Cybersecurity is an amazing field, attracting people from all walks of life. Unfortunately, it’s also a domain full of myths and misconceptions that can lead aspiring professionals down the wrong path. In this post, I’ll debunk some of the most persistent myths about breaking into the field and working in cybersecurity. Get ready, because some of these insights might surprise you.
Related Video:
Myth #1: You Need an Expensive Home Lab to Succeed
One of the most common pieces of advice you'll hear is that you need a home lab to succeed in cybersecurity. While the idea of building a home lab has some merit, it’s far from a necessity. There’s a prevalent belief that you need to drop thousands of dollars on high-end computers, routers, and servers to practice cybersecurity skills. This simply isn’t true.
Let me be clear: you absolutely need to practice your skills. However, the notion that you need to buy expensive hardware to do so is outdated. Thanks to modern platforms like TryHackMe and HackTheBox, you can gain hands-on experience with very little financial investment. These platforms offer cloud-based labs, such as HackTheBox’s Pwnbox or TryHackMe’s AttackBox, where you can dive into learning directly through a web browser. These environments are fully isolated and allow you to work on cybersecurity challenges without the need for any local setup.
For the price of a subscription (which is far cheaper than a $3,000 gaming PC), you can access all the learning material and labs you need to build real-world skills. So, while having a home lab can be a nice luxury, it’s absolutely not required to learn hacking or cybersecurity.
Myth #2: The Cybersecurity Skills Shortage
You’ve probably heard reports about a massive cybersecurity skills shortage. There’s no shortage of articles claiming millions of unfilled cybersecurity jobs, creating a gold rush of opportunities. Unfortunately, this doesn’t reflect the reality of the job market, particularly in the United States.
While the UK and Europe seem to have a growing number of opportunities, the US cybersecurity job market is a different story. I recently conducted a job search, and I can tell you firsthand that finding a good cybersecurity position is far from easy. It's not just me—many well-qualified individuals are struggling to land jobs.
There are several factors contributing to this situation:
Economic downturn: The overall job market is suffering, and that includes cybersecurity. The economy is in a tough spot, and companies are tightening their budgets, leading to fewer job openings.
Unrealistic hiring expectations: Employers are setting absurdly high bars for entry. It’s common to see requirements such as five years of experience, a dozen certifications, and advanced degrees for entry-level positions. For those trying to break in, it’s a massive barrier.
Salary stagnation: Many companies are offering lower-than-expected salaries for roles that require extensive experience and certifications. As a result, while there may be a "skills shortage" on paper, companies aren't willing to pay for the talent they’re seeking.
All of these factors combine to create a challenging environment for job seekers, especially those looking for their first cybersecurity role. While there may be opportunities out there, the market is much tighter than the headlines suggest.
Myth #3: One Certification or Degree Equals Six Figures
If you’ve watched YouTube videos or read articles claiming you can earn six figures after taking one certification or degree course in cybersecurity, let me tell you—that’s simply not true. It’s a myth that has been perpetuated by various content creators and training companies, promising fast results to attract more viewers or customers.
While it’s possible to earn six figures in cybersecurity, it’s unlikely to happen quickly. The reality is that building the skills, experience, and professional network necessary to command a six-figure salary takes years. One course or certification won’t be enough.
Even with multiple certifications and years of experience, I can tell you from my own journey that it’s a long and difficult road. For example, I hold 13 certifications, including the coveted OSCP (OffSec Certified Professional), and have six years of hands-on experience, but I still faced rejection from many potential employers. While you might see quick success stories floating around the internet, the truth is that most people need to work in the field for several years before hitting that six-figure mark.
If you’re committed to a cybersecurity career, understand that it’s a long-term investment, and the path to high salaries is a marathon, not a sprint.
Myth #4: You Don’t Need Technical Skills to Work in Cybersecurity
One of the more dangerous myths circulating in the industry is that you can have a successful career in cybersecurity without technical skills. This notion has been amplified by people claiming that "soft skills" are all you need to succeed. While communication and interpersonal skills are important, technical skills are king in cybersecurity.
When applying for cybersecurity jobs, almost every job posting will list technical competencies as key requirements. Employers are looking for candidates who have hands-on experience configuring routers, analyzing logs, setting up firewalls, and (especially for pentesters) gaining access to secure environments (known as "popping a shell").
Cybersecurity is a field grounded in technology. If you don’t have a strong technical foundation, it will be extremely difficult to land a job. In fact, it’s rare to find a job in cybersecurity that doesn’t require at least some technical expertise. Yes, soft skills are important too—you need them to succeed in any career. But without technical skills, your resume will likely be overlooked.
If you’re just starting out, focus on gaining as much technical experience as possible. Use platforms like HackTheBox and TryHackMe to hone your skills, and take detailed notes as you learn. Document your journey, share your experiences, and keep improving both your technical and soft skills. This will give you the best shot at breaking into the field.
Final Thoughts: Breaking Into Cybersecurity in 2024 and Beyond
Cybersecurity is a challenging but rewarding field. It’s full of opportunity but also full of hurdles. The job market is competitive, the standards are high, and the path to success is long. However, despite the difficulties, it’s still possible to break into the industry with persistence and dedication.
Don’t be discouraged by the myths floating around out there. You don’t need expensive hardware to practice, the job market isn’t as rosy as it’s made out to be, and success won’t come overnight. But if you focus on building both your technical and soft skills, stay persistent, and keep learning, you’ll position yourself to succeed in the field.
If you found this post helpful, I’d appreciate it if you could share it with others. Let’s debunk these myths together and help more people navigate the cybersecurity journey the right way!
Thanks for reading, and as always—stay curious and keep hacking.