You are not 22 anymore. You have a career, probably a mortgage, maybe a family. And here you are seriously considering switching into cyber security…
… great to hear! The field needs people like you with a wealth of world experience, just as much as it needs emerging graduates who have studied cyber security. Mid-career switchers bring problem-solving habits, professional communication skills, and the ability to work under pressure in ways that take years to develop from scratch. Those things matter in security.
Here is the honest guide to making the switch.
How long does it actually take?
Longer than the adverts suggest. Shorter than you probably fear.
With consistent effort, most mid-career switchers reach their first entry-level cyber security role within 12 to 18 months. That assumes you are putting in real hours, not dabbling. Ten hours a week of focused, structured practice moves the needle. Five hours a week extends the timeline significantly. Twenty hours a week, if you can manage it around other commitments, compresses it.
The people who take the longest are not the ones who started with no technical background. They are the ones who studied inconsistently, jumped between resources, or spent months on theory without ever building anything demonstrable.
Pick a direction. Pick a platform. Show up consistently. The timeline takes care of itself.
Do you need a degree?
Technically not.
This is worth being unambiguous about because a lot of people stall here unnecessarily. The majority of UK cyber security employers now prioritise certifications and demonstrated practical skills over formal degrees. The skills gap in the field is large enough that organisations cannot afford to filter by educational background when there are qualified candidates without degrees who can do the work.
What you need is evidence. Not paper qualifications that say you have studied something, but practical proof that you can actually do it. A public profile showing consistent lab work, a practical certification from a live exam, and the ability to talk specifically in interview about what you have done is the combination that gets you hired. A computer science degree without those things is worth less than you might think.
What qualifications do you actually need?
The shortest honest answer: one practical certification relevant to your target role, evidence of hands-on lab work, and the ability to talk specifically about what you have done in a technical screen.
The longer answer depends on which direction you are going.
Targeting SOC analyst or blue team work: TryHackMe's SAL1 certification is the most directly relevant credential. It is a live SOC simulator exam, not a multiple-choice test, and it is backed by Accenture and Salesforce. Pair it with a completed SOC Level 1 path and a visible TryHackMe profile and you have the combination most hiring managers are looking for at entry level. Premium subscribers receive a 15% discount.
Targeting penetration testing or red team work: TryHackMe's PT1 certification is the right first practical credential: a 48-hour engagement exam with a graded professional report. The revamped Jr Penetration Tester path is the canonical preparation route. Premium subscribers receive a 15% discount.
GRC, compliance, or policy roles: A foundational cyber security certification plus documented knowledge of NIST, ISO 27001, or GDPR depending on your target sector. The Cyber Security 101 path covers the technical foundations that make compliance work meaningful rather than purely administrative.
What if you are switching from a non-technical background?
The instinct is to spend six months learning to code before attempting anything cyber security specific. Resist it.
You do not need to be a programmer to work in cyber security. Many of the most important roles, SOC analyst, GRC analyst, threat intelligence, incident response, require analytical thinking, clear communication, and structured methodology far more than they require programming ability. The technical skills are learnable on the job and through structured lab practice. The soft skills you already have are harder to teach.
Start with TryHackMe's Pre Security path and Cyber Security 101 path. These cover the technical foundations you need before specialising, without assuming any prior background. Four to six weeks here and you will have a clear picture of which direction suits you and what you still need to build.
What you should not do is spend months reading blog posts and watching YouTube videos without touching a live lab environment. The learning that actually transfers to interviews and jobs happens in environments where you are doing something, not consuming something.
What if you are switching from IT support or helpdesk?
You are closer than you think.
IT support experience gives you Windows and Linux proficiency, an understanding of how users interact with systems, familiarity with networks, and the troubleshooting instinct that is one of the most valuable things a SOC analyst brings to alert investigation. None of that is starting from zero.
The gap to close is security-specific thinking and tooling. SIEM platforms, threat intelligence enrichment, log analysis, and incident response methodology are the areas to invest in. The SOC Level 1 path on TryHackMe is the most direct structured route from IT support foundations to SOC analyst readiness.
Timeline for IT support to first security role: six to twelve months of consistent, structured preparation is realistic for most people. With prior exposure to Active Directory and networking, the lower end of that range is achievable.
How do you build work experience before you have a job?
This is the catch-22 that trips most mid-career switchers. You need experience to get hired, but you cannot get experience without being hired.
The answer is that in cyber security, self-directed lab work is treated as genuine experience by technical hiring managers. A TryHackMe public profile showing consistent activity over six months, documented writeups of challenges you have completed, and a practical certification all constitute demonstrable experience. Not as a substitute for the real thing eventually, but as sufficient evidence to get through a technical screen at entry level.
The specific combination that works: complete a structured path on TryHackMe and let your public profile build over time. Document every significant lab exercise as a writeup, even briefly, and publish on GitHub or a personal blog. Sit one practical certification. Link everything from your LinkedIn profile and every application you send.
The candidates who get hired mid-career without prior security job titles are almost always the ones who have made their learning visible over a sustained period, not the ones who crammed before applying.
What is the most accessible first role?
SOC Tier 1 analyst. Not because it is the most exciting role, but because it has the largest entry-level hiring pipeline, the most structured onboarding, and the operational security experience that accelerates every career move that follows.
GRC analyst is the strongest option for candidates from non-technical backgrounds in compliance, audit, legal, or policy. Demand is high in 2026 as GDPR enforcement, DORA, and NIS2 all drive regulated sector hiring.
Penetration testing is the role most people want and one of the less accessible first positions. Not impossible, but the technical bar is higher and the competition is stiffer. For most mid-career switchers, SOC analyst first and then penetration testing after 12 to 18 months of operational experience is the path that works more reliably than targeting pentesting from the start.
Your first move
Stop waiting until you feel ready. You will not feel ready until you have done enough to feel ready, and you cannot do enough without starting.
Create a free TryHackMe account. Open the path that matches where you want to go. Complete one room today.
The career is on the other side of consistent effort. Start building it.
Nick O'Grady