If you want to go deeper after this article, also read the DevSecOps transition guide and the Application Security learning path for beginners.
Choosing an IT profession is very different from what it was three or four years ago. The market is overcrowded with entry-level manual testers and beginner frontend developers. Companies are no longer eager to pay for basic skills, and simple code-writing or manual form-checking tasks are increasingly automated with AI tools.
If you want more than random courses and hope, and instead want a realistic path to stable income and employment, you need to choose directions with a higher barrier for AI replacement and a real talent shortage. In this guide, we will break down the market and explain why SDET and cybersecurity are two of the strongest choices .
1. What is happening on the IT market: key trends
Before choosing a profession, you need to understand what employers are actually willing to pay for. The market is shaped by three major forces.
- The junior crisis. One manual QA or beginner layout role can easily receive 300 to 500 applications. Breaking through that volume without differentiated skills is extremely difficult.
- AI as a tool, not a replacement. Artificial intelligence did not kill software careers, but it reduced the value of people who can only write simple code. A junior today often needs to think closer to a middle-level engineer: designing test architecture or protecting applications, not just copying patterns.
- The shift toward quality and security. Business moved deeper into cloud platforms and web services. A data leak or a broken release can cost millions. That is why demand for engineers who can automate quality and security keeps growing faster than for basic commodity development.
2. The IT career map: where beginners should not go
If someone promises a fast entry into IT in two months through manual QA or basic HTML/CSS alone, that promise is misleading. Let’s look at popular directions more realistically.
Manual QA
- Status: overheated market.
- Why: the barrier to entry is very low, which attracted huge numbers of people. Simple checks like clicking buttons or validating text fields are increasingly handled by automation, developers, or AI assistants. The remaining jobs often require databases, networking, and API knowledge anyway, which already pushes the role closer to automation.
Classic frontend (HTML, CSS, basic JavaScript)
- Status: heavy competition.
- Why: standard landing pages and simple UI work can now be generated very quickly with AI tooling. Companies expect stronger architecture, CI/CD understanding, and performance optimization.
Traditional system administration
- Status: transformed profession.
- Why: classic office-computer-and-router administration is not where the market pays well anymore. The industry shifted to cloud infrastructure. Today that path usually evolves into DevOps or DevSecOps and requires serious automation and scripting skills.
3. Path #1: SDET (QA Automation with JavaScript / Playwright)
If you want to work in quality engineering, forget the idea that manual testing is the final destination. The stronger target is SDET: Software Development Engineer in Test. This is an engineer who combines development and testing skills to build software that validates other software.
Why JavaScript + Playwright became the standard
In the past, Python or Java with Selenium dominated automation. Today the picture changed:
- JavaScript matters. Most modern web applications are built with JavaScript or TypeScript. When an automation engineer writes tests in the same ecosystem, collaboration with developers becomes faster and more practical.
- Playwright is stronger. Selenium is still widely known, but it feels older, slower, and more painful to maintain. Modern Playwright-based testing is faster, more stable, and better suited for today’s web stack, including UI and API automation.
What an SDET should know
- JavaScript or TypeScript fundamentals: async logic, objects, arrays, functions.
- Playwright: selectors, test design, execution, reporting.
- API testing: sending requests, validating responses, combining API checks with automation.
- CI/CD tools such as GitHub Actions or GitLab for automatic test execution on each code change.
The advantage for beginners is that the barrier is higher than manual QA, which filters out many random candidates. At the same time, it usually requires less deep programming than pure backend engineering, while still giving a strong technical career path.
4. Path #2: Cybersecurity and API Security (OWASP)
Cybersecurity has a serious talent shortage. , when banks, public services, and retail systems fully depend on digital platforms, a breach can mean direct business disruption. Security work is also more resilient to automation: AI can spot common patterns, but it does not reliably think like an attacker or uncover complex business-logic flaws on its own.
Why API security and OWASP matter so much
The modern internet is built on APIs. Mobile apps talk to servers through APIs, payment systems exchange data through APIs, and many of today’s serious attack paths go through that layer.
- OWASP is the main global reference point for critical vulnerabilities in web applications and APIs, from the OWASP Top 10 to the API Security Top 10.
- Engineers who know how to detect BOLA, XSS, authorization failures, and injection paths are highly valued across startups and large enterprises.
Roles you can pursue in cybersecurity
- Application Security Engineer. Reviews code and product logic for vulnerabilities before release.
- Pentester / Ethical Hacker. Performs authorized attacks against systems to discover weaknesses.
- SecOps / DevSecOps Engineer. Embeds security tooling into engineering workflows and automates infrastructure checks.
If this direction feels closer to you, it also makes sense to read the cybersecurity and OSINT roadmap and the DevSecOps transition guide.
5. Comparative analysis: what should you choose?
To make the choice easier, let’s compare test automation and cybersecurity across practical dimensions.
| Criteria | SDET (JavaScript / Playwright) | Cybersecurity (AppSec / OWASP) |
|---|---|---|
| Barrier to entry | Medium. You need JS and one serious automation framework. | Above medium. You need networking, databases, and vulnerability logic. |
| Daily work | Write code that validates UI and APIs, improve reliability, and build CI/CD checks. | Find vulnerabilities in code and architecture, run audits, and configure security tooling. |
| Best fit | People who like order, engineering structure, and automating repeatable work. | People with strong analytical thinking who enjoy exploring how systems break from the inside. |
| Competition | Low among truly qualified engineers. | Critically low. The shortage is even stronger. |
6. Step-by-step action plan: how to build this from scratch
No matter which direction you choose, the move into IT works better when you learn in stages instead of trying to study everything at once.
Stage 1: technical literacy
You need to understand how the internet actually works. Learn HTTP/HTTPS, client-server logic, SQL basics, and JSON. Without this foundation, neither automation nor security will make real sense.
Stage 2: the first core tool
- If you choose SDET: start with JavaScript syntax. You do not need React or Vue first. Focus on loops, functions, arrays, objects, and async requests, then move into Playwright.
- If you choose cybersecurity: start with Linux at the command-line level, basic web security concepts, and OWASP methodology. Learn how to inspect traffic with tools like Burp Suite.
Stage 3: portfolio project
, employers care less about diplomas and more about proof of work on GitHub.
- For SDET: build a project that automatically tests a real website or demo store, including UI and API flows.
- For security: write clean reports for vulnerabilities found in legal training labs such as OWASP Juice Shop or DVWA.
Stage 4: entering the market
Do not rely only on job boards with a generic CV. , direct positioning matters more:
- Build a strong LinkedIn profile with concrete keywords such as Playwright, JS, OWASP, or API Security.
- Publish short technical writeups and case breakdowns.
- Reach out directly to leads, founders, or CTOs with a concrete value angle: automation setup, API testing, or a basic security review.
Conclusion
, entering IT with no specialization and hoping for easy money is no longer realistic. But it is still a very strong market for people who choose more durable technical niches. If you choose JavaScript/Playwright automation or cybersecurity based on OWASP and API logic, you move away from the heaviest junior competition and into areas where business pays for stability, speed, and risk reduction.
The real key is consistency and practice. Pick the track that matches your way of thinking, then focus on tools that map directly to real work.
Questions about training?
If you want to reduce self-learning chaos and build either automation or API security skills under mentorship, you can join individual training or focused programs through hackademy.dev. The stack stays practical and current: Playwright, JavaScript, OWASP, and real market requirements.
A strong next step from here is why security testing can accelerate an SDET career plus the step-by-step cybersecurity and OSINT roadmap for beginners.
If you want to choose the right track and avoid wasting months on chaotic learning, message me on Telegram.
Join the channel, and if you want a personal breakdown of your entry path into tech, write to me here: @faroeman.