What no one tells you before you choose Cybersecurity as a career

I still remember the moment I decided to pursue cybersecurity. I’d been reading headlines about massive data breaches, watching movies where hackers saved the world in 90 minutes, a close friend getting hacked and the attacker making away with some significant monies and I had had the final straw thinking: This is it. This is what I want to do.

What I didn’t know then, what nobody tells you in those glossy career fair brochures; is that cybersecurity is simultaneously one of the most rewarding and most challenging fields you can choose. It’s not quite the Hollywood thriller, but it’s also far more interesting than sitting in a dark room staring at green text scrolling down a black screen.

If you’re considering this career, here’s what you really need to know, the good, the challenging, and the genuinely surprising parts that shaped my journey.

The hype: what everyone tells you

Let’s start with what you’ve probably already heard.

“Cybersecurity jobs are everywhere!”

This one’s actually true. The U.S. Bureau of Labor Statistics projects that employment of information security analysts will grow 29 percent from 2024 to 2034, much faster than the average for all occupations. With about 16,000 openings projected each year over the decade, the demand is real.

According to CyberSeek data, there are 457,398 cybersecurity job openings nationally in 2025. The World Economic Forum’s Future of Jobs Report 2025 ranks Information Security Analysts among the top 15 fastest-growing professions globally through 2030.

But here’s the catch: yes, there are jobs everywhere, but landing your first one can still be tough. I should know but, more on that in a moment.

“You’ll make great money!”

Also true. The median annual wage for information security analysts was $124,910 in May 2024. Entry-level positions typically start around $65,000-$85,000, while specialists can earn anywhere from $75,000 to over $145,000 depending on location, industry, and expertise.

But (and this is important): that median salary comes after you’ve got experience and skills under your belt. Your first role might not be six figures, and that’s okay. You’re building something valuable.

“Your job will never be boring!”

Completely true. Every day brings new threats, new technologies, new puzzles to solve. Cybersecurity skills are projected to be the second fastest-growing skill category worldwide, right behind AI and big data expertise.

The reality: what no one tells you

Now for the parts they skip in the recruitment videos.

Myth #1: “You need to be a coding genius”

Reality: Not at all.

While technical skills matter, cybersecurity also needs strong communication, problem-solving, and critical thinking skills. I’ve met GRC (Governance, Risk, and Compliance) specialists who came from law backgrounds and now earn six figures helping companies navigate regulatory requirements.

According to CyberSN’s 2025 report, job postings for Cybersecurity/Privacy Attorneys surged 40.7% from 2023 to 2024, reflecting how diverse the field has become.

The field encompasses over 30 specialty areas, from penetration testing (which does require strong technical skills) to policy analysis, risk management, and security awareness training. There’s a place for technical wizards and people who excel at translating complex security concepts to non technical stakeholders.

Myth #2: “You need a Computer Science degree”

Reality: It helps, but it’s not mandatory.

The truth is more nuanced. Many employers prefer candidates with degrees, especially large corporations that use degrees as a checkbox. But our industry was pioneered by people without formal degrees, and that tradition continues.

What matters more? Certifications, hands on experience, and demonstrable skills. 90% of leaders in 2022 said they prefer to hire people with certifications, up from 81% in 2021. For entry level roles, CompTIA Security+ is the gold standard, recognized industry wide and approved by the U.S. Department of Defense for contractor roles.

Myth #3: “Entry level jobs are easy to get”

Reality: The “entry-level paradox” is real, but beatable.

Here’s the frustrating truth: while there’s a massive talent shortage, many companies still post “entry-level” positions requiring 3-5 years of experience. According to the Lightcast Quarterly Cybersecurity Talent Report, cybersecurity jobs requesting 2+ years of experience have only 76% of the supply needed to meet employer demand. Meanwhile, actual entry-level positions (0-2 years experience) have a 10% worker surplus.

The gap isn’t about lack of jobs; it’s about employers demanding “unicorns” with unrealistic skill combinations: expertise across penetration testing, compliance, DevSecOps, and forensics in one person.

How do you overcome this? Build experience outside traditional employment:

• Set up home labs and document your projects
• Contribute to open source security tools
• Participate in Capture The Flag (CTF) competitions
• Get involved with communities like ISSA (Information Systems Security Association) and volunteer for security projects
• Write blog posts about what you’re learning
• Create a GitHub portfolio showing practical work

18% of hiring managers in large organizations are now recruiting talent from diverse, often non-technical backgrounds including help desks, HR, customer service, and communications. Your existing skills matter more than you think.

Myth #4: “It’s all about preventing hacks”

Reality: Prevention is just one piece of a much bigger puzzle.

Cybersecurity encompasses risk management, incident response, compliance, and policy development. You’ll spend time developing response plans, ensuring regulatory compliance, training users, assessing vulnerabilities, and yes, sometimes responding to active incidents.

The field is also deeply collaborative. You’ll work closely with IT, legal, HR, and management teams. Your ability to communicate security needs to non technical stakeholders can be just as valuable as your technical skills.

The challenges nobody mentions (but you should know about)

The mental health reality

Let me be honest about something that doesn’t make it into career guides: 50% of cybersecurity professionals expect to experience burnout within the next 12 months. That’s not a typo, half of us.

Why? The work can be relentless. You’re defending against threats that never sleep. 88% of CISOs report being moderately or tremendously stressed, and 74% of cybersecurity professionals globally have taken time off due to work-related mental health challenges.

The good news? Organizations are increasingly recognizing this problem. 69% of employees who received encouragement from leadership to take time off reported higher job satisfaction. Companies that invest in work life balance, mental health resources, and automation tools see higher retention.

Know your limits. Set boundaries. It’s okay to say no to after hours work sometimes. Your mental health isn’t a luxury; it’s essential to being effective.

Imposter syndrome is real (and common)

80-90% of people in cybersecurity say they’ve experienced imposter syndrome. Let me repeat that: almost everyone feels like they don’t know enough or don’t belong.

I felt it when I started. I still feel it sometimes when I’m in a room full of people with more certifications or years of experience.

Here’s what helps me:

• Recognizing it’s normal: The more I learn, the more I realize how much I didn’t know. That’s not inadequacy, that’s awareness. Cybersecurity is vast, and nobody knows everything.
• Reframing the narrative: Instead of “I don’t know this,” I started saying “I don’t know this yet.” That tiny word changes everything.
• Finding mentors: Talking to senior professionals who admitted they still felt imposter syndrome normalized my experience.
• Documenting wins: I keep a “wins” folder. Every time I solve a problem, learned something new, or received positive feedback, I noted it. On tough days, I review it.

As one security professional told me: feeling like an imposter sometimes might actually be an advantage. People who think they know everything stop learning. Those of us who recognize our knowledge gaps stay curious, work harder, and seek insights from others.

The learning never stops

The technology landscape is continually evolving, and keeping up can be overwhelming. What you learned six months ago might be outdated. AI is changing attack vectors. Cloud security is constantly evolving. New vulnerabilities emerge daily.

This is both exciting and exhausting. You need to build sustainable learning habits:

• Follow security researchers and news sources
• Dedicate specific time for learning (not every waking hour)
• Focus on fundamentals that don’t change as quickly (networking, operating systems, attack methodologies)
• Recognize you don’t need to know everything, specialize in areas that interest you

The real reward: why it’s worth it

Despite the challenges, this career has given me something I treasure: purpose.

And the field keeps me sharp. I’ve never been bored. I’ve learned more in three years of cybersecurity than in a decade of other work. I’ve met brilliant, passionate people who genuinely want to make the digital world safer. Even now, as I’m applying to information analyst and security engineer positions; yes, still hunting for that perfect entry level role despite the experience I’ve built, I’m reminded how much opportunity exists in this field.

Final thoughts

Cybersecurity isn’t the glamorous, 90 minute movie version you might have imagined. It’s harder, messier, and more complex.

It’s also more rewarding, more collaborative, and more accessible than you might think.

You don’t need to be a genius. You don’t need a computer science degree. You don’t need to know how to code (though it helps for some roles). You need curiosity, persistence, and a willingness to keep learning.

The demand is real. The opportunities are abundant. The work matters.

Will it be challenging? Absolutely. Will you feel overwhelmed sometimes? Yes. Will you doubt yourself? Probably.

But will you grow? Will you solve problems that matter? Will you build a career that’s future proof and genuinely interesting?

Without a doubt.

The cybersecurity community is waiting for you. We need your perspective, your skills, and your passion. Whether you’re a recent graduate, a career changer, or someone who’s been in IT and wants to specialize, there’s a place for you here.

So take that first step. Start learning. Ask questions. Build things. Break things (in your lab). Connect with others.

Your cybersecurity journey starts now.