Most people who want to break into cyber security face the same wall early on: job postings marked "entry level" that ask for three to five years of experience. It is a genuine frustration, and it is worth addressing directly before anything else.
According to analysis by EntryToCyber, there is actually a 10% worker surplus for positions requiring zero to two years of experience, meaning entry-level cyber security is more competitive than the overall market suggests. That does not mean it is impossible. It means that breaking in requires a more deliberate approach than simply completing a course and applying for jobs. The candidates who land roles consistently do a small number of things differently from the majority who do not.
This guide covers what those things actually are.
The Reality of Breaking In Without Experience
"Cyber security" is not a single job. It is a broad field with roles ranging from SOC analyst to GRC analyst to penetration tester to cloud security engineer, each with different entry barriers, different skill requirements, and different hiring pipelines.
The first practical step is choosing a direction. Someone who is targeting a SOC analyst role needs to build a different skill set, pursue different certifications, and demonstrate different evidence than someone targeting a GRC position. Trying to learn everything at once is the most common reason people spend eighteen months preparing and still feel unready.
The most accessible entry points for people with no prior cyber security experience are:
SOC Analyst (Tier 1) is the most common first role in the field. It involves monitoring security alerts, investigating potential threats, and escalating confirmed incidents. The skill bar is reachable within six to twelve months for someone starting from scratch, and the volume of open positions is higher than any other entry-level cyber security title.
GRC Analyst is the most accessible route for people coming from non-technical backgrounds. Governance, risk, and compliance work values structured thinking, written communication, and familiarity with frameworks like ISO 27001, NIST, and GDPR. People transitioning from law, finance, audit, or project management often find this path more natural than technical roles.
IT Support with a security focus is how many working cyber security professionals entered the field. Help desk and systems administration roles build the networking and OS knowledge that security work depends on, and internal moves into security teams are a well-documented pipeline at many organisations.
What Employers Are Actually Evaluating
Frank Cicio, founder of iQ4, a cyber security and AI training organisation, put it clearly in an interview with Forage: "Employers want candidates who can do more than talk theory — they want problem-solvers who can apply their knowledge and understand their role in the big picture."
That framing is useful because it tells you what the evaluation is actually testing for. When a hiring manager reviews an application from someone with no professional cyber security experience, they are asking a specific question: is there evidence that this person can do the work? Certifications help answer that question. A public profile showing consistent lab work helps answer it. A writeup of a CTF challenge formatted as a professional finding helps answer it. A vague claim to be "passionate about cyber security" does not.
The ISC2 2025 Workforce Study found that skills-based hiring continues to grow across the industry, with employers increasingly valuing demonstrated practical ability over formal credentials and educational background. That shift benefits people without traditional routes in, but only if they have built genuine evidence of ability rather than simply accumulated qualifications.
The Skills You Need to Build First
Before certifications, before job applications, and before portfolio building, there is a set of foundational skills that cyber security work of almost any kind depends on.
Networking fundamentals. Understanding how data moves across networks, what TCP/IP and DNS do, how firewalls and proxies work, and how to read network traffic is the bedrock of security work. You cannot investigate a suspicious outbound connection if you do not know what normal network behaviour looks like.
Operating systems. Linux command-line proficiency is expected in most technical roles. Windows administration knowledge, including Active Directory basics, is equally important for roles in SOC and defensive security. Neither requires you to be a systems administrator, but both require genuine comfort rather than surface familiarity.
Basic scripting. Python and Bash scripting for automation and log parsing are increasingly expected even at entry level. You do not need to be a developer. The ability to write a simple script to parse a log file or automate a repetitive lookup task is a meaningful differentiator.
Security concepts. The CIA triad, common attack types, how authentication and encryption work, what SIEM platforms do, and how incident response is structured are all expected baseline knowledge for any entry-level application.
TryHackMe's Cyber Security 101 path covers all of this through guided hands-on labs rather than passive reading. It is the starting point for building the foundation that everything else depends on.
Building the Evidence That Gets You Hired
The practical gap most candidates have is not knowledge. It is demonstrable evidence of applying that knowledge. The following table maps the most important types of evidence to how long they take to build and what they signal to a hiring manager.
| Evidence type | What it signals | Time to build | How to build it |
|---|---|---|---|
| TryHackMe profile and path completions | Consistent, structured hands-on learning over time | Ongoing from day one | Complete structured paths, keep profile public, share on LinkedIn |
| Lab writeups and CTF documentation | Ability to investigate, document, and communicate findings | Start from first lab session | Write up every challenge as a professional-style finding; post on a blog or GitHub |
| Entry-level certification (Security+ or SAL1) | Passes HR filters; validates foundational or practical SOC knowledge | 3 to 6 months of preparation | Study alongside hands-on practice, not instead of it |
| GitHub with scripts or tools | Practical scripting ability; initiative beyond structured courses | Build gradually from month 2 or 3 | Document scripts written during labs; publish small automation tools |
| LinkedIn with clear narrative | Professional framing of transition; visibility to recruiters | Set up early, update regularly | List certifications, path completions, and projects; post short insights regularly |
Evidence that shows consistent activity over time is more credible than a large burst of activity immediately before applying for roles.
The Certification Question
Certifications matter, but the way most people approach them is backwards. They choose a certification first and then build skills to pass it, rather than building skills and then using a certification to validate them. The difference shows in interviews.
CompTIA Security+ appears in approximately 70% of entry-level cyber security job postings and satisfies the US DoD 8140 baseline requirements, making it the most universally recognised HR filter in the field. It should typically be on the roadmap for anyone targeting technical roles, but it is a knowledge test, not a skills test. Passing it does not prove you can investigate a live alert.
TryHackMe's SAL1 certification works differently. The exam puts you inside a simulated SOC environment, working through real alert queues in Splunk under time pressure. It tests whether you can do the work, not whether you can recall definitions of it. The most effective combination at entry level is Security+ for the HR filter and SAL1 for the practical credibility signal that technical interviewers respond to.
One consistent warning from hiring managers across the field: do not collect certifications instead of building experience. Two relevant credentials alongside genuine lab work and a clear portfolio consistently outperforms a longer list of certifications with nothing practical behind them.
A Realistic Timeline by Starting Point
The honest answer on how long it takes depends almost entirely on where you are starting from and how many hours per week you can commit.
For a complete beginner with no IT background, twelve to eighteen months of consistent effort at ten to fifteen hours per week is a realistic target for a first entry-level SOC or IT support role. The first three months should be almost entirely foundational: networking, Linux, and OS basics. Security-specific study and certification preparation follow once that foundation is solid.
For someone coming from an IT background, the timeline compresses to three to six months, because the foundational layer is already built. The focus shifts to security-specific knowledge, hands-on practice in a SIEM environment, and accumulating practical evidence.
For career changers from non-technical backgrounds, the timeline is closer to eighteen to twenty-four months, but the GRC path is often faster than the technical path and more directly leverages existing professional skills.
The First Application
When you do start applying, two things matter more than most candidates realise.
Target the right roles specifically. Applying broadly across all entry-level cyber security titles spreads your preparation thin and produces generic applications. Picking one role type, SOC analyst, GRC analyst, or junior penetration tester, and tailoring your evidence, your CV framing, and your interview preparation to that specific target is consistently more effective.
Be concrete in interviews. The question that most determines whether a technical interviewer makes an offer is some version of: "Walk me through how you would investigate this alert" or "Tell me about a lab you have done." Candidates who can answer with specifics, naming the tools they used, the decisions they made, and what they found, are the ones who get offers. That specificity only comes from genuine hands-on practice, not from having studied the right material.
Start Where You Are
TryHackMe's Cyber Security 101 path is the starting point for anyone at the beginning of this journey, regardless of background. It builds the foundational knowledge and hands-on experience that every cyber security role builds from, through labs rather than lectures, and it connects directly to the learning paths and certifications that lead toward a first role.
Nick O'Grady