Cyber Security professionals in the UK and across the world are in high demand and will likely to remain in demand for many years to come, so cyber security is an excellent career choice, whether you are a student or you are looking to take a new direction. It is however a career where experience is king, to gain the right experience to progress your career you will need a career plan, a willingness to continually learn, ability to pass exams, and plenty of patience while you build your cyber experience.
Cyber security offers a wide field of different disciplines, from highly technical ethical hackers and IT forensic experts, to less technical auditor and management roles, you need to decide what role you ultimately would enjoy to do and build a career path to gain the right type of experience and security qualifications to achieve it. You should look to specialise in one or areas of cyber security early on, even if your final objective is to be a 'jack of all trades' in cyber security. For example if your target is to be an ethical hacker, first target becoming an expert in network security, that could land you a job at penetration testing company in a network vulnerability scanning role, which in turns builds your experience and hopefully results in your employers developing your application security expertise. This will opens the door to gaining the right experience and knowledge to achieve an ethical hacker certification and ethical hacker role.
Most employers and cyber security professionals regard the (ISC)2 Certified Information Systems Security Professional (CISSP) certification is the industry benchmark requirement as a Cyber / Information Security professional, so often state the CISSP certification as a requirement or a desirable in security job descriptions. However CISSP is not the easiest of certifications to achieve, hence its value. Firstly you need 5 years information security in job role experience, or 4 years if you have a cyber / information security related degree. Secondly the exam is notoriously difficult to pass, as the six hour CISSP exam covers the entire information security subject matter; risk management, security engineering, security operations, network security, testing, and software development. So you may be a guru at network security, but you'll need to know about areas outside that expertises, such as legal and regulatory security issues.
Alternatively the Information Systems Audit and Control Association (ISACA) Certified Information Security Manager (CISM) is held in high regard in the industry, but like the CISSP also requires 5 years information security work experience, and depending on your experience, may not be easiest of exams to pass.
Wait until you have built up the required experience before attempting these exams and it goes without saying studying hard, especially on your weak areas of knowledge.
Fortunately there many ways to expand your cyber security knowledge, of course there are plenty of books to read, however attend cyber security webinars and conferences, subscribe to security related Podcasts and read security articles and blogs, all of which are typically free.
You need to be in a role that helps to expand your security knowledge, a role where you aren't just racking up experience but where you are actively learning as you work, so push your boss for more security responsibilities and come out of your comfort zone. You need to be at company that encourages and assists you in developing your information security career, so a company that regularly sends you on security courses and pays for those exams. If you are not at a career supportive company or even in a security, role, seek to expand your security knowledge outside of work, then try for roles within a more career supportive departments or at other companies. In job interviews don't be afraid to tell the interviewers your career objectives and to ask them how they would support you in reaching them, the perspective employer should be encouraged by this line of questioning and attitude, as it benefits their business, if their responses is negative, leave the interview! You do not want to work for any company or boss that doesn't not appreciate the importance of good cyber security.