Congratulations on taking the first step toward a fascinating career! Cybersecurity is both challenging and demanding, but it is very rewarding and provides seemingly endless opportunities for career growth. With the ongoing skills gap in cybersecurity, we need more people in this industry to protect the internet and cyberspace. I applaud you for wanting to get into the field, whatever your reason. This article isn't to try to convince you to get into cybersecurity. Instead, I'm assuming you are already interested, and I want to give you actionable steps to break into this field.
This article turned out to be much longer than I anticipated, but it's truly everything I wish I knew when I first got into this field. I left no stone unturned and explored everything I think a newcomer should/want to know. After reading this, you will undoubtedly be prepared to start your new career. I hope you enjoy it as much as I enjoyed writing it.
Summary
Certifications are my favorite starting point.
The CompTIA A+ is my top recommendation for starting out, but there are also other entry-level certifications that you should consider.
Certification exams are a lot of work, be consistent with your study schedule.
There is no shame in failing an exam. Just try again if you fail.
Once you get a certification under your belt, start applying for jobs, but don't stop learning!
Take ANY IT job you can get for your first gig.
Once you land your first job, do your best and stay learning!
Most of the time, you have to come from an IT background before you can get into cybersecurity. There will always be exceptions, though.
Once you have 1-2 years of experience, you can begin to shape your career as you see fit and start going after your dream job.
You don't have to start out with a certification. Make sure you check out these other great options:
College/University
Udemy
YouTube
Podcasts
Discord
Social media (be careful not to waste your valuable time here)
Books
Boot camps
Disclaimer: All links to Hack The Box and Hack The Box Academy in this post are affiliate links. This means that if you make a purchase through these links, I may receive a commission at no additional cost to you.
Furthermore, all links to TryHackMe in this post is my referral link. Signing up to TryHackMe through my referral link saves you $5 on your subscription and also saves me $5 on my next year's subscription.
Your support through these purchases helps me continue providing valuable content. Thank you!
Consider my path and join the military.
The military option has many additional perks, but on the same coin has some very unique cons.
Enlisting in the United States Air Force was the best decision I've ever made.
You don't need to be super smart or talented in this field, but you must work hard and constantly be willing to learn new things.
Focus on getting better every day; being consistent over the course of years will put you in any position you want.
It's important to realize that everyone takes a different path to break into the field, and my advice is only one opinion. My path is only one of infinite paths. A path that I'm still building and shaping every day. I am thrilled you are interested in my opinion and my personal journey, but please do yourself a favor and do more research after reading my article. Doing your own research will pay dividends throughout your career, and it's something you will constantly have to do as a cybersecurity professional, not everything is black and white, and there are no clear paths for career development. Don't fight this fact; embrace it and have fun learning about how others have progressed throughout their career. As I said, everyone's journey is different, so go out and pave your road to success as you see fit.
Step 1: Start learning the fundamentals by getting a certification.
There are probably infinite different ways to start learning the fundamentals. My personal favorite is certifications. In cybersecurity, we debate about certifications and whether you need them to break into this field, and although they aren't required, they certainly do help. Almost every job posting will list multiple certifications. Certifications aren't just a piece of paper; they prove a set of skills in a given area of expertise. Certifications help employers instantly verify a candidate's skill set. Another huge reason I love certifications is that it proves that you know what you're doing to yourself. Nothing beats passing a certification exam and telling yourself, “Yes, I do know this stuff." Certifications are a great way to counter imposter syndrome and give you more confidence when tackling your next area of study.
So which certifications do you get?
If you have zero information technology (IT) experience. I recommend going for the CompTIA A+. CompTIA says, "A+ is the industry standard for establishing a career in IT." And I couldn't agree more. Many people in the industry start here, and I have never seen anyone say negative things about it. There are no formal prerequisites for A+. However, CompTIA recommends "9 to 12 months hands-on experience in the lab or field" for A+ candidates. Remember, this is only a recommendation, and I genuinely believe that most people can pass both A+ exams with no prior IT experience if they have the drive and will to succeed. No one is saying this field is easy. Passing these exams will take several months of long-study nights in your free time. This goes for every certification; anyone can learn this stuff, but you must be willing to commit a lot of time to learning it. Spoiler alert, that's how this field works; you must love the learning process. Technology is constantly changing, and to be a master of IT, you must be willing to learn new things every day and be able to adapt to change. The OG of IT, Keith Barker, says it best on his live streams/YouTube videos: "no one is born knowing any of this stuff; you can learn it!"
It's worth noting that CompTIA also offers a certification lower than A+. Their IT Fundamentals (ITF+) certification is geared towards total beginners with no experience and for people deciding if tech is the right career choice for them. I recommend going after ITF+ if you want to take even smaller baby steps into the field, if A+ is too challenging for you, or if you're still unsure if you want to make IT a career. If none of that applies to you, then go for A+, as it will kickstart your career a little quicker without sacrificing any of the fundamentals. Remember, there are no shortcuts to success; however, I don't think skipping ITF+ and going straight to A+ will negatively affect your learning journey. I always tell people not to skip the fundamentals, and this situation seems to contradict what I constantly like to tell people. However, most, if not all, content in ITF+ is also in A+ and other certifications you'll want to get later along your journey. Many IT professionals started their careers with A+; it seems that A+ existed about 16 years before ITF+ (the earliest date for ITF+ I could find was 2009). The point is, you don't have to do ITF+ before A+ if you don't want to. My rule of thumb is this: do you know the basics of a computer? If you are familiar with CPU, RAM, storage, motherboards, network bandwidth, ethernet, and different cable connections such as HDMI, DisplayPort, and USB, I say you can skip ITF+. If that last sentence is completely new terminology for you, you probably need ITF+ to prepare for A+. If you are still unsure which certification to start with, check out this article from CompTIA.
Disclaimer
I do not have A+. However, I currently hold five other CompTIA certifications at the time of this writing, and I plan on getting more. I love CompTIA certifications and respect them because I have learned so much by studying for their exams. I use the knowledge gained through these certifications every day. Because of this and the reputation that the A+ has, I can confidently recommend it despite not actually having it myself. My first certification was the CompTIA Security+, and even though it's possible to skip A+ and Network+, I can't recommend Security+ to someone with zero experience. Even though I passed the Security+ exam on my first attempt at my U.S. Air Force technical training, most of my peers didn't. Many took several tries to pass Security+, while some never passed it at all and were forced to re-train in new career fields. Security+ is a great certification to get, but do yourself a favor and start with A+ and Network+ if you are starting from zero.
Note
There's no shame in taking multiple attempts at a certification. In fact, at some point, most people end up failing an exam in their careers. I'm no different. I failed my first Cisco Certified Network Associate (CCNA) attempt. And I can honestly say that was one of the greatest things that have happened to me. Because of that failure, I reviewed all the exam objectives again, using different study materials and looking at the exam topics from a different perspective. I also paid twice the amount of attention while doing Packet Tracer labs. This 2nd try at the CCNA made me know networking like the back of my hand. The knowledge gained from my 2nd CCNA attempt carries through to everything I do in cybersecurity and has helped me with every certification exam ever since. There is a good chance I will fail another exam in my career; it's just a part of the game. Remember, "it's all about the journey," as the good folks from The Art of Network Engineering would say.
Step 2: Start applying for entry-level IT jobs, but don't stop learning.
Once you get A+ under your belt, you'll want to level up immediately and start going for Network+. You may be able to land a job with A+ and no experience, but it may be challenging. Many people have done it, and it's not impossible, so don't hesitate to apply for help desk and other entry-level jobs. Remember that you can put the certifications that you are currently studying for on your résumé. For example, my résumé currently says "CySA+ (WIP)" and "CompTIA Network Security Professional (CNSP) Coming Soon." I always have a certification (WIP). This shows employers that you are actively learning something new, have initiative and are eager to grow. In short, when you start applying for jobs, your résumé should state that you have A+ and are actively working on Network+ in some way.
You'll want to get any IT job you can get; at this point in your career, you can't be too picky. If you have an established career or job in another industry, don't be afraid to take a pay cut to land your first IT job. This pay cut will only be temporary. Once you get your foot in the IT industry, there's nowhere to go but up. I took a massive pay cut when I enlisted in the U.S. Air Force, and it was the single greatest decision of my life (Spoiler Alert: This is how I broke into IT, and it is one of my favorite ways to get your first IT job without experience. More details at the end of the article). If you keep getting turned away, don't worry. Just keep learning more and more, get your Network+ and keep applying for jobs. After Network+, you'll want to progress to Security+. Once you have the CompTIA trifecta, formally called "CompTIA Secure Infrastructure Specialist (CSIS)," which consists of A+, Network+, and Security+, you will undoubtedly have many job opportunities available to you.
Step 3: Get into your first IT job and do your best!
Once you finally get your first job, it's time to learn everything you can and become proficient at whatever you're doing. It doesn't matter what role you have in IT; at this point, you have REAL work experience, and this experience is worth a lot! It's probably going to feel overwhelming. I know it was for me. The key to starting out in your first job is not to be afraid to ask your coworkers questions, and remember, Google is every IT person's best friend. You're not going to know how everything works, and that's okay! Once you get 1-2 years of experience under your belt, you will be ready to promote within your company or move to a new company in a new exciting role. Also, even though you have your first IT job, you should still study and learn as much as possible in your free time outside work hours and on your days off. This is the best way to raise your salary and get into positions that are more desirable.
Note
This is a bit of a controversial opinion, but I firmly believe that there is no such thing as "Entry-level cybersecurity jobs." What does this mean? Most "entry-level" cybersecurity positions require at least a couple of years of experience. This means that, more times than not, you must already have a background in IT to progress into a dedicated cybersecurity position. This is why I highly recommend taking ANY IT position you can get and working it for 1-2 years before applying for your first cybersecurity job. I'm not saying this because I'm an elitist gatekeeper; I'm telling you this because it is the reality of the current industry. I would be doing you a disservice if I sugarcoated the truth. Would I like for things to change? Absolutely, I think cybersecurity employers need to lower their expectations as much as the next person does to shrink the skills gap. We need more employers taking chances on newer, less experienced talent. There are many people in our industry actively working to change this. However, the hard truth is that there are still a lot of employers / "gatekeepers" that will never give a chance to people with little to no experience. So do yourself a favor, don't complain about the current reality, and go get that IT experience before getting into cybersecurity. It's not impossible to find entry-level cybersecurity jobs, but as of the time of this writing, it's slim pickings.
Step 4: Choose your Destiny
After 1-2 years of experience, you'll have a much better understanding of the entire industry. You'll be positioned to land your first dedicated cybersecurity position (and other IT roles). I recommend determining what type of position you want to have, then looking at job openings for those types of roles. Job postings will tell you exactly what employers are looking for. Use this information to figure out what skills/knowledge/experience you need, and go for it! The key to success is that most, if not all, things in cybersecurity can be self-taught at your own home. Don't expect your employer to give you the training that you want. Some employers will help you grow in the field, but don't count on it. Most of the time, you must take the initiative to learn new things in your own time. Reminder: you must learn new things in this field, so figure out how to enjoy it. Personally, it's one of my favorite things about this industry.
Learning Resources
For just about any certification exam, you need four things for success (I do them in this order):
Full Video Course
Exam guide (book)
Flashcards
Practice Questions
The two primary websites I like to use for video courses are CBTNuggets and ITProTV. The site I choose varies from certification to certification, but you can't go wrong with either one, especially with entry-level certifications. With a subscription to CBTNuggets or ITProTV, you get practice questions and flashcards that are extremely valuable for preparing for your exam. Take full advantage of this. Both websites give you access to the same flashcards and practice questions. You can also snag video courses on Udemy for a fair price. Lastly, many people love Professor Messer's free content for A+, Network+, and Security+. I have watched his complete SY0-501 Security+ series, and although it wasn't awful, I liked CBTNuggets content far more. I would be failing you, despite my opinion, if I didn't mention Professor Messer.
Any exam guidebook that has good ratings is worth your time. Personally, I use Sybex-published books the most, but I have also used McGraw Hill-published "All-In-One Exam Guide" for the Certified Information Systems Security Professional (CISSP) and Darril Gibson's (RIP) "Get Certified Get Ahead" series for Security+. Whatever book you choose, make sure you read it from cover to cover at least once. I typically don't like to skip around the book, but some people like to read the chapters out of order to match the order of the exam objectives. Most authors and instructors don't present the information in order of the exam objectives because the exam objectives don't always line up in a way that makes sense from a learning perspective. Another thing I really like to do is answer the chapter review questions BEFORE I read the chapter. I almost always get low scores on these chapter review questions, but doing them before I read the chapter allows me to identify my weak areas, and when the book starts talking about that area, I know to pay extra attention to it. Sybex typically sells entire books filled with practice exams. Once again, any practice exam book with good ratings will be worth your time. Just make sure you get a dedicated practice exam book and use the practice exams provided with CBTNuggests or ITProTV subscription. The more practice questions you do, the better prepared you will be for the real exam. I typically do 1000 practice questions on average per certification. Real learning happens when you miss a question and read the explanation. Just ensure you understand why the correct questions are right, and the ones you missed are wrong. Do not memorize the answers to the questions. You will not see any of the practice exam questions on the real exam. Because of this, I don't normally like to re-use practice questions. You must be able to work through different scenarios on the real exam and determine the BEST answer. Many questions will give you multiple correct choices, but one will be better than the other. That's one of the tricky parts of certification exams. These exams aren't the type of exam you can cram for. You must have a deep understanding of the topics to pass the exam. This is why certifications are so highly desired, and it's why I recommend people to go after them.
If you follow what I do regarding certification studies, I'm confident you will learn a lot and be able to pass the exam. After you get 1-2 certifications under your belt, you'll start to develop your own learning strategy. My way of doing things may not be the best for you. For example, some people like to read the book before the video course. It's okay to deviate from my instructions here. The most important thing is to create a study plan that works for you, stick to it, and be consistent. Consistency is key to passing certification exams. You should aim to study as much as you can in a consistent manner. Do not take extended periods of time off. A good rule of thumb is not to take more than a week off at a time. One of the big reasons I failed my first CCNA attempt was that I took about a month's break just before the exam and tried to cram all the information back into my brain within a week of exam day. DON'T DO THIS.
Other Certifications
CompTIA isn't the only company that offers high-value certifications. Here I want to highlight some other great options for starting your career.
International Information System Security Certification Consortium (ISC)²
The CISSP is the most prestigious and sought-after certification in cybersecurity. However, it is an EXPERT-level certification. Lucky for you (ISC)² recently released their Certified in Cybersecurity (CC) certification. I don't have this certification, so I don't know exactly how difficult it is, but it is advertised as an entry-level certification. With time I expect this certification to gain more reputation since it's coming from (ISC)². Perhaps it will be the gold standard for entry-level candidates in the future, but there's not enough data to determine if it will land you a job since it's only about a half year old at the time of this writing. Because of that, It can't be my top recommendation to newcomers, but it's definitely worth your time checking out.
Cisco
The CCNA is one of the most sought-after networking certifications in the industry. However, the CCNA is NOT an entry-level certification. I highly recommend going for Network+ before tackling this beast. However, there are also the Cisco Certified Technician (CCT) certifications. They offer CCT Collaboration, CCT Data Center, and CCT Routing & Switching. All of these are for entry-level candidates and definitely worth looking into. If you want to get the CCNA eventually, you will want to start with the CCT Routing & Switching.
There are many other extremely valuable certifications, but I'm not mentioning them since most are not good entry-level certifications. As you get the beginner certifications, you can work your way up to intermediate and expert certifications later. For a complete list of cybersecurity/IT certifications, check out Paul Jerimy's website. His list is very good and pretty accurate at ranking and classifying the different certifications in our industry. It's not perfect, but with this many certifications ranked against each other, a perfect chart is next to impossible. It's the best all-inclusive career roadmap I've ever come across.
More Learning Resources
Certifications are not the only way to learn the fundamentals (and advanced topics). Many people in IT do not have certifications. They just happen to be my favorite source to learn new topics. So here is a list of other resources that I use to grow my cybersecurity skills.
College/University
I'm sure most people already know that college is an option, so I'm not going to try to convince you to go or not to go to college. Even though a college degree isn't required in this field, it does help you. I'm a college student myself, and I fully intend to go for my master's degree after I complete my bachelor's in May next year. I have learned many things during my cybersecurity courses at University of Maryland Global Campus (UMGC) that my suite of certifications does not cover. If you can afford college and want to go, by all means, go. In short, I think certifications give a much better return on investment (ROI), but I think both have their place in the "Certification Vs. Degree" debate. I plan on writing my opinions about this topic in depth in a future blog post once I finish my Bachelor's degree in Cybersecurity Management & Policy. For now, just know that college is a valid option for getting started in cybersecurity.
These platforms "gamify" your learning. This is great because if you're a gamer like me, you will feel a huge sense of accomplishment when you start unlocking the achievements on these platforms. I used to put these learning platforms aside because I "didn't know enough to start hacking yet." Once I started feeling more confident in my abilities, I decided to get into TryHackMe and Hack the Box Academy. It turns out that they have content for people with little to no experience. So I waited to give these a try for no reason. I highly recommend giving these a try, no matter your experience level. I get on TryHackMe every single day. It is second to none when it comes to hands-on learning. You will learn a lot in a very small amount of time. I have used Hack the Box Academy to a much lesser extent, but it's also a great platform. Just check them both out and use one you like; you can't go wrong with either. I like to think of them as the difference between PlayStation and Xbox. Both offer the same thing; for the most part, they just package the content differently. Both offer free content, but eventually, you will have to pay for it when you exhausted the free content. The price they charge for their platforms is worth every penny if you want to get serious about cybersecurity and hacking.
Note
Hack the Box has three separate websites that each offer different things. It can be very confusing, and I want to point it out, so you don't have to go through the same confusion I had to go through.
This is where you want to start with no experience. The content here is geared towards learning rather than being a challenge. They also offer two hacking certifications that are pretty new to the industry. From what I can see, they look fun, and I can't wait to go after them in the next couple of years or so.
The main site offers challenges and a job posting board that you can take advantage of when you reach a certain "hacking level."
ctf.hackthebox.com
This site is for competitions. Come here when you feel confident in your skills and want to compete for prizes and glory. You will need a different account for each of these websites. It's a little annoying that you can't use the same account for each site, but it is what it is. Keep in mind that TryHackMe offers learning, challenges, and competitions under one website. However, TryHackMe claims to be launching an "Academy" soon. TryHackMe's competitions do not seem to be as robust as ctf.hackthebox.com, and TryHackMe does not currently have a job posting board.
YouTube
There is a ton of free YouTube content available. Here are my favorite channels in no particular order:
I want to first point you to the CrashCourse - Computer science playlist. It's a great introduction to the history of computers and how they work in a fun, entertaining way. You will start at the early computing days and work your way up to today and the future, where they talk about Artificial Intelligence (AI) and robots. It's a great introduction to anyone wanting to learn computers as they cover every aspect of information technology in a way everyone can understand. I highly recommend watching this series in full for beginners of cybersecurity/IT.
This channel specializes in helping beginners start a career in IT. This is probably the best starting point for you to take actionable steps to land your first job. He covers topics such as entry-level jobs and what certifications you should get started with. Spoiler Alert: He's going to say many similar things as I do in this article. But like I said earlier in this post, you need more than one opinion regarding career development, so go check it out!
Another channel by Zach Hill (RUN CMD). This channel hasn't posted a video in over a year, but the content is still relevant and specifically tailored for cybersecurity beginners.
One of my recent discoveries, and I love what I'm seeing from Gerald Auger, PhD so far. He has content no matter your experience level, but he has a wealth of information for people looking to break into cybersecurity. He has multiple videos where he interviews people who changed careers to cybersecurity and gives tips and tricks to land entry-level jobs. You should not pass up on his expert opinion.
Network Chuck tailors his content to beginners in a variety of categories. He started specifically with networking/network engineering but has progressed to other topics such as Linux, Hacking, Python, Cybersecurity, Cloud Computing, and general IT. He has something for everyone, so I highly recommend checking out his channel and watching videos that seem interesting to you.
Jason Dion offers free training for the older CompTIA A+ and Network+ certifications. As well as many other videos related to cybersecurity and IT. Even though the certification content is a bit dated, the fundamentals do not change, so it's still a great resource you can tap into if you are on a budget. His newer certification content can be found at https://www.diontraining.com and on his Udemy Page. I used his PenTest+ course as an auxiliary resource to help me pass the PenTest+ exam, and I'm currently using his Cybersecurity Analyst+ (CySA+) course. Many people speak highly of Jason Dion for good reason. His company is an authorized CompTIA trainer, and you can even get discounted exam vouchers on his company's website.
Keith Barker is a CBTNugget instructor, and I used his course as my primary video course for Security+ and CISSP. His YouTube channel has more networking content than anything, but I can't recommend his channel enough when you want to start learning networking. I watched over 100 of his Cisco CCNA 200-301 lives streams to prepare myself for my 2nd CCNA attempt and his CCNA content on CBTNuggets. Great Instructor whose content has prepared me for three certifications.
David Bombal started with network engineering content but has recently progressed to hacking and cybersecurity content. Lately, he has been interviewing professionals in the field specifically to point beginners in the right direction. I highly recommend checking out his channel. Furthermore, his Udemy CCNA course was the primary course I used for my 2nd CCNA attempt. Great content from a great instructor.
The Cyber Mentor does exactly as his name implies: mentors beginners in hacking and cybersecurity. His youtube channel is filled with a ton of free courses. His company also has paid courses at https://academy.tcm-sec.com.
John Hammond's YouTube channel probably isn't the best for beginners. He has some beginner topics, but most are intermediate to advanced-level hacking concepts. Keep this channel in your back pocket after you get a foothold on cybersecurity fundamentals, especially if you want to become an ethical hacker/penetration tester.
Podcasts
Massive growth happens when you stop listening to music on your daily commute and replace music with good podcasts. Here are some of my favorites: (All links are Spotify links. You will need to do additional research to find these shows on other platforms)
This show gives you cybersecurity news in a short episode every weekday. This is a new discovery for me, but I love it because it is short and very informative. It's important to stay up to date with the latest cyber-attacks and threats out there. This show provides a great overview of current cyber events without too much technical detail, which is great for all experience levels in cybersecurity.
This show aims to help people break into cybersecurity and move up the ladder in the field. This show dedicates a portion of every episode to people looking to break into cybersecurity. The show also offers many perspectives from industry thought leaders so you can stay up to date with the hot topics in cybersecurity.
This show is for the aspiring hackers out there. This may not be the best show for beginners, but it does help someone already in the field progress into an ethical hacker/penetration tester role with specific advice about the Offensive Security Certified Professional (OSCP) certification.
This show is tailored to aspiring and current network engineers, but it still has a lot of value even if you aspire to get into other IT and Cybersecurity roles. Much of the advice in this podcast is universally applicable across IT. The people at the Art of Network Engineering podcast are good people. My favorite part of the show is the amount of attention they give their community on Discord and social media.
Discord
Many of the channels, people, and organizations mentioned above have dedicated communities on Discord. Many people get a lot of value out of Discord because there are entire communities willing to help beginners. So don't be afraid. Go out there, join some servers, meet new people, and ask a lot of questions. One day you will be one of the people helping the next wave of beginners break into IT.
Social Media
Just like Discord, people on social media share a lot of great information. Just be careful with who you follow. You don't want your timeline filled with nonsense irrelevant to your professional goals. You can really level up your cybersecurity/IT career if used correctly. However, social media can easily be misused and waste much of your time, so proceed with extreme caution. I tend to spend the most time on LinkedIn because the conversations tend to stay way more professional and waste the least amount of my time. You should have a LinkedIn profile that is up to date with all your information. You have to make it easy for employers and recruiters to be able to scout you out if you're looking for a job.
Books
Most of my reading comes from certification exam guides and TryHackMe. However, there are tons of great books that will help you gain knowledge on a particular topic. I like to read books related to hacking because that is what interests me. I've also read two books to help me learn how to code in Python. I still have a lot of reading to do, so I can't provide specific recommendations here. My advice: Google "Best (insert topic here) books" and read about other blogger-recommended books. One day I'll write a blog post titled "The best hacking books," but I need to become a better hacker and read most of the books I have access to first.
Bootcamps
Bootcamps are instructor-led training that typically crams everything you need to know to pass a certification exam in a very short period of time. Unless you can get time off from work, you won't be able to do these because I think a lot of these are all day every day for several weeks at a time. I say "think" because I never seriously looked into one or have completed one. The reason why I even mention boot camps is that I know a lot of people like them. Just know that they are very expensive. Self-studying is always more economical, and if you're on a budget, I can't recommend boot camps. However, if you want to do one, by all means, go for it. There's nothing wrong with them. They are just not my preferred route for learning.
The Untraditional Way to Break into Cybersecurity/IT
Feel free to skip this section if you can't / have no desire to join the military. After this lengthy section, my conclusion is at the very bottom of the page.
I saved this section for last because 99% of people won't take my route. For the 1% that will, this is for you. Enjoy.
As I said before, I enlisted in the U.S. Air Force to break into IT. It's worth noting that I am Active Duty Air Force Cyber Defense Operations at the time of this writing. For legal reasons, everything I say here (and any/everywhere else for that matter) is strictly my own views and opinions and is not the views or opinions of the United States Department of Defense (DoD) or the United States Air Force (USAF).
The DoD is one of the few employers that will hire you with zero experience. Not just in cyber/IT but in many other areas as well. I enlisted in the USAF because I wanted to work with computers/cybersecurity and had no idea where to start. I figured college was an option, but honestly, I didn't want to fork over the money for college, and I hated High School. I told myself, "why would I pay to learn this stuff when I can get paid to learn it?" So I started researching the different cyber jobs and instantly fell in love. I also checked out many of the non-cyber jobs, and I almost ended up as an Air Traffic Controller. I'm thankful I didn't and landed a job as a Client Systems Technician.
Keep in mind that I enlisted at the age of 24. With no hard data to back up this claim, well above the average enlistment age. I wasn't the oldest in my basic military training (BMT) flight, but I was close. I've constantly been the same age or older than people who outrank me. But that's okay! It was just under six full years from the time I graduated high school to when I enlisted in the USAF. The point is it's okay to enlist in the military later in life. And while we are on the subject of age, it's never too late to start a career in cybersecurity/IT, whether you take the military route or not. For the first 23 years of my life, I never seriously thought I would be in the military, but here I am. I don't have any close family members in the military, nor did I have close friends in the military before I enlisted, and it's been a journey I had to start completely by myself. Thankfully, I now have tons of military friends, and I've had great mentors and leadership my whole career so far. It's been a great ride so far at my four-year nine-month mark. I've traveled the world, met thousands of wonderful people, made great friends, and seen a lot of cool stuff. I wouldn't trade my experience for anything. Like I said earlier, enlisting in the USAF was the single greatest decision of my life, and I don't think it will ever be topped. Why am I telling you this? I'm sure most people reading this article have zero interest in joining the military. Heck, most of you probably won't be able to join for one reason or another. But to those who can and are curious, let me tell you why this is a fantastic opportunity.
Get paid to train
That's right, your full-time job for 4-8 months (varying on position and Instructor availability) is to learn about information technology. It honestly doesn't get any better than this, in my opinion. After you graduate from basic military training (BMT), you will travel to Keesler Air Force Base located in Biloxi, Mississippi (assuming you land a cyber position) for technical school. Here you will go through several different schools to learn IT fundamentals. You'll also be required to study for and pass Security+ as a part of the DoD 8570 requirements for cyber positions. My advice: start studying for Security+ as soon as you get to technical school. Do not wait until you get put into the Security+ classes. As I stated earlier in this post, it is a very hard certification for beginners.
Learn to work on one of the most sophisticated computer networks in the world
Once you graduate technical school, you'll head off to your first duty station, which can be anywhere in the world. I've been stationed overseas my entire career so far, and I love it. I highly recommend putting overseas on your base preference list to get out of your comfort zone and see the world. At this point in your career, you will know nothing! Very scary, and it can be frustrating at times. Technical school is great and all, but it can never fully prepare you for a live enterprise network. Nothing beats on-the-job training. The key to success is asking the people you work with as many questions as possible and shadowing them as much as possible until you get comfortable working by yourself. Your customers and superiors will ask questions you don't know the answer to. In the Air Force, saying, "I don't know, but I will find out for you," is a totally acceptable answer. You better find the answer and get back to the person later, though! Once you start doing tickets by yourself, your learning goes to the next level. After a year or so of hard work, people will start asking you questions about how things work because, at that point, you are the subject matter expert (SME). This experience is second to none when you decide to become a civilian again and start looking for new jobs.
Tuition Assistance while serving and after service
The Air Force (as well as the other military branches) will pay your college tuition while you serve. The Air Force gives you $4,500 a year for college. This only covers your tuition and not your books or other things you may need, such as lab software. $4,500 per year isn't a lot of money for college, but remember that many schools offer significant discounts to active-duty military personnel. $4,500 is enough to keep me in one course at a time year-round at University of Maryland Global Campus (UMGC). So far, I have been forced to pay $661 for books and $76 for lab software out of my own pocket. A small price to pay for a bachelor's degree for sure.
There is also CLEPs and DSSTs. These are exams that let you skip general education requirements. You can spend a couple of weeks studying for an exam, take the CLEP/DSST exam, and get full credit for a 7-12 week course. All CLEPs and DSSTs are free for active duty military members for the first attempt. If you fail an exam, you'll have to fork over your own money to try it again. CLEPs and DSSTs are a great way to shave years off your degree. Note
You don't have to have to be in the military to take advantage of CLEPs and DSSTs. You just don't get them for free.
Then there is the GI Bill. Once you separate from military service, you'll be able to become a full-time student. To be eligible, you must pay about $100 a month during your first year of service. Please do yourself a favor, pay attention during your GI Bill briefs, and make sure you opt-in to the GI Bill (because you can opt-out). Paying $1200 for $79,000+ worth of school is one of the greatest investments you can make.
AFCOOL is a program that gives you $4,500 (lifetime) for certifications. I have used AFCOOL to get my CCNA, Network+, CISSP, Cloud+, and PenTest+ exam vouchers paid for. You can use AFCOOL for exam vouchers and study material. I personally have never used AFCOOL to purchase study materials. I always buy my own study materials since it can take weeks to receive funding. It's worth noting that CompTIA offers college students significant discounts on exam vouchers in their academic store.
Healthcare
Military healthcare is far from perfect, but overall I enjoy getting my medical issues checked out without worrying about my bank account. Salary
There's no reason to beat around the bush here. You will be underpaid at every stage of your military career if you are in a cyber position. However, you will make more than enough to make ends meet and always have food and a roof over your head. My first year in the military was very rough from a financial point of view. I came in with credit card debt and a car payment. Once I got my credit card debt paid off, I could finally save and invest a significant portion of my salary. With time you make more money. You also make more money with each promotion. After the first couple of years, you will start accumulating wealth if you make sound financial decisions (please research personal finance and get good at it). Retirement
The military offers a very good retirement plan, even if you don't stay in for 20+ years. Remember, you get a full pension after 20 years of service. No company that I know of will let you retire in 20 years.
Cons
I've said many great things about the military option, but with most things, there are negatives. Let's start with your contract. Your contract is legally binding. Whether you sign up for four or six years, you can't leave until you've done your time. Furthermore, the military can call you back to service for up to 8 years in emergency situations. For example, if you sign a four-year contract and get out of the service, you can legally get called back into service for the next four years. With a six-year contract, you can get called back into service for the next two years. Once you reach the eight-year mark, you can not be forced back into service for any reason. Another con is that you are on duty 24/7, 365 days a year. You can be told to come to work for any reason at any time. You can be told to pack your bags and move to the other side of the world for deployment on minimal notice. You may find yourself stationed in places you don't want to be. You most likely find yourself far away from your family at times. You'll miss holidays and birthdays with your loved ones. It's not always the easiest thing to deal with for most people. With that being said, I would say that the work-life balance for a cyber troop is one of the best in the military and is more than fair, even though we do have to do non-cyber stuff we don't want to do occasionally.
At this time, the U.S. military is not in a major conflict. However, when (not if) we go back to war, you will be put in harm's way. In fact, we are never truly safe because we are primary targets for random terrorist attacks. Remember, when you sign the dotted line to join the world's greatest military, you risk your life and limbs to protect freedom.
Other Military Options
As you probably noticed, my experience is only one of an Active Duty Airman. There are other military options out there. You can join the Army, Navy, Marines, Coast Guard, and Space Force. I'm not too familiar with the other branches' cyber capabilities, but I know that the Space Force is very similar to the Air Force. I have a handful of friends who transferred from the Air Force to the Space Force, and I even tried to transfer myself at one point. So, believe me when I say that the Space Force experience will be very similar to what I said here. Each branch has its own cyber/IT capabilities, and you'll have to go out and do more research on your own if you want to join a different branch. I also am not very familiar with National Guard or Reserves benefits. Their experience and benefits are a little different than active duty. Just know that if you want to serve part-time, you can do that. How do I make sure I get into a cyber career field?
Great question! The key here is to understand that your requiter's desk is a negotiating table. They can't force you into a job you don't want. You can walk away anytime until you raise your right hand and swear/affirm your allegiance. My advice: tell your recruiter what job you want, and don't let them bully you into a position you don't want. The good news is that the cyber career field is currently undermanned and even offers enlistment bonuses at the time of this writing. So if you say you want a cyber job, you'll probably get it as long as your ASVAB score is high enough. Do yourself a favor and study for the ASVAB! When your ASVAB score is high, you can get into almost any job you want. You can get a guaranteed cyber poison before leaving for basic training. Make sure you do that. If you go in as "open," your job will be chosen for you during BMT. So please ensure your contract has your desired job in the document BEFORE you sign the dotted line.
Overall
My goal is to highlight all your options in this article. I personally do not care if you join the military or not. I do not receive any sort of benefit for convincing people to enlist in the Air Force or other branches, for that matter. I simply wanted to share a bit of my story and tell you the stuff I wish I knew about before enlisting. In my opinion, the pros far outweigh the cons, and if I could go back in time knowing what I know now, I would make the same exact decision to join the world's greatest Air Force.
Conclusion
This is pretty much an all-encompassing guide to all the resources I use and know about. You have more than enough information to get started in cybersecurity. Now it's up to you to put in the work and learn as much as you can. As I said before, no one said this field is easy. There is a reason why cybersecurity pays a lot. Becoming a cybersecurity professional takes years of hard, consistent work. But on the bright side, you can learn it! I like to tell people that I'm not any smarter or more talented than the average person. But I have an extraordinary work ethic, an insane desire to learn more, and a dedication to consistency. This strategy has been working very well for me. You can have all the resources in the world, but if you don't use them, they are worthless. Focus on getting a little better every day, and you'll be an expert in a handful of years. Good luck on your journey! If you have any questions or comments, feel free to contact me through your platform of choice. I hope I have helped and/or inspired you to be great. Thank you for reading!