud Security Alliance). Local meetups are invaluable too, depending on where you live.
You’ll never find a profession where people are more willing to help you get ahead. Security professionals genuinely want to see newcomers succeed and will offer guidance, mentorship, and sometimes even job leads.
Remember that security professionals come from all walks of life. It’s not all IT/technical backgrounds, and it’s not all firefighting or getting called in the middle of the night. The diversity of pathways into security is something to embrace rather than fear.
Consider Certification
While certifications aren’t mandatory, they provide structured learning and validate your knowledge to employers. They also demonstrate commitment to the field.
For beginners, I recommend considering the free Certified in Cybersecurity (CC) certification from ISC2. This helps with both speaking the language and building credentials without financial risk.
When it comes to certifications, I tell people that employers primarily recognize CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), and CISM (Certified Information Security Manager). Check job postings—they often list “one of the SANS certifications” rather than specifying which ones.
There’s an exception if you’re interested in red teaming/penetration testing, where certifications like LPT (Licensed Penetration Tester), GPEN (GIAC Penetration Tester), CEH (Certified Ethical Hacker), and OSCP (Offensive Security Certified Professional) carry more weight.
Both CISSP and OSCP are challenging exams, so I recommend warming up with an entry-level certification first to get used to test-taking under pressure. If you’re aiming for CISSP, consider Security+ or SSCP (Systems Security Certified Practitioner) as stepping stones. The SSCP is offered by the same organization as CISSP (ISC2), as is the free CC certification.
Get on Stage
Present on a security topic—perhaps something you already know about with a security angle added. This builds your reputation and demonstrates expertise.
Public speaking might seem intimidating, but it’s one of the fastest ways to establish yourself in the field. Start small, perhaps at a local meetup or a lightning talk at a conference. Choose topics where you have unique insights or experiences.
The ability to communicate complex security concepts clearly is a rare and valuable skill. By presenting, you not only build this skill but also make connections with potential employers and mentors who appreciate good communicators.
Claim Your Identity as a Security Professional
Cybersecurity is largely an unregulated industry. At some point, you need to confidently present yourself as a security professional. Update your LinkedIn profile, participate in forums, contribute to open-source projects, or write blog posts about security topics.
This step is often the hardest for newcomers—feeling confident enough to claim the identity. But remember that everyone starts somewhere, and the industry needs fresh perspectives. Your background, whatever it may be, likely gives you unique insights that will benefit the security community.
Finding Your Security Niche
The beauty of cybersecurity is its breadth. You can focus on governance and policy if you enjoy working with frameworks and documentation. You can dive into technical specialties like cloud security, application security, or network defense. You might prefer security education and awareness if you enjoy working with people.
Take time to explore different domains before specializing. Your previous experience likely gives you advantages in certain areas. Former developers often excel in application security, while those with business backgrounds might find governance roles more natural.
The Path Forward
Breaking into cybersecurity requires persistence, continuous learning, and networking. The field is challenging but rewarding, with problems that matter and colleagues who care. The 4 million job openings might be aspirational rather than current reality, but the need for talented, passionate security professionals remains strong.
What draws most of us to this field isn’t just the job security or pay—it’s the mission. We protect people, organizations, and critical systems from harm. We solve puzzles that matter. We make a difference.
If you’re serious about joining our ranks, start with step one today. Learn the language. Join a community. Begin the journey. The security community will welcome you, support you, and challenge you to grow.
And perhaps someday soon, you’ll find yourself saying, without a hint of sarcasm: “I love my job.”
