Cybersecurity

How to Transition from IT to Cybersecurity

Table of Contents

  • [toc headings="h2" title="Table of Contents"] In the cybersecurity industry, demand for qualified talent has never been higher. While the rate of new job creation in cybersecurity cooled in 2024 compared to the preceding years, data released by CyberSeek in June shows that there are still 470,000 unfilled openings in the field across the U.S., and there aren’t enough workers to fill them. As of the most recent estimates, there are approximately 225,000 more IT security job opportunities than there are professionals in the cyber defense job market. This skill shortage is so pronounced that the White House and National Cyber Director recently launched the National Cyber Workforce and Education Strategy program to make cybersecurity jobs more accessible and help to fill these critical positions. Professionals with a background in IT are particularly well positioned to take advantage of this unmet demand and make a cybersecurity career transition. Here are the steps professionals can take to switch into a security role.

  • Why switch to cybersecurity from IT?

  • The high demand for cybersecurity talent mentioned in the introduction is one reason to make an IT to cybersecurity career change. That demand translates to a high degree of job security, not just today but for years to come. The truth is, cybersecurity experts are needed in a wide range of industries, from tech companies to government agencies, and that need is only likely to increase as businesses continue to adopt new tech tools and use digital platforms. The broad availability of roles in this sector leads to another advantage: there are a lot of ways to pursue a security career path. Cybersecurity offers a variety of specializations, from risk management and incident response to ethical hacking or digital forensics. The field’s constant evolution means new roles and specialties are regularly being developed, too, and those who work in security will always have new skills to learn and new challenges to overcome. This makes the field ideal for professionals who enjoy solving complex problems and want a job where they can innovate and keep their mind constantly engaged. On the practical side of things, high demand also often translates to a high earning potential. While cybersecurity salary expectations vary depending on the level and type of role, even entry-level cybersecurity positions often come with a 6-figure salary, with the average pay over $120,000 per year for an entry level security analyst. That’s almost double the salary expectation for an entry-level IT professional, and that higher pay expectation holds true as professionals advance up the ladder, too.

  • Shared skills of IT and cybersecurity

  • If you’re currently working in an IT role, the odds are high you already use a variety of skills that you’ll see in cybersecurity job requirements. Understanding which of these transferrable skills is most in-demand can help IT professionals to best rework their resume for applying to security positions. Some of the top IT skills for cybersecurity roles include:

    • Networking fundamentals – A solid understanding of networking concepts like DNS, firewalls, routers, and TCP/IP is necessary for both IT and cybersecurity professionals to manage systems and ensure secure communication.
    • System administration – Thorough knowledge of how to configure, maintain, and monitor operating systems like Windows and Linux is necessary to both manage IT systems effectively and safeguard them against attacks.
    • Scripting and automation – Proficiency in languages like Python, PowerShell, and Bash is a key skill for many roles in both IT and security, allowing professionals to configure system settings and automate routine tasks.
    • Troubleshooting – In IT, strong troubleshooting is a must-have to resolve technical issues and improve system performance. Those same analytical and problem-solving skill sets can be applied to identify security vulnerabilities.
    • Incident response and recovery – IT is often the first department called when technical issues need to be addressed. Cybersecurity professionals are more likely to respond to threats or breaches, but the core skills they’ll use to identify and resolve the issue are often similar.
    • Risk assessment – The risks IT professionals assess are often related to hardware or software performance while those assessed in cybersecurity are more focused on potential security vulnerabilities, but the evaluation process will often use similar capabilities and knowledge.
    • Data management – Handling data storage, usage, and backups is often a core task of IT pros and these skills are used in cybersecurity, too, to maintain data integrity and protect against data loss.
    • Compliance and documentation – Both of these fields require workers with high attention to detail who can meticulously maintain records and ensure systems comply with industry standards and regulations.

  • Key differences between IT and cybersecurity roles

  • While there’s a lot of overlap in IT professional cybersecurity skills, these roles aren’t completely identical. The main difference is in the objective of these two domains. Where IT focuses on managing and optimizing the performance of an organization’s technology infrastructure, cybersecurity’s goal is to protect it. This involves a lot of similar tasks but with a different aim. For example, where an IT analyst might monitor a network for speed and availability, security analysts would monitor that network for threats and breaches. This difference in focus gives these roles unique responsibilities, too. Typical duties of an IT professional might include installing and configuring new software, managing the server infrastructure, performing system updates, or troubleshooting technical issues. On the security side, duties are more likely to include things like conducting penetration testing, configuring and updating security systems like firewalls or antivirus software, or monitoring networks for suspicious activity.  While both these areas involve solving problems, the approach to problem solving is often different between these roles, too. Work in IT is often reactive, responding to technical issues as they arise. Cybersecurity can involve incident response, but normally the goal is to be more proactive, identifying potential risks and eliminating those vulnerabilities before they can be exploited. Finally, to accomplish this differing work means using a different set of tools and having knowledge in different core areas. Both security and IT teams will often make use of networking, monitoring, and system management tools, but those used by the former will usually be more targeted toward intrusion detection and event management. The same is true comparing the knowledge required for information technology to information security competencies. Both domains need deep knowledge of software, hardware, networks, and systems, but will approach that learning from different angles.

  • Steps to transition from IT to cybersecurity

  • IT and cybersecurity are related areas and require similar skills, but that doesn’t mean you can expect to just switch from one to the other with no preparation. Here are some steps you can take in advance of your career change to help you break into the cybersecurity field.

  • 1. Identify your transferable skills and experience.

  • Consider the skill areas highlighted earlier in the article to start. Also assess your day-to-day tasks and pay particular attention to areas where you already deal with security, like backing up data or managing access controls. Many of the daily responsibilities of IT specialists will prove valuable in making an information assurance career transition. Along with noting what security skills you already bring to the table, also pay attention to any gaps in your knowledge or areas for improvement. This can help you to direct your learning in preparation for your security analyst career switch.  

  • 2. Pursue cybersecurity education through courses and certifications.

  • There are lots of ways to access cybersecurity training for IT specialists. The fastest and easiest option is often to take online courses from sites like the SANS Institute or Cybrary, both of which offer a variety of free and paid learning ranging from a general beginner’s introduction to the discipline, to advanced classes on specific security topics like incident response or cryptography.  It can also be a smart move to obtain one or more industry-recognized certifications. By taking this path to cybersecurity upskilling for IT experts, you not only acquire the knowledge and skills you’ll need for the role but can also verify that fact on your resume, helping you to catch the eye of hiring managers. Some of the top cybersecurity certifications for IT professionals include:

    • CompTIA Security+ - A general certification that covers fundamental concepts and the most in-demand skills for security experts.
    • Certified Information Systems Security Professional (CISSP) – Administered by ISC2, this is considered the premier certification for security practitioners, covering advanced knowledge in areas like security management and risk assessment.
    • Certified Ethical Hacker (CEH) – An in-depth certification focused on penetration testing and learning how to identify and exploit vulnerabilities.
    • Certified Information Security Manager (CISM) – Offered by ISACA, this certification focuses on risk management, incident response, and governance, and is ideal for those interested in digital security career progression into management roles.
    • Certified Cloud Security Professional (CCSP) – Another option from ISC2, this certification covers best practices in cloud security architecture, design, operations, and compliance.

  • 3. Gain hands-on experience with cybersecurity.

  • Having knowledge and skills in cybersecurity is a good first step for making the transition into the field, but you’ll be even more likely to land a role if you can demonstrate your ability to put that knowledge into practice. One way to do this is to look for ways you can be more security-focused in your current role. Practice using scripts to automate security tasks, or proactively monitor system logs and network traffic as part of your everyday work, to demonstrate a commitment to security. Taking part in capture the flag (CTF) challenges is another way to apply your security knowledge. In these challenges, participants solve real-world security problems, developing skills in areas like malware detection, network analysis, and penetration testing along the way. Platforms like Hack the Box and CTFtime are a great place to find these challenges.   There are other ways you can work on real-world projects even before you land a security role. For example, you can contribute to open-source security projects like those available through the Open Source Security Foundation or OWASP Foundation. Joining these communities has the added benefit of connecting you to other security experts while you’re developing your skills.  

  • 4. Extend your professional network into the cybersecurity domain.

  • Those open-source project communities mentioned above are just one of many ways you can grow a network within this domain. There are quite a few online communities where you can ask questions, get advice, or generally keep your finger on the industry’s pulse. The Spiceworks community is one well-known example, and you’ll also find active communities on sites like Reddit and Discord.  If you prefer in-person networking, consider joining professional organizations and attending their events. Some of the biggest include the annual DEF CON Hacking Conference and RSA Conference. Organizations like Black Hat host several events around the world throughout the year, including trainings, briefings, and webinars in addition to conferences.

  • 5. Tailor your resume and LinkedIn profile to cybersecurity roles.

  • Once you’ve put in all of this work to pursue IT to InfoSec professional development, you want to let the people who will be reviewing your application know about it. This starts by ensuring you’ve updated your resume to tailor it to security roles. That doesn’t only mean adding in any new skills or certifications. It’s also smart to revise the accomplishments and details you highlight from your past jobs to focus more on skills and knowledge related to security. The same goes for your LinkedIn profile. Update your headline to incorporate keywords related to security and the specific roles you’re targeting. When revising the summary, highlight your core skills, why you’re pivoting into security, and the unique experience or traits you bring to the table as an IT pro. Sometimes it’s not about adding or removing information but how you arrange it. For instance, it may be smart to reorder the skills on your profile so the most relevant are first, along with adding any new ones you’ve gained through courses or certifications.

  • Tips for navigating the cybersecurity job market

  • One of the challenging things about starting a career in cybersecurity is that finding true entry-level roles can be difficult, even during periods of high demand. The critical nature of cybersecurity roles means that most employers look for candidates with experience in the field. Even if the company is open to hiring candidates with no experience, you’ll often be competing against people with degrees or prior roles as security analysts, making it hard to stand out without these qualifications. This can be frustrating when you’re trying to get started on a security career path.  On the plus side, having experience in a technical role like IT can help. You can improve your odds of catching a hiring manager’s attention even further by obtaining the right cybersecurity certification, or demonstrating hands-on experience with security tasks, either in a prior role or through the voluntary strategies mentioned above. It’s also beneficial to get a bit more specific about the type of role you want to land. Cybersecurity is a broad field that encompasses a variety of roles and specializations. Take the time to learn about these different domains, what skills and knowledge each one requires, and which area you want to target before you start your search. This will allow you to better tailor the certifications and learning you pursue to be most relevant to that position, which can not only improve your chances of landing a job but can also help to guide your information security career advancement. Here are some examples of entry level positions within cybersecurity that are consistently in demand and can be a great option for someone switching from an IT role.

  • Information security analyst

  • Average salary: $81,000 per year Typical certifications: CompTIA Security+, CISSP  Also called an InfoSec Analyst or Cybersecurity Analyst, this is a technical role that helps to maintain an organization’s overall security. Their tasks can include monitoring systems for threats, managing access control, responding to incidents, and performing post-breach analysis. Knowledge of security concepts like firewalls, encryption, penetration testing, and cloud security can be beneficial in this role.

  • Penetration tester

  • Average salary: $93,000 per year Typical certifications: CEH, CompTIA PenTest+, GIAC Penetration Tester You’ll also see this role referred to as an ethical hacker. The main responsibility of these professionals is to find vulnerabilities in a company’s system or network by using the same strategies a hacker would, allowing these gaps to be closed before they can be exploited. People with strong problem-solving and reverse engineering skills are well-suited to these roles.

  • Application security engineer

  • Average salary: $137,000 per year Typical certifications: CISSP, Certified Secure Software Lifecycle Professional  Often hired by tech and software companies, these professionals ensure that developers are integrating secure coding practices across the software development lifecycle. They also help to test software to ensure it’s secure before release. Knowledge of coding is critical in these roles, as is the ability to maintain technical documentation, which can make it an ideal choice for those with a background in software development.

  • IT auditor

  • Average salary: $79,000 per year Typical certifications: CISA, Certified IT Auditor, GIAC Systems and Network Auditor  The main responsibility of an IT auditor is to review a company’s systems and tech stack in preparation for third-party audits. They need to understand industry standards and regulations so they can ensure compliance with them. Strong analytical skills, experience with report writing, and technical aptitude to recognize and fix network or system issues are also beneficial.

  • Digital forensics examiner

  • Average salary: $76,000 per year Typical certifications: GIAC Certified Forensic Examiner  These professionals are the detectives of the cybersecurity world. They are called in after a breach or other incident to investigate how the attack occurred and close those security gaps to prevent future threats. People who have a background in incident response and troubleshooting from other IT domains can be well-suited to these roles, as they require a similar set of skills.

  • Making your cybersecurity pivot

  • One common complaint from professionals about the cybersecurity job market is that breaking into this field can be very challenging. The high barrier to entry for security careers is certainly a factor in the current talent shortages, and can be discouraging for those who want to embark on an information security career. The good news is, those with a background in IT are better positioned than most newcomers to the field when it comes to landing that critical first position. Enhancing your resume with relevant certifications and hands-on experience can further improve your odds of getting a hiring manager’s attention, while building your professional network will help you stay current on industry trends and learn about more opportunities.   

In the cybersecurity industry, demand for qualified talent has never been higher. While the rate of new job creation in cybersecurity cooled in 2024 compared to the preceding years, data released by CyberSeek in June shows that there are still 470,000 unfilled openings in the field across the U.S., and there aren’t enough workers to fill them. As of the most recent estimates, there are approximately 225,000 more IT security job opportunities than there are professionals in the cyber defense job market.

This skill shortage is so pronounced that the White House and National Cyber Director recently launched the National Cyber Workforce and Education Strategy program to make cybersecurity jobs more accessible and help to fill these critical positions. Professionals with a background in IT are particularly well positioned to take advantage of this unmet demand and make a cybersecurity career transition. Here are the steps professionals can take to switch into a security role.

Why switch to cybersecurity from IT?

The high demand for cybersecurity talent mentioned in the introduction is one reason to make an IT to cybersecurity career change. That demand translates to a high degree of job security, not just today but for years to come. The truth is, cybersecurity experts are needed in a wide range of industries, from tech companies to government agencies, and that need is only likely to increase as businesses continue to adopt new tech tools and use digital platforms.

The broad availability of roles in this sector leads to another advantage: there are a lot of ways to pursue a security career path. Cybersecurity offers a variety of specializations, from risk management and incident response to ethical hacking or digital forensics. The field’s constant evolution means new roles and specialties are regularly being developed, too, and those who work in security will always have new skills to learn and new challenges to overcome. This makes the field ideal for professionals who enjoy solving complex problems and want a job where they can innovate and keep their mind constantly engaged.

On the practical side of things, high demand also often translates to a high earning potential. While cybersecurity salary expectations vary depending on the level and type of role, even entry-level cybersecurity positions often come with a 6-figure salary, with the average pay over $120,000 per year for an entry level security analyst. That’s almost double the salary expectation for an entry-level IT professional, and that higher pay expectation holds true as professionals advance up the ladder, too.

Shared skills of IT and cybersecurity

If you’re currently working in an IT role, the odds are high you already use a variety of skills that you’ll see in cybersecurity job requirements. Understanding which of these transferrable skills is most in-demand can help IT professionals to best rework their resume for applying to security positions. Some of the top IT skills for cybersecurity roles include:

  • Networking fundamentals – A solid understanding of networking concepts like DNS, firewalls, routers, and TCP/IP is necessary for both IT and cybersecurity professionals to manage systems and ensure secure communication.
  • System administration – Thorough knowledge of how to configure, maintain, and monitor operating systems like Windows and Linux is necessary to both manage IT systems effectively and safeguard them against attacks.
  • Scripting and automation – Proficiency in languages like Python, PowerShell, and Bash is a key skill for many roles in both IT and security, allowing professionals to configure system settings and automate routine tasks.
  • Troubleshooting – In IT, strong troubleshooting is a must-have to resolve technical issues and improve system performance. Those same analytical and problem-solving skill sets can be applied to identify security vulnerabilities.
  • Incident response and recovery – IT is often the first department called when technical issues need to be addressed. Cybersecurity professionals are more likely to respond to threats or breaches, but the core skills they’ll use to identify and resolve the issue are often similar.
  • Risk assessment – The risks IT professionals assess are often related to hardware or software performance while those assessed in cybersecurity are more focused on potential security vulnerabilities, but the evaluation process will often use similar capabilities and knowledge.
  • Data management – Handling data storage, usage, and backups is often a core task of IT pros and these skills are used in cybersecurity, too, to maintain data integrity and protect against data loss.
  • Compliance and documentation – Both of these fields require workers with high attention to detail who can meticulously maintain records and ensure systems comply with industry standards and regulations.

Key differences between IT and cybersecurity roles

While there’s a lot of overlap in IT professional cybersecurity skills, these roles aren’t completely identical. The main difference is in the objective of these two domains. Where IT focuses on managing and optimizing the performance of an organization’s technology infrastructure, cybersecurity’s goal is to protect it. This involves a lot of similar tasks but with a different aim. For example, where an IT analyst might monitor a network for speed and availability, security analysts would monitor that network for threats and breaches.

This difference in focus gives these roles unique responsibilities, too. Typical duties of an IT professional might include installing and configuring new software, managing the server infrastructure, performing system updates, or troubleshooting technical issues. On the security side, duties are more likely to include things like conducting penetration testing, configuring and updating security systems like firewalls or antivirus software, or monitoring networks for suspicious activity. 

While both these areas involve solving problems, the approach to problem solving is often different between these roles, too. Work in IT is often reactive, responding to technical issues as they arise. Cybersecurity can involve incident response, but normally the goal is to be more proactive, identifying potential risks and eliminating those vulnerabilities before they can be exploited.

Finally, to accomplish this differing work means using a different set of tools and having knowledge in different core areas. Both security and IT teams will often make use of networking, monitoring, and system management tools, but those used by the former will usually be more targeted toward intrusion detection and event management. The same is true comparing the knowledge required for information technology to information security competencies. Both domains need deep knowledge of software, hardware, networks, and systems, but will approach that learning from different angles.

Steps to transition from IT to cybersecurity

IT and cybersecurity are related areas and require similar skills, but that doesn’t mean you can expect to just switch from one to the other with no preparation. Here are some steps you can take in advance of your career change to help you break into the cybersecurity field.

1. Identify your transferable skills and experience.

Consider the skill areas highlighted earlier in the article to start. Also assess your day-to-day tasks and pay particular attention to areas where you already deal with security, like backing up data or managing access controls. Many of the daily responsibilities of IT specialists will prove valuable in making an information assurance career transition.

Along with noting what security skills you already bring to the table, also pay attention to any gaps in your knowledge or areas for improvement. This can help you to direct your learning in preparation for your security analyst career switch.  

2. Pursue cybersecurity education through courses and certifications.

There are lots of ways to access cybersecurity training for IT specialists. The fastest and easiest option is often to take online courses from sites like the SANS Institute or Cybrary, both of which offer a variety of free and paid learning ranging from a general beginner’s introduction to the discipline, to advanced classes on specific security topics like incident response or cryptography. 

It can also be a smart move to obtain one or more industry-recognized certifications. By taking this path to cybersecurity upskilling for IT experts, you not only acquire the knowledge and skills you’ll need for the role but can also verify that fact on your resume, helping you to catch the eye of hiring managers. Some of the top cybersecurity certifications for IT professionals include:

  • CompTIA Security+ – A general certification that covers fundamental concepts and the most in-demand skills for security experts.
  • Certified Information Systems Security Professional (CISSP) – Administered by ISC2, this is considered the premier certification for security practitioners, covering advanced knowledge in areas like security management and risk assessment.
  • Certified Ethical Hacker (CEH) – An in-depth certification focused on penetration testing and learning how to identify and exploit vulnerabilities.
  • Certified Information Security Manager (CISM) – Offered by ISACA, this certification focuses on risk management, incident response, and governance, and is ideal for those interested in digital security career progression into management roles.
  • Certified Cloud Security Professional (CCSP) – Another option from ISC2, this certification covers best practices in cloud security architecture, design, operations, and compliance.

3. Gain hands-on experience with cybersecurity.

Having knowledge and skills in cybersecurity is a good first step for making the transition into the field, but you’ll be even more likely to land a role if you can demonstrate your ability to put that knowledge into practice. One way to do this is to look for ways you can be more security-focused in your current role. Practice using scripts to automate security tasks, or proactively monitor system logs and network traffic as part of your everyday work, to demonstrate a commitment to security.

Taking part in capture the flag (CTF) challenges is another way to apply your security knowledge. In these challenges, participants solve real-world security problems, developing skills in areas like malware detection, network analysis, and penetration testing along the way. Platforms like Hack the Box and CTFtime are a great place to find these challenges.

 

There are other ways you can work on real-world projects even before you land a security role. For example, you can contribute to open-source security projects like those available through the Open Source Security Foundation or OWASP Foundation. Joining these communities has the added benefit of connecting you to other security experts while you’re developing your skills.  

4. Extend your professional network into the cybersecurity domain.

Those open-source project communities mentioned above are just one of many ways you can grow a network within this domain. There are quite a few online communities where you can ask questions, get advice, or generally keep your finger on the industry’s pulse. The Spiceworks community is one well-known example, and you’ll also find active communities on sites like Reddit and Discord. 

If you prefer in-person networking, consider joining professional organizations and attending their events. Some of the biggest include the annual DEF CON Hacking Conference and RSA Conference. Organizations like Black Hat host several events around the world throughout the year, including trainings, briefings, and webinars in addition to conferences.

5. Tailor your resume and LinkedIn profile to cybersecurity roles.

Once you’ve put in all of this work to pursue IT to InfoSec professional development, you want to let the people who will be reviewing your application know about it. This starts by ensuring you’ve updated your resume to tailor it to security roles. That doesn’t only mean adding in any new skills or certifications. It’s also smart to revise the accomplishments and details you highlight from your past jobs to focus more on skills and knowledge related to security.

The same goes for your LinkedIn profile. Update your headline to incorporate keywords related to security and the specific roles you’re targeting. When revising the summary, highlight your core skills, why you’re pivoting into security, and the unique experience or traits you bring to the table as an IT pro. Sometimes it’s not about adding or removing information but how you arrange it. For instance, it may be smart to reorder the skills on your profile so the most relevant are first, along with adding any new ones you’ve gained through courses or certifications.

Tips for navigating the cybersecurity job market

One of the challenging things about starting a career in cybersecurity is that finding true entry-level roles can be difficult, even during periods of high demand. The critical nature of cybersecurity roles means that most employers look for candidates with experience in the field. Even if the company is open to hiring candidates with no experience, you’ll often be competing against people with degrees or prior roles as security analysts, making it hard to stand out without these qualifications. This can be frustrating when you’re trying to get started on a security career path. 

On the plus side, having experience in a technical role like IT can help. You can improve your odds of catching a hiring manager’s attention even further by obtaining the right cybersecurity certification, or demonstrating hands-on experience with security tasks, either in a prior role or through the voluntary strategies mentioned above.

It’s also beneficial to get a bit more specific about the type of role you want to land. Cybersecurity is a broad field that encompasses a variety of roles and specializations. Take the time to learn about these different domains, what skills and knowledge each one requires, and which area you want to target before you start your search. This will allow you to better tailor the certifications and learning you pursue to be most relevant to that position, which can not only improve your chances of landing a job but can also help to guide your information security career advancement.

Here are some examples of entry level positions within cybersecurity that are consistently in demand and can be a great option for someone switching from an IT role.

Information security analyst

Average salary: $81,000 per year
Typical certifications: CompTIA Security+, CISSP 

Also called an InfoSec Analyst or Cybersecurity Analyst, this is a technical role that helps to maintain an organization’s overall security. Their tasks can include monitoring systems for threats, managing access control, responding to incidents, and performing post-breach analysis. Knowledge of security concepts like firewalls, encryption, penetration testing, and cloud security can be beneficial in this role.

Penetration tester

Average salary: $93,000 per year
Typical certifications: CEH, CompTIA PenTest+, GIAC Penetration Tester

You’ll also see this role referred to as an ethical hacker. The main responsibility of these professionals is to find vulnerabilities in a company’s system or network by using the same strategies a hacker would, allowing these gaps to be closed before they can be exploited. People with strong problem-solving and reverse engineering skills are well-suited to these roles.

Application security engineer

Average salary: $137,000 per year
Typical certifications: CISSP, Certified Secure Software Lifecycle Professional 

Often hired by tech and software companies, these professionals ensure that developers are integrating secure coding practices across the software development lifecycle. They also help to test software to ensure it’s secure before release. Knowledge of coding is critical in these roles, as is the ability to maintain technical documentation, which can make it an ideal choice for those with a background in software development.

IT auditor

Average salary: $79,000 per year
Typical certifications: CISA, Certified IT Auditor, GIAC Systems and Network Auditor 

The main responsibility of an IT auditor is to review a company’s systems and tech stack in preparation for third-party audits. They need to understand industry standards and regulations so they can ensure compliance with them. Strong analytical skills, experience with report writing, and technical aptitude to recognize and fix network or system issues are also beneficial.

Digital forensics examiner

Average salary: $76,000 per year
Typical certifications: GIAC Certified Forensic Examiner 

These professionals are the detectives of the cybersecurity world. They are called in after a breach or other incident to investigate how the attack occurred and close those security gaps to prevent future threats. People who have a background in incident response and troubleshooting from other IT domains can be well-suited to these roles, as they require a similar set of skills.

Making your cybersecurity pivot

One common complaint from professionals about the cybersecurity job market is that breaking into this field can be very challenging. The high barrier to entry for security careers is certainly a factor in the current talent shortages, and can be discouraging for those who want to embark on an information security career.

The good news is, those with a background in IT are better positioned than most newcomers to the field when it comes to landing that critical first position. Enhancing your resume with relevant certifications and hands-on experience can further improve your odds of getting a hiring manager’s attention, while building your professional network will help you stay current on industry trends and learn about more opportunities.