Zero to Hero
with Moe
← Back to Blog
Cybersecurity CareersJuly 2025· 10 min read

How to Transition from IT Support to Cybersecurity (UK): A Realistic Step-by-Step Guide

You're stuck in help desk hell. Resetting passwords, restarting laptops, fielding the same questions from the same people every day. You're competent at what you do — but you know it's not your future.

Cybersecurity keeps calling to you. The salary is better. The work feels meaningful. But you're staring at job postings that seem to ask for the world: "5+ years experience required," "Security+ mandatory," "SIEM expertise needed." You're wondering if the jump is even possible.

Here's the truth: It is. And you're already closer than you think.

Your IT support background isn't a weakness — it's your foundation. In this guide, I'll show you the exact path from help desk to security role, with realistic timelines, the certifications that actually matter, and the job search strategy that gets you hired.

Why IT Support Is Actually the Perfect Foundation

Before we go further, let's demolish the myth that help desk experience doesn't count.

Employers hiring junior security roles don't care that you answered 50 tickets today. They care that you:

  • Understand ticketing systems — which means you grasp incident workflow, escalation, and documentation (the foundation of incident response)
  • Know basic networking and systems — you've seen Active Directory, DNS, firewalls, and user permissions from the user side; now you'll see them from the defender side
  • Can communicate clearly — help desk is constant explanation; security roles need people who can translate technical risk into business language
  • Handle pressure and repetition — you've done it; security is the same, just with higher stakes

The jump isn't from "nothing" to "security expert." It's from "support" to "specialist," and that's a very different climb.

The 3 Most Common Transition Paths

There's no single route. Your next move depends on what part of cybersecurity appeals to you.

Path 1: Help Desk → Security Analyst (GRC/Risk Focus)

Timeline: 6–9 months
Effort: Low–medium
Best if: You like process, policy, and working with business teams

This is the easiest jump. Security analysts in GRC (Governance, Risk, Compliance) roles spend time on vulnerability assessments, compliance documentation, risk registers, and vendor security reviews.

What you need: CompTIA Security+, one portfolio project, and understanding of common frameworks (NIST, CIS Controls).

Salary entry point: £28–32K (London)

Path 2: Help Desk → Infrastructure Security (Systems/Network Focus)

Timeline: 9–12 months
Effort: Medium
Best if: You like hands-on technical work and have some sysadmin or networking exposure

If you've touched Active Directory, firewalls, or VPNs during your help desk tenure, this path might suit you. Infrastructure security roles involve hardening servers, managing firewalls, Active Directory access control, and patch management.

Salary entry point: £30–35K (London)

Path 3: Help Desk → SOC Analyst (Incident Response Focus)

Timeline: 8–10 months
Effort: Medium–high
Best if: You like problem-solving, pattern recognition, and 24/7 shift work

This is the "sexiest" route but also the most hands-on. SOC analysts monitor security alerts, investigate incidents, and respond to threats using SIEM tools.

Salary entry point: £28–35K (London)

The Certifications That Actually Matter (In This Order)

Here's where most help desk staff get confused: they assume they need all the certs. Wrong. You need two.

1. CompTIA Security+ (Mandatory)

Cost: £240 (exam only; study free on YouTube)
Time: 6–8 weeks if you focus
What it proves: You understand the fundamentals — encryption, protocols, risk management, incident response

This cert is non-negotiable. It's DoD 8570 mandated, widely recognized, and carries real salary impact (£28K → £33K typical).

Don't overthink it. Study 1–2 hours daily for 8 weeks and pass. You're not trying to become an expert — you're proving baseline competence.

2. A Specialized Cert (Based on Your Path)

After Security+, pick one based on your chosen path. Don't collect certs. Get one, use it to land a job, then learn on the job.

Build Evidence Fast (Home Lab Setup)

Certifications open doors. Home labs prove you can actually do the work.

An employer will choose someone with no certs + a polished home lab on GitHub over two certs + no practical proof.

For GRC: Set up a small network, document a vulnerability assessment, create a simple risk register. For Infrastructure: Set up a Linux/Windows lab, harden a system, document every step. For SOC: Install Graylog or ELK, generate traffic, create detection rules.

All of this is free. All of it looks impressive to employers.

Job Search Strategy: How to Actually Get Hired

Applying to 50 jobs and getting ghosted? You're doing it wrong.

Step 1: Target the Right Companies

Don't apply to Goldman Sachs for your first security role. Target Managed Service Providers, mid-market companies (50–500 people), and startups in fintech/healthtech. They hire junior analysts constantly and can't attract experienced talent.

Step 2: Tailor Your CV and Cover Letter

Translate help desk experience into security language. "Resolved 100+ support tickets per week" becomes "Diagnosed and resolved technical issues for 200+ users, following incident workflow and documentation standards."

Step 3: The Cover Letter Hook

Answer one question: Why are you switching to security? Be honest, specific, and show you've thought it through.

Step 4: Apply with Realistic Expectations

Apply to 5–10 roles per week (not 50). Customize each application. Expect 10–15 applications before your first interview.

Timeline & Reality Check

Conservative timeline: 12–15 months (8 weeks cert, 4 weeks portfolio, 4–8 weeks job search)

Aggressive timeline: 6–9 months (you study hard, already know basic networking)

Realistic timeline: 10–12 months

The difference between "fast" and "slow" isn't talent. It's consistency. Study 1–2 hours daily, and you're fast. Study whenever you feel like it, and you're slow.

What's Next?

You now know the path. The question is: Which path calls to you?

Once you pick, the next step is always the same: Get Security+ and build a portfolio.

If you want a done-for-you roadmap, the Cybersecurity Career Jump guide walks you through each path in detail, with specific resources, timelines, and the exact home lab setups that get employers calling.

Or start today. Pick Security+. Tell yourself you'll study for 45 minutes before work every morning. See where you are in 8 weeks.

Either way, the jump is possible. You're closer than you think.

Go deeper

Cybersecurity Career Jump

Complete roadmap: 3 career paths, certifications, home labs, and job search strategy.

Get the guide →

Keep reading

Cybersecurity Careers

How to Get into Cybersecurity in the UK: A Realistic Step-by-Step Guide

Job Search

The 7 AI Tools That Are Changing the Job Search in 2025 (And How to Use Them Together)