How to Get Into Cyber Security: How I Broke In After 15 Years in IT

Leave a Comment / Cyber Security Career and Education / By
Silhouette wearing a backpack and cap facing a glowing digital horizon with blue and gold data streams converging into light.

People love to say you can “break into cyber in 90 days.” Others act like you need a decade of networking experience, a CCIE, and a blood oath under a full moon just to be considered. The truth sits somewhere in the middle, and my story lives firmly in the slow, steady, human category.

I didn’t get into cyber because I was strategic or ahead of the curve. My career started one afternoon, while I was studying my first IT course at uni, my dad handed me a page he’d ripped out of the newspaper and said, “Thought you might want to apply for this.” It was an advertisement for an IT traineeship.

I applied that night. I didn’t tell anyone at uni, not because I was competitive, but because I didn’t want anyone else to apply. I wanted this one shot to be mine. When I got the call saying I’d been accepted, my mate Dean looked at me and said, “Wow… you’re the first one of us to get a real job.” That moment changed everything.

Years later, I like to joke: “To get into cyber, all you need is 15 years of IT experience, an undergrad, and a grad cert. Easy.” It’s funny because it’s true. My path into cyber wasn’t a pivot or a bootcamp. It was a long, slow, very human journey built on curiosity, consistency, and being the person who cared about doing things properly long before the word “cyber” appeared in my job title.

How to get into cyber security is something many people ask, and my own journey took far longer than the 90‑day fantasy you see online.

Here’s how it really happened and how you can do it faster.

The Traineeship: The First Real Step Into IT

That traineeship became the foundation of everything that came after. I worked four days a week and studied one day a week, learning the fundamentals of service desk, tech support, and small project work. It was the kind of hands‑on, real‑world experience you only appreciate years later.

I learned how organisations actually breathe, how people use systems in unpredictable ways, and how much of IT is really about communication and trust. Those early years taught me how to solve problems without overengineering them and how to keep things running when nothing was going to plan. That grounding still shapes how I approach cyber security today.

Early Career: Doing Everything Because Someone Had To

My next role was a mix of Service Desk Officer and IT Projects Officer in one. One minute I was rolling out PCs, the next I was supporting business projects or helping someone in a panic because their system had gone down. It was an environment where you learn by doing because there is no other option.

When I moved into a Level 2 role, the responsibilities grew quickly. I found myself managing budgets, supporting the service desk team, running projects, and implementing mobility and MDM back when it was still new and slightly mysterious. I became the “go‑to” person for certain products, someone people trusted to get things done.

But eventually, I felt that quiet internal nudge: you’ve learned everything you can here. I wasn’t unhappy, but I knew I was ready for something different.

The Search for What’s Next: Following the Threads

When that feeling set in, I started exploring. I looked into:

  • Cisco networking
  • Microsoft system administration
  • Cloud and identity
  • anything that felt like forward motion

But what stood out wasn’t a traditional IT path it was a gap. Security was becoming more important, but nobody seemed to fully own it.

Then two things happened on the same day:

our CEO mentioned wanting to improve cyber security, and CSU emailed me about a 75% CSP discount for the Graduate Certificate in Cyber Security. It felt like the universe tapping me on the shoulder.

I enrolled within five minutes. My company’s uni grant covered almost everything. Perfect timing. Perfect alignment.

The Leap Into Cyber: Uncomfortable in the Best Way

After a year of study and many conversations with my manager, the organisation created its first Cyber Security Analyst role and offered it to me.

I didn’t feel ready. Nobody does. But that discomfort was the point.

On my first day, someone handed me a penetration test report and said:

“Can you call the vendor and explain why they’re insecure and ask them to fix it?”

I had never done that before. It was uncomfortable, confronting, and completely outside my comfort zone and exactly the kind of growth I’d been chasing.

That’s cyber in a nutshell: you learn by doing the thing you’re not quite ready for yet.

If I Were Starting Today: How to Break Into Cyber Security

If I had to start from scratch today, I’d compress everything I’ve learned into a more intentional, focused path. Depending on your current experience, you can jump straight to the step that fits you.

My journey took 15 years because cyber security wasn’t a common job when I started. I wasn’t aiming for it, I didn’t even know it was a thing. You don’t need 15 years. You just need direction.

1. Get a Traineeship or Entry‑Level IT Role (Your Real Foot in the Door)

A traineeship is ideal – paid study, real experience, and exposure to everything IT touches.

But if you can’t get a traineeship, a help desk job is one of the strongest and most underrated pathways into cyber security.

Help desk gives you daily exposure to identity issues, access problems, networking quirks, cloud behaviour, and real‑world troubleshooting. You learn how systems behave when real people use them, and you build relationships with the cyber team through escalations, questions, and curiosity.

And I want to say this clearly: Never let anyone make you feel bad for working in help desk.

It’s not “less than.” It’s not a dead end. It’s a legitimate career, a stepping stone, and a launchpad. Some of the best cyber analysts I know started in help desk including me.

2. Start With the Right Certifications (Not the Hardest Ones)

You don’t need 20 certifications or an OSCP to land an analyst job. You need achievable, relevant certifications aligned with what employers actually ask for.

The best starting points are:

These certs build confidence and credibility without overwhelming you.

And here’s the truth: Everyone uses Microsoft.

Their certs are cheap, accessible, and directly relevant to the tools businesses rely on.

If you want to move faster, look at job ads for junior cyber roles and target the requirements and certifications you see repeatedly. That’s how you study with intention.

3. Study IT, Not Just Cyber

Cyber security doesn’t exist in a vacuum. It’s built on:

  • networking
  • identity
  • operating systems
  • cloud fundamentals

You don’t need to be an expert, but you need to understand the terrain before you can secure it. IT fundamentals make everything in cyber easier.

4. Consider University (If It Fits Your Life)

You don’t need a degree to get into cyber, but a degree can open doors. Especially in government, enterprise, and leadership roles. It’s not mandatory, but it’s a powerful accelerator if it aligns with your goals. It did for me.

5. The Rule That Changed Everything: Don’t Stop Studying Until You Get the Job You Want

This mindset changed my entire career.

When I decided I wanted to move into cyber, I committed to studying until I got there. From that moment, it took me over one year and finishing my degree to make the transition.

Continuous study pays off because:

  • it builds momentum
  • it builds confidence
  • it builds credibility
  • it keeps you relevant
  • it signals commitment

The key is to study with intention. Not everything. Not every trend. Not every cert. Study the things that move you toward the job you want.

The Real Secret to Getting Into Cyber Security

Most people think cyber is a door you kick down. It’s not. It’s a path you grow into slowly, deliberately, one uncomfortable leap at a time.

Your first role won’t be glamorous. Your path won’t be linear. But it will be yours.

And if you’re willing to keep learning… really learning… you’ll get there.

FAQ: Common Questions About Getting Into Cyber Security

How long does it take to get into cyber security?

I spent 15 years in IT before I even realised cyber was a direction I could aim for. Once I committed, it took just over a year and finishing my degree to make the move.

Most people don’t need 15 years, with focused study and the right experience, many transition in 12–24 months.

Do you need a degree to work in cyber security?

No. But a degree helps with long‑term mobility, government roles, and leadership pathways.

What certifications should beginners get?

Start with certs that employers actually ask for:

SC‑900, SC‑200, and Security+.

They’re achievable, respected, and directly relevant to real tools and environments.

Can you get into cyber without IT experience?

It’s possible, but very hard. IT experience makes everything easier.

A traineeship or help desk role gives you the foundation cyber is built on. Identity, access, networking, cloud, troubleshooting, and how real people actually use systems.

Is cyber security hard to learn?

It’s challenging, but not unreachable.

Consistency beats intensity every time.

What’s the fastest sustainable path into cyber?

  1. Entry‑level IT role
  2. Foundational certs
  3. Hands‑on labs
  4. Junior SOC or analyst roles such as:
    • SOC Analyst (L1)
    • Cyber Security Support Officer

Continue Reading

4 Ways I Got Uni for Free and Got Paid to Study (Without Being a Genius or Gaming the System)

Hack The Box Web Exploitation Pathway: 4 Ways I Strengthened My Cybersecurity Toolkit

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe
Subscribe