How to Get Cyber Security Experience in 2024 (Fast)

How to Get Cyber Security Experience

The cyber job adverts you’re looking at all seem to want experience. But how are you supposed to get this experience if they won’t give you a job? 

This experience-related ‘catch-22’ isn’t unique to cyber security. But it is particularly common in this field - and it’s kind of understandable why. After all, a business will hardly entrust the protection of their valuable digital assets to someone who can’t show that they know their stuff.  

Here’s some good news: it IS possible to beat the ‘how to get cyber security experience’ dilemma. This is especially true if you know how to think laterally, look for help in the right places, and act smart in bolstering your experience portfolio. 

To see what we mean, here are StationX’s hints and tips for gaining that all-important experience…

How to Get Cyber Security Experience Without Experience 

Global skills shortages mean that it’s often very difficult for businesses to find and hire cyber security employees. Right now, an estimated 4 million extra cyber security workers are needed to meet the needs of employers. This labor gap has increased more than 12% in the last year alone. 

But despite this shortage, many employers still insist on the need for experience - even when recruiting for entry-level and very junior cyber positions

Experience is a big deal, to the extent that the employers you encounter will likely be far more interested in what you’ve done than where you went to school. This was illustrated in our recent guide, Cyber Security Job Statistics. It shows that for junior roles, 70% of security leaders value cyber experience more than a bachelor’s degree (e.g. in computer science). 

So what does all of this mean if you need your first break into the profession? As a start, here’s a suggested three-play strategy: 

Play 1: Make the Most of Your Non-Cyber Experience

Experience in dealing with cyber threats is highly valued. But especially over the last couple of years, employers seem to be becoming a bit more open-minded about what constitutes relevant experience. 80% of cyber security professionals think there are more pathways into cyber security than in the past. And half of hiring managers say they are changing their hiring requirements to recruit people from non-cyber backgrounds. 

On your resume, if you come from a non-cyber security working background, it’s definitely worth showcasing those aspects of your experience that might be valued in a security role. A few examples are as follows: 

  • General IT administration. Helps you demonstrate that you know your way around IT systems and architecture. 
  • Network administration. Gives you the chance to show your understanding of network architecture, applying configurations, protocols, and security measures. 
  • IT helpdesk. Demonstrates your knowledge of effective incident response, logging, and triaging.
  • Software development. This is your opportunity to emphasize your knowledge of programming languages - especially those most popular in cyber security (e.g., Python, Bash, and Powershell). 
  • Sales, Customer service, HR, etc. Past experience in non-technical roles allows you to highlight some of the soft skills that are valuable in cyber. These might include project management, explaining technical concepts to non-technical users, and understanding and responding to business dynamics. 

Play 2: Boost Your Credentials 

Employers seem to be becoming a little bit more forgiving when it comes to experience. Likewise, the absence of a college degree is no longer a deal breaker. 

However, if there’s one area where employers are still sticklers for ‘must-have’ requirements, it’s industry-recognized certifications. By way of illustration, in 2022, 90% of cyber managers said they prefer to hire people with certifications, up from 81% in 2021.

So what makes a great certification for someone trying to break into cyber security? First off, it’s got to be an accreditation that employers actually know and trust. Second, it needs to be the right certificate for the cyber pathway you intend to follow. Third - and something that’s especially relevant if you’re short on experience - it should ideally have a strong hands-on component

Tip: to explore your accreditation options in readiness for breaking into a cyber career, check out our guide, The 10 Best Cyber Security Certifications for Beginners (2024)

Play 3: Get Help from People in the Know 

We’re not sugarcoating it: getting your foot in the door to begin your cyber security career can be a frustrating experience. It becomes a lot easier, however, if you have the right kind of support behind you.

So what type of ‘support’ tends to be the most valuable if you’re on the hunt for experience? We’d suggest the following: 

  • Tailored help with standing out from the crowd and LinkedIn profile optimization. 
  • Mentorship as you build up your cyber knowledge. 
  • Practical tips on the best places to gain cyber work experience. 
  • Frameworks for actually building up commercially-recognized experience. 

With input from thousands of industry insiders, cyber security professionals at all levels, teachers, recruiters, and students from right across the globe, if you need help in getting cyber experience - whatever your current career stage - the StationX Community is your go-to hub. 

We’ll explore some more of the practical ways of how to get cyber security experience below. But just remember; whatever experience-building tactics feel right for you, dipping into the Community can make it that little bit easier to get it right. 

Gaining Experience on Your Own 

Lateral thinking can be pretty useful when negotiating the jobs market. The job spec says, ‘Experience working in cyber security preferred.’ You don’t have that (at least, not formally). But what else can you do to help demonstrate equivalent levels of know-how? 

Here are some suggestions on steps you can take right now on your own. But just bear in mind that the StationX Community is a really good source of practical help, and a Membership offers assistance and guidance on all of these methods.

Volunteering 

You’ve built up your cyber knowledge but haven’t yet managed to secure paid experience. One way of bridging the experience gap is by exploring voluntary roles. 

The types of organizations that draw on voluntary cyber security input include charities and other non-profits, community networks, educational institutions, and small businesses. You might also want to consider participation in open-source cyber projects. 

The StationX Community is a very useful source of information on uncovering the best volunteering opportunities. This includes networking tips and information on reputable platforms for finding roles in your locality (you want to gain experience - not be exploited!). 

CTF Contests

One way to compensate for a lack of formal work experience is by concentrating on your wider cyber portfolio: i.e., a list of one-off projects and achievements demonstrating your cyber-related abilities. 

Capture the Flag (CTF) contest achievements can provide standout additions to your portfolio. Often run by tech companies or educational establishments, these events focus on solving real-world cyber security challenges, e.g., forensics, cryptography, or reverse engineering. 

If you’re interested, StationX Community members can be a useful source of information about upcoming events, and you’ll get lots of tips on what to expect and on suitable competitions for your experience bracket. Most CTF events are all about teamwork, and the Community can also be a great place to start putting a squad together.

Bug Bounty Hunting 

Large organizations (e.g., the major tech players, banks, and retailers) constantly look for new vulnerabilities across their IT estates. That’s why these organizations run bug bounty programs, inviting freelance pentesters (‘ethical hackers’) to sniff out and discover bugs in exchange for rewards. 

In a similar way to CTF contests, successful participation in bug bounty programs can provide a useful addition to your cyber experience portfolio. The StationX Community can be a good source of information on where to find the best schemes and hints and tips on successful hunting. 

Internships 

An internship can be an excellent entry point into a cyber security career, and a way of bridging the gap between theoretical knowledge and practical experience. Get into a good internship program and you’ll (hopefully!) be able to say that you’ve worked on some actual projects, and had experience of dealing with real-world cyber security challenges.   

Once again, the StationX Community can give you a rich seam of information on where to find opportunities, and how to tailor your application to maximize the likelihood of getting accepted. 

Attending / Participating in Conferences 

Your attendance at conferences and workshops shows employers that you’re serious about keeping up-to-date with emerging trends, threats, and best practices, something that’s especially useful if you’re lacking on the paid work experience front. They also provide a prime opportunity for networking. 

Particularly if you’re ready to step into a more senior job role, joining a workshop panel and/or presenting some of your own case studies or research can boost your profile. If this sounds like something you’d be interested in, members of the StationX Community should be able to give you some valuable pointers.

Gaining Experience with StationX 

So far, we’ve looked at some of the ‘outside-the-box’ ways to get out there and gain experience in the wider world of cyber security. You can consider putting some of those ideas into practice right now. 

But always remember that you needn’t be alone when it comes to building your portfolio. StationX and the wider StationX Community also happens to have its own bank of resources and methodologies deliberately designed to help you gain precisely the type of skills and experience employers are looking for. 

Here are some of the StationX opportunities you might want to take advantage of: 

Joining or Leading Mastermind Groups 

One of the most popular elements of the StationX Community, our Mastermind Groups, are all about like-minded students coming together to help further your mutual goals. 

The emphasis is not just on making it easier to learn and retain information, but also on supporting each other in whatever stage you happen to be in your cyber career (including coming up with creative ways to plug any formal experience gaps you may have). Taking a leading role in a Mastermind Group is also, in itself, a really good addition to your experience portfolio. 

Practical Experiences and Virtual Labs 

Why are employers so keen to see evidence of work experience? In most cases, it’s because they need reassurance that you can actually apply cyber knowledge in the real world. 

To borrow a cliche, StationX is all about helping you walk the walk - rather than just talking the talk. Our virtual labs and other practical experiences are a big part of this. Participation in virtual lab exercises provides verifiable proof that you know how to solve commonly encountered problems. 

Pitch it right, and your virtual lab experience can be presented as being even more relevant than time spent (or not spent!) on payroll.  

Writing Your Own Tools 

Got an idea for a hacking tool or other program to address a specific problem? If you can generate your own fix, this can make an eye-catching addition to your experience portfolio. 

StationX offers a range of specialist courses on coding - including coding specifically for hacking, AI, and DevOps - to equip you to create these tools. What’s more, StationX mentors and community participants can be a great source of technical skills, inspiration, and information - including constructive evaluation of your work-in-progress / end product. 

Become a Teaching Assistant 

When it comes to management and leadership roles in cyber, the emphasis on experience tends to shift slightly. Yes, employers want to see very solid practical know-how. But alongside this, interpersonal skills become more important, i.e., how effectively you can interact with team members and ordinary users. 

As you build your knowledge to a more advanced level, there’s the possibility of taking on a teaching assistant role within StationX. This can provide useful demonstrable evidence that you know what it takes to inform, instruct, and problem-solve for a wide range of people. 

Personal Branding 

When an employer is faced with a mountain of resumes, it’s the little details that can make all the difference. The StationX Community allows you to tap into the expertise of cyber industry insiders. They know precisely what employers like to see and can give you valuable intel on the ‘tweaks’ to your CV that will most likely get you through the paper sift. 

Conclusion 

There’s no getting away from it: experience still counts for a lot when it comes to landing any cyber security role. But if you’re yet to notch up a decent stretch of experience in a standard, payrolled position, this doesn’t have to be a once-and-for-all barrier to landing a job. 

Creative thinking is often the key to success in this area. This might mean bringing relevant experience from non-cyber roles to the fore on your LinkedIn profile and CV. It will almost certainly mean boosting your credentials through certification. It may also involve exploring the wealth of non-traditional experience-boosting strategies that are out there. 

But what can really make a difference is getting input, advice, and maybe even direct experience-building opportunities from people in the know: something that StationX excels in helping people to achieve. 

We’ve touched upon some of the tactics you can use to gain work experience. To build on this, we’ve built a list of 30 concrete ways to build your experience portfolio. Another benefit of being a StationX member is that you get access to this resource. Interested? You can join here

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Gary Smith

    Gary spends much of his working day thinking and writing about professional and personal development, as well as trends and best practice in IT recruitment from both an organizational and employee perspective. With a background in regulatory risk, he has a special interest in cyber threats, data protection, and strategies for reducing the global cyber skills gap.

>