Hey everyone, Luke here!

Hope you had a lovely festive period and happy new year! As we kick off 2026, I want to start the year by addressing the question I get asked more than any other: "How do I actually break into cybersecurity?"

If that's been on your mind, you're in the right place. Let’s get started!

If I had to start my cybersecurity career from absolute zero in 2026, knowing everything I know now as a recruiter, this is exactly what I'd do.

This video provides straightforward advice for cybersecurity beginners, helping you navigate how to get into cybersecurity and secure those crucial cybersecurity jobs. We'll cover the essential cybersecurity skills and outline a clear cybersecurity roadmap to avoid common pitfalls and achieve your career goals.

The 6-Month Roadmap Breakdown:

Months 1-2: Map your path and build IT fundamentals (focus on networking with Network+)

Month 2: Get hands-on with home labs and TryHackMe

Month 3: Join the community and build real connections

Month 4: Get certified smart (Security+ as your foundation)

Months 5-6: Apply strategically and land your first role

AI skills are no longer optional—they’re essential for staying competitive in today’s workforce. Now you can earn a fully accredited Master of Science in Artificial Intelligence from the Udacity Institute of AI and Technology, awarded by Woolf, an accredited higher education institution.

This 100% online, flexible program is designed for working professionals and can be completed for under $5,000. You’ll build deep, practical expertise in modern AI, machine learning, generative models, and production deployment through real-world projects that demonstrate job-ready skills.

Learn on your schedule, apply what you build immediately, and graduate with a credential that signals serious AI capability. This is one of the most accessible ways to earn a graduate-level AI degree and accelerate your career.

Learn More

Here's what most people get wrong: they jump straight to cybersecurity without understanding IT fundamentals. Your journey should start with networking knowledge. Understanding the OSI model, TCP/IP, and how networks actually work is non-negotiable.

Action Step: Use Professor Messer's free Network+ course as your structured learning guide. You don't need to sit the exam immediately, but the knowledge itself is essential.

The candidates who get interviews aren't just certified, they have portfolios. Set up a home lab using VirtualBox, work through TryHackMe rooms, and document everything on GitHub.

Why this matters: When I'm hiring, I see hundreds of resumes that say "CompTIA Security+ certified." But the person with a GitHub showing three hands-on projects? That person gets the interview every time.

Here's a stat that might surprise you: 70% of jobs are never publicly advertised. They're filled through referrals and internal networks before they hit job boards.

Pro tip: Connect strategically on LinkedIn, attend BSides and OWASP meetups, and conduct informational interviews. The cybersecurity community is one of the most welcoming I've seen, you just need to show up.

One of the most common questions I get is: "Which certifications should I pursue first?" Here's my honest take based on what actually gets people hired:

Start with CompTIA Network+

Before diving into cybersecurity, you need to understand how networks function. Every cyberattack happens across a network, so this knowledge is foundational. Network+ covers the OSI model, TCP/IP protocols, subnetting, and network security concepts.

Why start here? Because you can't protect what you don't understand. When you move into security roles, you'll need to analyse traffic, investigate incidents, and configure security controls, all of which require solid networking knowledge.

Then pursue CompTIA Security+

Security+ is the gold standard entry-level certification in cybersecurity. It's globally recognised, covers security fundamentals across different domains, and it's what hiring managers look for when screening candidates.

Security+ validates that you understand:

Why this matters: It's vendor-neutral, meaning the knowledge applies everywhere, whether you end up in cloud security, GRC, or SOC work. After 14 years in recruitment, I can tell you: Security+ opens doors.

If you're completely new to IT and want a gentler introduction, the Google Cybersecurity Professional Certificate is worth considering. It's designed for absolute beginners and provides a broad overview of cybersecurity fundamentals through Coursera.

When to choose Google cert:

The reality check: While the Google certificate provides solid foundational knowledge, CompTIA Security+ carries more weight with employers in my experience. Think of the Google cert as a stepping stone that can lead you to Network+ and Security+, rather than a replacement.

If you're serious about breaking into cybersecurity and have some basic IT understanding, go straight for Network+ followed by Security+. This combination is what I see consistently land people their first SOC analyst, security analyst, or GRC analyst roles.

If you're completely new and unsure, start with the Google certificate to test the waters, then commit to the CompTIA path when you're ready.

As we move into 2026, the cybersecurity landscape is evolving rapidly. Here's what's shaping the job market this year:

AI isn't just hype anymore, it's becoming central to both attack and defence strategies. Companies are desperate for people who can secure AI systems, use AI for threat detection, and understand AI governance.

What this means for you: If you're 1-2 years into your cyber career, specialising in AI security could be your edge. CompTIA is even launching their new SecAI+ certification in February 2026 to address this gap.

Despite economic uncertainty, cybersecurity roles continue to grow. The global cybersecurity market is projected to reach $1 trillion annually by 2031, with thousands of unfilled positions in the U.S. alone.

Key areas of demand:

The shift to hybrid work has expanded the attack surface dramatically. This creates more opportunities for security professionals who understand endpoint protection, zero-trust architecture, and identity management.

If you're serious about breaking into cybersecurity in 2026:

The demand is there. The opportunities are real. You just need the right roadmap.

In the next edition, I'll be breaking down the new CompTIA SecAI+ certification launching in February, whether it's worth pursuing, who should take it, and how employers will actually value it.

Have questions about breaking into cybersecurity? Hit reply and let me know what you're struggling with. I read every email.

As always, keep levelling up your career and thanks for reading.

Best wishes
Luke Gough
Career Coach | Recruitment Specialist

P.S. Want a complete job search toolkit in your hands?

The Career Compass Playbook gives you ATS-friendly resume templates, LinkedIn optimisation checklists, interview Q&A worksheets, salary negotiation scripts, and a job application tracker, and much more, all for just AU$9.99. Get instant access and take control of your career.