r/CyberSecurityJobs

I'm losing my job in October at a USDA research location due to the facility being decommissioned as part of the broader USDA reorganization government cuts. Much of the biological scientific field is being cut from an already niche industry, leaving few remaining job opportunities. My current salary is $85k and I need to realistically get back there at some point over the next couple years. I have a cell biology and genetics degree, so not IT or cybersecurity related. During my career I spent years working with data and statistics, conducting field trials, bench work and wrote research papers. Zero formal IT background but I have always enjoyed building my own PCs, tinkering with home networks, setting up routers, that kind of thing. I’m also a veteran and would have CTAP & ICTAP status for federal job applications. IT/Cybersecurity was actually where I thought I was headed when I started college, but I fell in love with biology and science along the way. Feels like that love has run its course though. From the outside, cybersecurity feels like it can help fill that scientific method itch, identify the problem>formulate a hypothesis>test the hypothesis>solve the problem>document, though I am guessing the day-to-day may be different.

I'm in the DMV which I figure is probably a decent location for this path given the federal contractor ecosystem, DoD, and healthcare systems that require this type of work. Hoping my federal work history and military experience should help with security clearance eligibility, though I'll be honest I don't fully understand how the process works for someone coming from the civilian research side of the government.

The plan right now is A+ then Network+ then Security+ through self-study using Professor Messer, books (Hopperfield Education seems to be updated for the new A+ cert) then going after help desk to SOC analyst and information assurance tech, with longer-term goals of moving into cloud or data security engineering as I build experience. Maybe healthcare cybersecurity could be a good fit since I'm wondering if my biology background is actually a differentiator there or if I'm just telling myself a story.

I have heard the entry level field can be crowded and I'm not under any illusions that a cert alone gets me hired but heard it is a good field once you establish experience and work history. Curious how this transition actually looks from those with experience in the field. What am I getting right, what I'm getting wrong, and what I'm missing from as someone outside the field? Also interested in how job security holds up once you're more established and have real experience under your belt? Is this a realistic path for me? Does me having a 4-year biology degree help or is it irrelevant?

Thank you all for taking the time to read this.

So to start off, I'm 24. I just earned my B.S. in Cybersecurity and finished a Cybersecurity Internship before I graduated. I have a DoD Secret Clearance, Sec +, PMI CAPM. I'm going to start learning Python. I have experience in multiple cyber tools such as Stig Viewer, Checkmarx, Black Duck, Nessus/ACAS. I have lab exp from school with Linux tools such as Wireshark & TCPDump. So right now, I’m just wanting to get a better grasp of how I can get into Cyber/IT. Thanks.

Hello everyone. Ive currently been working as a junior SOC analyst for six months now, and I have been thinking about the future for me. I have no certs right now (intending to start working on my security + cert in a week or two) and I have a bachelors degree in cybersecurity.

If I ended up getting around a year or two of Junior SOC experience, how hard would it be for me to get a mid level position at a remote company? Are there any certs I need to specialize in? Any work experience i should focus on that make future employers go “wow I want that guy”?

I’m a pentester with ~3–4 YOE looking to transition into AppSec. Currently I work at a consultancy focused on penetration testing, so I’m already comfortable finding vulnerabilities, reviewing code, and thinking from an attacker’s perspective.

My background includes:
- Basic programming skills (mainly Python, some Go)
- Small pentesting-related tools/projects on GitHub
- Good knowledge of AWS
- Experience with SAST/DAST tools
- Familiarity with Kubernetes, CI/CD concepts, SCA, etc.

Where I feel I’m lacking is hands-on enterprise-level experience securing CI/CD pipelines, which seems to be a common requirement for many AppSec roles.

What would you recommend to gain practical, demonstrable experience in this area and improve my chances of landing an AppSec position?

For example:
- Any good personal projects/labs?
- Open-source contributions?
- Certifications or learning paths worth pursuing?
- Ways to simulate “real-world” CI/CD security work?

Would appreciate advice from people who made a similar transition or who currently work in AppSec.

So I gave my entrance exams and waiting for my results I want to do cybersecurity or ai/ml . I want to ask my seniors what are the things I should be careful and also what skills should I practice and what to learn

I’m not sure if this is the right place for this or not but I’m about to be in my third year of my cybersecurity program and I have not yet gotten or applied for an internship I’m not even sure what type of role I would like to do or field of specialty from my degree then I got some advice from a friend that regardless of my field I should try and make a project or two and I was wondering what projects would you recommend that someone in their third year to do to at least seem more credible to jobs

Also, have any of you suffered the same problem about not knowing what sector of cybersecurity you would want to work in??

Sorry if it is a bit long I’m just trying to make use of my summer

Yes, especially if the program focuses on practical SOC training, cloud security, and interview preparation instead of only theory. In the USA job market, recruiters usually care more about hands-on skills than just certificates. A good cyber security training with job placement program can help beginners learn tools like Splunk, Wireshark, SIEM platforms, and vulnerability scanners.

Many freshers struggle because they complete online videos but never practice real-world scenarios. Training programs that include live projects, internship support, resume building, and mock interviews tend to give better placement results.

The cyber security industry in the USA continues growing because companies constantly face ransomware attacks, phishing campaigns, and cloud security risks. That demand creates strong opportunities for trained candidates.

23M living in mumbai and I feel like I choosed a wrong carrer for myself, I was intrested in Hacking and I still am. I did graduation in Bsc(CS) did a course of cyber security in mumbai for one year. Spent 10 lakh of dad's money. And now I have successfully beacme a blinkit delivery boy (cause i have no choice) after my father passed away.

I'm literally applying for 10 jobs everyday and not able to get a single reply from anyone, linkedin, naukri, indeed, internshala, etc. Job ad's on Linkedin are a joke now, more than 50% adds are fake or trying to sell a course.

Fresher with 1-3 years of experience.

SOC L1 need 3 years experience.

Job 🔄 Experience / Experience 🔄 Job.

Stucked in this loop.

Honestly I have just lost all the hopes that i would get a job.

I was going to college for a different major but wasn’t enjoying myself at all, and then somebody said that cybersecurity would be a good choice for a future career and I’m gonna attempt to break into it. From what I’ve seen I believe I want to try and focus on being a cybersecurity consultant and be more hands on, so im curious if I should continue with college and get my degree as I already finished my gen ed courses, or should I focus on certificates?

The best beginner-friendly courses are usually the ones that combine:

• Live instructor-led training
• Hands-on labs
• Real SOC simulations
• Resume preparation
• Mock interviews
• Placement assistance

Avoid programs that only provide recorded videos. Beginners learn faster when they can interact with instructors and practice in live environments. Courses covering Splunk, SIEM tools, Linux, networking basics, and cloud security tend to provide better job opportunities.

Recent Cybersecurity graduate with 4 months of authorized penetration testing experience identifying 9+ critical vulnerabilities (CVSS 7.5+) across production web applications. Skilled in offensive security tooling (Burp Suite, Metasploit, Nmap), OWASP Top 10 attack vectors, and MITRE ATT&CK mapping. Looking to join a fast-growing startup as a Junior VAPT Analyst or Penetration Tester where I can bring immediate value through vulnerability hunting and security research.
I am looking for a role of Junior VAPT Analyst, Penetration tester or SOC Analyst
Remote or Hybrid(Across India)

I feel stuck trying to break into cybersecurity, and I wanted to see if anyone else went through this stage.

My main goal is to become a SOC analyst or security analyst in general. Right now I have:

• Security+
• About a year of basic IT support experience
• A home lab I’m building with Kali Linux, Windows, and plans for Splunk

The problem is I feel like I’m all over the place. I’ll start a lab, get halfway through it, then realize I didn’t fully understand the concepts. Then I jump to TryHackMe, do a couple labs, then start watching YouTube videos about how people got into cyber, and it feels like I’m repeating the same cycle.

Everybody says:

• Get certifications
• Build labs
• Apply for jobs

I’m doing that, but I feel like I’m getting nowhere.

I’ve technically been unemployed for over a year. Some personal stuff slowed me down, and it took me longer to get my Security+, but now I finally have more time to focus on my career. I’m trying to figure out the right path and what tools I should actually focus on learning.

One thing I really want to learn is Splunk since it seems like one of the biggest SOC tools, but honestly it’s been difficult. The official cert training is expensive, and trying to find free walkthroughs online is frustrating. A lot of videos skip around or don’t explain what’s actually happening step-by-step.

I learn better when someone explains:

• What the tool does
• Why they’re doing something
• What the logs/events actually mean
• How this connects to a real SOC environment

At this point I’m trying to figure out:

• What tools should I focus on first?
• What labs/projects helped you the most?
• What made things finally “click” for you?

20M , 1st I don't know where to start. On YouTube teacher is teaching in theory. I know theory is equally important but I am just studying theory.

2nd I am scared that I will not get a job . Iykyk what I am taking about. Company's layoff , entering is hard in this career. And many more.

3rd I am scared that I will be happy mentally or not because I have been in depression and I am still getting this thought that I am not safe in this career.

4rd I don't have many options other then this because I'm a bba student and you know this degree is just a piece of paper.

Plz help me. You don't know your one help will make my life .

I'm from Saudi Arabia and I'll tell you the details so you can better understand my situation. I saw the movie hackers (1995) at 7 years old and was fascinated and mesmerized by it and I wanted to be a hacker ever since. I graduated high school in 2012 then i got into local 3 universities and dropped out or got expelled from all of them due to attendance and low grades. in April 2014 I got an opportunity for a scholarship to study in Japan. I spent 2 years at language school and passed N2 level. N1 Being the highest starting from N5. Anyway after that I got into a Japanese university (computer science) and then i got my scholarship revoked due to low attendance. my senpai at the University told me that something is wrong and I should see a psychiatrist. i went there and was diagnosed with ADHD and everything made sense. I got back home empty handed in 2018. but that made me think, what's the best thing that could get me money fast? upon searching i saw a tweet for a government platform for bug bounty hunting and I signed up. that was during covid, it said it'll take 4 months to be accepted. during that time i did a lot of htb & vulnhub machines and got myself into cyber security. it helped from time to time but I'm now thinking about marriage and having a family so bug bounty hunting doesn't cut it. I need a stable income.

The reason I'm looking for a remote job is because I had an autoimmune disorder at 16 years old, with undiagnosed musculoskeletal pain. and I got another autoimmune disorder and neck injury at 28 just after the covid vaccine. I don't want to discuss politics but that's what I believe

so tldr

I have no degree

I was freelance as a bug bounty hunter for 5 years but i can't disclose anything

saved for the OSCP 2 attempt exam planning to pass first attempt

will I get employed remotely? and if so how much is the pay realistically.

Thank you for your time. godspeed

EDIT: By remote work i mean globally. not in Saudi

I’m a 10th grader (high school) and I have interest in cybersecurity, but all I see is that job market is bad and AI is taking a lot of jobs. What do I even do, switch to engineering or medical or stock to cyber and hope things better?

I wish to settle abroad and most probably US but want to go there as a cybersecurity professional. How can i do that . And if someone is there who can help me refer to their organisation would be really appreciated 🙏

Hi everyone,

I recently completed my Cyber Security Analysis program in Canada and I am currently looking for entry-level cybersecurity opportunities.

I do not have professional cybersecurity work experience yet, but I have been building hands-on projects to improve my practical skills. My current focus is on areas like vulnerability assessment, penetration testing labs, SIEM detection, incident response, and digital forensics.

Some of the projects I have worked on include:

• Vulnerability assessment and penetration testing in a local lab
• Splunk SIEM detection lab with Windows logs and attack simulations
• Digital forensics and incident investigation coursework
• Basic web and network security practice using tools like Nmap, Nessus, Wireshark, Burp Suite, Metasploit, and Splunk

I am applying for entry-level roles such as SOC Analyst, Cybersecurity Analyst, Junior Penetration Tester, Vulnerability Analyst, and IT Security roles.

I would really appreciate advice from people already working in the field:

What should I focus on most to improve my chances of getting interviews?

Are there any specific skills, projects, certifications, or resume improvements that helped you get your first cybersecurity job?

Also, is it realistic to aim for junior penetration testing roles at this stage, or should I first target SOC or general security analyst roles to build experience?

Any honest feedback or guidance would be appreciated.

I’m wondering if the degree is worth it at all because the consensus in this subreddit is that Cyber isn’t an entry level job, so what job can I get with this degree?

6 months no job…and today no job postings that are local to me only remote…its truly over. Im in the US to clarify

I sat through a virtual interview from a respectful company - and I swear they pumped the job description into ChatGPT and asked for 100 questions to assess technical intelligence of a candidate.

there was zero conversation. All like he was querying me as if I was an API. Wide range of topics/architectures/strategies and acronym definitions etc.

45 minute interview and by the time he was at 40 minutes deep, he asked if I had any questions. I said “yes, explain the day to day and project goals”…. which 4% of his questions were actually applicable to the role.

i can’t tell if it was his attempt to flex or just make someone feel small - but the way these jobs are posted now, you have to be a senior app developer (multi language), devsecops expert, principal architect, expert engineer, ML data scientist, legal/compliance expert, red team/pentest ninja, surgical IAM knowledge and an incident response show… all in one.

we’re cooked.

anyone else seeing these impossible roles ? no way this role gets filled.