Starting a Cybersecurity Career

Go into GRC, it’s not technical. Last week, I spoke with someone looking to transition into cybersecurity. She mentioned she’d been advised to consider GRC because “it’s not technical.” And it got me thinking: How true is that? If you’ve spent any time in cybersecurity, you’ve probably heard it too: “If you want a non-technical path in cybersecurity, go for GRC.” There’s some element of truth there. GRC roles may not require you to write code, configure firewalls, or run penetration tests. But here’s what they don’t tell you: You still need to: 📌 Understand how systems work 📌 Know the risks tied to those systems 📌 Ask the right questions about controls, configurations, and gaps Because if you don’t understand the tech: 🔹 How do you assess the risks? 🔹 How do you know if the controls are effective? 🔹How do you translate complex technical issues into business-friendly language GRC isn’t about avoiding the technical side of cybersecurity.   It’s about connecting the dots between tech and business, which requires a solid grasp of both. So no, you won’t be writing code in GRC. But you do need to understand the environment where code runs, the risks it introduces, and how to manage it. Cybersecurity is a business issue, but technology is the engine behind it. Here is my advice: ❌ Don’t run from the tech. ✔️ Run toward understanding it. That’s what makes you a better GRC professional.

How to Pick the Right Cybersecurity Project While Learning Not every project will get you hired. I’ve seen many people build great things, then wonder why it didn’t translate into a job offer or interview. Here’s the truth: Not all projects are equal. Some will build real skills. Others just look nice but teach you nothing. The right project is not just technical, it’s strategic. It solves a real-world problem, shows your ability to think, and positions you for the role you want. Let’s break it down. 1. Start with the end in mind Are you targeting a GRC role? Then focus on policies, risk assessments, compliance mock audits. Dreaming of a SOC Analyst role? Simulate incident response, build alerting dashboards, analyze log data. Want to go into cloud security? Secure an AWS lab, set up IAM policies, run vulnerability scans on EC2. 2. Pick problems that companies actually face It’s not about looking fancy. It’s about showing you can solve problems businesses care about. What skills do employers expect? Grab 3 job descriptions, list the common skills. Your project should mirror those skills. Example: Build a phishing simulation for a fictional company and write a report on user behavior and controls. 4. Document your process like a consultant The value is not just in the result, it’s in your thinking. Write it up as a case study. Add visuals. Share lessons learned. That’s what makes it “portfolio-worthy.” 💡Use the 3R Rule for picking projects: 1. Relevant → Align with the job role you’re aiming for. 2. Realistic → Something you can complete with your current tools + time. 3. Relatable → Something you can explain clearly in interviews (“Why did you build this?”) One project > ten tutorials A focused, end-to-end project that shows initiative, decision-making, and communication is 10x more powerful than just completing labs. If you’re learning cybersecurity and want to get hired, don’t just build… build with direction. #CybersecurityCareerGrowth

Stop Recommending OSCP as the First Step. You’re Leading Talent Into a Trap. Most newcomers don’t fail because they lack intelligence. They fail because they’re handed a broken playbook. In 2025, elite operators aren’t forged through PDFs and isolated labs. They’re developed in full-spectrum environments like Hack The Box. HTB’s CJCA path isn’t just another cert—it’s a shift in how cybersecurity training works. It simulates the job, not just a test. It teaches tactics before tooling. It prioritizes mission context, not rote memorization. This isn’t academic. It’s operational. Structured progression from foundational to specialized roles MITRE ATT&CK and SOC workflows built into the learning fabric Real-time feedback and behavioral awareness baked into the UX Red and blue teaming support from day one Training in environments that look and feel like the real thing No financial gatekeeping—learn without a massive upfront toll OffSec is still relevant—for those already in the fight. But CJCA is built for those just stepping into the arena. If you’re guiding interns, building cyber academies, or training future defenders—Stop pointing toward gatekeeping. Start pointing toward growth. You don’t need a gauntlet. You need immersion. You need context. You need Hack The Box. This is the pivot. Don’t miss it. #CyberSecurity #HTB #CJCA #InfosecTraining #RedTeam #BlueTeam #MITREATTACK #SOC #CareerSwitch #AdversaryEmulation #OSCP #HackTheBox #CyberWorkforce #Tradecraft #CyberTraining #PurpleTeam #Entry

How to Stand Out in Cybersecurity Without Stacking Certs Skills >> Certs My advice for standing out 1 - Master Hands-On Skills - Employers look for real-world experience, not just theoretical knowledge. - Set up a home lab, explore platforms like TryHackMe and Hack The Box, and work on practical security challenges. - Hands-on experience with SIEMs, EDRs, and cloud security tools will set you apart. 2 - Build Thought Leadership - Sharing knowledge is just as important as gaining it. Write blog posts on security topics, break down complex concepts on LinkedIn, or contribute to open-source security projects. 3 - Create a Cybersecurity Portfolio on GitHub - A strong portfolio speaks louder than a certification. Document your security projects, scripts, and research in a GitHub repository. - Whether it's writing detection rules, automating security tasks, or demonstrating exploit research, showcasing real work helps you stand out to recruiters and hiring managers. 4 - Create a Course or Tutorial - Teaching is one of the best ways to establish credibility in cybersecurity. Create a short course, video tutorial, or step-by-step guide on a cybersecurity concept you’ve mastered. - Platforms like YouTube, Udemy, or a personal blog are great places to start. Helping others learn positions you as an expert and opens doors to new opportunities. A strong cybersecurity career is built on hands-on skills, a solid portfolio, and the ability to share knowledge effectively. If you focus on these areas, you can succeed in cybersecurity—CISSP or not.

Cybersecurity Career Tips #1 If you want to enter the cybersecurity field, it’s not enough to just pick a list of courses, complete them, generate certificates, and think the job will come naturally. And it’s definitely not just about adding certifications to your resume that’s only one step in the process. It’s essential to learn what is applied in real work contexts. You don’t need to study C if you’ll never use it in your daily tasks. Your studies should be aligned with your actual needs. My first recommendation if you want to become a cybersecurity professional is to understand what the market is looking for. Analyze open positions in your region or remote roles, define the requirements for each position, and identify the practical skills you need. Platforms such as HackTheBox, TryHackMe, PortSwigger Academy, PentesterLab, and Root-Me are excellent for hands-on learning. I strongly recommend investing your time in acquiring real-world skills. Write write-ups, share your journey here on LinkedIn or other networks, build personal projects and publish them on GitHub, connect with other professionals, and expand your network both online and at industry events. Also, develop your soft skills. Communication is critical, even in a job interview. Being able to translate technical issues into business impact is just as important as technical knowledge. A common way to start a career is by working in consulting firms. There are many opportunities at different seniority levels. It may not be your dream job, but it opens doors. Prepare your resume for the positions you aim for and highlight the key points that match the role especially if specific knowledge is required. A resume will only be considered if it demonstrates the right skills, relevant training or certifications (to validate your expertise), and professional autonomy. And don’t limit your job search to LinkedIn. It’s great for networking, but when it comes to landing jobs, explore alternatives. Target companies that interest you and check their career pages many positions are never posted on LinkedIn. Above all, stay focused. Don’t try to learn everything at once. Concentrate on what will land you your first job, and then expand your knowledge base to increase your seniority or pivot to other areas. But the real secret lies in how you communicate and sell your work your knowledge, your problem-solving mindset, and your ability to handle situations consistently. #CyberSecurity #InfoSec #CareerAdvice #Hacking #TechJobs #SoftSkills

From fixing printers and closing helpdesk tickets to cybersecurity at Microsoft, Justin Roy's story is proof that where you start does not define where you can go. Most people think cybersecurity careers begin with a fancy shmancy degree, a certification, or a dream internship at a big tech company. In reality, they rarely start this way. Justin started at a foreclosure law firm, fixing printers and closing tickets. Then he got laid off. And that is where the story gets interesting. Instead of grabbing the first available job to stay afloat, he paused and got honest about where he actually wanted to go. The answer was cybersecurity. Here is how he approached it. Rather than starting over, he took inventory of everything he had already done, identified the gaps, and made a decision to close them one by one. Nothing in his background went to waste. Before IT, Justin had been a locksmith apprentice. That way of thinking stayed with him. Cybersecurity became a natural extension of how he already saw the world. Systems, locks, weaknesses, and puzzles waiting to be solved. You'd think the hardest part was the grind and the learning. But it was actually being overlooked. People made assumptions before he had the title or experience. He kept showing up anyway. He kept doing the work when no one was watching and building skills no one was asking for yet. Today, he is on one of the most critical teams at Microsoft, working on some of the latest AI vulnerabilities. He did not get there because he was lucky. He got there because he refused to give up on a version of himself that did not exist yet. If you feel lost right now, hear this. You do not need to have everything figured out. You do not need the perfect background or someone to choose you first. You need to decide where you want to go and start building with what you have. The way you think and show up today shapes the opportunities you will see tomorrow. If you're navigating a pivot into cybersecurity, drop your questions for Justin Roy below. He's happy to help. ❤️

𝗧𝗼 𝗺𝘆 𝗺𝗶𝗹𝗶𝘁𝗮𝗿𝘆 𝗮𝗻𝗱 𝘃𝗲𝘁𝗲𝗿𝗮𝗻 𝗻𝗲𝘁𝘄𝗼𝗿𝗸, 𝗶𝗳 𝘆𝗼𝘂'𝗿𝗲 𝗶𝗻𝘁𝗲𝗿𝗲𝘀𝘁𝗲𝗱 𝗶𝗻 𝗲𝘅𝗽𝗹𝗼𝗿𝗶𝗻𝗴 𝗰𝗮𝗿𝗲𝗲𝗿 𝗼𝗽𝗽𝗼𝗿𝘁𝘂𝗻𝗶𝘁𝗶𝗲𝘀 𝗶𝗻 𝗰𝘆𝗯𝗲𝗿, 𝘁𝗵𝗶𝘀 𝗽𝗼𝘀𝘁 𝗶𝘀 𝗳𝗼𝗿 𝘆𝗼𝘂! Transitioning from #military service to a civilian career can be both tough and rewarding, especially in the fast-changing field of #cybersecurity. I know this from my own experience. Back in 2017, after spending two decades in the United States Marine Corps, I decided to jump into #cyber, even though I didn’t have a technical background. How? Most major cybersecurity companies have initiatives designed to support the #military community in enhancing their skills and securing employment, either within their organizations or through their channel partners. At Fortinet, a global leader in cybersecurity, the team you see here (2017-2022) had the privilege of helping thousands of #veterans and #militaryspouses develop new skills and secure careers in this amazing industry. 𝗜𝗳 𝘆𝗼𝘂 𝗮𝗿𝗲 𝘁𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻𝗶𝗻𝗴 𝗶𝗻𝘁𝗼 𝘁𝗵𝗲 𝗰𝘆𝗯𝗲𝗿 𝗶𝗻𝗱𝘂𝘀𝘁𝗿𝘆 𝗮𝗻𝗱 𝗮𝗿𝗲 𝗰𝘂𝗿𝗿𝗲𝗻𝘁𝗹𝘆 𝗳𝗮𝗰𝗶𝗻𝗴 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀, 𝗱𝗼𝗻’𝘁 𝗴𝗶𝘃𝗲 𝘂𝗽 𝘁𝗵𝗲 𝘀𝗵𝗶𝗽; 𝘁𝗵𝗲𝗿𝗲 𝗮𝗿𝗲 𝗺𝗮𝗻𝘆 𝗿𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀 𝗮𝘃𝗮𝗶𝗹𝗮𝗯𝗹𝗲 𝘁𝗼 𝗮𝘀𝘀𝗶𝘀𝘁 𝘆𝗼𝘂. For more insights into my personal journey and transition tips, be sure to check out my article on Forbes: 𝗖𝘆𝗯𝗲𝗿 𝗪𝗮𝗿𝗿𝗶𝗼𝗿𝘀: 𝗡𝗮𝘃𝗶𝗴𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗲 𝗧𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻 𝗳𝗿𝗼𝗺 𝗠𝗶𝗹𝗶𝘁𝗮𝗿𝘆 𝘁𝗼 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 https://lnkd.in/gwbms-3W Let’s work together to empower our #military community! #ForbesCouncil #LinkedInTopVoice #CareerTransition #Leadership

Here's a Complete Roadmap to Self-Learning your way into Cybersecurity. These 5 Stages can lead you straight into an awesome Career. You don't have to bury yourself in college debt to have an extremely successful career. Is college good? Absolutely. Is it required? No. If you have the ambition to self-learn, here are the 5 stages that you must go through. I'll give you two warnings though: 1. If you don't have the work ethic, you will fail. 2. If you try to skip steps, you will fail. With that out of the way, here are the 5 Stages: Stage 1 - Foundational Knowledge (Understanding the Basics) → Operating Systems (Linux and Windows fundamentals) → Networking (TCP/IP, DNS, HTTP, firewalls and routing) → Security Concepts (CIA Triad, threat models, malware, encryption) Stage 2 - Hands-on Skills (Practice or Forget) → TryHackMe → HacktheBox → Building your own Labs Stage 3 - Certifications (If you want proof of your work) → Security+ → Google Cybersecurity Certificate → ISC2 → CySa+ → certs for later - PNPT, CEH, OSCP and others Stage 4 - Specialization (Pick a Lane) → Penetration Testing → Blue Team / SOC Analyst → GRC / Governance, Risk & Compliance → Cloud Security → Application Security Stage 5 - Community, Projects & Branding (Get Seen, Get Hired) → Contribute to open-source security projects → Start a blog → Teach what you have learned → Join communities (discord, reddit, and others) The path to your career can start today. You can literally change your entire life by learning about a field of work that is extremely demanding. I've been in Tech / Cyber now for over 25 years. Much of what I learned has been self taught and from others. If a high school grad with average grades could succeed in this field, you certainly can. In fact, with the resources now, you'll be way more successful than I have. If you want to talk about your journey or need help, my DMs are open. Literally all you have to do is send me a message. You can also checkout my mentoring group at https://lnkd.in/gK-e_WWF #cybersecurity #careers #informationsecurity

Before you start a career in cybersecurity, understand this. Cybersecurity is not about collecting tools, running scans, or chasing alerts all day. If you enter the field thinking tools will do the thinking for you, burnout comes fast. Cybersecurity work is about judgment. You’ll constantly decide what matters, what doesn’t, what can wait, and what needs immediate attention. Many alerts are noise. Some real threats are quiet. Your value is not speed, it’s discernment. Another hard truth: Tools don’t protect environments. People do. SIEMs, scanners, EDRs, they help, but only if you understand systems, logs, attacker behavior, and risk. Without fundamentals, tools become overwhelming instead of empowering. Confusion at the start is normal. Logs look messy. Concepts overlap. Nothing feels clear. That phase doesn’t mean you’re failing, it means you’re learning. The people who grow are the ones who stay curious and keep asking why. Communication is often underestimated. You’ll write reports, document incidents, explain risks, and justify decisions to people who are not security experts. If you can’t explain impact clearly, even good work can be ignored. And finally: Cybersecurity is a long game. Foundational roles build instincts, discipline, and resilience. Many strong careers are shaped quietly in the early stages before they look impressive on LinkedIn. Go in with patience. Consistency. A willingness to learn deeply. That mindset will take you far. Happy new week 🤍 P.S: What lab or topic would you be doing for the week? Let’s hear in the comments.

Most cybersecurity beginners waste months on the wrong topics. In 2013, When I sat for the interview of Security Analyst position, I shuttered while answering basic questions. It wasn't that I hadn't learned these concepts—I simply assumed I knew them well enough. Then I realised something. There are some core topics that serve as a foundation and mastering these will make everything else easier. So, you don’t need to know everything to get started. But there are 10 foundational topics that will actually move the needle: Here’s what actually matters: 1️⃣ Networking basics—TCP/IP, subnets, firewalls.     2️⃣ Operating systems—Linux security fundamentals.     3️⃣ Identity & Access Management (IAM)—how permissions and authentication work.    4️⃣ Threat modelling—spotting weaknesses before attackers do. 5️⃣ Data Security —at rest, in motion, and in-memory.      6️⃣ Cryptogrpahy —how data stays secure.     7️⃣ Web security—common vulnerabilities (OWASP Top 10).     8️⃣ Security frameworks— CIS benchmarks.     9️⃣ Cloud security—AWS or Azure or GCP security basics.     🔟 Scripting—basic Python, Bash, Go for automation.     Focusing on these first will save you time, frustration, and dead ends. Pick one, learn deeply, then move to the next. The sooner you build this foundation, the faster you'll grow into a skilled cybersecurity engineer. Liked what you read ? You may also like 👉 How You Can Prioritise Cybersecurity Skills (Even With Limited Time) - https://lnkd.in/dXDsSvtC