Two High Probability Paths To Your First Cyber Security Job
Cyber security has become one of the most highly desired career fields. With millions of cyber security jobs unfilled, the most common question that I see posted all over social media has to be around how people can successfully enter the field without experience.

Breaking into the field can be difficult. Everyone seems to be looking for high probability path to that first cyber security job.
Here are two possible paths:
- Summer cyber security internships.
- Volunteer work with a non-profit.
You might think that your certification or a degree that will earn you a cyber security role. They may or may not be important. Depending on your school, contacts, certification, and employer, they might be actually be enough to close the deal, but nothing beats actual experience on your resume.
Experience can also help determine your starting pay in your first role.
Summer Cyber Security Internships
Think of a summer cyber security internship both as an extended job interview and your chance to really get to know an organization and their cyber team before committing to a job. I can’t speak to every organization, but within my team at an insurance company in the midwest, cyber security interns are paid positions. This may not be true everywhere, but it shouldn’t matter. The goal is to break into the field, right?
Look for an organization that takes their intern program seriously. There should be a clear position description and have the opportunity to perform meaningful work. You’ll shouldn’t just be doing “intern stuff.” As a intern candidate, you should also look for solid evidence that the organization hires some of their former cyber security interns.
My team started building a robust cyber security internship program in the spring of 2018 with the first interns hired in over that same summer. We know that application security and cloud security positions are the lowest density skill sets (read, “hardest to find”) so we decided to grow our own.
We also find that we have to change the mindset of our cyber security internship candidates. Most initially believe that there are only two possible roles on cyber security teams — SOC analysts and red teamers. My team of 14 full time cyber security employees doesn’t have either of these roles. We contract out our 24x7 monitoring and our penetration tests. There is a big world of many other cyber roles: endpoint security, cloud security, app security, data security, security operations, cyber risk, etc. At least half of our curent internships are focused on growing smart college sophomores and juniors over the course of two internships into either application security or cloud security professionals. In 2021, we’ll turn our internship focus to cyber risk.
Since that first summer two years ago, we’ve had 6 cyber interns in total comprised of 4 summer interns as well one intern each for spring 2019 and fall 2019. Of those six, we’ve extended job offers to two of those former interns. A third has a formal job offer already extended to them to join us upon their May 2020 graduation.
That’s not just a win-win for everyone but also a clear high probability path into the cyber security field.
Work hard and learn everything that you can. If the organization doesn’t pick you up as a full time time employee, some other organization likely will. One of my team’s best hires came directly from an internship at another company that had no open full time headcount. Their loss. Our win.
Internships are not the only path particularly if you’ve chosen to not attend college.
Non-Profit Organizations
Non-profit organizations everywhere have cyber security requirements. They also generally do not have the resources to pay market rates for full time cyber professionals. They may not have funds to pay at all. You could choose to volunteer your time helping them out with their cyber security issues.
There are few ways that are more fulfilling than to help a non-profit with a mission that stokes your passion. You’ll gain valuable experience and references that you can bring to future job interviews.
Chances are you’ll also learn the most valuable skills at a non-profit that a cyber practitioner can have — engaging with others in a way that builds a security culture and learning how to find real solutions when resources are scarce. Both are traits that have value for the future hiring managers that will be interviewing you.
Who knows. You might also decide to stay at the non-profit. Again, a win-win for everyone.
So, yes, breaking into the cyber security field can be challenging.I’ve only laid out two of N paths .The choices and options to get that first cyber security role are only limited by your imagination.
You can do this.

