I get asked fairly often how I got into cybersecurity, and whether it’s realistic for someone without a traditional IT background to make the switch. The short answer is yes — I did it, and plenty of others have too. But it does take effort, patience, and a willingness to learn continuously.

Here’s the advice I wish I’d had when I was starting out.

You Don’t Need a Computer Science Degree

Let’s get this one out of the way first. A CS degree is helpful, but it’s not a requirement. Cybersecurity is a broad field, and there are roles that lean heavily on communication, governance, risk management, and policy — not just deep technical skills.

I came from an information management background. Understanding how organisations handle data, who has access to what, and why that matters turned out to be directly relevant to security work.

Start With the Fundamentals

Before diving into security-specific topics, make sure you have a solid foundation in:

• Networking — understand TCP/IP, DNS, HTTP, and how devices communicate. You don’t need to be a network engineer, but you need to know the basics.
• Operating systems — get comfortable with both Windows and Linux. If you don’t have a Linux machine, a Raspberry Pi is a cheap and effective way to get hands-on experience.
• How the internet works — seriously. Understanding web requests, certificates, encryption in transit, and basic web architecture will serve you well.

CompTIA’s Network+ and Security+ are solid starting points if you want structured learning. They’re not the most glamorous certifications, but they cover the fundamentals well.

Build a Home Lab

You don’t need expensive equipment. A Raspberry Pi, an old laptop, or even a virtual machine on your current computer is enough to get started. The goal is to have an environment where you can experiment freely without worrying about breaking anything important.

I wrote about my own Pi home lab setup if you want ideas.

Get Involved in the Community

Cybersecurity has a genuinely welcoming community, especially for people who are learning. Here are some places to start:

• Reddit — r/cybersecurity, r/netsec, and r/ITCareerQuestions are all active and helpful
• Local meetups and conferences — BSides events are particularly welcoming to newcomers and often have talks specifically aimed at people entering the field
• LinkedIn — follow people who share practical security content. There’s a lot of noise, but there are also genuinely knowledgeable people sharing valuable insights

Don’t Try to Learn Everything at Once

Cybersecurity is enormous. You could spend a lifetime studying and still not cover everything. That’s fine — nobody knows it all.

Pick an area that interests you and go deep on it. Whether that’s cloud security, governance and risk, penetration testing, incident response, or security architecture — find what excites you and start there. You can always branch out later.

Consider Certifications Strategically

Certifications aren’t everything, but they do help — especially early in your career when you’re trying to demonstrate knowledge without years of experience to point to.

A reasonable progression might look like:

1. CompTIA Security+ — a solid entry-level certification that covers the basics
2. A specialisation cert — depending on your interests (CySA+ for analysts, PenTest+ for offensive security, AWS/Azure security certs for cloud)
3. CISSP — when you have the experience to back it up, this opens a lot of doors

Don’t collect certifications for the sake of it, though. Each one should serve a purpose in your career development.

Be Patient With Yourself

Career changes take time. There will be moments when you feel like you’re not making progress, or when the gap between where you are and where you want to be feels impossibly wide. That’s normal.

Keep learning, keep building, keep writing about what you’re doing. Progress is often invisible until you look back over several months and realise how far you’ve come.

If you’re considering the switch, I’d say go for it. The field needs more diverse perspectives and backgrounds, and the work is endlessly interesting.