Most people aiming for a career in cybersecurity will find difficulty getting past the experience requirements. Certainly in my experience, hiring managers were happy to take the easy route when making the final decision. They will take someone who has experience over someone who doesn't 99 times out of 100.

How do we get over the experience wall? This section will cover some of the things that you can do to show determination, aptitude, hustle and adaptability as a problem solver.

When I came up against the experience wall, I looked at ways that I could get hands-on experience. As someone who had been self-employed before, I knew that it was possible it sorry it was possible to get someone to pay for your knowledge even if you don't have much experience. People and companies pay for simple solutions to problems.

I had all this knowledge from the training courses and certifications. I looked at the security frameworks companies are using in the UK, and I picked the easiest one to implement. It's called Cyber Essentials and it only has five requirements.

I've read about these requirements and set about writing a gap analysis check sheet that walks people through the things that they need to do, and then I wrote another document that walks them through some security best practices and how to implement them.

I set up a website and started to network with small business owners and other people within the industry. It wasn't long until I got the chance to help my first company implement the framework. It takes problem-solving, thinking outside the box, and actual belief in yourself. If you don't believe in your ability to complete the task, you'll never sell that to an employer or business owner.

You don't have to do what I did, but you do have to show experience. A great way of doing that is, to use skills gained in previous employment that you might not have thought about.

Relate your past experiences to cybersecurity.

There are obvious things like customer service skills, conflict resolution, presenting and report writing, but think a little harder. Did you do anything related to data protection? Did you handle data subject access requests? Were your teacher or a yoga instructor? You'd be awesome at teaching cybersecurity awareness. These things are a small part of what we do in cybersecurity. Think outside of the box, and you might find related bullet points for your CV.

Lean on your soft skills.

Did you work in retail or hospitality? You're a customer service master. Did you work in sales?

Why not work in cyber sales? If you want to do something like GRC, those communication skills are perfect for auditors and security awareness instructors.

Analyze the job descriptions for current listings. What skills are they asking for?

Make a spreadsheet. Start working on those skills. Get certifications if you can, or show experience in another way.

Here are three examples of spreadsheets that you can make. Pause to read.

This one is for GRC analysts. Have you already got these skills? If you're lacking a few find ways to get them.

This one is for IT governance. It's very similar, but you get the idea. Break it down, analyze it against your current skill set and make a plan to move forward.

This one is for Security Awareness Training. Much more suitable for people with great people skills but not requiring in-depth technical skills or an understanding of computer languages.

There are many roles. If you're struggling to get a SOC analyst job or a PenTesters job, think about the other options.

Networking is the absolute best way to find jobs within the industry. More than 50% of jobs are never advertised publicly. Build your network on LinkedIn of people within security roles for companies that you would like to work for. Don't just send them a request. Interact with them, comment on their posts, send them a message if it's relevant to their content and state why that you'd love to connect with them. If you've interacted with them you send a message, they are far more likely to respond.

Once you have connected with these people, build a relationship with them. Once you have that relationship, ask if they would mentor you. If they accept, they'll be able to guide you on things that you need to do to improve your opportunities. They know what is required and if they are good, they'll be able to focus your direction and help you determine where you need to improve.

Cybersecurity is a massive industry, and each day there is some new vulnerability or incident. It requires additional self-study or learning outside of your normal job. As professionals, we need to keep abreast of what is going on. Use your free time to study and keep up to date on these changes. A great way to show that you are determined to get a job in cyber is to complete side projects.

Companies love it when candidates are doing everything they can. Think of this example. You've got 3 candidates. All three have the same degree and certifications. The first has no side projects, the second has a home lab. The third has a home lab and a GitHub with examples of the work. They've contributed to an open source project they write monthly in a blog about things that they've learned and they moderate for a community group.

Which one would you give the opportunity to?

I see it time and time again. The people who are announcing their new job are the ones who are going above and beyond with the things that they are doing outside of the standard learning. There's something special that happens when you start contributing to the industry.

A weekly LinkedIn post breaking down a security framework, a blog about Hardening your home network, and a breakdown of a room on hack the box.

When you start to give back to the community, your network gets bigger. People realize that you're the real deal and you have the skills to back it up. A LinkedIn review is the first thing hiring managers do before they invite people for an interview.

Show you are helping others and it goes a long way when they are choosing which of the candidates that they would rather work with.