A Guide To Starting a Career

in Cyber Security

1 Understand the Cyber

Security Industry and the
Step Jobs on Offer

Cybersecurity ventures predict that there will be 3.5

million unfilled cyber security jobs globally by 2021, up
from one million positions in 2014.

That’s great news for job seekers, but as might be

expected, many people don’t understand the cyber se-
curity industry and have misconceptions on what might
be involved if they start a career in cyber security.

Often people believe that cyber security is all about

technology and hacking. This is somewhat true, but cy-
ber security is much more than that. It is a discipline of
managing risk, which might happen to have technology
as a solution. Which means roles in security can vary
massively from highly technical to C-level executive
management, from auditing to computer forensics.

The first step I recommend you to do is to get an idea of

the sort of jobs that exists in the security industry. Take
a look at the job boards in your local job market. Please
read the job specs and understand what the different
jobs involve and what skills and qualifications they are
asking for.

Have a look and see what roles you are interested in

and what role you might ultimately move towards in the
middle and the end of your career. Get an understand-
ing of what responsibilities each job type has and their
level of seniority, from junior security analyst through
to Chief Information Security Officers (CISO).
 A Guide To Starting a Career in Cyber Security

If you are in the US take a look at job boards such as Dice, Indeed, Glassdoor, LinkedIn
and others. In the UK try JobServe, CyberSecurityJobsite, CWJobs and others.

You will find the following typical job titles and roles.
• Penetration Tester & Ethical Hacker
Try to hack systems to find vulnerabilities. Reporting any weaknesses found so they
can be mitigated. Average Salary $102,000
• Security Analyst & Specialist
Performs a variety of security analysis and defensive tasks to help prevent organiza-
tions from being compromised by attackers. Average Salary $85,000
• Cyber Crime Analyst & Investigator
Examines digital components to determine if illegal actions have taken place. Also
responds to security incidents. Average Salary $85,000
• Security Consultant
Advises organizations of their security posture. Average Salary $85,000
• Security Engineer & Architect
Designs and implements secure systems. Average Salary $108,000
• Freelance Consultant & Contractor
Independently advises organizations of their security posture. Average rate - $1000
per day
• Chief Information Security Officer (CISO)
This senior-level executive is responsible for establishing and maintaining enterprise
security. Average Salary $108,000

2 Get Educated
Step

The US Bureau of Labor Statistics reports

that the typical entry-level education for a
cyber security job is a Bachelor’s degree.
But if you don’t have a degree - don’t write
off a career in cyber security. With a mas-
sive shortage of qualified cyber security tal-
ent, companies and government agencies
are aggressively trying to fill their openings.
If you lack a college education, not a prob-
lem, through online cyber training, you can
still secure a great high paying job.

I recommend you become a VIP Member of the StationX Cyber Security School. You will
get unlimited access to all the training material you need to fully educate yourself and
become a highly paid cyber security professional.

Not sure where to start? Vip membership includes a detailed email consultation which
produces a customised study roadmap for you of what courses and certificates you
should take in what order based on your current skills and career goals.
 A Guide To Starting a Career in Cyber Security

3 Get Certified and Qualified

Step
Cyber security is a highly-skilled career which requires a solid foundation in IT, operating
systems and networking. If you are starting at zero with little to no basic IT knowledge,
then you need to get up to speed with the basics first.

My recommendations for anyone that is starting at zero is to learn IT fundamentals first.

The topics and skills you need are covered well on the courses for CompTIA IT Fundamen-
tals and CompTIA A+ Core 1 & 2 certificates.

Another cornerstone to security is an understanding of networking, the Internet, cloud,

routers, switches and so on. My recommendation for courses and certificates are Comp-
TIA Network+ and CompTIA Cloud+.

If you are not starting at zero, these courses and certificates may be too simple for you.
Skip any that are too easy unless you want the certificate for your CV/Resume/Linkedin.

After you have your IT basics down, you want to get a solid overview of the important
Cyber Security Domains. To do this, I recommend you take The Complete Cyber Security
Course Volumes 1-4.

When you are checking out the local job market for what roles might interest you the
most, make a careful note of the certificates and skills that are generally required for the
roles that interest you.

What certificates you should aim to get and skills to acquire will depend on the type of
roles and specialisation that interests you. You need to choose training and certificates
that cover the Cyber Security Domains that are required for the roles that interest you.

For example, you may choose to specialise in domains such as network security, cloud,
security architecture, management and governance, security operations, risk assess-
ment, penetration testing, blue team or others. Where you specialise determines your
training needs.

Certificates increase your job opportunities, demonstrate knowledge and skills and are
often even required just to secure an interview.
 A Guide To Starting a Career in Cyber Security

Long term, you should aim to pass the Certified Information Systems Security Profes-
sional (CISSP) certification. The CISSP is the closest the security industry has to a stan-
dard in certification. CISSP requires five years of experience to achieve. But, you can
take the CISSP exam without any experience (after doing CISSP training), and then you’ll
have six years to complete your five years of industry experience. After that, you official-
ly submit your endorsement to become an official CISSP, and then you can start using
those letters after your name. In the meantime, you can put on your resume/CV/LinkedIn
you have passed the CISSP exam. This will help secure a role.

I recommend you to do your CISA shortly after as there is a lot of shared content, so it is
easy to do both exams close together. Followed by the CISM for security management.

Cyber Security IT Basics

CompTIA Security+ CompTIA IT Fundamentals
(Basic level)
(Entry level)
CompTIA CySA+
(Intermediate level) CompTIA A+ Core 1 and core 2
(Entry level)
CISSP - Certified Information Systems
Security Professional
(Advanced level)

Penetration Testing Security Management / CISO

CISM - Certified Information Security
CEH - Certified Ethical Hacker Manager
(Intermediate level) (Advanced level)

CompTIA Pentest+ ITIL & PRINCE 2

(Intermediate level)
(Intermediate level)
Cloud
OSCP - Offensive Security Certified
Professional CompTIA Cloud+
(Basic level)
(Advanced level)
Microsoft Azure
(Intermediate level)
GPEN - GIAC Certified
Penetration Tester Amazon Web Services (AWS)
(Intermediate level)
(Advanced level)

Networking
GWAPT - GIAC Web Application
Penetration Tester CompTIA Network+
(Basic level)
(Advanced level)
Cisco CCNA
Offensive Security Exploitation Expert (Intermediate level)

(OSEE) Cisco CCNP Security

(Expert level) (Intermediate level)

VIP membership to the StationX Cyber Security School includes courses and certifi-
cate training for people with absolutely zero knowledge through to expert.
 A Guide To Starting a Career in Cyber Security

4 Gain Hands-on Practical Experience

Step
It’s easy to gain hands-on practical experience if you go about it the right way. The first
thing you must do is to set up a virtual lab. It has never been easier and cheaper to set
up a lab than it is today.

Here are your options in order of least expensive to most expensive for setting up your
lab.

VirtualBox or VMware or similar on a laptop or desktop.

VirtualBox or VMware or XCP-ng or similar on a local server.

VPS or cloud server hosted online using services such as AWS, Turnkey

Linux, Linode, Digital Ocean and others.

A dedicated server with XCP-ng or VMware or similar running on it.

If you want to learn how to set up a lab and virtual server, I recommend The Complete
Cyber Security Course Volumes 1-4. Section 5 - “Setting up a Testing Environment Using
Virtual Machines.

In order to sharpen your hands-on practical skills use courses with Virtual Labs.

In your current job (if you have one) you want to ask to take on any security tasks you
can, to gain experience and to have something to put on your resume. Anything at all is
better than nothing, even simply changing peoples passwords is worth doing to gain the
experience!

Attend local hackerspaces and cyber security community groups. Talk and network with
existing security professionals. Learn about the industry.

Consider internships, volunteering, and offer to do free work for businesses and chari-
ties.
 A Guide To Starting a Career in Cyber Security

5 Demonstrate your Abilities

Step

To secure your first job, you MUST be able to demonstrate your abilities. To do this, I rec-
ommend you to create a public profile and use this as a vehicle to showcase your talent.

Try doing security research, respond to Call for Papers (CFP), bug bounties, answer ques-
tions on Q&A boards, write security tools, posts and papers. Contribute to open-source
projects and network with the developers.

Get a blog, Twitter, LinkedIn and other social media accounts and fully document all
of your work. Connect with me on LinkedIn and Twitter to share my network. Chat to
experts over social media. Comment on the latest security news. Attend security confer-
ences like DEFCON, Black Hat, RSA conference, ShmooCon, InfoSec and see if you can
contribute. Network with the attendants.

Place everything relevant on your resume/CV/LinkedIn when apply for jobs.

Your resume/CV/LinkedIn demonstrates your ability, enthusiasm and passion, which will
get you hired very quickly in a market that is desperate for talented individuals!

About the Author

Nathan House a leading cyber security expert and founder of Station X a cyber se-
curity training and consultancy company. He has over 25 years experience in cyber
security and is the winner of the AI - Cyber Security Educator of the Year 2020.