How to Start a Career in Cybersecurity

by David Staples | Jun 25, 2019

IT Instructor David Staples talks about getting into cybersecurity – by first learning the basics of IT and then gaining experience and certifications to prepare you for a specialized cybersecurity role.

Hey, YouTube. Are you wanting to know how to start a career in cybersecurity? Well, if so, you’re in luck. My name’s David Staples and that’s today’s topic coming right up.


So today we’re going to talk about how to get started with a career in cybersecurity. Before we get started, I do have to thank CompTIA for sponsoring this video. I really appreciate it. And thank you to all you guys who are watching, as well.

CompTIA and these types of sponsorships are the reason that I’m able to do things like what you see here. And I know it doesn’t look like much, but surprise, we recently bought a new house. And what you see here will turn into my office/YouTube studio.

It’s because of people just like you watching right now that have made these things possible. So really, I just want to say thank you to everyone, but especially thank you for CompTIA for sponsoring this particular video.

Now even though they’ve sponsored the video, they haven’t told me what to say, so all the opinions you see here are expressly my own. They haven’t given me any talking points or anything like that.

Start with the Basics of Computing

But on to today’s topic, how to get started with a career in cybersecurity. Well, of course one of the first and most important things with cybersecurity is that you need to understand how computers work. You can’t very well hack into something or protect something if you don’t know how it works.

This is something that I mentioned in my CompTIA Security+ and other classes, as well, in that people come in and they want to get started into cybersecurity, but they don’t have a computer background. So really, one of the best things that you can do is to actually get started with learning how the computer actually works. Because once you understand how it works, then you can discover “Here’s the vulnerabilities. Here’s the weaknesses.” And we can discover how to actually get past those types of things.

If you haven’t been working with computers long, you may want to consider looking at something like the CompTIA A+ course or the CompTIA Network+ course, build a really good understanding of how the internals of the computer work, work your way on up into the software side of things with the operating systems. Don’t just limit yourself to Windows. Windows is great to know. But you also want to learn things like Linux and Unix and any other things that you can expose yourself to as well.

Learn About Computer Networking

When it comes to networking, don’t stop at just a basic network configuration with the consumer router and maybe consumer switches or any other types of devices. Work your way on up into the Cisco world and look at all the different types of things that are involved with making networks work, making data move across these networks.

Once you have that skillset and you’ve kind of broadened your horizons there, you’ll be able to develop a much better understanding of how cybersecurity itself actually works.

Linux and Cybersecurity

Now once you’ve got that basic understanding, keep building on that. Start playing with different distributions of Linux. Start looking at things like Kali Linux. Kali Linux is a great little hacker’s toolkit.

I know some people consider people that use Kali as basically just kind of script kiddies, in other words, people that only really know how to use the pre-made tools. But there are some things that Kali does really well. And I’m not going to sit here and reinvent the wheel when I’ve already got a tool that will do part of the job for me.

What Kinds of Cybersecurity Jobs Are There?

Now keep in mind that cybersecurity is a really broad field. So there’s a bunch of different things that you can specialize in. So, one of the things that some people look at is things like physical security. In fact, I’ve actually even got a little lock-picking toolkit right here that I usually demonstrate in the security classes that I teach. With two tiny little pieces of metal, granted this one’s a see-through lock, just so students can actually see how these little padlocks work. But you stick these in here in just the right way, and without even really looking at it, it shouldn’t really take that long to actually pick a little lock like this. And this is actually taking a little bit longer than I normally take, but as you can see, I wasn’t looking at the lock. I was looking at the camera here. And getting past these types of things is something that some of the hackers and the people in cybersecurity really actually enjoy. And I can certainly see why.

But besides physical security of course there’s also things like software security and operating systems. You’ve got getting past routers, breaking into IoT devices or internet of things. So there’s a bunch of different things that you can do to get into cybersecurity.

Cybersecurity Skills

One of the things I typically recommend is learn a programming language. There’s lot of them out there. If you want to start with something simple, maybe look at something like JavaScript or VBScript. Definitely some very good foundations of learning the basics of programming.

I happen to be a PHP fan myself. I tend to like writing PHP. But I do also write JavaScript and VBScript and I also teach a VBScript class in addition to a VBA class. So that’s visual basic for applications.

If you’ve ever seen kind of the backend interface to Microsoft Excel or Word or PowerPoint, they have this interface that you can actually go in and write code to be able to do all sorts of different things. And that’s where things like macro viruses and those little warnings that pop up if you’ve ever opened a Excel spreadsheet that says, “Beware of a potentially malicious code.” So that’s the type of area that you can go in and actually look at that type of thing as well. Learning a programming language can certainly be very helpful.

Getting Hands-On Experience

On-the-job experience is another really good thing. Now you don’t have to start directly in cybersecurity if you’re looking at a career in cybersecurity. In fact, it’s a really good idea to kind of get some hands-on [experience], maybe at a help desk. Maybe at a local small computer shop and really spend some time getting to know the inner workings of how computers actually work. From there, you can always move up into the cybersecurity field.

If you’re perhaps young enough and you don’t necessarily feel like college is right for you, you may want to look at something like the military. The military has a lot of opportunities in cybersecurity. Whether you’re talking about the Army or the Navy or the Air Force or Coast Guard, I’ve taught people in all those branches. I haven’t really done anything with Marines yet, but hey guys, if you’re in the Marines and you’d like for me to come out to one of the bases where you’re at, I’m happy to do so. Just feel free to contact me here.

But I’ve been to a bunch of other military bases where we talk about all sorts of different types of cybersecurity topics. Now obviously I can’t talk about the details here, but there are definitely cybersecurity groups within at least the Air Force and the Navy and other branches of the U.S. military. So that might be a good option for you.

Cybersecurity Certifications

Of course, getting certified is also another very good step in starting a career in cybersecurity. You can look at things like the Security+ certification from CompTIA. They’ve also got the Cybersecurity Analyst (CySA+) certification as well as the CompTIA Advanced Security Practitioner (CASP+) certification.

So those three have been around for quite a while now. The Cybersecurity Analyst is the newest out of those three. Now there’s actually a new certification coming out July 31st. It’s the PenTest+ certification. [Editor’s Note: This video was recorded before CompTIA PenTest+ came out in July 2018. Download the exam objectives to see what’s covered.] I haven’t seen the exam yet because it’s not out. But I am definitely looking forward to seeing the exam here very, very soon.

Of course, beyond CompTIA there are other certifications out there as well. But there’s so many of them, so maybe we’ll talk about those in another video.

But the CompTIA ones are definitely a very good way to get started – starting off with maybe your CompTIA A+, CompTIA Network+, CompTIA Security+, on into your CompTIA Cybersecurity Analyst and even the CompTIA PenTest+ when it comes out and then on to your CompTIA Advanced Security Practitioner (CASP+), which is their mastery level exam. That’s the highest level of security that they offer. And each of those different exams focuses on different parts of cybersecurity.

Are Cybersecurity Certifications Worth It?

So one of the things that I have students ask a lot of times in classes, “Are the certifications really worth it?”

Well, absolutely, because when you’re looking at jobs, typically what happens is that the hiring manager sends the job requirements to the HR manager. The HR manager kind of filters through and they’re looking at stacks of resumes. And if you’ve got two comparable candidates and one has this exhaustive list of certifications and the other person has nothing, well, which one do you think they’re going to send on to the hiring manager for an interview?

As well, since the CompTIA certifications do have performance-based questions where you actually have to show that you actually know the material, it shows potential employers that you do have the skillset to do whatever the job they’re hiring you for.

And someone like CompTIA that’s been around for over 20 years is really a good place to start for getting certified in the cybersecurity field, which is one of the reasons that I teach so many CompTIA classes.

Again, I teach everywhere from the CompTIA A+ on up through the CompTIA Network+ and CompTIA Security+ and CompTIA Cybersecurity Analyst (CySA+) and the CompTIA Advanced Security Practitioner (CASP+).

I teach the CompTIA Linux+ and really pretty much almost every certification that CompTIA’s come out with. I think my current count of certifications is somewhere around 26 or 27. I guess I’ve kind of lost count. I’d have to sit here and count that over again. But CompTIA is a really good one to start with.

And if you want to specialize from there into moving on to the Cisco world or if you want to move to the Microsoft world, if you want to move specifically into different distributions of Linux, there are Red Hat exams and other exams for different distributions of Linux.

And you can show potential employers that even if you may not necessarily have on-the-job experience with some of these types of concepts, that perhaps you may still have the skillset because like a college degree, you’ve been able to show that you’re able to pull this information out of your memory and be able to demonstrate these types of concepts.

If you’re interesting in more information about CompTIA certifications, be sure to go to certification.comptia.org. I’ve got a whole bunch of links down in the description below for the video. So be sure to check all those out.

And again, I want to say thank you to everyone for watching. Be sure to show a little love and click on that like button. It helps YouTube know that you actually like the video. Leave a comment below. And of course if you haven’t subscribed already, be sure to click on that subscribe button like so many others have. But again, I do appreciate you tuning in. Be sure to stay tuned for the next video.

You guys take care. We’ll see you soon.

Ready to get started? Learn more about the CompTIA Cybersecurity Career Pathway.

6 Comments

  • Dhruval Patel

    Friday, June 28, 2019

    Hello there, My wife is planning to get into Cybersecurity field. And, she has got Security + certification. Also, she is trying to get hands-on experience with Kali linux security tools (Metasploit, Nmap, etc.) All the cybersecurity analyst or similar jobs ask for at least 2-3 years of experience. But, she does not have any technical experience in any field. Can you please give me a piece of advice for the next steps or how can she get into that field? Your feedback will be highly appreciated. Thanks

  • Aslam

    Saturday, June 29, 2019

    I m interested to start from beginning I need help to start

  • Monday, July 1, 2019

    Hi Druval! Thanks for your question. This depends on your wife's previous experience - IT or otherwise. Take a closer look at the job descriptions she is interested in and see if you can link what she's done In previous jobs - even non-IT roles - to what they're looking for. When it comes to cybersecurity, it often helps to understand the fundamentals of IT and computer networking so you know what you're trying to protect and how it's supposed to function. So, she might need to start in a tech support position to get her feet wet. Good luck!

  • Alvin

    Saturday, July 6, 2019

    Dhruval, I would say try building a lab environment for her. Have a decent host computer set up for her and download ISOs for creating VMs. I know you guys have Kali already but like you said she needs technical experience. So, I would say having start off with installation of Windows 7 and configuring it. Then what you can do is find basic instructions online to help guide her so she can get some basic and general understanding. This part will cover just enough for the A+ You can also have her build the host machine herself as well. Building the host machine will teach her the hardware portion of A+ and the VM configuration will help her understand the software portion of A+. Once you have all this done. You can gradually break the VM a little at a time so she can learn to troubleshoot it and fix it.

  • Kristina Simmons

    Wednesday, August 21, 2019

    HI! I just graduated from college with a degree in Management Information Systems and i really want to pursue a career in cyber security. I’ve already decided that I want to go to University of Houston to achieve a Masters in Information Security. But i know employers like certification as well. I’m just confused as where to start! Should I begin with the A+ or the Network+ certification. Or any other certification like Microsoft ( there are so many options)? Please help!

  • Wednesday, August 21, 2019

    Hi, Kristina! Thanks for your question. It really depends on your skills and experience. If your degree did not focus on foundational IT, like hardware, operating systems and network connectivity, A+ and Network+ would be a great way for you to prove to employers that you understand how the networks you're securing operate. If your degree covered those topics and you don't feel the need to validate those skills, security-focused certifications may be the way to go. Take a look at this article that compares certifications, certifications and degrees: https://certification.comptia.org/it-career-news/post/view/2018/10/19/cybersecurity-certificates-certifications-and-degrees-how-to-choose Good luck!

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story