Cybersecurity is one of the few tech fields where the industry itself has largely moved past the degree requirement. The shortage of security professionals is so acute — an estimated 3.5 million unfilled cybersecurity jobs globally — that employers have had to accept that waiting for CS graduates is not a viable hiring strategy. Certifications, home labs, and demonstrated skills now routinely get people hired without a four-year degree.
Degrees are nice, certifications get you hired
The CompTIA certification pathway is the most widely recognized on-ramp into cybersecurity for career changers. The recommended progression is A+ (foundational IT knowledge) followed by Network+ (networking fundamentals) followed by Security+ (the credential that most entry-level security job descriptions list as a minimum requirement or equivalent). Security+ is vendor-neutral, globally recognized, and required by the US Department of Defense for security roles — which means it carries weight far beyond government jobs. The typical timeline from zero to Security+ is six to nine months of part-time study.
Why the home lab matters more than a degree
Employers in cybersecurity want proof of hands-on capability — and a home lab provides it in a way a transcript cannot. A home lab does not need to be expensive. A spare laptop running virtualization software (VirtualBox is free) and a handful of intentionally vulnerable virtual machines gives you an environment where you can practice real attack and defense techniques safely. Document everything: what you tried, what you found, what you learned. That documentation becomes your portfolio.
TryHackMe and Hack The Box for practice
TryHackMe is the best starting point for absolute beginners — guided rooms, clear progression, and a browser-based lab environment that requires no local setup. Work through the Pre-Security and SOC Level 1 paths to build a strong foundation. Hack The Box is harder and less guided, but completing machines on HTB is a recognized signal of practical skill that shows up well in interviews. Both platforms give you shareable achievement records you can include in your portfolio.
Salary trajectory: SOC analyst to CISO is a clear path
The entry point for most career changers is a SOC (Security Operations Center) Analyst role, which pays $55,000 to $75,000 and provides exposure to real security events, tooling, and incident response. From SOC Analyst, the path forks: Security Engineer ($90,000–$130,000), Penetration Tester ($100,000–$150,000), or Security Architect ($130,000–$180,000+). The long-term track for people who want leadership leads to CISO — one of the highest-paying C-suite roles at many companies. The field rewards specialization and continuous certification, and the demand ceiling is not in sight.
Explore the cybersecurity role track on NewRoleKit for a structured path from CompTIA A+ through Security+ with portfolio milestones at every stage.