Your Cybersecurity Career
4.8 million unfilled positions. Six-figure salaries. No CS degree required. Here's the roadmap to breaking into cybersecurity — from your first cert to your first role.
The teacher who became a penetration tester
Marcus taught high school math for 12 years. He liked puzzles. He liked breaking things. He did not like the salary. One summer, he started watching cybersecurity videos on YouTube. He built a home lab with old laptops. He passed CompTIA Security+ in 4 months of evening study. He got his first SOC analyst job 3 months later — a 40 percent raise from teaching.
Two years in, he moved to penetration testing. Now he gets paid to break into companies — legally. His job is to find vulnerabilities before criminals do. He earns $130,000 a year and has never written a line of production code.
Marcus is not unusual. Cybersecurity is one of the few tech fields where career changers regularly succeed — because the field needs people faster than traditional education can produce them.
The cybersecurity career map
Cybersecurity is not one job. It is an entire ecosystem of specializations:
| Role | What you do | Entry salary | Experience needed |
|---|---|---|---|
| SOC Analyst | Monitor alerts, investigate suspicious activity, first line of defense | $55-75K | Entry level |
| Security Analyst | Assess vulnerabilities, write security policies, conduct risk assessments | $70-95K | 1-3 years |
| Penetration Tester | Legally hack systems to find vulnerabilities before criminals do | $90-130K | 2-4 years |
| Security Engineer | Build and maintain security infrastructure (firewalls, SIEM, IDS) | $100-150K | 3-5 years |
| Incident Responder | Handle active breaches — the "firefighters" of cybersecurity | $85-120K | 2-4 years |
| Cloud Security Engineer | Secure cloud infrastructure (AWS, Azure, GCP) | $120-170K | 3-5 years |
| Security Architect | Design the overall security strategy and architecture | $140-200K | 7-10 years |
| CISO | Chief Information Security Officer — leads the entire security organization | $200-400K | 10+ years |
The certification roadmap
Certifications are the currency of cybersecurity careers. They prove your knowledge to employers who cannot test you during a 30-minute interview.
Level 1 — CompTIA Security+ ($404 exam — verify at comptia.org for current pricing). The entry point. Covers everything in this track: threats, cryptography, IAM, network security, compliance. Recognized by the US Department of Defense. Study time: 2-4 months.
Level 2 — CEH (Certified Ethical Hacker) ($1,199 exam). Offensive security focus. Learn to think like an attacker. Good for penetration testing roles. Study time: 3-5 months.
Level 3 — CISSP ($749 exam). The gold standard for security leadership. Requires 5 years experience (or 4 with a degree). Covers 8 domains from security architecture to operations. Opens doors to senior roles.
Specialist — OSCP ($1,749 exam + lab). Hands-on penetration testing certification. You must actually hack into machines in a 24-hour exam. The most respected offensive cert in the industry.
There Are No Dumb Questions
Do I need a computer science degree?
No. Many cybersecurity professionals have no CS degree. CompTIA Security+ requires no prerequisites. What matters: certifications, hands-on skills, and the ability to think like an attacker. A degree helps but is not required — many job postings now say "degree or equivalent experience."
Which certification should I get first?
CompTIA Security+. It is the most widely recognized entry-level cert, it covers the broadest range of topics, and it satisfies DoD 8140 (formerly 8570) requirements (meaning government and defense contractor jobs accept it). Everything in this Octo track maps to Security+ exam objectives.
How do I get experience without a job?
Build a home lab (old laptop + VirtualBox + Kali Linux). Practice on TryHackMe or HackTheBox. Participate in CTF (Capture the Flag) competitions. Contribute to open-source security tools. Write about what you learn on LinkedIn. "Experience" does not always mean "paid employment."
Five paths into cybersecurity
Path 1: The Help Desk Bridge (most common)
Start in IT support or help desk. Learn how systems work by fixing them every day. Get Security+. Move to SOC analyst. Time: 6-12 months to first security role.
Path 2: The Career Changer (Marcus's path)
Study independently (this track + additional resources). Get Security+. Build a home lab. Apply to SOC analyst positions. Time: 4-8 months of focused study.
Path 3: The Developer Transition
Already a developer? Application security and DevSecOps are desperate for people who can both code and think about security. Time: 2-4 months to add security skills.
Path 4: The Military/Government Route
The US military trains thousands of cybersecurity professionals. Security clearance + military training = high demand. Veterans also get fast-tracked for many certifications.
Path 5: The University Path
Cybersecurity degrees are growing rapidly. Best for people who want research-focused roles or have time for a full degree. Many universities now offer cyber-specific programs.
Find your path
25 XPBuilding your cybersecurity portfolio
Certifications open doors. A portfolio proves you can do the work.
| Portfolio item | How to build it | What it proves |
|---|---|---|
| Home lab write-ups | Document your lab setup, experiments, and findings | You can build and break things |
| TryHackMe/HTB profiles | Complete rooms and challenges, track your ranking | Hands-on offensive skills |
| CTF write-ups | Participate in competitions, write detailed solutions | Problem-solving under pressure |
| Blog posts | Write about vulnerabilities, tools, or techniques you learned | Communication skills, continuous learning |
| Bug bounty reports | Find real vulnerabilities in companies (HackerOne, Bugcrowd) | Real-world impact |
Design your 90-day plan
50 XPBack to Marcus the teacher
Marcus spent twelve years teaching high school math before he built a home lab, passed Security+, and landed a SOC analyst job at a 40% raise. Two years later he was a penetration tester earning $130,000. He never wrote a line of production code. His path — curiosity, self-study, a certification, and a willingness to start at the entry level — is not unusual in cybersecurity. The field needs people faster than universities can produce them, and it rewards career changers who bring discipline, problem-solving ability, and the willingness to keep learning.
Key takeaways
- Cybersecurity has 4.8M unfilled positions and effectively 0% unemployment — demand far exceeds supply
- No CS degree required for most roles — certifications + hands-on skills matter more
- Start with CompTIA Security+ (the universal entry-level cert)
- Career path: SOC Analyst → Security Analyst/Engineer → Specialist → Architect → CISO
- Build a portfolio: home lab, TryHackMe, CTF competitions, blog posts
- Five paths in: help desk bridge, career change, developer transition, military, university
- The community is welcoming — lean into it
Knowledge Check
1.What is the recommended first certification for entering cybersecurity?
2.Which entry-level cybersecurity role is most commonly the starting point?
3.How can someone gain cybersecurity experience without a paid security job?
4.What does CISSP require that CompTIA Security+ does not?