Skip to content
Cybercademy
START HERE

Get Started in Cybersecurity

Find the right resources, understand the landscape, and build a plan that works for you.

What is Cybersecurity?

"Cybersecurity is the art of protecting networks, devices, and data from unauthorized access through the practice of confidentiality, integrity, and availability of information."

The 3 Key Elements in Cybersecurity

C

Confidentiality

Ensuring only authorized users have access to read information.

I

Integrity

Allow authorized users to modify information.

A

Availability

Authorized users are able to access information on an as-needed basis.

Ensuring the confidentiality, integrity, and availability of a network, different devices, and data is the core to cybersecurity. All three conditions make up what we know as cybersecurity. One condition is not necessarily better than the other. Ensuring confidentiality, integrity, and availability is often referred to as the CIA Triangle or Triad. In addition to the CIA Triad, other conditions such as non-repudiation and authorization are equally important to maintain an effective cybersecurity posture.

Cybersecurity isn't all about "hacking"

Although cybersecurity often involves what we like to depict as "hacking", there is much more involvement than simply hacking into computers, networks, and companies.

Cybersecurity considers specific risks posed to an organization

Performing accurate risk assessments is an important element to cybersecurity. Identifying, evaluating, and mitigating specific risks posed to an organization is one key element in cybersecurity. Risks can include both physical and digital elements.

Cybersecurity Careers

Cybersecurity can be divided into several types of paths, specialties, and responsibilities. Each trait making up its own career title. Here are the most popular entry-level positions in cybersecurity.

Cybersecurity Analyst

Detects and prevents cyber threats for a company.

Incident Responder

A cyber firefighter who addresses security incidents and threats.

Penetration Tester

Probes for and exploits security vulnerabilities to identify weaknesses in networks / systems.

Security Auditor

Probes for the safety, effectiveness, and security compliance of a company.

Security Specialist

Responsible for designing, testing, implementing, and monitoring the overall security posture of a company.

Vulnerability Assessor

Scans applications and systems to identify any current vulnerabilities.

Cybersecurity Domains

"Cybersecurity" represents a complete list of responsibilities, roles, and topics. Often referred to as the domains of cybersecurity, each element includes very specific goals and responsibilities to be accomplished. Within every domain are sub-domains. The responsibilities and tasks associated with each sub-domain contribute to the larger goal of the top domain and ultimately the goal of cybersecurity.

Security & Risk Management

Governance, compliance, risk assessment, legal regulations, and security policies.

Asset Security

Protecting and managing organizational assets, data classification, and ownership.

Security Architecture

Designing secure systems, networks, and infrastructure.

Network Security

Securing network components, connections, and communications.

Identity & Access Management

Controlling who has access to what resources and under what conditions.

Security Assessment & Testing

Auditing, testing, and validating security controls.

Security Operations

Monitoring, detecting, and responding to security incidents.

Software Development Security

Integrating security into the software development lifecycle.

Cloud Security

Securing cloud infrastructure, services, and data.

The above is a simplified overview of the major cybersecurity domains. Each one contains numerous sub-domains and specializations. You don't need to master all of them, pick a direction that interests you and go deep.

Let's Make a Four-Step Plan

You now have some resources to choose from. Let's go ahead and make a plan.

Step 1

Take out a piece of paper. Pick one of the above mentioned resources from each category. Write down your four resources on this piece of paper.

Step 2

Next to the listed resources you have written down, allocate a specific amount of dedicated time you will spend each day or week on learning from that resource.

Step 3

Title this paper, "My plan to learn more about cybersecurity" and place this paper in a place where you will be able to see it every day.

Step 4

Time to start learning! You have a plan set into place now. Getting started in cybersecurity does not have a very sophisticated, well-orchestrated plan. Approach your plan with simplicity.

Explore Before You Invest

Starting out in cybersecurity can be confusing and overwhelming. Hundreds of resources, platforms, certifications, and degree programs all competing for your attention and you haven't even figured out which career path to pursue yet. Here's what matters: make a plan. Your plan will look different from everyone else's. What's important is that it's catered to your learning style and lets you start now.

Before making a major investment into a university program or certification training, spend a few months simply learning more about the industry. It doesn't matter if you're in high school, already at university, or mid-career in something else entirely, the setting you're in right now doesn't matter. Free, paid, online, or a book, it doesn't matter. What does matter is that you learn more about the industry before you spend serious money trying to get into it.

Browse free resources

Common Questions

Here are some of the most common questions I receive from individuals who are considering the idea of getting started in cybersecurity.

How do I get started in cybersecurity?
Look above. My recommendation, don't wait for a university or certification program to teach you. Start learning now! Pick a resource, grab a notebook, and dedicate 30 minutes of your day to learning more about cybersecurity.
What's the best school for cybersecurity?
Simple answer, a variety of schools. Check out cyberdegrees.org if you are in the United States and want to look into cybersecurity degrees.
Do I need a college / university degree?
I don't think you have to have a college / university degree. However, I would strongly encourage you to consider college if you are between the ages of 18–22 and do not hold a degree.
I suck at programming… Does that mean I can't succeed in cybersecurity?
Programming is used in cybersecurity. Is it used for every single task, job, and career? No. You can be very successful in cybersecurity without having the knowledge of programming. I would encourage you to learn programming, but it's not required.
What certification should I start with?
Look into a certification which holds credibility and real value in the industry. A lot of people view the Offensive Security Certified Professional (OSCP) as a credible, valuable certification for example.
Which major is best for cybersecurity?
The easy answer is several. Popular majors include computer science, computer information systems, business information systems, software engineering, cybersecurity, and security assurance.
Should I get a Master's in Cybersecurity?
Unless you are striving to be in the academic industry (such as a professor or researcher), I would advise against it. After you have an Associates or Bachelor's level degree, certifications are your next best option.
I can't afford online training. Can I still learn more about cybersecurity?
Of course! There are some great, free resources out there which you can learn from. Look at the resources listed on this site and choose one to start out with.
I don't have past experience in I.T. Can I still get into cybersecurity?
Entry-level cybersecurity positions aren't the most common. Often times, you will see companies requiring a minimum amount of past I.T. or I.T. security experience. I personally think you can. Here's how — build your own "experience." Build out your own little home lab.
How do I get an internship in cybersecurity?
Focus on making yourself marketable and standing out against the competition. Build a home lab, work on projects, get involved in CTFs, and document everything you learn.