How IT professionals can change careers to cyber security

A digital padlock representing security
(Image credit: Shutterstock)

The cyber security skills gap is arguably widening, with the UK government recently finding nearly half of all businesses lack the basic skills needed to protect themselves in today’s complex threat landscape. This presents an opportunity for IT professionals who might want to switch careers.

Making the transition into a cyber security career makes perfect sense, with experts saying an IT background is a solid foundation for a career in the sector. With multiple roles available, the job doesn’t always require technical skills, with IT professionals equipped to explore careers spanning cyber security sales to strategy too.

As the cost of living crisis deepens, cyber security is well-paying and recession-proof, according to Amanda Finch, CEO of the Chartered Institute of Information Security (CIISec). “The industry skills shortage means there are plenty of openings – and it’s an incredibly interesting, fast-moving and topical area to work in.”

A key driver for moving into cyber security is the “excitement factor”, adds Liam McQuade, IT recruitment consultant at The Bridge. Those who want to combine their technical knowledge with creative problem-solving can look at opportunities in cryptography, for example, he says. “Being part of continuous improvement in keeping data and infrastructure secure is hugely rewarding.”

There are many solid reasons for IT professionals to get into cyber security, but there are also several ways to navigate this transition and different factors to bear in mind to maximise the chances of success.

Which skills are best for cyber security?

It's easier to move into cyber security than many people think. The switch doesn’t usually require extensive re-skilling – especially for those working in IT, according to Finch. “The industry welcomes almost any skill set, including technical abilities to encrypt data and protect the network, as well as analytic skills to spot threats and determine the right response to new attacks.”

There’s also a need for people skills to manage teams without increasing stress, as well as to educate the wider business on how to identify potential attacks and reduce risk, according to Finch.

Brett Griffin, a business manager at cyber security recruiter Gleeson Recruitment Group, says cyber security sales is “a great career opportunity” for IT professionals. “But,” he continues, “this is sometimes overlooked in favour of purely technical roles.

“The sales side will always rely on human intelligence rather than artificial intelligence (AI) to understand clients’ individual risks, empathise with their challenges, and explain and provide tailored solutions. This means there’s a little more long-term job security.”

There are multiple routes you can take, but some general steps can help IT professionals ensure they’re in a good position to pursue a career in security.

Those considering the move should learn how networks function. It’s also a good idea to know how to configure and maintain a corporate network with an active directory structure, as well as to brush up on the basics of security such as patching, good password practice and understanding of risk, says Leon Teale, senior penetration tester at IT Governance.

Seeking out additional training

While most IT professionals will have these skills on a basic level, many will only understand them as needed for their own day to day work, Teale says. Therefore, additional training is sometimes necessary.

Many IT professionals may not need to fork out for a cyber security degree although certifications might be a helpful way forward. Basic foundational books and courses can offer some guidance, and an apprenticeship or course from a certified body might make sense for IT professionals who are looking to switch early in their careers, Finch says.

There are a number of entry level courses available, such as CISMP or CompTIA, says Freha Arshad, managing director, Accenture Security in the UK. “All of the major cloud service providers offer security courses for varied levels and skill sets. With enterprises increasingly focused on the cloud, this area is also a good place to start.”

In addition, says McQuade, there are free resources online to support self-learning: “HackXpert and TryHackMe provide training labs, while Cybrary offers a library of helpful videos, labs and training exams. Many online platforms also provide game and real world scenario-based resources.”

It’s worth taking into account that businesses often prioritise practical skills and experience over degrees and qualifications, says Haris Pylarinos, CEO and co-founder at gamified cyber security training platform Hack The Box. “Companies are now much more open to hiring IT experts with relevant cyber skills and practical experience, as well as self-taught hackers.”

He recommends taking part in Capture the Flag competitions or bug bounty programmes. “Entering them is a good way for IT professionals on the hunt for new roles to demonstrate their proactivity and eagerness to develop their cyber skill set.”

Honing your CV and looking for openings


Employees are choosing how they work

And with the right secure digital strategy, this could be a great thing for your business: today and far into the future


Once you’ve decided to pursue a career change into cyber security, you’ll need to hone your CV. IT professionals should look at the skills they have and work out how they can be applied to cyber security, says Finch. “Are you already skilled at analysing data and spotting minor discrepancies, or at managing and educating others?,” she asks. “You can then update your CV as appropriate – showing how this experience can be applied in a security environment.”

Evidencing your technical skill set on your CV, including your involvement in any major projects, is “a must”, says McQuade. “Employers are hungry for candidates that can showcase their ability – and interest – in the sector. I’ve read some excellent candidate-owned blogs, including one written by a malware analyst who had taken live malware samples and reverse-engineered them.”

It's important to showcase your abilities, yet at the same time be honest, specific and direct in your CV, says Jim Tiller, CISO at Nash Squared. “If you are moving from IT to cyber security and try to blur the line, it will be exposed. Present your strengths and experiences in IT and relate those to the job you’re looking to fill. For example, if you’ve supported endpoint systems for the last three years in IT, this knowledge and experience is valuable to an organisation looking to fill an endpoint security role.”

In order to find openings, sign on to specialist boards and with recruitment agencies, advises Lauren Wakeling, UK country manager at CoursesOnline. These can be found via a quick Google search, with Careers in Cyber and Infosec People two examples of those who “understand the industry and what’s needed to progress within it”, she suggests.

It's important to keep up to date with what’s happening in the cyber security industry and to build networks with other professionals and organisations, says McQuade. “Cyber security influencers share great content on LinkedIn, including TED Talks, videos and articles, which can really help to enrich your knowledge and sign-post you to other sources of learning. LinkedIn can also put you on the radar for recruiters looking for talent.”

Kate O'Flaherty

Kate O'Flaherty is a freelance journalist with well over a decade's experience covering cyber security and privacy for publications including Wired, Forbes, the Guardian, the Observer, Infosecurity Magazine and the Times. Within cyber security and privacy, her specialist areas include critical national infrastructure security, cyber warfare, application security and regulation in the UK and the US amid increasing data collection by big tech firms such as Facebook and Google. You can follow Kate on Twitter.