How to get a job in cybersecurity


October is National Cybersecurity Awareness Month (NCSAM) and this week’s theme is The Internet Wants You: Consider a Career in Cybersecurity.

Naked Security asked me to explain what Sophos looks for in potential recruits and how it’s possible for somebody without security experience to break into a career in cybersecurity.

Demand for infosec professionals far exceeds the number of available, qualified people and that gap looks likely to grow bigger.

Unfortunately many people with a strong desire to work in the industry are put off by the extensive list of skills and qualifications they think are required.

Don’t be put off, everyone has had to start somewhere!

Computer security is full of ex-accountants, one time baristas, former homemakers and wannabe rock stars (as well as computer science graduates, obviously!) For a few examples, take a look at Naked Security’s Tweet asking people how they started their careers in IT!

There are a huge array of career options available within computer security and each one requires a different balance of skills.

Here are five things you can do to find work in one of the world’s fastest growing industries.

Teach yourself something

Passion and a desire to work in the industry is what we’re looking for, and the skill we value most in an entry level CV for any of our engineering, labs, security or IT roles is the desire to learn.

Candidates who can demonstrate their interest – perhaps by learning a programming language, studying towards a security qualification, contributing to an open source project or participating in meetups and other extra-curricular activities – are people we want to talk to.


Speak to us and other security professionals online or face-to-face. You may have just the skills we’re looking for and not realise it!

Sophos staff are always attending industry events, career fairs, conferences, meetups etc. Come and chat to us about yourself or give our recruiters a call.

Remember that very few people started out from day one in a security career. We all started somewhere and we’re happy to talk to people interested in pursuing a career in our industry about the skills and experience we built up and how we found our way in. There are so many career paths and routes into security – you may have the “right” background and not realise.

Gain some general IT or development experience

Nothing beats experience, but your experience doesn’t need to come from working in computer security for your skill set to be attractive to us.

A strong grounding in IT or software development is a great first step. Take a look at roles which will help develop your basic skills and give you a strong grounding before pursuing your security career.

Volunteer or intern

Volunteering with a not-for-profit organisation or taking up an internship is a great way to gain some real world experience, and demonstrate to a potential employer that you have the passion and drive to go the extra mile.

Organisations of all types need help with their IT, even if they don’t realise it. Don’t be afraid to approach people and organisations that aren’t advertising and offer to help out.

Don’t be afraid to apply!

We all have a fear of failure and many of us worry about applying for a job that seems a little beyond our reach. Just remember that you’ll never get that job if you don’t apply for it so don’t rule yourself out before you’ve even started.

You’ll be surprised at the jobs people pivot into from apparently unrelated fields, and at what you can learn even if your application isn’t successful.

If you see a role that matches your skills but you don’t have industry experience you could still be just the sort of person we are looking for.