Starting a career in cyber security in the UK

Starting a career in Cyber Security

We may earn a small fee from the companies mentioned in this post.

This article attempts to answer all your questions when starting a career in cyber security in the UK, including some valuable advice from industry experts about what you can do now and, in the future, to enhance your skill-base and significantly increase your employment prospects.

I have worked in Information Technology for more than 36 years, more than 26 years of that in IT Security. I created this article to help those thinking of a career in cyber security or those that are already working within the cyber security field and wish to progress.

There are many ways to start a career in cyber security within the UK. I will attempt to outline the best approach to get into this highly rewarding field.

What is Cyber Security

What is cyber security and what role does it play within a typical organisation?

Cyber security, which is also known as IT security, is the practice of protecting electronic information by mitigating information risks and vulnerabilities. Information risks can include unauthorised access, use, disclosure, interception or destruction of data.

Data can include, but is not limited to, the confidential information of business or individual users. Cyber security strategies include the use of firewalls, encryption, anti-virus software and user authentication procedures.

starting a career in cyber security in the UK

Cyber security can also be described as defending IT systems and its data from a malicious attack to systems connected to the internet, including their hardware, software and data.

Businesses employ a cyber security team (which may or may not form part of the IT Department) that include different skillsets (and job roles) to enhance the security posture of the organisation. The cyber security team are also tasked with protecting the business against malicious assaults intended to gain access into the network, or to alter, delete, destroy, or extort sensitive data belonging to a business.

Why is cyber security important to businesses

Cyber security is also important for businesses, as it can help them protect their networks from being hacked or data stolen. By having strong security measures in place, businesses can reduce the risk of a cyber attack and keep their confidential information safe. In addition to protecting digital information and devices, cyber security is also important because it can help prevent fraud and identity theft. By having robust security measures in place, an organisation can make sure that only authorised individuals have access to sensitive information and financial accounts.

Cyber security is essential as it allows a business to operate effectively, and it ensures employees can stay safe while browsing online and reduces the potential of a successful cyber attack.

Is a career in cyber security right for me?

Whilst cyber security is an exciting and growing field, it is not for everyone. It is important to consider your interests, skills, and goals when deciding if a career in cyber security is right for you.

Jon Cosson starting a career in cyber security in the UK

However, cyber security professionals are needed in all sectors of industry, so if you enjoy problem solving and have a strong interest in technology, then a career in cyber security may be a great fit for you.

To help you assess your suitability, it may be worth asking yourself a few questions:

Do I enjoy continued learning and obtaining certifications (and recertifying as required)?

  • Cyber security professionals are required to fully understand the technologies and the methods used to attack them. This requires constant retraining and certification to demonstrate the knowledge and effectiveness of the employee

  • If you do not enjoy studying or exams, cyber security may not be for you!

What skills would I need for a career in cyber security?

  • A career in cyber security would require excellent problem-solving skills, as well as strong technical skills

  • You would need to be able to communicate effectively with other members of a team, as well as with clients or customers

  • Cyber security positions require a high level of attention to detail. Professionals are often tasked with writing reports documenting their findings from an assessment or investigation; these reports must be comprehensive yet understandable by those unfamiliar with technical terminology

What are the hours of a cyber security professional?

  • Cyber security staff can typically work during normal business hours, between 7am to 6pm (35-37.5-hour week). However, they are often required to work outside of these hours in order to respond to an emergency or security incident

  • It is important to note that a career in cyber security is not considered a traditional 9-5 role

Who are the likely employers of cyber security professionals?

  • Potential employers of computer security professionals may include government agencies, large corporations, software companies, or financial institutions

  • As with most positions in computer science and information technology, entry-level jobs can start off as internships or temporary contracts

  • With experience and additional training, it is possible for cyber security professionals to rise through the ranks and eventually become experts in their field


So, let’s start with the basics, many organisations may require some form of academic qualification, such as a diploma, A-Level (UK), degree or even a master’s degree in a relevant field. This is dependent on the level of experience you have gained. It is more likely an organisation will insist on a degree if this is your first job, or you have very limited experience within your current role.

Jon Cosson starting a career in cyber security in the UK

If you have decided to attend university then this is certainly a great start to a career in cyber security, this is particularly true of bigger organisations with large Human Resources departments as they will pre-screen candidates and they often stipulate a degree is required.

A degree in computer science or a related field is important. This will give you the foundation you need to start learning about cyber security and developing your skills.

Check out my review of the 6 Best Cyber Security Books


Most employers view cyber security certifications as essential when hiring cyber security staff.

The type of certification required is dependent on the specific job role. Arguably the best cyber security certifications are those that are recognised by the National Institute of Standards and Technology (NIST), as they have been deemed to meet the highest standards in the industry.

Some of these certifications include the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), the Certified Ethical Hacker (CEH), and the Global Industrial Cyber Security Professional (GICSP).

There is a plethora of different qualifications tailored to the specific job role and experience levels. It is always good practice to look at current job adverts and see what the employers are asking for.

Jon Cosson starting a career in cyber security in the UK

Having one or more industry recognised certifications shows employers that the individual has a level of understanding and knowledge across the cyber security landscape and is capable of protecting their organisation’s systems.


In addition to certifications, it can be beneficial for those looking to build a career in cyber security to gain experience through internships, volunteer work, and even entry-level positions.

Working in the cyber security or IT field with an experienced team can give individuals invaluable insight into how systems are secured and maintained, as well as providing practical hands-on experience working with various technologies. This type of real-world knowledge is invaluable when competing for top jobs in the industry.

Apprenticeships in cyber security

As an experienced CISO I am often asked how to start a career in cyber security with no experience. The answer is invarably through an apprenticeship programme.

There are many apprenticeship programmes in cyber security, with different entry requirements. Apprenticeship programmes are a great way to get started in a career in cyber security, as they provide on-the-job training and support.

Apprenticeships also provide an ideal opportunity to gain valuable qualifications, while also earning a wage. An apprenticeship in cyber security gives you the chance to learn from experienced professionals and become proficient in the use of technologies such as encryption, firewalls and other tools used by companies in their daily operations.

Jon Cosson starting a career in cyber security in the UK

Additionally, many apprenticeship organisations are aligned to recognised universities that offer degree programmes specifically dedicated to cyber security. These courses form part of the apprenticeship programme and typically involve lectures on topics ranging from cryptography to network security techniques. Most cyber security degree programmes include hands-on experience using up-to-date software and hardware systems. Graduates of these programmes are well positioned to enter the field of cyber security with the knowledge and skills needed for success.

You may find my article on How to choose the bet cyber security apprenticeships in 2023 useful

Finally, there are certification courses offered by the apprenticeship organisations that deliver a training programme that includes a comprehensive understanding of cyber security and the latest industry standards.

Jon Cosson starting a career in cyber security in the UK

These courses may cover topics such as risk management, incident response, and ethical hacking. In addition to technical knowledge, these certifications will also demonstrate your commitment to keeping up-to-date with the changing landscape of cyber security.

By taking advantage of apprenticeship programmes in cyber security, you can acquire the skills needed to become an essential asset in any company and is an excellent way to start your career in cyber security.

Cyber security career paths

A career in cyber security could include many different paths, but it is important to have a cyber security career roadmap. You could become a cyber security engineer, working to design and implement security measures for computer networks. Alternatively, you could become a cyber security analyst, working to detect and respond to cyber threats as part of the Security Operations Centre (SOC).

There are also many other jobs in the cyber security field, such as penetration testers, who attempt to hack into networks to find vulnerabilities, and incident responders, who work to contain and resolve cyber attacks.

The one thing all of these jobs have in common is that they require a combination of technical and analytical skills.

Cyber security professionals should be proficient in coding, networking, data analysis, and problem-solving to succeed in the field. They must also have an understanding of legal and ethical issues surrounding cyber security.

Jon Cosson starting a career in cyber security in the UK

Additionally, cyber security professionals must stay up-to-date on new technologies and threats as they emerge so they can effectively protect networks from harm.

A career in cyber security can be highly rewarding, both financially and professionally. With the right education and experience, you could become a leader in this rapidly growing industry.

Typical roles in cyber security

Security Engineer

  • A security engineer is responsible for designing, building, maintaining, and troubleshooting secure systems. They must be highly knowledgeable about the latest security threats and technologies, as well as how to mitigate them. In addition, these professionals must be able to communicate complex security concepts to non-technical colleagues.

Security Operations Centre (SOC) Analyst

  • SOC analysts are experts at detecting anomalous behaviour in networks and identifying potential threats before they become active attacks. Analysts also monitor user activity to ensure compliance with security policies and regulations. They must be able to quickly recognize malicious behaviour and take the appropriate action.

Cloud Security Engineer

  • A cloud security engineer is responsible for ensuring the security of a company’s cloud infrastructure. They work to protect against cyberattacks, data breaches, and other threats to the security of the cloud.

Security Architect

  • A security architect is responsible for designing, implementing, and managing an organisation’s security architecture. They work with other departments to ensure that the security of the organisation’s systems meets or exceeds all applicable requirements.

Penetration Tester

  • Penetration testers work to identify and exploit system vulnerabilities, either on their own or in a team environment. They use a variety of tools and techniques to assess the security of networks, applications, and systems. It’s important for penetration testers to have strong analytical skills and an understanding of computer networks.

Getting a cyber security job

First, you should make sure that you have the necessary skills and qualifications outlined within this article. As stated earlier, employers require a degree in computer science or a related field, and some also require certification in cyber security. You should also be familiar with common security protocols and technologies and be able to effectively identify and respond to threats.

Second, you should network with professionals in the industry. Attend cyber security conferences and meetups, connect with people on LinkedIn, and follow influential figures in the field on Twitter. These connections can help you learn about job opportunities, networking opportunities, and other resources that can help you pursue a career in cyber security.

Jon Cosson starting a career in cyber security in the UK

Third, you should build your portfolio. Demonstrate your skills by creating projects that showcase your abilities. This could include building a website or app, creating a digital marketing campaign, or developing a computer program. Whatever your area of expertise, find ways to showcase your skills and knowledge to potential employers.

Engage with a reputable employment agency that specialise in Information and cyber security. These agencies often have contacts in organisations that can get you an interview.

Before you attend the interview ensure you have researched the role and fully understand the business and the sector. This demonstrates attention to detail and professionalism.

If you would like more information about how I started my career in cyber security, you may find this article useful.

Check out my other cyber security Blogs here

About the author

Jon Cosson CISO London
Jon Cosson MSc.

With more than 36 years’ experience in the IT industry, Jon has held a variety of senior IT positions since starting his career in mainframe computer systems in the 1980s. In recent years, he has focused on directing the IT department for JM Finn, an established wealth management organisation, where he has been responsible for all aspects of information technology and cyber security.

A highly respected technical leader and security specialist, Jon is known for his ability to deliver transformative security solutions that meet business objectives. Passionate about IT security, he understands the bigger picture and is able to see beyond the latest trends to identify new technologies that can be applied to achieve secure business outcomes. He holds numerous globally recognised cyber security certifications including CISSP, CISM, C|CISO, CAP, CEH, CHFI and MBCI. In 2016 he returned to academia and obtained a Masters Degree (Distinction) in Cyber Security.

Jon is an experienced Information Security professional with a proven ability to independently master complex products and technologies. He is a regular speaker at global cyber security events, working with a plethora of cyber security visionaries. Jon has been a senior manager for 28 years, working with business units, suppliers and stakeholders to deliver systems and projects on time and in budget that allow strategic change and organisational growth.