Starting a Cybersecurity Career

I recorded this video of Tumi Mqedlana during my July visit to South Africa. At that time, she was midway through her program, with quite a bit of training still ahead of her. Fast forward to November 2023, Tumi not only graduated but also secured her first role in cybersecurity within the same month. Yet, what truly captivates me are the invaluable lessons her journey offers. Tumi's adventure is rich with takeaways. Here are the standout lessons: 1. Keep Searching Until You Find What Clicks Tumi dabbled in software development but it didn’t resonate with her. She didn’t stop exploring, though. When she discovered cybersecurity, it was a perfect match. It's a reminder to all of us: keep searching until you find that spark. 2. Patience is a verb. Embrace it as Your Superpower When Tumi found CyberGirls in February 2022, the applications had just closed. Far from being deterred, she used the time wisely by diving into Udemy courses to deepen her cybersecurity knowledge. It’s a powerful lesson in using waiting periods as opportunities for growth. 3. Put Yourself Out There at Industry Events Despite feeling unsure and only being halfway through her CyberGirls training, Tumi stepped up to participate in a hackathon. Such industry events can be golden opportunities to be spotted. Tumi admitted, "I always felt intimidated by such spaces, given my background and level of experience at the time.” Yet, being acknowledged for her skills at the event boosted her confidence, and it could do the same for you. 4. Navigate Minority Challenges with Courage "The CyberGirls learning experience empowered me to find my voice. As a black woman in South Africa's cybersecurity sector, just the act of engaging and feeling like I belong was transformative," Tumi shared. It’s a powerful call to push beyond the fear and find your place, even in the face of doubt. Tumi's story and video might spark other reflections or lessons for you. Feel free to share them in the comments section. Let’s enrich this conversation with our collective insights. 
#cybersecurity #infosec #informationsecurity #cybergirls 

Forget About Cybersecurity Entry-Level Roles Build Your Own Experience Everyone’s telling you to get an “entry-level” job to break into cybersecurity. The problem is those roles are either oversaturated or don’t give you the hands-on experience that truly sets you apart. The solution? Stop waiting for someone to hand you experience. Build it yourself. Here’s how: 1️⃣ Set Up Home Labs • Simulate real-world environments. • Practice tasks like vulnerability scanning, incident response, or configuring secure networks. 2️⃣ Freelance or Volunteer • Offer to secure a nonprofit’s data or help small businesses with IT projects. • These projects give you real-world impact AND something to showcase. 3️⃣ Document Your Work • Post about your projects on LinkedIn. • Share what you did, how you solved problems, and the value it created. When you create your own experience, you’re not just another “entry-level” applicant. You’re showing decision-makers that you can solve their problems today. In 2025, it’s not about waiting for the perfect opportunity it’s about creating your own path. What’s one thing you’ve done to build your own experience? Let’s talk about it #Cybersecurity #Techcareers #Careergrowth

🚨 "You're overqualified for help desk work." That's what Sarah's friend told her when she considered taking a $35k help desk role after getting her cybersecurity degree. Fast forward 8 years... Sarah is now a Principal Security Architect at a Fortune 500 company, earning well into six figures. Her secret? She ignored the advice and took that "lowly" help desk job anyway. Here's what happened during those first two years that changed everything: → She learned how users ACTUALLY behave (spoiler: nothing like the textbooks) → She saw firsthand how systems fail in the real world → She developed pattern recognition from thousands of tickets → She mastered the art of explaining technical issues to non-technical people The breakthrough moment came during her 18th month when she noticed a pattern in password reset requests that led to uncovering a social engineering campaign targeting their organization. That discovery got her promoted to the SOC team. Then to incident response. Then to security architecture. "Every 'glamorous' cybersecurity skill I use today," Sarah told me recently, "has roots in something I learned while resetting passwords and troubleshooting printers." The cybersecurity industry has convinced people that help desk → desktop support → system admin is somehow "beneath" them. But here's the reality: Every CISO, every pen tester, every security consultant worth their salt understands that technology is only as secure as the humans using it. And you can't protect what you don't understand. 💡 The fastest path to cybersecurity isn't around the fundamentals—it's through them. For those already in cybersecurity: What was your "unglamorous" starting point, and how did it shape your expertise today? For those trying to break in: What's holding you back from taking that first IT role?

For those breaking into the cybersecurity industry… This isn’t college anymore. There are no late penalties. No extra credit. No one’s handing out gold stars just for showing up. You’re in a professional field now—one that pays well and moves fast. This world impacts real systems, real people, and has real consequences. Consequently, your work needs to reflect that. I say this not as criticism, but as someone who’s been where you are. What will set you apart from the rest of the pack is knowing the difference between just getting something done, and doing something well. It’s a shift. And it matters. When your name is on a deliverable—whether it’s a report, an email, or a slide deck—it’s a reflection of you. Of your work ethic. Your attention to detail. Your mindset. In this field, few will expect you to know everything. But what they do expect is effort. Clarity. Pride in your work. I’ve reviewed a lot of work from smart, capable people that fell flat simply because it was rushed, unfinished, or because there was simply no effort put in. Typos everywhere. Incomplete work. Poor formatting. No structure. No sense of ownership. If you’re early in your career, here’s what I wish more people told me: - Proofread twice. Especially before sending it to someone senior. - Give your work a second glance—ask yourself, “If someone forwarded this to me with no explanation, would it make sense?” - Communicate clearly if you need more time or aren’t sure—radio silence never looks good. - Attention. To. Detail. I cannot hammer this home enough. Your ability to put together products that require minimal to no edits will push you to the top of the pack immediately. Many understand this. Few execute. As I tell my team - You’re not expected to be perfect. But you are expected to care. Because when people see that you take pride in your work—even as you’re learning—they’ll start trusting you with more. And that’s where the growth happens. So yes, ask questions. Keep learning. But show up like it matters—because it does. This isn’t school anymore. It’s the start of a career you get to shape. And for the managers reading this—be patient with new professionals. Teach the standards clearly, model the behavior consistently, and help them understand the ‘why’ behind quality. That’s leadership too.

"How do I get experience without a job?" This is the million-dollar question that pops up on my feed more times than I can count and it is one that I asked myself when I was first trying to get a job in #cybersecurity. The usual answer is "Build a home lab and put it on your resume." Looking on here you may think "Everyone has one, there is no way that is going to help me stand out..." You would be mistaken my friend! Not everyone has a home lab. I have gotten to speak to numerous people who are either looking to break into the industry or are already in the industry but do not have a home lab whatsoever. When I interviewed for my current position one of the things I got told made me stand out was my home lab! It was nothing super fancy or impressive, just a couple of VMs that I used to understand different concepts better for myself. I wanted to do something on my own outside of training on platforms like Try Hack Me, Lets Defend, Hack the Box, etc. What made mine stand out? I described what business cases I did in my home lab and not just the technology that was in there. My resume bullet points showed not just what tools i used, but what skills I was practicing and showed their relevance to the position I was applying to. Instead of just bullet points with the tools in my lab like: -Kali Linux -Splunk -Microsoft Active Directory -Phishing analysis I used something similar to: - Created a personal SOC environment utilizing Splunk to monitor a Windows environment including workstations and an Active Directory server. - Simulate attacks with Kali Linux against Windows environment and reviewed network traffic to generate alerts for attacks, harden environment, and write analysis of findings. - Perform analysis of potential phishing emails by investigating emails sent to my personal email address. Investigated email headers, sender domain and IP reputation, and investigating links in a sandbox with any.run. This is how you show experience! You can even take it a step further by writing a blog post, LinkedIn article, or record a video of you working in your lab that shows each task in your lab. (Videos are a bonus as they can show your soft skills as well!) This worked really well for me, just remember what you do in your lab should be relevant to the role you are trying to land. I wanted to be a SOC Analyst so all of my labs were geared towards blue teaming. You can easily change it up for whatever role you are seeking, just remember to explain the business cases you are solving in your lab! #cybersecurity #homelab #learningeveryday #jobadvice

🛑🛑 DON’T go into cybersecurity. Seriously, just don’t. 🛑🛑 I know you spent all last night doom-scrolling through the internet, and you've seen the gurus saying cybersecurity is a high-paying, high-demand career where you’ll be doing battle with hackers, protecting the world from cybercriminals, and living the action-movie dream… And now you have this idea that cybersecurity is your golden ticket. RUN. AWAY. FAST. Here’s the reality they won’t tell you: 🔹 Cybersecurity is more paperwork than Hollywood. ↳ Risk assessments, compliance checklists, and policy enforcement take up more time than "fighting hackers." 🔹 Most of the job is stopping employees from clicking bad links. ↳ 90% of threats are internal. You're not battling cybercriminal masterminds... you're training Bob from Accounting not to download malware. 🔹 It’s a 24/7 stress fest. ↳ If something goes wrong, it’s your fault. Expect middle-of-the-night incident calls. 🔹 AI & automation are replacing the "cool" parts. ↳ SOC analysts are burning out while AI tools handle more of the detection and response work. 🔹 Red team jobs are a tiny fraction of the industry. ↳ Everyone wants to be an ethical hacker, but most cybersecurity jobs are blue team (defensive security), compliance, risk management, or policy-related—not penetration testing. 🔹 The entry-level cybersecurity job market is a dogfight. ↳ There are tons of fresh grads with cybersecurity degrees and certifications, but few true “entry-level” jobs. Most positions require 2-3 years of IT experience first. Now, does that mean cybersecurity is bad? No. It’s critical work. But don’t get into it for the wrong reasons. You have to be passionate about it. Cybersecurity isn’t an action movie... it’s an ongoing battle with compliance, user errors, and evolving threats. If that still excites you, go for it! What are your thoughts? If you're in cybersecurity, what do you wish people knew before jumping in? 👇 #CyberSecurity #CareerAdvice #ITJobs

One common misconception holds many people back from starting a Cybersecurity career. They keep studying, applying, and networking... But despite their best efforts, the career transition still feels out of reach. Eventually, they start to wonder: “Is it me? Am I missing something?” Here’s the truth: the issue might be something simple - a misunderstanding. Many believe Cybersecurity is a single role or career path. It’s not. Cybersecurity is a broad field with multiple niches, each with its own responsibilities, skill sets, and expectations. And if you’re trying to pursue all of them at once, it’s no surprise you’re hitting a wall. Just look at the range of distinct roles: ✨ Cybersecurity Analyst ✨ Penetration Tester ✨ Security Architect ✨ IT/Cybersecurity Auditor ✨ IT/Cybersecurity GRC Specialist ✨ Forensics Analyst ✨ Cybersecurity Administrator Each requires a different mindset, path, and strategy. So, instead of chasing every job with “Cyber” in the title, start with clarity. Ask yourself: ✅ What role aligns best with my interests and skills? ✅ What problems do I enjoy solving? Once you identify your niche, you can build a focused, realistic plan to land your first Cybersecurity role — without the overwhelm.