For creative generalists

You don't need to code to build a cybersecurity career.

Ten serious paths into the highest-paid corner of tech, mapped for writers, video editors, producers, and TikTok creators in Lagos and beyond. Salary ranges, certs, and one clear next step — by Friday.

Explore the 10 paths
10non-coding paths
0lines of code required
6–14months to break in

hover · click any path

scroll
01 — Foundations

Forget the hoodie.

Cybersecurity is the practice of protecting digital assets — data, systems, money, identity, reputation — from people who want to steal, destroy, or manipulate them. Most of it is not hacking. Most of it is writing, organising, talking to humans, and watching.

01 · Beyond the hoodie

What cybersecurity actually is

Forget the dark-room, hoodie-up movie image. Cybersecurity is the practice of protecting digital assets — data, systems, money, identity, and reputation — from people who want to steal, destroy, or manipulate them. It is the digital version of locks, security guards, fraud investigators, insurance, safety inspectors, and lawyers — except for things that live on phones, laptops, servers, and the internet.

Every time you log into a bank app, send a WhatsApp message, post on TikTok, or tap a POS in Lagos, multiple layers of cybersecurity quietly work in the background. It is no longer a niche IT job — banks, hospitals, telcos, fintechs, churches, NGOs, government agencies, and individual content creators with monetised accounts now need it.

The scale is enormous. Cybersecurity Ventures estimates global cybercrime will cost the world USD 10.5 trillion in 2025. IBM's Cost of a Data Breach Report 2024 puts the global average cost of a single breach at $4.88 million.

Crucially: cybersecurity is a wide field with both technical and non-technical roles. Curiosity matters more than a CS degree. Writers, video editors, producers, social-media natives, project managers, and lawyers all have a real seat at this table.

02 · The landscape

Who attacks, who defends, what's protected

Who attacks. Nation-states (Russia, China, North Korea, Iran, plus Western agencies) spy and sabotage. Organised crime runs ransomware and fraud as a business with HR and customer support. Hacktivists hack for politics. Insiders misuse legitimate access, sometimes for revenge, often by accident. Opportunists use ready-made tools at scale.

Who defends. In-house security teams (the SOC, the CISO's org). MSSPs that watch many clients 24/7. Consultancies (Big 4 and boutiques). Government agencies (Nigeria's NITDA, NDPC, ngCERT; CISA in the US, ENISA in the EU, NCSC in the UK). And the vendors who build the tools (Microsoft, Cisco, Palo Alto, CrowdStrike, IBM, Cloudflare, Fortinet).

What's protected. Data (customer records, health files, financial data). Money (bank accounts, wallets, cards). Identities (BVN, NIN, email, phone, biometrics). Infrastructure (power, telecoms, hospitals, transport). Reputation. Intellectual property.

Why it matters economically. GDPR fines reach €20m or 4% of global annual turnover. Nigeria's NDPA 2023 + GAID 2025 (effective 19 September 2025) reach ₦10m or 2% of annual gross revenue — the NDPC has already fined MultiChoice Nigeria ₦766.2m and (with FCCPC) Meta $220m.

03 · Red, blue, purple

Offensive vs Defensive

Red team (offensive) are ethical attackers paid to break in — penetration testers, red teamers, exploit developers, bug-bounty hunters.

Blue team (defensive) are the defenders who build, monitor, and respond — SOC analysts, incident responders, threat hunters, security engineers, detection engineers.

Purple team isn't a separate team but a way of working: red attacks, blue watches, both refine detections together.

Reality check. Offensive security gets the YouTube hype, but the overwhelming majority of cybersecurity jobs and budgets are defensive. Defence is also where the steadiest careers and clearest entry paths live.

04 · It's a spectrum

Technical vs non-technical

Cybersecurity is a spectrum.

Heavily technical: penetration tester, security engineer, malware reverse engineer, detection engineer (L2+), cryptographer, DevSecOps.

Hybrid: SOC L1, incident responder, threat intel analyst, vulnerability management, IAM admin.

Non-technical (no coding required, often six-figure ceilings): GRC, security awareness & training, sales engineering, privacy/DPO, security project & program management, cyber law & policy, threat intelligence/OSINT, communications and content for security tools.

If you are a writer, video editor, producer, or TikTok creator, you already have transferable superpowers — clear communication, narrative thinking, audience empathy, content production. Awareness training, OSINT, threat-intel writing, GRC documentation, and security marketing are starving for people who can make complex things make sense to humans.

You can absolutely build a serious cybersecurity career without writing a line of code, and your creative background is an advantage, not a deficit.

The CIA triad

Every cybersecurity decision serves one of three goals.

C
CConfidentiality

Only the right people can see the data.

EgYour medical records — your nurse can read them; a journalist or staff in another department cannot.

I
IIntegrity

The data is accurate and untampered.

EgYour bank balance. If an attacker silently changes ₦500,000 to ₦5,000, integrity has failed even if the system is 'online'.

A
AAvailability

The system is accessible when needed.

EgHospital systems during an emergency, or banking apps on payday.

If you're a writer, video editor, producer, or TikTok creator, your background is an advantage.

02 — Primer

Twenty-one terms. Tap to flip.

The vocabulary that unlocks every job description in cyber. Click any term in the deep-dives later and it opens here in the glossary.

Network

Network

Your house wiring is a LAN; the national grid is a WAN; the international interconnected grid is the internet.

Network

A group of devices connected to share data — LAN (one office), WAN (across cities), the internet (the world).

Open in glossary →
Foundations

Server vs Client

Server = restaurant kitchen; client = you at the table.

Server vs Client

A server provides a service (storage, hosting, email). A client uses it (your phone, browser).

Open in glossary →
Cloud

Cloud (SaaS, IaaS, PaaS)

SaaS = serviced apartment; PaaS = empty apartment with a kitchen; IaaS = bare land with a power supply.

Cloud (SaaS, IaaS, PaaS)

Somebody else's computers in a data centre, rented over the internet.

Open in glossary →
Foundations

Operating System

The building manager.

Operating System

Master software running a device — Windows, macOS, Linux, Android, iOS.

Open in glossary →
Foundations

Database

Data = file contents; database = the cabinet, drawers, index, and librarian.

Database

A structured store designed to hold and search data quickly.

Open in glossary →
Identity

Authentication

Showing ID at a hotel front desk.

Authentication

Proving who you are (logging in).

Open in glossary →
Identity

Authorization

Your room key only opens your room, not the manager's office.

Authorization

Deciding what you can do once you're in.

Open in glossary →
Foundations

Encryption

Symmetric = a safe with one shared key; asymmetric = a postbox where anyone can drop a letter in but only the owner can open it.

Encryption

Scrambling data so only someone with the right key can read it. Symmetric = one shared key. Asymmetric = a public+private key pair.

Open in glossary →
Network

IP Address

GPS coordinates.

IP Address

A device's numerical address on a network.

Open in glossary →
Network

DNS

Saving 'Mum' in your contacts.

DNS

The internet phonebook — translates names like gtbank.com into IP addresses.

Open in glossary →
Network

Firewall

The bouncer at an estate gate.

Firewall

A filter between a network and the outside, allowing or blocking traffic by rules.

Open in glossary →
Foundations

Endpoint

Doors and windows of a building.

Endpoint

Any user device that connects to a network — laptop, phone, tablet, server, IoT.

Open in glossary →
Threats

Vulnerability

Broken lock on a door.

Vulnerability

A weakness — broken lock, missing patch, weak password.

Open in glossary →
Threats

Malware

Malicious software. Virus attaches to a file. Worm spreads on its own. Trojan hides as useful. Ransomware encrypts and demands payment. Spyware silently collects.

Malware

Malicious software. Virus attaches to a file. Worm spreads on its own. Trojan hides as useful. Ransomware encrypts and demands payment. Spyware silently collects.

Open in glossary →
Threats

Phishing

A fake 'GTBank staff' calling for your OTP.

Phishing

Impersonating a trusted party — by email, SMS (smishing), or call (vishing) — to trick you into clicking, entering credentials, or sending money.

Open in glossary →
Foundations

Patch

Filling potholes before they grow into craters.

Patch

An update that fixes a flaw.

Open in glossary →
Foundations

Logging

CCTV plus the visitor sign-in book.

Logging

Time-stamped records of system events — logins, file changes, network connections, errors.

Open in glossary →
Tooling

SIEM

The central control room.

SIEM

Security Information and Event Management — collects logs across an org, correlates them, raises alerts.

Open in glossary →
Threats

Zero-day

A lock the locksmith hasn't even seen yet.

Zero-day

A vulnerability the vendor doesn't know about (or hasn't fixed).

Open in glossary →
Identity

MFA

An ATM (card + PIN).

MFA

Multi-Factor Authentication. Two or more different kinds of proof: something you know, have, or are.

Open in glossary →
Network

VPN

Virtual Private Network — an encrypted tunnel between your device and a server elsewhere.

VPN

Virtual Private Network — an encrypted tunnel between your device and a server elsewhere.

Open in glossary →
03 — Domains

Ten serious paths.

Each card shows entry pay (in your selected region), how long to break in, how remote-friendly the path is, and how much your media background transfers. Add up to three to compare.

No code

Security Program & Project Management

Production management for cybersecurity. The single highest-leverage path for someone who already produces.

Entry
$50k–$80k
Break in
612 mo
Remote
From media
Read deep-dive
No code

Security Awareness & Training

Change human behaviour at scale. A genuine unfair advantage if you already make TikToks.

Entry
$20k–$40k
Break in
612 mo
Remote
From media
Read deep-dive
No code

Cybersecurity Sales & Sales Engineering

The single best fit for a creative generalist with media skills. The highest-paid non-coding path in tech.

Entry
$40k–$70k
Break in
16 mo
Remote
From media
Read deep-dive
No code

Privacy & Data Protection

The best-timed local play in Nigerian cyber thanks to NDPA 2023. DPO-as-a-service is real income.

Entry
$30k–$50k
Break in
612 mo
Remote
From media
Read deep-dive
Light code

SOC Analyst Tier 1

The most realistic technical-adjacent on-ramp into cyber for non-coders.

Entry
$18k–$35k
Break in
612 mo
Remote
From media
Read deep-dive
No code

Governance, Risk & Compliance

Paperwork, policy, and people. The all-rounder safe path with the clearest CISO ladder.

Entry
$25k–$45k
Break in
914 mo
Remote
From media
Read deep-dive
No code

Threat Intelligence & OSINT

The closest cyber role to investigative journalism. Research, verify, write.

Entry
$25k–$45k
Break in
918 mo
Remote
From media
Read deep-dive
Light code

Identity & Access Management

Quiet, methodical, well-paid. Massive sustained demand at every Nigerian bank.

Entry
$25k–$45k
Break in
612 mo
Remote
From media
Read deep-dive
No code

Incident Response Coordination

Run the war-room when ransomware hits. The producer's job, in a crisis.

Entry
$25k–$45k
Break in
1224 mo
Remote
From media
Read deep-dive
No code

Cyber Insurance

Excellent comp ceiling without a JD. Underwriters and brokers are quietly the best-paid non-engineers in cyber.

Entry
$25k–$45k
Break in
618 mo
Remote
From media
Read deep-dive
04 — Nigeria

The local landscape, honestly.

Lagos is the centre of African cybersecurity hiring right now. Here's what's real, what's hype, and where the money lives.

The scene · 2025–2026

A boom held back by a talent shortage.

Nigeria is in the middle of a cybersecurity boom built on regulation, fraud pressure, and digital-economy push, held back by an acute talent shortage. The NDPA 2023 + GAID 2025 created the NDPC, which has already fined MultiChoice Nigeria ₦766.2m and (with FCCPC) Meta $220m. NDPC reports the data-protection industry created 10,123 jobs in 2023 with a projection of up to 500,000 future DPO roles. BFSI represented 29.2% of Nigeria's $230m cybersecurity market in 2025, projected to reach $414.9m by 2031 (Mordor, 2026). Cisco / University of Pretoria put Nigeria's certified cyber workforce at only 8,352 (2023); Deloitte's 2025 Outlook found 67% of Nigerian organisations operating below required cyber headcount.

Local employers, grouped

Who's hiring in Lagos and Abuja.

Tier-1 banks
GTBankZenithAccessUBAFBNStanbic IBTCWemaSterlingFidelity
Fintechs
FlutterwavePaystackInterswitchMoniepointKudaOPayCarbonFairMoneyPalmPay
Telcos & infra
MTN NigeriaAirtel AfricaIHS TowersMainOne (Equinix MN1)
Big 4 / consultancies
DeloitteKPMGPwCEYAndersenCWGInq.DigitalDigital JewelsPhillips Consulting
MSSPs / cyber-natives
Digital EncodeInfopriveCyberpluralDeepTechCyberEthnos CyberPlatviewFPGKaspersky AfricaSophos
Government
NITDANCCNDPCEFCC CybercrimeONSADSSNPF Cybercrime CentreLagos State Cybersecurity Advisory Council
International with Lagos presence
IBMMicrosoftOracleCiscoCloudflare (Lagos PoP at MDXI Lekki)
Communities to join

Where the network actually is.

CyberSafe Foundation

CyberGirls Fellowship — 1,800+ alumnae across 27 African countries, 400% income uplift per World Bank 2023. CyberGirls+ with SANS/GIAC scholarships.

ISC2 Nigeria Chapter

CISSP / CC community.

ISACA Lagos

890+ members. CISA / CISM crowd.

ISACA Abuja

Northern chapter.

OWASP Lagos / Yola

Application security focus.

CSEAN

Cybersecurity Experts Association of Nigeria — runs Cyber Secure Nigeria conference and CSEAN CTF.

BSides Lagos

Annual community-run conference.

DEF CON Group Lagos / DC234

Local DEF CON chapter.

Africa Hackon

Pan-African hacker community.

WiCyS Nigeria Affiliate

The verified women-in-cyber body — recommended over the unverifiable 'NWiIS'.

NIWIIT

Nigerian Women in Information Technology.

CYSEC NG

Cyber-security community for content and awareness.

3MTT cohort Discord/WhatsApp

Federal scholarship cohorts.

TryHackMe Nigeria

Active Discord server.

HackTheBox Nigeria

Active Discord server.

Cert cost reality

Free first. Paid only when an employer demands it.

USD/NGN averaged ₦1,522 in 2025 (peak ₦1,607 in May). At ~₦1,500/$1, a Security+ voucher (~$404) is roughly ₦606,000 — 3–6 months of an entry-level Nigerian cyber salary.

Free first. ISC2 1MCC (free CC course + free exam voucher; $50 AMF after passing). Microsoft Learn (full SC-900/AZ-500/SC-200 paths). Cisco NetAcad. Coursera financial aid. SANS Cyber Aces and free webcasts. Professor Messer free Security+. Cybrary. Antisyphon Pay-What-You-Can. 3MTT federal scholarship.

Scholarship-funded. CyberSafe CyberGirls (free; BTL1 voucher for top performers). CyberGirls+ x SANS (free SANS course + GIAC attempt, worth $8k+ each). ISC2 Diversity scholarships.

Pay USD only when an employer requires it, will reimburse, or to close a real gap on a remote application. Sensible sequence: ISC2 CC (free) → Security+ ($404 if needed) → CISA ($575 member) for GRC/audit lane, or SC-300 ($165) for IAM lane, or IAPP CIPP/E ($550) for privacy lane.

Remote work — practical truth

The 10–20× USD multiplier is real.

The salary delta is the headline: local junior cyber ₦200k–₦500k/mo (~$1,600–$4,000/year) vs remote junior US/UK $40–80k+/year — a 10–20× multiplier in USD.

Currency hedge. USD income held against ~28% naira inflation in 2024 (₦450/$1 in Q2 2023 → ₦1,500–1,600/$1 in 2025) is itself a wealth-preservation strategy.

Time zones. Lagos WAT (UTC+1) is dead-on with UK summer time, 1 hour off CET, 5–6 hours behind US East, 8–9 behind US West.

Payments. Deel, Remote.com, Oyster, Multiplier (EOR). Wise, Payoneer. Nigerian fintechs Geegpay/Raenest, Grey, Cleva, LemFi for virtual USD/GBP/EUR accounts.

Power & internet. Budget for an inverter (₦400k–₦1m + batteries), and stack ISPs — FiberOne (₦12k–₦32k/mo), ipNX premium (~₦22k/mo), Spectranet 4G LTE, MTN/Airtel 5G, Starlink Residential (₦57k/mo + ₦590k hardware; new residential signups paused in parts of Lagos/Abuja as of Feb 2026 — verify at starlink.com/ng; Roam ₦38k or Business ₦159k still available).

Companies known to hire Africa-based remote talent: Andela, Turing, Toptal, Microverse, Terminal.io, Gebeya, Tunga; GitLab, Automattic, Zapier, HashiCorp, Cloudflare, DuckDuckGo; Snyk, Datadog, Stripe (Paystack parent), Tines, HackerOne, Bugcrowd, Synack, Trail of Bits.

05 — Action plan

Five steps. By Friday, this month, this year.

Tick them off as you go — your progress is saved on this device. The first one is genuinely free and takes about ten minutes.

0/5
  1. Step 01 · This week

    Free Certified in Cybersecurity (CC) course + free exam voucher. Apply for the 3MTT cybersecurity track in parallel — federal scholarship, no fee.

    www.isc2.org
  2. Step 02 · This month

    Subscribe ($14/mo via Geegpay/Grey virtual USD card). Pick exactly one lane: SOC, GRC, OSINT, Privacy, IAM. Start a public weekly post streak on LinkedIn or X.

    tryhackme.com
  3. Step 03 · Within 3 months

    CyberSafe CyberGirls (women 18–28), 3MTT Cohort 4, Andela Learning Community, or AWS re/Start Nigeria. Free, structured, with peers.

  4. Step 04 · Within 6 months

    OWASP Lagos, CSEAN's Cyber Secure Nigeria, or ISACA Lagos. Volunteer at BSides Lagos. Enter the CSEAN CTF. ~70% of entry-level Nigerian cyber roles never make it to job boards — networks book them.

  5. Step 05 · Within 12 months

    Local first (fintech SOC, bank IT audit graduate scheme, Big 4 GRC analyst). Remote second (Andela/Turing/Toptal profile, Geegpay USD account ready, target fully-remote Africa-friendly cyber companies). Skip cert-collecting until an employer requires it.