Want to get into Cybersecurity? Do THIS first (advice from someone with 18 years of experience in...
Cybersecurity is not an entry-level career — and in this video I explain why.
If you're thinking about taking an information security course, a cybersecurity technologist degree, or are already studying to enter the field, this video is for you. After 18 years working in information security and more than 25 years in IT, I want to show you the path that really works — and the mistakes that can stall your career before it even begins.
What you will learn in this video:
✅ Why cybersecurity courses as a first degree can be a bad idea
✅ What technical foundation you need before migrating to security
✅ The best paths for those who want to work with application security, DevSecOps, cloud security, or pentesting
✅ How to build a security portfolio that truly impresses recruiters
✅ Why the best security jobs don't appear on job sites
✅ How to identify and avoid the illusion sellers in the security field
Why most beginners get stuck at level 1:
Information security is an area that lives on top of other areas. You can't protect what you don't understand. Without a solid foundation in networks, operating systems, programming, and infrastructure, you'll arrive at a SOC, look at an IPS or SIEM alert, and not know what to do with it.
Professionals who went straight into security without this foundation spend years stuck in level 1 roles—triaging alerts, unable to evolve, without deeply understanding what they are monitoring. Meanwhile, those who built the right foundation grow much faster and access much better opportunities.
The alternative path — slower, but much more solid:
🔹 Application Security (AppSec): Start as a developer. Learn programming in practice. Study OWASP Top 10, SAST, DAST, threat modeling, and secure code review on your own. You will become a developer who truly understands security.
🔹 Cloud Security / DevSecOps / Infrastructure Security: Start as a SysAdmin, DevOps, or infrastructure engineer. Learn Linux, CI/CD, containers, Kubernetes, and cloud in practice. Study hardening, IAM, Kubernetes security, and cloud security policies on your own.
🔹 Penetration Testing / Red Team / Offensive Security: The foundation you need is networking, operating systems, and programming. Penetration testing without this foundation becomes just pressing buttons on an automated tool. Serious companies want professionals who understand what they are doing.
Topics covered in this video:
Cybersecurity Career | Information Security for Beginners | How to Get into Information Security | Is a Cybersecurity Technologist Degree Worth It? | Information Security Course | SOC Analyst | Application Security | AppSec | DevSecOps | Cloud Security | Penetration Testing for Beginners | Red Team | OWASP Top 10 | SIEM | IPS | Firewall | Kubernetes Security | Cloud Security | GCP Security | AWS Security | Linux for Security | Programming for Security | IT Portfolio | IT Career | Offensive Security | System Hardening | Cloud IAM | CI/CD Security | IT Professional | IT Job Market | Information Security Salary
About the channel:
Here you'll find technical content about information security, cloud computing, and Kubernetes — in Portuguese, without the fluff. Videos made by people who work in the field every day, with real experience in large technology companies.
🔔 Subscribe to the channel and turn on notifications so you don't miss the next videos!