Your Cybersecurity Career

The teacher who became a penetration tester

Marcus taught high school math for 12 years. He liked puzzles. He liked breaking things. He did not like the salary. One summer, he started watching cybersecurity videos on YouTube. He built a home lab with old laptops. He passed CompTIA Security+ in 4 months of evening study. He got his first SOC analyst job 3 months later — a 40 percent raise from teaching.

Two years in, he moved to penetration testing. Now he gets paid to break into companies — legally. His job is to find vulnerabilities before criminals do. He earns $130,000 a year and has never written a line of production code.

Marcus is not unusual. Cybersecurity is one of the few tech fields where career changers regularly succeed — because the field needs people faster than traditional education can produce them.

💡What you'll walk away with

By the end of this module you will be able to map the eight major cybersecurity career roles by salary and experience level, sequence the four key certifications from beginner to expert, choose the entry path that matches your background, design a specific 90-day learning plan, and build a portfolio that proves your skills to employers. This is where everything you have learned in this track becomes your career advantage.

4M+unfilled cybersecurity positions globally

0%unemployment rate in cybersecurity

120Kmedian cybersecurity salary in USD (US)

The cybersecurity career map

Cybersecurity is not one job. It is an entire ecosystem of specializations:

Role	What you do	Entry salary	Experience needed
SOC Analyst	Monitor alerts, investigate suspicious activity, first line of defense	$55-75K	Entry level
Security Analyst	Assess vulnerabilities, write security policies, conduct risk assessments	$70-95K	1-3 years
Penetration Tester	Legally hack systems to find vulnerabilities before criminals do	$90-130K	2-4 years
Security Engineer	Build and maintain security infrastructure (firewalls, SIEM, IDS)	$100-150K	3-5 years
Incident Responder	Handle active breaches — the "firefighters" of cybersecurity	$85-120K	2-4 years
Cloud Security Engineer	Secure cloud infrastructure (AWS, Azure, GCP)	$120-170K	3-5 years
Security Architect	Design the overall security strategy and architecture	$140-200K	7-10 years
CISO	Chief Information Security Officer — leads the entire security organization	$200-400K	10+ years

🔑You do not need to start at the top

Almost every CISO started as a SOC analyst or help desk technician. The career path is clear: start with monitoring and analysis, specialize in an area you enjoy, then move into architecture and leadership. There are no shortcuts, but there are fast tracks — and certifications are the biggest accelerator.

✗ Without certifications

✗Resume filtered out by automated screening
✗Competing against hundreds of applicants
✗No proof of baseline knowledge
✗Limited to IT support roles
✗Salary: IT help desk average $45K

✓ With Security+ certification

✓Resume passes automated keyword filters
✓Stand out with verified credential
✓DoD 8140 compliance — government jobs unlocked
✓Qualified for SOC Analyst, Jr. Security Analyst
✓Salary: SOC Analyst average $65-75K

Notice how every role connects to something you have already learned in this track. SOC analysts use the detection and monitoring skills from the incident response module. Penetration testers apply the attack playbooks from Module 2 — but on the defending side. Security engineers build the firewalls and network segmentation you studied in Module 3. IAM specialists implement the Zero Trust and RBAC systems from Module 5. Compliance analysts navigate the frameworks from Module 6. The career map is not abstract — it is this track, applied professionally.

The certification roadmap

Certifications are the currency of cybersecurity careers. They prove your knowledge to employers who cannot test you during a 30-minute interview.

Level 1 — CompTIA Security+ ($404 exam — verify at comptia.org for current pricing). The entry point. Covers everything in this track: threats, cryptography, IAM, network security, compliance. Recognized by the US Department of Defense. Study time: 2-4 months.

Level 2 — CEH (Certified Ethical Hacker) ($1,199 exam). Offensive security focus. Learn to think like an attacker. Good for penetration testing roles. Study time: 3-5 months.

Level 3 — CISSP ($749 exam). The gold standard for security leadership. Requires 5 years experience (or 4 with a degree). Covers 8 domains from security architecture to operations. Opens doors to senior roles.

Specialist — OSCP ($1,749 exam + lab). Hands-on penetration testing certification. You must actually hack into machines in a 24-hour exam. The most respected offensive cert in the industry.

There Are No Dumb Questions

Do I need a computer science degree?

No. Many cybersecurity professionals have no CS degree. CompTIA Security+ requires no prerequisites. What matters: certifications, hands-on skills, and the ability to think like an attacker. A degree helps but is not required — many job postings now say "degree or equivalent experience."

Which certification should I get first?

CompTIA Security+. It is the most widely recognized entry-level cert, it covers the broadest range of topics, and it satisfies DoD 8140 (formerly 8570) requirements (meaning government and defense contractor jobs accept it). Everything in this Octo track maps to Security+ exam objectives.

How do I get experience without a job?

Build a home lab (old laptop + VirtualBox + Kali Linux). Practice on TryHackMe or HackTheBox. Participate in CTF (Capture the Flag) competitions. Contribute to open-source security tools. Write about what you learn on LinkedIn. "Experience" does not always mean "paid employment."

Five paths into cybersecurity

Path 1: The Help Desk Bridge (most common)

Start in IT support or help desk. Learn how systems work by fixing them every day. Get Security+. Move to SOC analyst. Time: 6-12 months to first security role.

Path 2: The Career Changer (Marcus's path)

Study independently (this track + additional resources). Get Security+. Build a home lab. Apply to SOC analyst positions. Time: 4-8 months of focused study.

Path 3: The Developer Transition

Already a developer? Application security and DevSecOps are desperate for people who can both code and think about security. Time: 2-4 months to add security skills.

Path 4: The Military/Government Route

The US military trains thousands of cybersecurity professionals. Security clearance + military training = high demand. Veterans also get fast-tracked for many certifications.

Path 5: The University Path

Cybersecurity degrees are growing rapidly. Best for people who want research-focused roles or have time for a full degree. Many universities now offer cyber-specific programs.

🔒

Find your path

25 XP

Based on your current background, which cybersecurity path fits you best? 1. What is your current role or background? 2. Which path from the 5 above matches your situation? 3. What is the FIRST certification you would pursue? 4. What hands-on activity would you start this week? (home lab, TryHackMe, CTF, etc.) 5. What is your 6-month goal?

🔒

Match the Role to the Skill

25 XP

For each skill set, identify which cybersecurity role is the best fit. **Categories:** SOC Analyst | Penetration Tester | Security Engineer | Incident Responder | Cloud Security Engineer 1. You love breaking things and finding weaknesses. You think like an attacker. You enjoy puzzle-solving under time pressure. → ___ 2. You are detail-oriented, enjoy monitoring dashboards, and can stay alert during overnight shifts. You are good at pattern recognition. → ___ 3. You like building and configuring systems. You enjoy infrastructure, automation, and making things work reliably at scale. → ___ 4. You thrive in high-pressure situations. You can stay calm in a crisis and think methodically when others are panicking. → ___ 5. You understand AWS, Azure, or GCP deeply. You can read IAM policies and spot misconfigurations in cloud infrastructure. → ___ _Hint: Think about the personality and work style each role requires. Not every security professional is a hacker — many are builders, monitors, or crisis managers._

Building your cybersecurity portfolio

Certifications open doors. A portfolio proves you can do the work.

Portfolio item	How to build it	What it proves
Home lab write-ups	Document your lab setup, experiments, and findings	You can build and break things
TryHackMe/HTB profiles	Complete rooms and challenges, track your ranking	Hands-on offensive skills
CTF write-ups	Participate in competitions, write detailed solutions	Problem-solving under pressure
Blog posts	Write about vulnerabilities, tools, or techniques you learned	Communication skills, continuous learning
Bug bounty reports	Find real vulnerabilities in companies (HackerOne, Bugcrowd)	Real-world impact

There Are No Dumb Questions

Is a home lab really necessary? Can I just use TryHackMe?

TryHackMe and HackTheBox are excellent — but a home lab shows employers that you can build, configure, and troubleshoot real systems from scratch. A basic lab costs nothing: install VirtualBox on your laptop, spin up a Kali Linux VM for attack tools and a vulnerable VM like Metasploitable or DVWA for practice targets. Document everything you do. The writeups become your portfolio.

What if I do not have time for all of this?

Start with one hour a day. Consistency beats intensity. One hour of focused study every weekday for four months is 80+ hours — enough to pass Security+. One TryHackMe room per day builds a public profile that hiring managers can see. The people who break in are not the ones with the most free time — they are the ones who show up every day.

🔑Your LinkedIn profile is your resume

In cybersecurity hiring, LinkedIn matters more than a traditional resume. Post about what you are learning. Share TryHackMe completions. Write short posts explaining concepts from this track ("Here is why MFA stops 99% of automated attacks"). Hiring managers and recruiters search LinkedIn for keywords like "Security+" "SOC analyst" "incident response." Make sure those words appear on your profile — along with evidence that you understand them.

🔒

Design your 90-day plan

50 XP

Create a specific, week-by-week plan for your first 90 days in cybersecurity: **Month 1 (Weeks 1-4):** What will you study? What resource? How many hours per week? **Month 2 (Weeks 5-8):** What hands-on practice will you do? What lab will you build? **Month 3 (Weeks 9-12):** What certification will you take? What portfolio piece will you create? Be specific — "study networking" is too vague. "Complete TryHackMe's Pre-Security path (40 hours)" is specific.

🔑The cybersecurity community

Cybersecurity has one of the most welcoming professional communities in tech. Follow security researchers on Twitter/X, join Discord servers (TryHackMe, BHIS), attend local BSides conferences (free or cheap), and connect with people on LinkedIn. The community actively mentors newcomers because they remember being new.

Where to go from here

Congratulations — you have completed the Cybersecurity Fundamentals track. You now understand the threat landscape, attack playbooks, network defenses, cryptography, identity management, compliance frameworks, and incident response. Here is how to keep building on that foundation:

Want to go deeper into cloud security? Check out the Cloud Certifications track, which covers AWS, Azure, and GCP certification paths.
Building AI-powered security tools? The Building AI-Powered Products track teaches you how to ship AI applications — including security-adjacent tools like anomaly detection and automated threat analysis.
Leading a security program? The Project Management Fundamentals track teaches the planning, communication, and stakeholder management skills every CISO needs.
Ready to code your own tools? The Python Fundamentals track is the starting point — Python is the most-used language in cybersecurity scripting, automation, and penetration testing.
Interested in data analysis for security? The Data Skills Essentials track covers the analytical thinking and data manipulation skills that power SIEM dashboards and threat intelligence platforms.
Want to understand the business side? The Sales & Business Development track teaches the communication and persuasion skills that help security professionals sell their budget requests to executives.
Exploring AI's role in security? The Understanding AI track gives you the mental models to evaluate AI-powered threat detection, automated response systems, and the risks of adversarial AI.

Back to Marcus the teacher

Marcus spent twelve years teaching high school math before he built a home lab, passed Security+, and landed a SOC analyst job at a 40% raise. Two years later he was a penetration tester earning $130,000. He never wrote a line of production code.

His path — curiosity, self-study, a certification, and a willingness to start at the entry level — is not unusual in cybersecurity. The field needs people faster than universities can produce them, and it rewards career changers who bring discipline, problem-solving ability, and the willingness to keep learning.

Over the course of this track, you have covered the same ground that Marcus studied: the threat landscape, attack playbooks, network defenses, cryptography, identity and access management, compliance frameworks, and incident response. The difference between knowing this material and having a career in it is action — your first certification, your first home lab, your first application. Start today.

Key takeaways

Cybersecurity has 4.8M unfilled positions and effectively 0% unemployment — demand far exceeds supply
No CS degree required for most roles — certifications + hands-on skills matter more
Start with CompTIA Security+ — the universal entry-level cert that maps directly to everything in this track
Career path: SOC Analyst → Security Analyst/Engineer → Specialist → Architect → CISO
Build a portfolio: home lab, TryHackMe, CTF competitions, blog posts, and bug bounty reports
Five paths in: help desk bridge, career change, developer transition, military, university
Your LinkedIn profile is your resume — post about what you learn, share completions, use the right keywords
The community is welcoming — BSides conferences, Discord servers, and Twitter/X security researchers actively mentor newcomers
Everything in this track maps to Security+ exam objectives — you are already studying for your first certification

Knowledge Check

1.What is the recommended first certification for entering cybersecurity?

2.Which entry-level cybersecurity role is most commonly the starting point?

3.How can someone gain cybersecurity experience without a paid security job?

4.What does CISSP require that CompTIA Security+ does not?