Cybersecurity is one of the few career fields where you can start with no formal IT background and build a solid career within two years — if you pick the right path. The industry needs people badly enough that employers are willing to train candidates who show aptitude and drive. But knowing where to start is the hard part. This guide lays out the entry points, the certifications that matter, and the mistakes to avoid.
Do You Need a Degree?
Short answer: no. Many of the best cybersecurity professionals I know came from other fields — teaching, logistics, retail management, the military. A computer science degree helps, but it is not a requirement. What matters more is whether you can demonstrate practical skill.
Employers in cybersecurity care about three things: what you can do, what certifications you hold, and how you think through problems. A degree checks a box. A home lab with documented projects and a Security+ certification tells an employer you can actually do the work.
The Three Entry Paths
Path 1: Certifications First
This is the most common route. Start with CompTIA Security+ — it is the baseline certification that most entry-level security roles require. From there, move to CySA+ for defensive security or PenTest+ for offensive work. The certification path gives you structured learning and a credential employers recognise.
If you are serious about a career in ethical hacking, Zero to Ethical Hacker is the best starting book on the market. It walks you from absolute beginner through to running your first penetration test in a legal lab environment.
Path 2: Self-Study and Home Labs
Some of the best security engineers I have worked with never took a formal course. They built a home lab, worked through practical books, and learned by breaking things. If this sounds like you, start with Building a Home Hacking Lab to set up your practice environment, then work through Ethical Hacking Foundations to run through real attack chains.
The advantage of this path is that you learn faster and retain more. The disadvantage is that you have no credentials to show employers. Most people combine self-study with at least one certification to get the best of both worlds.
Path 3: Bootcamps and Structured Programmes
Bootcamps work for some people, especially those who need structure and accountability. The good ones run 12 to 24 weeks and cover enough material to prepare you for Security+ and entry-level roles. The bad ones cost thousands of rand and leave you with a certificate that no employer recognises. If you go this route, research the provider carefully. Ask for graduate employment statistics. If they will not share them, walk away.
What Employers Actually Look For
I have sat on both sides of the interview table. Here is what hiring managers actually want from an entry-level candidate:
- Security+ certification. This is the minimum bar for most security roles. Without it, your CV gets filtered out before a human reads it.
- A home lab. Even a basic setup with VirtualBox and a few vulnerable VMs shows initiative. Be ready to talk about what you have built and what you learned.
- Communication skills. Security professionals spend more time writing reports and explaining risks to non-technical stakeholders than they do hacking. If you cannot write clearly, learn.
- Curiosity. The best interview question I ask is: “Tell me about something you taught yourself recently.” The answer tells me more than any certification.
Common Mistakes Beginners Make
Mistake 1: Trying to learn everything at once. Cybersecurity is vast — network security, application security, cloud security, forensics, governance, risk, compliance. Pick one area and go deep before branching out. Most successful security professionals specialise early.
Mistake 2: Skipping the fundamentals. You cannot secure a network if you do not understand how TCP/IP works. You cannot analyse malware if you do not understand operating systems. Spend the time on foundations. It pays off.
Mistake 3: Not building a portfolio. Your CV says you studied. Your GitHub profile, blog posts, and lab documentation show what you can do. Employers look at both.
Mistake 4: Ignoring the non-technical side. Security is as much about policy, process, and people as it is about technology. The professionals who advance fastest are the ones who can translate technical risk into business language.
Your First 90 Days
Here is a practical plan for your first three months:
- Days 1–30: Read Zero to Ethical Hacker and set up a home lab. Understand the mental model before you touch the tools.
- Days 31–60: Work through the CompTIA Security+ SY0-701 domains using the study guide. Do the lab exercises.
- Days 61–90: Take practice tests, identify weak areas, and book your exam. Read The Cybersecurity Career Toolkit alongside your exam prep to start thinking about the job hunt.
For a full reading list, see our guide to the best cybersecurity books for beginners in 2026.
Browse the full cybersecurity catalogue at Reader’s Shack. For one-on-one career advisory and mentorship, visit Greg Hay.
Find Your Next Great Read
Browse our full catalogue of cybersecurity, business, and faith books. Instant EPUB and PDF downloads, DRM-free, readable on any device.
Browse All Books →