If you're in IT or another technical role and thinking about transitioning into cybersecurity, you might be wondering if you have what it takes. Maybe you've got solid tech skills and a knack for problem-solving, but you don't have a security title or certifications yet. You're probably thinking, “I'd be great in a cybersecurity role, but will anyone even consider me?”
Here's the thing: You might already have more relevant experience than you realize.
I've seen it happen firsthand. A few years ago, in a previous role, I hired a candidate who didn't have a single cybersecurity title on his resume and no certifications either. But he had something else—experience and skills that lined up perfectly with what I needed on my security team. Let me tell you how he made the leap and how you can, too.
How this candidate broke into cybersecurity—without a security job title
When I was hiring for a security analyst role, I received a mountain of resumes. But one stood out, and not because the candidate had a typical security background. He worked in IT support then, which usually doesn't scream "cybersecurity analyst material."
But there was something in his resume that caught my attention.
This guy had been working with a Security Information and Event Management (SIEM) tool and a vulnerability management system—exactly the kind of tools we use in cybersecurity every day. Even though his job title didn't have "cyber" in it, he was already performing tasks that were central to a security analyst role: monitoring systems, analyzing data, and troubleshooting issues.
Tailor your resume to tell the right story
So, what did he do right? He framed his IT experience in a way that highlighted his security skills. His resume wasn't a laundry list of generic IT tasks—it was a targeted showcase of his ability to handle the exact responsibilities I was hiring for. He emphasized his experience with SIEM, vulnerability assessments, and data analysis, making it clear that he could hit the ground running as a security analyst.
This is something that's crucial if you want to make a move into cybersecurity from another tech role. You've got to look at your current responsibilities and find the overlaps with security. Are you managing user access controls? Conducting incident response? Monitoring network traffic? Great! Talk about those things in your resume like they're your core functions because, for a security hiring manager, they are.
The interview sealed the deal
When we brought him in for an interview, it was clear that he understood the core competencies of the role, even if he didn't have the exact title or certifications. He knew how to prioritize vulnerabilities, keep systems running smoothly, and work with security tools to mitigate risks. That was enough for me to say, "Yes, this guy's got what it takes."
He ended up joining the team and was a strong performer from day one. His story shows that you don't need a "security" title to land a security job—you need to show you can do the work.
Stop focusing on titles and start highlighting skills
The biggest lesson here? Don't get hung up on not having the perfect title or certs. If you're performing tasks that overlap with security—whether it's managing access controls, working with SIEMs, or responding to incidents—highlight those skills on your resume. It's all about telling the right story.
When you apply, make sure your resume reflects the work you can do, not just the work you've been assigned. That's what this candidate did, and that's why he landed a security job.
You might already have what it takes
If you're in IT or another tech role, chances are you're already doing some level of security work without even realizing it. Take a look at your current job and identify those overlapping skills; maybe you're managing access controls, handling incident response, or monitoring system performance. Highlight those experiences in your resume and confidently talk about them in interviews. That's how you bridge the gap.
Don't wait until you have the perfect security title or certification. Apply now, even if you're not 100% sure you're qualified. Just like the candidate I hired, you can make the jump by reframing your skills and showing how they apply to cybersecurity. Take the leap, position yourself as a valuable asset, and show hiring managers what you're capable of. You may be closer to landing that cybersecurity role than you realize.
This post appeared originally on LinkedIn here.
Want to hear more from Marc Menninger and other cybersecurity leaders? Register here to attend the SecureWorld Seattle conference, November 6-7, 2024, and unlock two days of learning and collaborating!
