How to land your first job in cybersecurity

If you’re thinking about starting a career in cybersecurity, the first thing we want to say to you is YES. Great decision. We’re behind you – and honestly, there’s never been a better time to carve out a path for yourself in this industry. Cyber threats are growing to unprecedented levels, and businesses are under pressure to secure their systems; while cybersecurity itself continues to face a global skills shortage. 

But we know getting your foot in the door can feel overwhelming – especially when every job description seems to want years of experience and a daunting list of certifications. 

Take a breath. You don’t have to check every box to get started. So let’s talk about how to land your first cybersecurity job, with expert advice from CISOs, engineers, and industry leaders who’ve done it themselves. 

You don’t need to know everything (but you do need to start somewhere)

Cybersecurity is a vast field. There’s penetration testing, risk management, threat intelligence, cloud security, incident response – and that’s just scratching the surface. It’s okay if you don’t know which area you want to specialise in yet.

No matter what you go on to do next, a strong technical foundation will serve you well, and you can start building that right now. Yara AlHumaidan (Cybersecurity Principal Consultant) said: 

“First, learn the basics. Familiarise yourself with fundamental concepts of computer networking, operating systems, and programming languages like Python, which are commonly used in pentesting. Gain a solid understanding of cybersecurity principles, including common vulnerabilities, attack vectors, and security best practices.

“Enroll in online courses or tutorials specifically focused on penetration testing and ethical hacking. Platforms like Cybrary, Udemy, and Coursera offer excellent resources for beginners. And supplement your learning with books and online blogs dedicated to pentesting and cybersecurity.” 

Other free or low-cost platforms like TryHackMe and Hack The Box are great places to get hands-on experience. And you could start contributing to open-source projects or do Capture the Flag (CTF) challenges to build your skills.

Embrace the mistakes that could lead you to new opportunities 

No one’s journey into cybersecurity is perfect – and sometimes, the best learning experiences come from unexpected (or completely accidental) missteps. 

Rohit Kumar (Product Security Engineer at Groww), for example, got his start at the age of 14 by launching a bug bounty program on HackerOne, and inviting lots of talented, experienced hackers to look for vulnerabilities on his website – without knowing what that really meant:

“This mistake changed everything. Seeing my website broken so easily made me realise how important online security is. I learned about this cool world of ethical hacking and all the amazing people in it.”

Be willing to own your mistakes, but don’t be afraid to make them. Be curious. Break things. Learn from it. That’s the hacker mindset.

Show you’re willing to learn

Max Imbiel (CISO at Bitpanda) said that when it comes to hiring, it’s not all about credentials:

“The person behind a profile is always more important than just the skills and certifications.”

Even in crypto security, Imbiel thinks that while domain-specific experience is a plus, it’s not essential: “I believe that if you are willing to learn the ins and outs of it, you can do so best on-the-job.”

So don't be discouraged if you're interested in a career that’s outside of your current experience. Focus on being proactive, curious, and a good cultural fit.

Continuous learning is non-negotiable in cyber. The industry doesn’t stand still, so practitioners can’t either. New technologies, new threats, new threat actors empowered by more accessible attack vectors – it's a never-ending learning curve. 

Suresh Sankaran Srinivasan (Group Head of Cyber Defence at Axiata) put it like this:

“In an ever-changing landscape, I understood the criticality of staying at the forefront of industry trends and emerging threats...This commitment to continuous learning and adaptation ensured that my skills remained sharp and relevant.”

You’ll need that mindset too – whether it’s following threat intel blogs, joining open-source communities, or pursuing certifications like CompTIA Security+, SSCP or OSCP when you're ready.

Don’t underestimate soft skills (or yourself) 

You might think cybersecurity is just for technical geniuses – but that’s a myth. As Sam Curry (CISO at Zscaler) said:

“I used to play rugby, and I loved that there was a place on the team for every body type and shape. Cybersecurity is like that: we want everyone and every perspective.”

Maybe you’re from a business, legal, policy, or communications background, or something completely different; but there’s almost definitely a space for you in cybersecurity. What matters is your unique perspective and your willingness to keep learning.

And finally, don’t wait until you feel 100% “ready”. As Omar Khawaja (CISO at Databricks) said when we asked him about the pivotal moments on his journey: 

“The moments that most shaped my career were the ones I did not have the requisite skills for, but went ahead anyway – sort of like jumping into the deep end of the pool.”

This means you should apply for that internship. Reach out to people on LinkedIn. Build and share your projects. Get uncomfortable. You might be surprised where it takes you.