The cyber security industry is growing at an incredibly fast rate. According to the US Bureau of Labor Statistics (BLS), information security analyst positions (which include entry-level roles) will grow 31 percent through 2029. This rate of growth is more than seven times faster than the national average job growth rate.
You can gain an entry-level cyber security job in a range of commercial, governmental, and non-governmental organizations. To gain the skills involved in any entry-level role, you’ll usually need a minimum of a Bachelor’s degree in cyber security or a relevant subject. However, other qualifications can be sufficient — each cyber security role tends to be associated with a unique skill set. For a role like penetration testing, it’s possible to get hired without any formal qualifications.
In this guide, we’ll tell you how to get an entry-level cyber security job. We’ll cover key factors like qualifications, skills, where to find work, salary expectations, and the top companies hiring.
What to expect in an entry-level cyber security job
Entry-level cyber security workers will be expected to have a diverse skill set. There are five basic aspects that apply to most entry-level cyber security jobs. These include:
- Network security
- Software development
- Systems engineering
- Financial risk and analysis
- Security intelligence
Let’s examine each of these fundamental duties in more depth:
1. Network security
Network security refers to the policies, processes, and practices you would adopt in order to prevent, detect, and monitor unauthorized access to a computer network. Network security involves using both hardware and software technologies to ensure that an organization’s computer network cannot be misused or modified by means of internal or external threats.
2. Software development
In the context of cyber security, software development refers to designing, creating, implementing, testing, and maintaining computer programs that protect an organization’s sensitive data. This means ensuring that an organization has effective software that will prevent cybercriminals from illegally accessing private information.
3. Systems engineering
Systems engineering involves carrying out analyses of an organization’s systems, examining both known and possible threats. This means thinking like a cyber criminal and staying one step ahead of them. When practicing systems engineering, you are trying to make security and resilience an inherent part of an organization’s system.
The engineering aspect refers to the fact that you employ engineering concepts and processes to help prevent cyber attacks, limit the damage of those attacks when they happen, and ensure that the system is secure enough to carry out essential business operations.
4. Cyber security risk analysis
This aspect of cyber security refers to looking at the problems an organization could face during its daily operations. When carrying out a cyber security risk analysis, you identify the information assets that could be affected by a cyber attack. These assets would include hardware, systems, laptops, customer data, and intellectual property. Identifying and evaluating the risks posed to these assets can lead to recommendations to improve overall IT security.
5. Security intelligence
Security intelligence is the information that is relevant to protecting an organization from internal and external threats. It also refers to the processes, policies, and tools that allow you to gather and analyze that information. By understanding the data generated by networks, applications, and other infrastructure in real-time, you can use that data to assess and improve an organization’s security.
What skills do you need in an entry-level cyber security job?
The exact skills required for an entry-level cyber security position will vary. However, based on the fundamental roles of any entry-level role outlined above, you will likely need the following hard and soft skills:
- Strong IT skills
- A solid understanding of hardware, software, and networks
- Ability to use logic and reasoning to identify the strengths and weaknesses of the cyber security system
- A forensic approach to IT challenges
- Knowing how hackers operate and the ability to keep up with how cybercriminal practices are evolving
- Ability to seek out vulnerabilities in the IT system
- Critical thinking skills
- Effective communication, both verbally and in written form
- Interpersonal skills
- Teamwork and collaborative skills
- Problem-solving skills
- A willingness to stay up-to-date with the latest developments in technology
- Ethical integrity (since you are being trusted to look after sensitive information)
The different types of entry-level cyber security jobs
There are various types of entry-level cyber security jobs that exist. You can find entry-level vacancies in the following occupations:
- Information security officer
- Information security analyst
- Security engineer
- Penetration tester
- Network and computer systems administrator
How to get an entry-level cyber security position
If you would like to enter the field of cyber security, you will have to follow some necessary steps to secure an entry-level position. We have devised a five-step process that will help you attain a junior cyber security role.
Here’s how to obtain an entry-level cyber security role:
- Formulate a clear and achievable career plan
- Gain the necessary education
- Research relevant certificates
- Know where to look for entry-level positions
- Continue to enhance your knowledge and skills
Let’s explore each of these steps in more depth.
1. Formulate a clear and achievable plan
First, you need to create a plan as to how you will progress from your current situation to an entry-level cyber security position. This plan should include detailed information on:
- Whether you want to aim for one particular role or several related ones. When thinking about your long-term career goals, you should be aware that some entry-level cyber security roles can more easily lead to senior roles than others.
- How you will gain the necessary cyber security skills, focusing on relevant degrees and certificates.
- Whether you would prefer to work for a private firm, a governmental agency, or a non-profit.
- The specific industry you want to work in, which should be based on your personal interests, values, and preferences. Entry-level cyber security roles are needed in all types of industry, including transport, media, energy, finance, travel, tech, education, and marketing.
- The particular requirements a company has for hiring an entry-level cyber security worker. If you are unsure of what these are, you can always get in touch with a recruiter directly. They will be able to tell you what qualifications, skills, and experiences are necessary, preferred, or desirable.
2. Gain the necessary education
As mentioned previously, you will likely need a minimum of a Bachelor’s degree in cyber security or a related subject to land an entry-level position. These subjects can also include computer science, computer programming, computer engineering, software development, or IT. Here are some examples of Bachelor’s degrees to consider:
- Rice University’s BA in Computer Science
- Bellevue University’s Bachelor of Science Cybersecurity Degree
- Norwich University’s Bachelor of Science in Cyber Security
- The Open University BSc (Hons) Cyber Security
Another way to gain the necessary education for an entry-level cyber security job is by completing an Associate degree. This level of qualification is between a high school diploma and a Bachelor’s degree.
It will be a bit more difficult to get hired for a junior role with an Associate degree compared to if you had a Bachelor’s under your belt, but it’s still certainly possible. A few Associate degrees worth considering include:
- Palo Alto College’s Associate of Applied Science in Information Assurance and Cybersecurity
- University of the Potomac’s Associate of Science in Network Security Management
- Guildford Technical Community College’s Associate of Applied Science in Information Technology: Security and Data
One role where you don’t necessarily need a formal education is that of a penetration tester. Penetration testing involves carrying out simulated cyber attacks to find any vulnerabilities in the IT security system. But you can gain these skills through self-education, in much the same way that cyber criminals teach themselves how to hack.
Many people who used to engage in unethical hacking, which was self-taught, can make excellent penetration testers. There are plenty of online resources that can teach you penetration testing and other areas of ethical hacking. With enough practice on your own, you can be considered a great candidate for an entry-level role.
3. Research relevant certificates
Certificates are additional qualifications that can provide you with skills in very specific areas of cyber security. Many employers may consider one or more of these certificates necessary, preferable, or beneficial for a given entry-level cyber security job. Based on some of the junior roles mentioned above, the most useful certificates would include:
- EC-Council’s Certified Encryption Specialist (ECES)
- CISSP – Certified Information Systems Security Professional
- GIAC’s (Global Information Assurance Certification) GPEN certification
- CompTIA Security+
- CEH – Certified Ethical Hacker Certification
- GIAC’s (Global Information Assurance Certification) GPEN certification
- IACRB’s CPT – Certified Penetration Tester
- IARCB’s CEPT – Certified Expert Penetration Tester
- CompTIA’s PenTest+
- EC-Council’s Certified Blockchain Professional (CBP)
- ESCA – EC Council Certified Security Analyst
- CISSP – Certified Information Systems Security Professional
- CISA – Certified Information Security Auditor
4. Know where to look for entry-level positions
Once you have the necessary education and certificates, you can start applying for entry-level cyber security jobs. If you are interested in working for a governmental body, check out the following resources for vacancies:
However, you may feel that working in the private sector better aligns with your career goals and development. If that’s the case, some of the top companies hiring entry-level cyber security positions include:
- Cisco Systems, Inc.
- The Kroger Company
You can also find entry-level cyber security job vacancies on the major job sites, such as Indeed, LinkedIn, Glassdoor, Monster, and ZipRecruiter, as well as niche job sites like CyberSecJobs.com and CyberSecurityJobsite.com.
See the salary section below for examples of companies that pay particularly well for junior cyber security roles.
5. Continue to enhance your knowledge and skills
If you want to progress beyond an entry-level cyber security role, then you need to be committed to continual learning. You should be highly self-motivated when it comes to enhancing your cyber security knowledge, as well as the soft skills described earlier. Based on your career goals, you can think about pursuing a Master’s degree or some extra certificates.
Moreover, most mid-level and senior-level cyber security roles will require a certain number of years’ experience in IT. You should take this into account, as well as any additional skills you need (for example, managerial and leadership skills) if your aim is to gain a job with more responsibilities and a higher salary.
Cybersecurity bootcamps — are they worth it?
A large number of cybersecurity bootcamps have appeared in recent years, which claim to provide students with the fundamentals needed to secure an entry-level cybersecurity role in around 16 weeks.
However, while companies such as Cybersecurity Ventures say that there are approximately 3.5 million unfilled cybersecurity jobs around the world in 2023, the truth is that these aren’t easy to get without experience — almost always far more than that provided in a mere four months.
In his blog, cybersecurity expert, Bruce Schneier, says that “most entry-level roles tend to be quite specific, focused on one part of the profession, and are not generalist roles.” He says that hiring managers typically “assume you have some other background, usually technical.”
So while a cybersecurity bootcamp can be a useful jumping off point for further study, it’s highly unlikely that it’ll secure you your first cybersecurity role.
Entry-level cyber security job salary
No doubt you’re interested in learning about the salary expectations for an entry-level cyber security position. The good news is that starting salaries for most junior roles are relatively high. This is due to the strong demand for cyber security skills, as well as the fact that even entry-level roles are extremely important in maintaining the overall security of an organization. Companies still depend on junior-level employees to protect vulnerable data.
If you visit a number of sites that list the average salaries of entry-level jobs, you’ll probably discover different results. We recommend using PayScale, as it’s a salary aggregator that utilizes averages from several sites when making its calculations. If we take a few of the IT occupations mentioned in this guide, PayScale highlights the following starting salaries, as well as how you can expect to see your salary progress over time:
|Role||<1 year||1–4 years||5–9 years||10–19 years||20+ years|
|Information security officer||$67,000||$76,000||$92,000||$107,000||$116,000|
|Information security analyst||$60,000||$68,000||$82,000||$95,000||$101,000|
Want to aim for the best-paid junior roles? Here are a few examples of what the top companies are paying entry-level cyber security workers, based on data from SimplyHired:
- Zachary Piper Solutions – Jr. Cyber Threat Analyst ($55,000–$63,000)
- PAE – Entry Level Security Analyst ($53,000–$71,000)
- eSentire – Jr. Threat Intelligence Analyst ($71,000–$95,000)
- Verizon – Junior SOC Analyst ($71,000–$88,000)
Companies with well-paid cybersecurity roles that would look great on your CV include:
- Palo Alto
- Check Point Software Technologies LTD
- Herjavec Group