Cybersecurity requirements to land a job in the field

A report from Cybersecurity Ventures says that the global annual cost of cybercrime is predicted to reach $9.5 trillion in 2024. Meanwhile, the average price tag of a single data breach will rise to $4.45 million, up 15% from 2023, according to IBM.

In parallel, the demand for highly skilled cybersecurity professionals, or white hats, is multiplying, too. The U.S. Bureau of Labor Statistics reports that information security analysts—an entry-level cyber defense job earning an average salary of $112,000—will see a 32% increase in employment by 2032, outpacing the growth of most other occupations.

But, a high rate of growth along with a shortage of workers means one thing:

“There’s a huge gap,” says M.K. Palmore, Director of the Office of CISO at Google Cloud. “Every organization, no matter what they do, is a technology organization. Today, we depend so much on technology—that’s why companies need to build out a cybersecurity framework.”

According to Dana Simberkoff, the Chief Risk, Privacy, and Information Security Officer at AvePoint Inc., it’s not just a lack of skilled senior employees. There’s a gap in new entry-level hires. “That’s because of the rise of artificial intelligence and the rise of the profitability of cybercrime. They’re just far more criminals out here than there are good guys,” says Simberkoff.

With nearly 600,000 unfilled cyber positions in the U.S. alone, the competition is fierce, and the expectations are high. But, to get your foot in the door, you need to know what hiring managers are looking for in entry-level candidates. 

What is cybersecurity?

Cybersecurity is the practice of safeguarding and defending information stored on phones, computers, and within networks from criminals and unauthorized access. This information can range from texts, emails, and social media posts to credit card information and medical records.

Simberkoff adds that cyberattacks are only getting scarier, targeting not only businesses but also individuals and their families.

“My parents have received phone calls from AI-generated robots, pretending to be their grandchildren, asking for help,” she says. “As cyberattacks become more personal and sophisticated, the need for cybersecurity professionals ramps up. I think there’s never been a more relevant or important career.”

What are entry-level cybersecurity job requirements?

There’s no single route to getting into the industry—whether it’s getting a degree or certified. But, there is a short checklist of items employers want to see in your application, no matter your background.

“The delta between how comfortable an organization feels in bringing on new talent and then subsequently training that talent up is not always the same from one organization to the next,” Palmore says. Both he and Simberkoff want people to do three things before applying: 

• Gain a base-level understanding of the cybersecurity industry
• Demonstrate and develop your security skills with certifications and degrees
• Get your hands dirty and learn how to physically do the job

1. Gain a base-level understanding of the cybersecurity industry

You first need to understand the different domains of the industry. Cybersecurity is a diverse and fascinating field that offers various opportunities for different skills and interests. 

The major roles often involve engineering, education, administration, or management. As such, each job has its own level of technical knowledge and training requirements. Generally, these are the aspects of what cybersecurity professionals do: 

Secure provision: Designing and implementing secure systems and networks.

Operate and maintain: Managing and monitoring the performance and security of systems and networks. 

Oversee and govern: Developing and enforcing policies and strategies for cybersecurity. 

Protect and defend: Identifying and responding to cyber threats and incidents.

Analyze: Examining data and information to identify and understand cyber risks and vulnerabilities. 

Collect and operate: Gathering and using data and information to support cybersecurity operations. 

Investigate: Conducting forensic analysis and investigations of cyberattacks and incidents.

Palmore suggests exploring various resources such as books, forums, social media, and online courses to gain insights into the mindset and skills required to become a cybersecurity professional.

For those seeking a direction, we recommend reading How Cybersecurity Really Works by Sam Grubb and the 6-part book series Cybersecurity All in One for Dummies. These resources provide knowledge on how attackers operate—helping people safeguard themselves and their workplaces from online threats.

2. Demonstrate and develop your cybersecurity skills with certifications and degrees

Once you understand all the cybersecurity domains, you should plot a path forward toward developing your skills and knowledge in the roles and responsibilities that interest you.

There are two major paths to becoming cybersecurity literate: Pursuing a degree or training yourself to earn certifications. 

“Some people who study computer science or other technical fields struggle to enter the industry because employers value hands-on skills more than academic credentials,” Palmore advises. “Certs get folks off to the races—they not only prepare people but also align them with other available industry certs for the future.” These badges satisfy the academic expertise component most employers are looking for.

Relevant cybersecurity certifications

Palmore says it’s possible to exit high school, take certifications, land an internship, and get a full-time cybersecurity role. Here are the main relevant base-level, vendor-neutral cybersecurity certifications that require zero previous experience:

Certified in Cybersecurity (CC): This 100-question entry-level certification from ISC2 tests for fundamental knowledge, skills, and abilities like incident response protocol, network security, and security operations. 

Certified Ethical Hacker (CEH): This EC-Council certification consists of 125 multiple-choice questions and shows the holder understands things like DDoS attacks, intrusion detections, and virus creation. 

GIAC Penetration Testers (GPEN) Certification: This exam has around 75 multiple-choice questions and ten practical ones. It covers penetration testing best practices like how to execute an exploit and how to do reconnaissance. 

CompTIA Security+: This 90-question exam evaluates your proficiency in detecting network vulnerabilities, configuring and implementing low-risk network architecture, and troubleshooting security issues. It also assesses your knowledge of laws and regulations related to the subject matter. 

If you are still trying to figure out where to begin, Fortune compiled a list of free online cybersecurity courses correlating with entry-level certifications.

Relevant cybersecurity degrees

According to Cyber Defense Magazine, California State University, Carnegie Mellon University, and George Washington University secure the top three positions among the best cybersecurity universities.

Every school will have different programs—each teaching slightly different curriculums. The degrees below teach the fundamentals of the industry:

• Computer science
• Cybersecurity engineering
• Cybersecurity operations
• Computer engineering
• Information assurance

For more information on getting a formal education, Fortune assembled a list of cybersecurity programs that cost around $15,000 or less. 

3. Learn how to physically do the job through internships, volunteering, and mentorship programs

The final checklist item you need is practical experience. On resumes, employers want to see you’ve applied all the information you learned to the real world. 

“The key piece missing for most people in the interview process is the ability to say, ‘Hey, I’ve used these particular skills and solved real-world problems,’” Palmore says. The solution is opportunities like internships, informal volunteer work, and mentorship programs—all of which get your hands dirty and help you interview better. 

To gain this experience, you can explore different opportunities that suit your goals and interests. Here is what you need to know:

• Internships: These offer short-term, real-world cybersecurity experience. They can be paid or unpaid and come from various sources, such as companies, agencies, schools, or nonprofits. 
• Volunteer work: This can be as simple as assisting a colleague, someone in your network, or a nonprofit organization with small tasks or skills you want to learn. You can volunteer through well-known organizations like ISC2, WiCyS, or CyberUp.
• Mentorship programs: Employers, schools, and networks offer both formal and informal one-on-one mentorship programs. If you’re interested in gaining insights from experts in a more personalized setting than volunteering or interning, consider joining a mentorship program like the ones offered by MentorCruise.

Hone these required soft skills to get hired in cybersecurity

It’s worth noting that both experts agree that being able to communicate effectively is the number one requirement for aspiring cybersecurity professionals. 

“If you can communicate, there’s a place for you in this industry—if you can communicate well, there’s a place for you at very high levels,” Palmore says. “Leadership skills are also desperately needed. At the end of the day, you can be as technically proficient as you want to be, but if you don’t have these two things, you’ll never be able to rise up the ladder.”

Simberkoff adds that communication skills are not only about conveying technical concepts to non-technical audiences but also about managing complex and dynamic situations.

“This job is about herding cats. We are wrangling people into a single place. We get scratched, we get dirty. That makes it exciting and weird,” Simberkoff says.

She also emphasizes the importance of being able to relay matters of risk to stakeholders who do not deal with the daily operations of the technologies.

“Believe it or not, there is a premium value in being able to relay technical concepts to non-technical audiences and to be able to relay matters of risk to audiences who don’t deal with the daily operations of these technologies,” Simberkoff adds.

The takeaway

In the face of escalating cyber threats, the need for cybersecurity professionals has never been more pressing. You can enter this field by equipping yourself with a strong understanding of cybersecurity fundamentals, pursuing relevant certifications or degrees, and gaining practical experience.

If you want to learn more about the fast track to getting hired, Fortune ranked the Best Cybersecurity Bootcamps.