IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

How Can I Get a Job in Cybersecurity?

The questions I am most often asked, both online and in person at conferences and other events, surround how people can break into the cybersecurity field for the first time.

Job website
The job market is shifting rapidly, with tech layoffs and fears of more to come, as the world struggles with high inflation, rising interest rates and possibly even an upcoming recession later this year or in 2023.

Oddly enough, these economic challenges may actually offer some good news for state and local government managers who are struggling to find and maintain cyber talent.


Because pay and other benefits are not the only differences between public- and private-sector cybersecurity roles. As I wrote about in detail in 2018, stock options, IPOs and acquisitions accelerate the cyber talent divide. More specifically, when the stock market is selling off, IPOs are on hold and startups (and others) are shedding staff, the entire technology and cybersecurity industries are impacted.

As I mentioned four years ago: “Stock market corrections swing the pendulum the other way regarding both perceptions and reality.”


Nevertheless, there are plenty of cyber jobs available in the public and private sector. CNBC and other business channels continue to emphasize that cybersecurity may be one of the few career fields that will remain “recession-proof” — or at least remain hot despite other roles being cut.
Which leads to the reality that many recent high school and college graduates, mid-career technology and business professionals, and even veterans or late-career tech pros are looking to enter into the cybersecurity industry for the first time.

I often get asked how to break into cybersecurity for the first time, by people just entering the job market and equally by those who are later in their career but want to move into cybersecurity now.

In that regard, I want to highlight an excellent Fortune article that I recently read on this topic: How to break into cybersecurity, as told by Accenture’s head of cyber

Here’s an excerpt: “Cyber talent is in high demand. In terms of the talent shortfall, I think one of the things that’s hard to appreciate about cyber talent is it’s not like it’s just one skill set — there’s at least 17 discrete skill sets needed for cybersecurity. And within those, there’s different product lines and technical- and process-related skills that make it really, really hard to define exactly what we need in the cyber skill area.

“There’s definitely a technical aspect to cyber that I think is what most people think about when they think about cybersecurity. The hackers — the people who really understand how computers work and how to abuse them and then how to protect from that abuse.

“But there’s also a big human dimension to it. How do you help psychologically improve the way that people in organizations respond to cyber threats? How do you help make people harder targets? How do you train and change behaviors and improve risk-based decision-making and all these different things that cyber professionals have to be able to do in order to be effective with those technical solutions? It’s a really broad skill space.”

The article goes on to describe the different types of cybersecurity roles that Accenture hires, the skill sets required to get a typical job in different stages of your career, as well as the education generally needed.  

In addition, I want to highlight the great dialog and comments received in a LinkedIn post on this same article.  


As I have highlighted in past blogs, there are many ways to become a cyber pro. Cybersecurity involves people, process and technology, and many disciplines are needed to have successful cyber defense strategies.

One thing I really like from the interview referenced above with Ryan LaSalle of Accenture is this answer: “The talent shortage is not a supply-side problem. It’s an attractiveness problem. We have to do better at luring people and helping them capture their imagination, helping them understand why this is a great industry to be in.”

While there is no doubt that cyber talent shortages continue and gaps in the public sector are still growing, what has surprised me recently is the growth in the number of people who want to leave their current career path and follow the “cyber yellow brick road.”

We need to be attracting more people into cybersecurity and more people into the public-sector option. For state and local governments leaders, I encourage you to take some time to read (or reread) the reasons I have described in the past for taking a government cybersecurity role.

Also, examine the reasons why some cyber pros are unemployed and what (were) the reason(s) behind the "Great Resignation."

Finally, we need some people who have left the cybersecurity field to come back. More on that topic here.


I’d like to close this piece by again pointing out the similarities between cyber defense and (U.S.) football, with an offense and defense. Take a look at this blog on cybersecurity team lessons from football game defeats.

There is no doubt that cybersecurity is a team sport, and we need all types of people helping to be successful. If you are reading this blog and considering a cyber career role for the first time, you are not alone. Take time to read through the many reasons that this is a great place to start, or continue, your professional career.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.