Transitioning From General IT to Cybersecurity

| CyberDegrees.org Staff Modified on May 3, 2022

Transitioning From General IT to Cybersecurity

Are you ready to find a school that's aligned with your interests?

Cybersecurity has emerged as one of the most in-demand fields in tech. It attracts established information technology (IT) professionals seeking new career challenges. Cybersecurity's diverse job opportunities often draw tech-savvy IT generalists.

A 2021 CompTIA analysis noted cybersecurity's increasing share of the tech job market. By October 2021, cybersecurity jobs accounted for 20% of the year's total tech hiring. By comparison, cybersecurity jobs accounted for only 18% of the tech job market in 2020 and 17% in 2019.

Meanwhile, Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings globally by 2025.

Tech professionals wondering how to get into cybersecurity from general IT can choose from multiple career paths. This guide reviews common cybersecurity retraining options.

How Do Careers in IT Differ From Careers in Cybersecurity?

Careers in IT and cybersecurity overlap in certain ways. IT professionals routinely perform system configuration and administration, database management, networking, and coding. Cybersecurity specialists also use these foundational skills.

Some consider cybersecurity as a specialized subfield within IT security. However, the focus and objective differ between the two fields. This is true even when considering IT from a security standpoint.

IT security involves comprehensive plans to cover all forms of data and information an organization generates. This includes both online and offline assets. Cybersecurity focuses on protecting data and information accessible through the internet. This field's goal is to neutralize external (and internal) threats that originate online.

As such, cybersecurity experts need a more targeted and specialized skill set. IT professionals can acquire these skills through a combination of education and experience, as the following sections describe.

Cybersecurity Education Requirements

Aspiring cybersecurity professionals often pursue degrees. An associate degree is the minimum education requirement for most entry-level positions. For roles with advancement potential, employers generally prefer candidates with at least a bachelor's degree.

To transition from IT to cybersecurity, you may want to consider earning a master's. This is especially true if you already hold a bachelor's degree in computer science or a related subject. Completing a specialized master's degree in cybersecurity can help you stand out to employers.

While most experts agree that an undergraduate or graduate degree will boost your employability, you have other options. Some examples include self-training, security certifications, and cybersecurity bootcamps.

Cybersecurity bootcamps offer intensive, targeted education that focuses on building specific in-demand skills. Some of these skills are difficult to learn. Students with IT backgrounds generally have the foundational knowledge required to succeed at fast-paced technical learning.

If you opt for self-training, experts stress that you should back it up with professional certifications to validate your skills.

Explore the links below to learn more about cybersecurity education requirements. These pages offer information about self-training, bootcamps, and degree programs.

Cybersecurity Experience Requirements

A 2019 Burning Glass Technologies report found that 46% of cybersecurity jobs require 3-5 years of experience. Thirty-nine percent demanded six years or more, while just 15% of positions called for two years or less.

Yet, the cybersecurity job crunch suggests that employers are desperate for skilled professionals. Given the industry landscape, trends seem to favor job-seekers. Some employers may be flexible on experience requirements.

That said, it is difficult to land even an entry-level cybersecurity job with no experience. Professionals switching from IT careers to cybersecurity may have an advantage in this regard. Employers are often willing to consider general IT experience as relevant, especially for roles that draw on comparable technical proficiencies.

Certain cybersecurity roles tend to require lower levels of experience. Examples include security auditors, penetration testers, and incident responders.

A 2019 Burning Glass Technologies report found that 46% of cybersecurity jobs require 3-5 years of experience.

For more senior roles, candidates need significant cybersecurity experience. Examples of these positions include security engineers, security systems administrators, and cybersecurity managers.

Pay typically rises with experience. Roles with more responsibility also tend to offer higher salaries.

Required Cybersecurity Certifications

Some employers prefer or require particular security certifications. Even when fully optional, industry-standard certifications can bolster a job-seeker's resume.

If you are wondering how to get into cybersecurity from IT, certification offers an efficient path. This is especially true if you already have a relevant degree and significant experience as an IT generalist. In such cases, enhancing your credentials with cybersecurity skill endorsements may help you stand out to employers.

Numerous professional organizations and leading tech companies offer standardized certification programs. Some allow candidates to take exams leading directly to certification. Others require test-takers to complete a prep course or training module first.

Technology changes fast, and cybersecurity best practices change with it. Thus, many credentials carry recertification requirements. Additional training or professional development may be necessary for recertification.

Once you know the cybersecurity job you want to pursue, identify relevant certifications and seek out reputable providers.

How to Get Into Cybersecurity After Working in IT

Transitioning from IT to cybersecurity should build on existing professional experience. Generalist IT roles establish fundamental skills for cybersecurity professionals. In many cases, making a successful switch is a matter of refining specific skills.

However, job-seekers with no professional tech experience may benefit from landing a "starter job" in IT first.

Tech industry insiders often encourage cybersecurity candidates to identify a focus area, at least to start. You can think of this focus as a short-term, transitional goal to help you land your first cybersecurity job. You can then continue to build and diversify your skills.

Preparing for Your New Career

The paths detailed below cover typical steps for those transitioning from general IT to cybersecurity. These steps explain how to get into cybersecurity both with and without significant professional experience.

    Transitioning from Careers in IT to Cybersecurity with Professional Experience

    Note that these steps assume the candidate has relevant educational experience as well.

  1. Identify specific cybersecurity skills.
    Target a cybersecurity role that matches your interests and is attainable to someone at your education and experience level. Create a list of specific technical skills needed to succeed in that role.
  2. Take personal inventory.
    Audit your skill set. Assess how your current skills stack up against those required of professionals in your targeted role.
  3. Bridge and fill the gaps.
    Create a plan for addressing any shortcomings between your current skills and those you will need as a cybersecurity expert. Then, follow the plan. It may include upgrading your degree, attending a cybersecurity bootcamp, or undertaking self-directed training.
  4. Obtain cybersecurity certifications.
    Validate your upgraded skills by earning a relevant certification (or certifications).

    Transitioning from IT to Cybersecurity with No Professional Experience

  1. Educate yourself.
    Degree-based education builds complete and comprehensive skills. However, a degree takes several years to complete. Consider and research introductory coding bootcamps for a faster option.
  2. Gain professional experience.
    Graduate into an entry-level general IT job. Examples include roles in programming; technical support; and system, web, or network administration.
  3. Target a cybersecurity role.
    Identify a particular cybersecurity job that interests you, and determine which hard skills it demands. Then, chart a forward course using the rest of the steps listed above as your guide.

Finding Cybersecurity Jobs

Technology education providers typically offer some form of career training or job search support. This includes both diploma- and degree-granting institutions, plus bootcamps. Many institutions partner with companies looking to hire their graduates. If you completed education as part of your retraining plan, draw on these services if available.

You can also network with other students and working cybersecurity specialists, join professional organizations, and apply to internships. Work-study and internship programs sometimes lead to permanent full-time job opportunities. Many professional organizations maintain job boards for their members.

Open-access online job boards are important resources for cybersecurity job-seekers. These four resources tend to feature high volumes of open cybersecurity jobs:

Infosec-Jobs.com: This job board concentrates on ethical hacking, penetration testing, threat research, cryptography, and other cybersecurity roles. Job-seekers can contact employers directly without going through third-party services.

CareersinCyber.com: CareersinCyber.com forms an integral part of the Careers In Group. This extensive job network aggregates listings and categorizes them by specialization.

Dice.com: On Dice.com, job-seekers can find nationwide employment listings for a complete list of tech professions. Cybersecurity is well represented on the specialized site.

NinjaJobs: This community-operated tech employment site was purpose-built by working infosec professionals. Its listings maintain a sole focus on cybersecurity jobs.

Internship and Volunteer Opportunities

Volunteer and internship programs may offer value to established IT professionals looking to enter the cybersecurity field. These opportunities help workers build skills and learn from others in dynamic, real-world settings.

Both public and private organizations offer cybersecurity internships. Examples from recognizable providers include:

If you are in school, check with your education provider as well. Many schools offer internship programs and student placement opportunities.

Should You Transition From IT to Cybersecurity?

Professionals often switch from IT careers to cybersecurity because they want a new and exciting challenge. Industry insiders characterize cybersecurity as a dynamic field with significant task variation. This can appeal to tech professionals seeking high-impact ways to apply their skills.

However, candidates should maintain realistic expectations about cybersecurity. Many professionals describe it as a high-stress field. A 2021 survey found that more than half (51%) of cybersecurity professionals say they lose sleep over work-related worries. Research also reports high rates of burnout among cybersecurity experts.

High stress tolerance may serve your future cybersecurity career. However, if you do not perform well under pressure, you may want to think twice about pursuing cybersecurity. This can be a demanding, high-stakes career.

Additional Resources

FAQ About How to Get Into Cybersecurity

How do I get into cybersecurity with no experience?

A tech industry recruiting report from 2019 found that only 15% of cybersecurity jobs require less than two years experience. The field can be challenging for inexperienced candidates. Credentials validating essential skills can help you land an entry-level role to start.

Is it easy to transition from IT to cybersecurity?

For most, it's a smooth transition. Many of the core skills used by IT generalists also apply in cybersecurity roles. Experienced IT professionals often have a relatively direct path to cybersecurity jobs. Some people choose to supplement their existing credentials with cybersecurity certifications.

Are careers in cybersecurity better than careers in IT?

Industry insiders and tech reporters continue to stress strong demand for professionals with advanced cybersecurity skills. However, cybersecurity is generally considered more stressful than IT. The question of which path is "better" depends on your personal preferences.

Do cybersecurity jobs pay as well as IT jobs?

This depends on relative levels of responsibility. For example, a senior IT manager may out-earn an entry-level cybersecurity worker. At equal seniority and experience levels, pay rates are generally comparable. Senior cybersecurity jobs pay very high salaries relative to IT roles.


Featured Image: Elizaveta Starkova / Moment / Getty Images

Recommended Reading

View hand-picked degree programs

Tell us what you’d like to specialize in, and discover which schools offer a degree program that can help you make an impact on the world.