// Cyber Breakers
> How I broke into cybersecurity. And how you can too.
The field guide I hand to anyone who asks me how to get into cybersecurity.
// Purpose of this guide
Countless friends and colleagues have asked me how to break into cybersecurity. I'd give them the same set of advice every time. This guide is that conversation, written down.
It reflects years working across personal security consulting, SOC analysis, GRC, security engineering, detection engineering, security sales engineering, and senior solutions architecture.
This is not the only way into the industry. It's what I've seen work for me and for the people I've helped get hired.
This guide is free and it stays free. Drop your email and I'll send you the file, plus a short series on the resume framing and break-in mistakes that didn't fit here. No spam, and your email stays with me.
// Chapter 01
I didn't break into cybersecurity through a traditional path. I was in a psychology program, building computers, mind wandering as I screwed in motherboards.
I wanted to figure out how computers actually worked, not just the physical layer I was used to, but all of the layers.
I found a local IT recruiter who wanted to land me a new role. We talked about what interested me. At that point, my mind was made up: cybersecurity.
After a year of constant interviewing and resume tweaking, I landed a job as a networking associate at an ISP. Not cybersecurity, but networking fundamentals are crucial. I was happy to see progress.
Two days after my start date, the same recruiter called with an opportunity. A contracted personal security consultant role at a Managed Security Services Provider (MSSP). I had no idea what an MSSP was. But I knew this was the break.
A few months in, the MSSP offered me a SOC analyst internship. After completing it, I was given a choice: night-shift SOC analyst, or GRC analyst plus continued consulting work.
Most practitioners I know would have taken the analyst role for the hands-on tooling. I chose the latter. I loved consulting. I did not love the idea of night shift.
As a GRC analyst, I shadowed the security engineers, asked a ton of questions, and eventually got pulled onto the engineering team. I learned the security tools, sat in on executive conversations, and led war rooms during incident response.
Then I started shadowing the VP of Sales — cold calls, sales agreements, pre-sales calls. My passion for pre-sales grew. I loved helping people find security solutions that genuinely protected them.
I pivoted to sales engineering at a new MSSP, grew into a senior sales engineering role, and continue to do that at an AI startup today.
// Chapter 02
If I were starting over today, I'd focus heavily on the fundamentals of computing and networking. The exciting stuff in cyber gets attention. Fundamentals get you hired.
Fundamentals transfer across every role. They'll get you into the industry far sooner than chasing advanced or highly specialized topics (malware research, detection engineering, cloud architecting, bug bounty).
One approach: start with the Open Systems Interconnection (OSI) model. It helps visualize how communication between computing systems actually works.
Less about hardware specifics, more about understanding that traffic has to move reliably from one place to another. Segmentation, VLANs, basic switching — these explain why some traffic is visible and why some isn't. Helps when troubleshooting blind spots in security tooling.
Understanding IP addressing, routing, and how traffic moves between networks is foundational. Recognizing internal vs. external traffic, interpreting subnets, identifying routing paths — this makes logs and alerts far easier to correlate.
How TCP and UDP behave is more valuable than memorizing port numbers (though 80, 443, and 22 — HTTP, HTTPS, SSH — are worth knowing). Knowing how sessions are established, how they fail, and what normal looks like helps you tell malicious activity from misconfig.
These feel abstract but they show up in authentication flows, encrypted comms, and how data is formatted in transit. Supports identity systems, secure comms, and access troubleshooting.
Where security activity becomes most visible. How applications behave, how APIs communicate, how services generate logs. Most alerts originate here, even when the root cause is several layers below.
Authentication vs. authorization. How SSO works. Why MFA matters. These show up early and often.
Identity decisions drive access, visibility, and the quality of your security telemetry. When identity is poorly understood, detections become noisier and investigations become harder.
One of the most important skills to develop early: understanding how logs fit together, and using telemetry for correlation.
Individual log entries rarely tell the full story. What matters is correlation. A single event might be benign — but combined with others, or enriched with telemetry, it can mean something serious.
Strong practitioners don't just look at alerts. They ask:
When something doesn't make sense, research it. Review documentation. Look up log fields. Validate assumptions. Curiosity and follow-through are what turn raw logs into meaningful, actionable alerts.
Confidentiality, Integrity, Availability. A useful mental model for grounding security decisions.
It's not academic. This framework helps explain why controls exist and what tradeoffs they introduce.
Understanding how attackers typically get in grounds everything you're learning. The threat landscape evolves, but certain patterns show up repeatedly in real incidents.
For years, this was the loudest threat. Attackers would:
This shaped a lot of early detection logic.
More recently, phishing and credential theft are the most prevalent initial access techniques. Attackers use:
Once credentials are compromised, attackers typically:
Knowing which attack paths are currently prevalent helps you in two ways:
// Chapter 03
Security decisions are almost always driven by how an organization understands and tolerates risk. Not by how cool a tool is.
Early on, it's easy to think of security in terms of vulnerabilities, tools, and alerts. Over time, you'll see that the real conversation is about risk tolerance.
At a basic level, risk is the relationship between:
Most organizations focus on:
As I explored security roles, I realized each part of the business owns some piece of risk. The human element will always be the greatest risk to an organization. Phishing. Credentials in public GitHub repos. Social engineering. Data theft by disgruntled employees. The user is at the core.
This helps explain things that confuse most early-career security folks:
Security teams are not the ultimate owners of risk. They're advisors. The business owns the data and decides how much risk it's willing to accept.
Understanding how risk is framed makes it easier to communicate findings to non-technical stakeholders, prioritize work without frustration, and understand why security tools get bought, implemented, and sometimes underutilized.
This perspective has been especially valuable in consulting, GRC, and presales roles — where success depends on aligning recommendations with business priorities, not technical ideals.
// Chapter 04
Entry-level candidates succeed when they focus on skills that map directly to day-to-day security work.
These are the basis of every environment you'll work in. They consistently show up as the "why" behind security events and detections.
// Chapter 05
Credibility is built before you land your first cybersecurity job. The work you do now decides what doors open later.
// Things that help
// Things that don't
I've reviewed dozens of resumes. The ones that stand out aren't the ones with the longest tool lists. They're the ones that say:
// Resume bullet that worked
"Built a home lab to simulate a Windows Active Directory environment. Configured Sysmon logging and forwarded events to a Splunk instance. Wrote basic detection rules for unauthorized access."
// Chapter 06
Certifications are strategic signals, not automatic requirements. Most teams I've worked with pay for the advanced certs once you've already proven value on the job.
// Path A
Person gets Security+ as their only cert. Struggles to find an entry-level analyst role. Spends months sending applications into the void.
// Path B
Person gains hands-on experience with a home lab, joins LinkedIn and Discord groups, researches entry-level SOC positions, promises to get Security+ during onboarding. Gets hired.
The second person understood: certifications are tools, not substitutes for understanding. Cybersecurity isn't just knowing concepts — it's demonstrating and applying them to prove you can be trusted with sensitive data.
This guide is free and it stays free. Drop your email and I'll send you the file, plus a short series on the resume framing and break-in mistakes that didn't fit here. No spam, and your email stays with me.
// Chapter 07
Strong resumes act as risk-reduction documents. They tell hiring managers: this person communicates clearly, can be trusted with sensitive data, and reduces overall risk.
// Resumes that perform
// Resumes that struggle
// Weak
"Responsible for managing IT tickets."
// Strong
"Supported business objectives of reducing risk exposure by hardening systems by 40% and documenting changes in the ticketing system."
The second is clear, measurable, and shows impact.
Pull from adjacent experience:
I've helped people get hired from each of these backgrounds and many more. What mattered: interest, ability to think critically, and willingness to learn quickly.
// Chapter 08
Interviews are rarely about trivia. They're about how you think and how you communicate.
Say so. Clearly. Then show your thought process. Humility and curiosity beat fake confidence every time.
Recruiters are valuable allies when the relationship is professional and transparent.
What helps:
The recruiters who helped me most were the ones I built relationships with over time. I'd check in every few months, even when I wasn't job hunting. I'd ask about market trends. I'd refer candidates to them.
When I was ready to move, they had roles for me before they hit job boards.
// Chapter 09
Soft skills consistently influenced long-term success more than any technical skill across all the roles I've had.
A team I knew wanted new security tooling but couldn't find budget. After a security assessment, we identified gaps and mapped them to the new tool's coverage. They had two options:
They went with option 2. Scheduled a call with the CFO and CISO. Said:
The CFO understood immediately. They got budget approval that day.
What I learned: technical accuracy matters. But if you can't translate it into business impact, it doesn't move forward.
During a ransomware incident response at an MSSP client, I watched a senior analyst get flustered when the client's CEO kept interrupting. The call turned chaotic.
I learned from that. In later incidents, I structured updates like this:
// Chapter 10
Strong security practitioners are driven more by curiosity than credentials. The ones who go furthest are usually the ones who can't help being curious.
Many people benefit from exploring multiple areas (SOC analyst, detection engineer, compliance, cloud engineer, app sec engineer) before finding what fits.
People who succeed long-term genuinely enjoy the work. If you don't find yourself reading security blogs for fun, or thinking "I wonder how that attack worked" when you see a breach in the news, that's okay. Not everyone needs to be obsessed. But the people who go furthest are usually the ones who are.
// Chapter 11
Many cybersecurity careers begin because one person was willing to take a chance. Mine was one of them.
A COO at a small MSSP saw potential in me and gave me the space to work hard and prove my value. As I gained experience, I was given more responsibility, allowed to explore different aspects of cyber, and ultimately ended up where I wanted to be.
I networked. I chose mentors who helped me on my journey. I made friends with customers and fellow employees who went to bat for me in meetings I wasn't privy to. That led to promotions, raises, and career moves until I was satisfied with my path.
I'm incredibly motivated to do this for others, because so many did it for me.
Once I was working in the field, I made a point to reach out to people doing work I found interesting — detection engineers, SOC managers, threat hunters.
Most people said yes to a 20-minute chat. Some became short-term mentors. Others became close friends.
One detection engineer mentored me with everything he knew, gave me feedback on detection logic I was writing, and eventually referred me to a role at a different company. We're still friends today.
// Chapter 12
Three patterns I've watched derail otherwise capable people. Avoid them and you're ahead of most candidates.
I've seen people spend $3,000 on an advanced/niche certification before they had their first security job. Then they couldn't explain in interviews why that cert mattered or what problems it would help them solve.
I've watched people try to:
Then they burn out and quit before landing their first role. Focus on fundamentals, then depth in a few areas. Surface-level knowledge of everything beats nothing.
People tell me "I don't have cybersecurity experience" while they've spent years:
// Chapter 13
You will feel overwhelmed. That's normal. Here's how to make the most of the period where everything feels like drinking from a fire hose.
In my first SOC role, I barely understood half of what people were saying in meetings. SIEM queries. Detection logic. Threat intel feeds. It all felt like an avalanche.
That's expected. No one expects you to know everything on day one.
// Ask when
// Don't ask when
Good judgment about when to escalate is one of the most valuable skills in security operations.
// Final thoughts
You need to be honest, persistent, and willing to grow. The cybersecurity community needs more people like that.
I hope this guide was helpful. This was my lived experience. I want to give back to the community that gave me so much. My work in cybersecurity is interesting, fulfilling, and a joyful part of my life.
This guide is free and it stays free. Drop your email and I'll send you the file, plus a short series on the resume framing and break-in mistakes that didn't fit here. No spam, and your email stays with me.
If this guide helped, the next step is built for exactly what you'd do next. Everything lives at cyberbreakers.com.
The complete 90-day system. Fundamentals that get you hired, the home lab that gets interviews, the full resume system, recruiter relationships, and interview preparation built on reasoning. Week-by-week checklist included.
The résumé is not a biography. It is a risk-reduction document. The framing, the rules, the weak vs. strong rewrites, and the fill-in template itself. Six years in the seat distilled into one page.
LinkedIn: linkedin.com/in/nicholasgibsonprofile
Site: cyberbreakers.com
// About the author
M.S. Cybersecurity Management. Six years across SOC operations, detection engineering, GRC, personal security consulting, presales solutions engineering, and enterprise security architecture.
Specializes in helping organizations design detection strategies, implement security programs, and build effective security operations. Currently Senior Sales Engineer at Anvilogic, where he's influenced over $15M in pipeline.
Transitioned into cybersecurity from a background in psychology — bringing a unique perspective on how people learn, communicate, and build careers in technical fields. Passionate about mentoring newcomers and making cybersecurity more accessible to anyone willing to learn.
// Reference
Every acronym, tool, and concept used in this guide. Bookmark it.
// Thank you for reading
If this guide changed how you think about getting into cyber, share it. That's how this community grows.