I started Network Intelligence in 2001. I was 21 years old, a college dropout, no funding, no connections, no real roadmap. Just a deep curiosity about how systems could be broken and a stubbornness about building something of my own.
Twenty-five years later, NI has close to 500 people across India, the Middle East, and the US. And in that time I've interviewed hundreds of fresh graduates wanting to break into cybersecurity. Most of them made the same mistakes.
These are the ten things I wish someone had told them on day one.
1. Get the cert. Yes, really.
Everyone says certs are useless. They're partially right. Certs won't make you a good security professional. But they will get you past the HR filter, past the AI resume screener, and into the interview room. You can't demonstrate your skills if you never get the interview.
Security+ is a solid baseline. But cloud security certifications are stronger right now. AWS Security Specialty, AZ-500, GCP Professional Cloud Security Engineer. Every company is in the cloud. Every breach has a cloud dimension. Hiring managers know this. Get the cert. Then go learn the real stuff.
2. Go broad first.
This is where most advice gets it wrong. Everyone tells fresh grads to specialise immediately. I disagree.
Go broad first. Networks. Operating systems. Databases. Web applications. Cloud. And now, AI.
Security is fundamentally about understanding systems well enough to find the gaps in them. Systems don't exist in isolation. An analyst who can't connect the dots across layers is an analyst with a ceiling.
Build the foundation wide. Then go deep. In that order.
3. Then pick a lane and go deep.
Once you have that broad foundation, six months, a year, pick your lane. SOC analysis, penetration testing, cloud security, application security, threat intelligence, GRC, incident response. These are not the same job. They require different mindsets and different ways of thinking.
The generalist fresh grad is the easiest person to pass over. The person who is clearly building depth in one specific area stands out immediately, even at 22.
Broad first. Deep second. Both matter.
4. Build something. Anything.
A home lab. A CTF writeup. A GitHub repo. A script that automates something tedious.
Everyone has a resume. Everyone lists the same certifications and buzzwords. What separates you is evidence that you do this when nobody is watching.
A home lab tells me you are curious enough to break things on your own time. A writeup tells me you can think clearly and communicate what you found. That combination is rarer than you think, and it gets noticed.
5. Learn AI as a practitioner, not just a user.
I hear this from fresh grads constantly: will AI take my security job?
Wrong question.
AI will take the job of the security professional who refuses to engage with it. At Transilience, the people on my team who are thriving are the ones who leaned in. Our GRC people are now running pentests. Analysts are doing threat modeling they could not have touched two years ago. AI made that possible.
So learn how AI systems work. Learn how to use them in your workflow. And learn how to attack them, because AI security is the fastest growing segment in this entire industry. Prompt injection, RAG pipeline vulnerabilities, agentic AI threats. This is where the next decade of interesting security work lives.
6. The job might be in the comment section.
Not the applications portal. Not LinkedIn Easy Apply with four hundred other applicants.
The security community is smaller than it looks. People notice who is showing up with genuine insight versus who is just broadcasting their job search. A smart question on a LinkedIn post, a thoughtful comment on a security blog, a Reddit answer that shows you actually understand what you are talking about.
Be visible. In the right way.
7. Pick up a programming language. Seriously.
You do not need to be a software engineer. But you need to be able to read code, write a script, understand what a piece of malware is doing at a basic level.
Around 2010, I spent several days in the Saudi Telecom data centre writing Perl scripts to clean up firewall rules. Thousands of unused, redundant, overly permissive entries. The script was a mess of Perl and Excel and manual review. But the ability to automate that analysis, to write something that could sift through all of it, was the difference between a week of work and an hour.
Today with AI the barrier to building tools is dramatically lower. But you still need to understand what the tool is doing. Code literacy is non-negotiable. Not code mastery. Literacy.
8. Find a mentor. Then earn the relationship.
A good mentor is one of the highest-value things you can have early in your career. Here is the mistake most people make though. They approach potential mentors with "can you mentor me?" That is the wrong ask.
Show up first. Engage with their work. Ask a specific question about something they have published. Come to them with a problem you have already tried to solve yourself.
The mentors worth having are busy. They will invest in people who demonstrate seriousness before asking for anything. Earn the relationship first.
9. Expect the grind. Plan for it.
Your first year will be hard. Probably underpaid. Definitely underestimated. Likely overworked.
That is not a bug. That is the apprenticeship.
I have gone through two or three burnout cycles in my career. The times it happened, I had nothing outside of work to come back to. Find something. A hobby, a sport, something physical if you can. I climb mountains. It resets the brain in a way nothing else does.
The compounding in this career kicks in around year three. The people who make it are not the ones who avoided the grind. They are the ones who managed themselves well enough to stay in the game. Plan for the long run from day one.
10. Stay curious. Stay uncomfortable.
The single most predictive trait I have seen across 24 years.
Not the smartest people. Not the best degrees. Not the ones who interviewed best.
The ones who stayed curious.
This industry changes faster than almost any other. What was the hot attack vector in 2004 is table stakes today. What is niche today will be mainstream in three years. The people who thrive are the ones who are genuinely curious about how things work and genuinely comfortable not knowing the answer yet.
That curiosity is something no certification teaches. Either you are building it or you are not. Start now.
Closing thought
None of this is complicated. But very few people actually do all of it. Get the cert. Go broad. Then go deep. Build something. Learn AI properly. Be visible in the right places. Learn to code. Find a mentor and earn it. Manage yourself for the long run. And stay curious.
This is not a field where you figure it all out in year one. But it is a field where consistent effort compounds into something remarkable over time. I have seen it happen more times than I can count.
All the best. Go build.
