Career change cyber security
- Thread starter hope80
- Start date
I started working in cyber security a few weeks back but I have been working IT for 18 years.
But we need more information from you as mentioned above to point you in the right detection.
I work in radiography healthcare so its a complete change. As for IT knowledge its basic
Probably Pen Test from what I have read about it. Its ok doing certifications but without the practical application then isnt it gonna be hard to get a job? I keep hearing there is a shortage and anyone can do it but I have two degrees which i know count for nothing unless you are actually in the role doing it. Thats how you really learn.
I have two degrees one in electronics the other in diagnostic imaging (radiography, x-ray etc). I want a career with security, flexibility and opportunity to work remote and from what i read cyber security seems to match this. I have kids and working in healthcare doesnt work with zero worklife balance.
I think the Pen Test, hacking side..But open to looking at other areas that provide remote working and work life balance. No idea how to get into a role where i can learn and make a career of it.
First look at getting some certifications in cyber security. Only the basic ones such as Cisco Cyber Ops, you can also go for Comptia Security+ but I wouldn't recommended it. Then maybe look at some cloud security certifications from one of the big providers, GCP, AWS or Azure.
Once you get abit of basic understand, do a few labs with pen testing etc. Depending on which direction you want to go. Apply for a few jobs and see how it goes.
I've moved from general IT support to Security in 2018. I started with getting a basic knowledge of security across the board and got a ISC2 SSCP certification, from there I moved into consulting and have been working mostly in the Microsoft area and have several Microsoft certifications now. As others have said thr way to go is to get the base understanding and then focus on the area that you like the most
It's a bit of a niche area, but you might want to look into biocybersecurity. Security of medical devices is an up and coming area and with existing skills in this area you might get something of a leg up.
On a related note you might want to look into Operational Technology and SCADA security, which could make the most of your qualifications in electronics. It's very hard to get into cyber security without any existing skills, so if you have nothing in IT then you'd be well advise to leverage your skills with physical devices if at all possible. I don't know if there are entry-level jobs in OT security but it's something to research.
Anything Cybersecurity is also going to change faster than most other areas of IT - it you're happy having to learn new things regularly, and never stopping, it may be a good option.
As somebody who entered the industry as a Software Engineer, and is now somewhat in cybersecurity, I just want out. Unfortunately, there aren't many areas of the industry that won't be affected.
As somebody who entered the industry as a Software Engineer, and is now somewhat in cybersecurity, I just want out. Unfortunately, there aren't many areas of the industry that won't be affected.
Soldato
- Joined
- 1 May 2003
- Posts
- 11,102
I'm 20 year into Cyber Ops, the threat landscape changes every day, a new vulnerability (0-day or RCE), a new state/threat actor group has been discovered.
I would start looking into OSCP and Sans. These should be your baseline if Pen-testing and Red Team Activities is your preferred choice.
Two frameworks you should look into are Mitre Att&ck and NiST.
I would start looking into OSCP and Sans. These should be your baseline if Pen-testing and Red Team Activities is your preferred choice.
Two frameworks you should look into are Mitre Att&ck and NiST.
Anyone done CISSP? I had funding to do CEH then changed my mind as I thought CISSP would give more benefit in my work area (I will still do CEH), just not really sure how to study for it, I think there is a study guide and a book. On a plus, I did some proficiency tests on a learning platform and it seems to think my current knowledge is mainly the level below proficient Not bad considering I don't really work directly in this space.
Not bad considering I don't really work directly in this space.
Last edited:
Anyone done CISSP? I had funding to do CEH then changed my mind as I thought CISSP would give more benefit in my work area (I will still do CEH), just not really sure how to study for it, I think there is a study guide and a book. On a plus, I did some proficiency tests on a learning platform and it seems to think my current knowledge is mainly the level below proficient
My friend did it early this year, as hes an security manager. He went on the 5 day course and did the exam on weekend, he passed but he said it was brutal as its so much to take in and very broad exam.
Yeah there is a lot but then I guess if you already know/are stronger in some areas it softens the blow. I'm just doing it because I enjoy learning, nothing riding on it.
Have you got the 5 years of relevant experience required to gain the cert?
Last edited:
You don't need 5 years, you need 5 years for the CISSP title upon completion, otherwise you are an associate. I could stretch the 5 years considering the area I work in but not really fussed about the title, as said, it's just for the continual learning I like to do.
The growth in the area is insane, at work we had an InfoSec team of maybe 10 people now we have over 100 under the security banner and are on a recruitment drive for many more. Ranging from Supplier Risk/Assurance, Security Architecture, IdAM etc. Interesting area to get into and something i might have a look at one day.
Definitely don't pay £2000 for a cybersecurity course when starting.
Self studying is the way to go as its cheaper. Pick a security cert, study towards that and pay for the exam.
But cyber security is broad now so they need to know what they want to do.