If you're in IT or another technical role and thinking about transitioning into cybersecurity, you might be wondering if you have what it takes. Maybe you've got solid tech skills and a knack for problem-solving, but you don't have a security title or certifications yet. You're probably thinking, “I'd be great in a cybersecurity role, but will anyone even consider me?”
Here's the thing: You might already have more relevant experience than you realize.
I've seen it happen firsthand. A few years ago, in a previous role, I hired a candidate who didn't have a single cybersecurity title on his resume and no certifications either. But he had something else—experience and skills that lined up perfectly with what I needed on my security team. Let me tell you how he made the leap and how you can, too.
When I was hiring for a security analyst role, I received a mountain of resumes. But one stood out, and not because the candidate had a typical security background. He worked in IT support then, which usually doesn't scream "cybersecurity analyst material."
But there was something in his resume that caught my attention.
This guy had been working with a Security Information and Event Management (SIEM) tool and a vulnerability management system—exactly the kind of tools we use in cybersecurity every day. Even though his job title didn't have "cyber" in it, he was already performing tasks that were central to a security analyst role: monitoring systems, analyzing data, and troubleshooting issues.
When we brought him in for an interview, it was clear that he understood the core competencies of the role, even if he didn't have the exact title or certifications. He knew how to prioritize vulnerabilities, keep systems running smoothly, and work with security tools to mitigate risks. That was enough for me to say, "Yes, this guy's got what it takes."
He ended up joining the team and was a strong performer from day one. His story shows that you don't need a "security" title to land a security job—you need to show you can do the work.
The biggest lesson here? Don't get hung up on not having the perfect title or certs. If you're performing tasks that overlap with security—whether it's managing access controls, working with SIEMs, or responding to incidents—highlight those skills on your resume. It's all about telling the right story.
When you apply, make sure your resume reflects the work you can do, not just the work you've been assigned. That's what this candidate did, and that's why he landed a security job.
If you're in IT or another tech role, chances are you're already doing some level of security work without even realizing it. Take a look at your current job and identify those overlapping skills; maybe you're managing access controls, handling incident response, or monitoring system performance. Highlight those experiences in your resume and confidently talk about them in interviews. That's how you bridge the gap.
Don't wait until you have the perfect security title or certification. Apply now, even if you're not 100% sure you're qualified. Just like the candidate I hired, you can make the jump by reframing your skills and showing how they apply to cybersecurity. Take the leap, position yourself as a valuable asset, and show hiring managers what you're capable of. You may be closer to landing that cybersecurity role than you realize.
This post appeared originally on LinkedIn here.
Want to hear more from Marc Menninger and other cybersecurity leaders? Register here to attend the SecureWorld Seattle conference, November 6-7, 2024, and unlock two days of learning and collaborating!