How to get an entry-level cybersecurity job in 2021

Photo by Laura Ockel on Unsplash

The unicorn

A few years ago, I hired someone into our team at one of my previous employers. Despite having zero commercial cybersecurity experience yet wanting to break into the industry, they weren’t sure they wanted the job.

Photo by Lucas Santos on Unsplash

“I have to hire this person.”

I sent them a message introducing myself and asked if they were open to speaking with me about a potential role in cybersecurity. They agreed, but could only be available during lunchtime because their workplace at the time kept employees on very short leashes; they were only “allowed out or could speak with people during lunch”.

Prove, don’t just tell

We’re kidding ourselves if we think the majority of cybersecurity professionals are in the industry because of their passion for it. Many are in the industry because it pays well.

Photo by Austin Schmid on Unsplash

“How am I proving that I’m truly passionate about cybersecurity?”

You’ve probably completed some courses or certifications. You might even have a university degree with the word “cybersecurity” in the title. This does not differentiate you.

  • Start your own cybersecurity project to build on your foundational education.
  • Share articles (via social media) you’ve read that you find interesting, including what you learned.
  • Attend events or webinars and tell people on social media what you learned or found interesting about each.
  • Join industry associations or groups and actively participate.

I want to be a pen tester or SOC analyst

That’s great, but so does everyone else trying to get an entry-level role in cybersecurity. The reality of it is, most will not get one of these roles as the “foot in the door”.

Photo by Levi Jones on Unsplash
  • Communications
  • Identity and Access Management
  • Security Governance
  • Risk Management
  • Regulatory Compliance
  • Privacy
  • Application Security
  • Cloud Security
  • Vulnerability Management
  • Third Party Supply Chain Risk
  • Data Protection
  • Business Continuity
  • Incident Response
  • Digital Forensics
  • Policies, Standards, and Guidelines
  • Business Intelligence and Reporting
  • Quality Assurance and Testing
  • Program/Project Management
  • Business Analysis

The world is built on relationships

You should already know this; it’s especially true in a crowded field of entry-level candidates.

Photo by Andrew Moca on Unsplash

So you got an interview

Congratulations! Getting an interview is difficult, particularly if you are trying to get an entry-level position.

Photo by Christina @ on Unsplash

Key takeaways

  • If you’re truly passionate about cybersecurity, differentiate yourself by proving it.
  • There is so much more to cybersecurity than being a pen tester or SOC analyst.
  • Relationships and networks matter, even at entry-level.
  • Learn how to interview well: there are literally guides on how to do it right.



Cyber Risk. Cybersecurity. Business. Tech. Entrepreneur. CEO at Avertro. Former CTO at McAfee Asia Pacific.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ian Yip

Ian Yip


Cyber Risk. Cybersecurity. Business. Tech. Entrepreneur. CEO at Avertro. Former CTO at McAfee Asia Pacific.