You’ve made the decision. You want to break into cybersecurity, whether you’re coming from a different IT background or making a complete career change. You’ve watched videos, researched certifications, and read job postings. But one question keeps nagging at you: what do employers actually want to see?
The honest answer is more complex than “get your CompTIA Security+ certification”or “earn a bachelor’s degree.” Employers think in terms of risk. They invest in a junior candidate, and they want to know if that investment will pay off. This article explains how that selection process works and what you can do specifically to make the right impression as you enter the cybersecurity field.
The market in 2025–2026: high demand, but “ready-to-work” talent is in short supply
The demand for cybersecurity professionals in the Netherlands is growing steadily. Companies are facing stricter NIS2 requirements, an increasing number of incidents, and mounting compliance pressures. At the same time, one problem persists: there are too few junior professionals who can hit the ground running in a SOC, blue team, or security operations role from day one.
This creates a curious paradox. The market needs talent, but recruiters are selective. They receive dozens of applications from people looking to break into cybersecurity. Yet only a handful of candidates demonstrate that they are truly ready to contribute from day one.
That’s exactly the standard you should aim for.
What recruiters look for first in an entry-level cybersecurity candidate
When it comes to entry-level positions, there’s rarely time to thoroughly screen twenty candidates. Recruiters use quick filters. Here’s what the initial screening typically looks like:
- Education level: Bachelor's or Master's degree in an IT-related field, or a demonstrably equivalent level
- IT Fundamentals: Networking, Operating Systems, Cloud Fundamentals, Scripting
- Reasoned explanation: Why cybersecurity? Why now? And what have you done so far?
- Practical experience: labs, case studies, projects, internships, traineeships, or portfolios
- Communication skills: Can you report clearly, prioritize, and escalate issues?
This isn’t just a random list. It’s a risk assessment. Hiring a junior is an investment in someone who still has room to grow. Every hiring manager’s biggest fear: hiring someone who still can’t keep up after three months.
Degree or certificate: which carries more weight?
Many Dutch job postings explicitly require a bachelor's degree in Computer Science, Cybersecurity, Computer Engineering, or Network Engineering. Employers view this as an indicator that you can learn at the required level.
But that doesn’t mean it’s impossible to break into cybersecurity without a degree. Opportunities definitely exist—you just need to compensate for the lack of a degree. And you don’t do that by adding another certificate to your resume. You do it by demonstrating your skills. (Not sure which certificate is actually relevant? Read on to find out which cybersecurity certification you really need.)
Imagine this: two candidates are applying for the same junior SOC role. The first has a Security+ certification and nothing else of substance. The second has no formal degree but has spent three months working in a home lab, has documented a detailed incident response case, and can explain how he would triage a phishing alert. Who do you think will make it to the second round of interviews?
Three types of evidence employers look for when hiring entry-level cybersecurity professionals
If you understand how employers view an entry-level cybersecurity candidate, you’ll actually see three layers of evidence:
1. Formal qualifications: diplomas, certifications, and educational background. This is the minimum requirement. Without any formal qualifications, it becomes difficult, but this is only the beginning.
2. Practical experience: Scenarios, labs, projects, internships, or traineeships. This is where most career changers fall short. They focus on level one and completely overlook level two.
3. Evidence of behavior: Eagerness to learn, attention to detail, ability to handle pressure, and teamwork. These qualities are evident in interviews, assessments, and how you present your learning journey. A candidate who discusses a mistake they made in a practice scenario and what they learned from it will score higher here than someone who merely lists their successes.
Most rejected juniors don't fail at level one. They fail because they never built up levels two and three.
What employers really fear: the supervision problem
There is a specific reason why organizations are cautious about hiring junior candidates looking to break into cybersecurity, even if the position has been open for months. Senior staff are overwhelmed. Incidents, projects, compliance: there is little room for intensive mentoring.
A junior who asks for too much slows down the whole team. And that risk is very real if someone doesn't have a solid grasp of the basics.
Here’s what bothers hiring managers about entry-level cybersecurity candidates who lack solid preparation:
- Alerts are not prioritized properly, leading to incorrect escalations
- Reports are vague, causing other team members to waste time seeking clarification
- There is a lack of basic knowledge of networks or systems, which causes each ticket to take an unnecessarily long time to resolve
- The junior employee is overwhelmed by the chaos of a real-world work environment and quits within six months
If you understand this, you’ll also understand why scenario-based learning is so valuable—not as a marketing buzzword, but as a practical tool. Those who have already practiced in realistic situations significantly reduce this risk. We’ve written before about why theory falls short in incident response and why practical simulations make all the difference.
At Trivian, we design training programs and internships specifically around this concept. Our approach focuses on real-world scenarios, ensuring that the transition from the learning environment to the workplace is as seamless as possible. You can read about what this looks like in practice in the stories of our alumni. We are a partner in Security Delta (HSD), where the government, the education sector, and the business community collaborate to strengthen digital resilience in the Netherlands.
What Employers Say a Good Entry-Level Cybersecurity Training Program Should Look Like
A degree is valuable to employers if it meets a number of specific criteria. These are the four that come up most often in job interviews:
- Relevance to real-world tasks: triage, incident handling, log analysis, basic hardening, documentation
- Realistic exercises using tools: not just “What is an attack?” but “What do you do when the SOC detects this alert?”
- Guidance and feedback: so you learn to think like an analyst, not just watch videos
- Proven results: portfolio, assessments, specific skills, visible growth
A weekend course doesn’t meet any of these criteria. That’s not meant to be cynical. It’s just how employers think. They aren’t looking for a piece of paper. They’re looking for someone who can do the job. (See also: Is a cybersecurity boot camp enough to start working right away?)
Want to know which learning path is right for you? Take a look at the curriculum and structure of our program, or schedule a free consultation to discuss which track best suits your background.
The pitfalls that career changers often overlook
In conversations with recruiters and hiring managers in the Dutch cybersecurity market, the same mistakes keep cropping up among candidates trying to break into the cybersecurity field.
Specializing too quickly. Immediately declaring, “I want to do penetration testing” without a solid foundation in networking, identity, or logging. Employers see this as a red flag.
No evidence of results. No portfolio, no detailed case studies, no report on what you’ve learned. Motivation without evidence is just an unsubstantiated claim.
Unrealistic career choice. Wanting to become a “consultant” or “architect” right away without any junior-level experience. Start as a SOC analyst, blue team member, or in a security operations role, and build from there.
Not enough time invested. Cybersecurity is a field that requires in-depth knowledge. Anyone who thinks they’re ready after just a few weeks of training is underestimating what employers expect. Read here to find out what you’ll learn in a cybersecurity program that you’ll never learn from online courses.
Your recruiter checklist: What makes you “hireable”?
Let’s cut to the chase: these are the qualities that make you an attractive candidate as a new entrant to the job market.
- You can explain in a minute why you're making the switch—and why now
- You have a basic understanding of networking, identity, logging, and incident flow
- You have two or three detailed case studies that you can present or discuss
- You've learned to write up findings in a way that a team will want to read
- You demonstrate consistency: set study hours, a plan, milestones, and reflection
This is exactly where our scenario-based approach comes in handy. Not because it sounds more impressive on your resume, but because it brings your story and your evidence together. And that’s exactly what a recruiter is trying to assess.
A realistic learning path for your entry into cybersecurity
Not everyone has to follow the same path. However, there is a logical sequence that employers recognize and value.
Step 1: Get your IT foundation in order. Understand what you’re securing before you secure it. Networks, operating systems, cloud infrastructure: these are the building blocks of everything.
Step 2: Security fundamentals. Threats, logging, basic incident response, the MITRE ATT&CK framework. This is where your security mindset begins to take shape. According to the National Cyber Security Center, a broad foundation is essential before specialization becomes meaningful.
Step 3: Specialize in one area: SOC analyst, cloud security, GRC, or later, offensive security.
Consistency is more important than speed in this context. A learning path that aligns with your career goals and that you can clearly explain is more valuable than a collection of unrelated certificates with no overarching theme. Be sure to review the admission requirements and career opportunities after graduation to see what this learning path looks like in practice.
How to Make the Most of Your Education in Your Job Application
Listing an educational background on your resume takes just one line. The real value lies in how you use that information in interviews and cover letters.
- List two to four specific skills you’ve applied—not just “took a course”
- Write a brief case study: situation, action, result, what you learned
- Align your learning path with the job requirements step by step
- Practice your explanation: clear, concise, and free of unnecessary jargon
This is how you show how you think. And that’s exactly what hiring managers are trying to predict when they bring on a junior employee.
Ready to get started with your introduction to cybersecurity?
Motivation alone isn’t enough to get started in cybersecurity. It requires a learning path that employers recognize as relevant, practical, and applicable, as well as proof that you can already handle real-world situations.
At Trivian, we help you achieve this through scenario-based learning and a focus on the skills you need in the real world. Schedule a free consultation and find out which program best suits your background and goals.



