Breaking into the cybersecurity field can feel like a catch-22. Companies want experience, but you can't get experience without a job. And we keep hearing that:

• There are no entry-level positions: The Problem With Cybersecurity Hiring

• Companies don't want to invest in 3 months of training when employees leave for the first offer with higher pay once certified: This is why we have a skills and hiring gap in infosec

• AI is reducing the entry-level feeder role pipeline: What Jobs Will AI Replace First?

So what's an aspiring cybersecurity professional to do? Here are some ideas:

Immerse Yourself

The first step is to immerse yourself in both knowledge-based and skills-based training. For knowledge based training, get after certifications like Security+ and A/CCRF in the GRC Certification Roadmap. Join the Daily Cyber Threat Briefing (DCTB) on YouTube. These provide a great baseline and help you learn the ropes and speak the language.

For hands-on skills, check out GRC Analyst Masterclass and AKYLADE Certified Cyber Resilience Practitioner (coming to Simply Cyber Academy Oct 31), that put you in real-world scenarios.

Get Validated

While knowledge-based certs like Security+ are a good start, you can get an additional edge in the applicant pool by validating your skills with accredited practical exams.

Many courses today create their own "certifications" but those are really just certificates of completion. Without independent accreditation, employers won't recognize them as proof you can do the job.

Dion also noted that 50-70% of cybersecurity job postings are tied to certifications in the DoD 8140 list. The importance of this list was also discussed in the Sept 18 DCTB with special guest Josh Mason. You can watch the discussion here at the 1:25:10 mark.

To get on the DoD 8140 list, a cert has to follow the rigorous ISO 17024 personnel certification program process. It involves doing a formal job task analysis, developing exam objectives, writing and validating questions, and ensuring statistical equivalence between exams. AKYLADE is pursuing this.

The list is in Appendix 2 of the GRC Certification Roadmap here:

Show Your Work

Certifications help get your resume looked at, but they alone won't get you hired. You need a way to show employers you have practical skills at scale, without years of experience.

This is where your projects, labs, and portfolios come in. Learn in public and showcase what you can do by:

• Contributing to a Study GRC project

• Commenting on your favourite educational YouTube videos

• Starting a blog

• Joining a vetted Discord Cyber Community

Document and share your learning. Talk about it at meetups and conferences. Become the cybersecurity professional you want to be and make your expertise known.

The industry is starting to realize we need alternative pathways to get more people in the door. By immersing yourself in hands-on training, validating your skills, and showing your work, you can break the catch-22 and launch your cybersecurity career. No experience required.