Career change - cyber security

[dirtychinchilla]

Evening chaps,

I responded to an advert (no, not that advert) for cyber security careers. I’ve been feeling like my own job has been stagnant for some time and I can’t see a career path ahead of me. I’ve been in the same company for nearly 8 years. I’m now a Product Manager, which puts me nearly at the top, so there’s nowhere else to go.

So I spoke to this chap about the cyber security stuff. Essentially, he was promoting a training course as he was from a training company (Robust IT) if anyone’s curious. He sent me a nice pack with an explanation the five qualifications and it ended with some good sounding jobs.

He also said that as I have middle management experience, and having achieved these qualifications, I could probably go into a middle management job in this field.

I was wondering, therefore, what you guys thought of it. And also, whether the qualifications which I’ve linked below are actually worth having. I’m doing some research but I really lack the understanding of the industry.

https://imgur.com/gallery/9YtoX37

Also, on LinkedIn I see loads and loads of Product Manager jobs and every single one is in IT (software largely). So I think the careers are there.

Thanks in advance for your advice.

 

[Zefan]

The first 2 especially are not worth you bothering with. MTA is a dead certification as far as I'm aware (pretty sure you can't take the tests now) and you should now be looking at role based certifications if you're doing MS certs. Knowledge of Microsoft's popular infrastructure products? Sure. You can get this for free. :edit: turns out I'm wrong there, hmm... I was sure these had been retired. With the absence of experience they're better than nothing.

CompTIA, I've done both Net and Sec, they're alright but are a mile wide and an inch deep. Both essentially entry level.

The CEH is supposed to be for white hat pen tester types, but I wouldn't even begin to put this in your sights for now. I've heard people now calling this irrelevant but no experience myself.

I don't work in security (system administrator) however I did do CCNA Cyber Ops (it's now retired), and this was very good for aspiring SOC analysts.

The problem with your position is you don't have experience to really know what you want to do, so it's very, very difficult to advise you. You should really have actual experience in a more broad IT discipline before specialising, as context really matters, especially in something like security which covers a massive scope itself.

There are some questions you need to ask yourself and produce answers for.

1) Why IT?
2) Why specifically security?
3) Why specifically cyber security?
5) What part of cyber security?
6) Why that part?
4) Why not the other facets of IT?

I am trying to be a bit provocative with the questions, but I see this quite a lot with our junior technicians and they often have dreams with little real reason beyond a seemingly glamorous job title.

 

[dirtychinchilla]

The first 2 especially are not worth you bothering with. MTA is a dead certification as far as I'm aware (pretty sure you can't take the tests now) and you should now be looking at role based certifications if you're doing MS certs. Knowledge of Microsoft's popular infrastructure products? Sure. You can get this for free.

CompTIA, I've done both Net and Sec, they're alright but are a mile wide and an inch deep. Both essentially entry level.

The CEH is supposed to be for white hat pen tester types, but I wouldn't even begin to put this in your sights for now.

The problem with your position is you don't have experience to really know what you want to do, so it's very, very difficult to advise you. You should really have actual experience in a more broad IT discipline before specialising, as context really matters, especially in something like security which covers a massive scope itself.

There are some questions you need to ask yourself and produce answers for.

1) Why IT?
2) Why specifically security?
3) Why specifically cyber security?
5) What part of cyber security?
6) Why that part?
4) Why not the other facets of IT?

I am trying to be a bit provocative with the questions, but I see this quite a lot with our junior technicians and they often have dreams with little real reason beyond a seemingly glamorous job title.

Evening,

I completely understand your reasons for the questions. I’m asking myself similar things.

1) it seems like a very rapidly developing field with a lot of interesting stuff going on. Being on here, I’m obviously interested in computers already. The career prospects seem really good to me. Also, I’m bored of what I do now.

2-6) honestly, I’m not sure exactly. I am interested in my own personal cyber security. Within reason, I like to keep everything locked down. My father project manager exactly this type of work for years and seemed to really enjoy it.

Honestly, I’ve seen an opportunity to do something different and feel like jumping on it. But given the costs involved, I’m doing my research.

One thing the chap did say, and the company does seem well respected, is that they get recruiters involved very early on. My father suggested I get examples of actual job placements from them after having done the course.

Btw, I’m not uneducated. I have a BEng in mechanical engineering. I’d hope that that would aid my career prospects. I’m 30 so it’s not like I’m old and can’t change yet.

not sure about the glamour. I’m just interested in doing something different! My job has no clear path, as I say, I feel like something with qualifications might help that feeling.

 

[Ev0]

As above, I wouldn’t spend money on that course package.

Echoing the comments, I’m not clued up as to all the content on the MS exams but I’d guess it’s a similar high level type thing as the CompTIA Sec+ maybe? Not something I see people pursuing, or prospective employers asking for.

CompTIA Sec+ I found was worthwhile for someone new to the field, the fact it’s a mile wide and inch deep is ideal as it gives you a high level grounding as to the fundamentals.

CEH whilst I have my opinion on it’s value, it’s too advanced for someone new to the field. It’s all stuff that can be learnt parrot fashion though if someone really wanted to jump in right away.

With a product manager background, and mentioning IT on roles above, have you thought of ultimately working towards a move into security, or another area of IT, pm role?

(I’ve been doing sec stuff for a while now, and work closely with product management teams)

Definitely try to think ahead as to what sort of thing you want to do in security as that’ll help you focus on what you need to do, rather than be bombarded by training programmes from training companies

What sort of thing interests you?

There will be plenty of web articles out there on what roles there are in the industry, go have a read of those and see which things sound of interest to you which should then help you focus on what you need to do to get there.

Something like this:

https://www.cybersecuritychallenge.org.uk/resources/careers/typical-roles#

Note that you won’t likely see product management or sales based roles listed in these articles but these are also options.

 

[dirtychinchilla]

As above, I wouldn’t spend money on that course package.

Echoing the comments, I’m not clued up as to all the content on the MS exams but I’d guess it’s a similar high level type thing as the CompTIA Sec+ maybe? Not something I see people pursuing, or prospective employers asking for.

CompTIA Sec+ I found was worthwhile for someone new to the field, the fact it’s a mile wide and inch deep is ideal as it gives you a high level grounding as to the fundamentals.

CEH whilst I have my opinion on it’s value, it’s too advanced for someone new to the field. It’s all stuff that can be learnt parrot fashion though if someone really wanted to jump in right away.

With a product manager background, and mentioning IT on roles above, have you thought of ultimately working towards a move into security, or another area of IT, pm role?

(I’ve been doing sec stuff for a while now, and work closely with product management teams)

Definitely try to think ahead as to what sort of thing you want to do in security as that’ll help you focus on what you need to do, rather than be bombarded by training programmes from training companies

What sort of thing interests you?

There will be plenty of web articles out there on what roles there are in the industry, go have a read of those and see which things sound of interest to you which should then help you focus on what you need to do to get there.

Something like this:

https://www.cybersecuritychallenge.org.uk/resources/careers/typical-roles#

Note that you won’t likely see product management or sales based roles listed in these articles but these are also options.

Morning, thanks for your response.

I suspect the MS exams are to ensure that you have a base level of understanding of server and security principles if you haven't ever worked in those industries. So less about an employer and more about understanding the industry you're wandering into. Anyway - noted to ask the guy.

I have no idea about CEH...

Currently, my IT experience is limited to everything I've picked up by myself. I was the CAD guy at my current job for a while and that somehow involved writing lots of macros for Excel programs, which I'm very competent with now. Aside from taking apart PCs etc, I haven't done anything IT-specific. I just feel that IT might hold better job prospects for me, and it happens to be something that I'm interested in already.

In addition, I'm sick of working in a position where the company is reliant on me for sales - I may be a product manager but I'm also an untitled account manager trying to prop up a slow-growing product group. As an engineer, that stuff doesn't really interest me that much.

I'll have a good read of that link, thank you. I've made some notes to ask the guy as well. If I don't do a course with them, at least I may have an idea of what I could pursue. As far as what interests me, I'm honestly not sure. I feel a little adrift with work these days. Any interest I have in anything is more or less just personal. I've been thinking about jumping ship for a long time now but as I said in my OP (I think), every PM role I see these days is in software.

Just from a brief look at that list, two things stand out to me - Engineer, Architecture & Design, and CTO.

 

[ivrytwr3]

You really need to know which area of Cyber Security you want to go into. The guy you spoke to wants to sell you courses and the ones he has identified are not middle management as mentioned above. This is a decent guide to IT certification and levels:

https://hakin9.org/wp-content/uploads/2020/02/0-2-1.jpg

Bluescreen IT
Firebrand

Spring to mind, but there are loads.

 

[dirtychinchilla]

You really need to know which area of Cyber Security you want to go into. The guy you spoke to wants to sell you courses and the ones he has identified are not middle management as mentioned above. This is a decent guide to IT certification and levels:

https://hakin9.org/wp-content/uploads/2020/02/0-2-1.jpg

Bluescreen IT
Firebrand

Spring to mind, but there are loads.

Thank you. Yeah he definitely just wants to make a sale, although they are well rated. If nothing else, he's given me a little kick to actually do something about my career.

I'll have a read of the link, thank you.

I just spoke to a friend of my father's, who has worked for Intel for years. Given my product management experience, he suggested that I try and get into a larger company doing product management of hardware (or some sort of physical product), and then look to do courses within that company to move into other areas of interest.

I don't feel like I need to do a different job, but I need to do it somewhere else and in my industry, there just aren't to positions available.

 

[dowie]

Isn't this stuff focused on techie jobs? Like, as a product manager, would it perhaps be better to start with more of an overview?

Say:

https://blog.udacity.com/2020/07/ne...tion-to-cybersecurity-nanodegree-program.html

I wonder if you'd be better off just buying the relevant books when it comes to some of this stuff - I'm not sure certificates are necessarily even the way to go here, that seems to be more relevant for some other (not-product manager) career paths.

Since you've got a BEng then have you considered an MSc? You could do a specific (IT) security MSc or perhaps perhaps something tangential like CS/Software Engineering, Data Science etc.. (particularly the latter) and use your dissertation to focus on something security related, I know of people who did security focused data science/ml MSc dissertations - this could be anything security related involving IT (not just IT security) say a computer vision project related to airport scanners, steganography detection, social network analysis related to terroism or organised crime groups etc...

I mean there is broader scope to do more at post grad level rather than rote learning a job role or vendor specific tech via certificates. If you get yourself onto a course at a university with plenty of research groups and a strong brand name then there are perhaps a broader range of options - especially if you're coming at this from the perspective of already being in a product manager role rather than working up from say a techie/IT support analyst type role.

 

[Ev0]

Isn't this stuff focused on techie jobs? Like, as a product manager, would it perhaps be better to start with more of an overview?

That was one reason I said the CompTIA Sec+ wouldn't be too bad an idea, back when I did it way back when it provided a decent overview of things without going too deep into things.

Don't necessarily have to do the cert, but grabbing a book on it wouldn't be a bad thing!

 

[malachi]

For stuff like this, always best to get the materials and self study. Works out cheaper than paying to go with a company. At least then, if you don't feel like its for you then you can do something else without a big financial commitment.

 

[Bounce]

For stuff like this, always best to get the materials and self study. Works out cheaper than paying to go with a company. At least then, if you don't feel like its for you then you can do something else without a big financial commitment.

That's a good idea, but for him to get a job in cyber security He will need the relevant qualifications and experience.

 

[Zefan]

That's a good idea, but for him to get a job in cyber security He will need the relevant qualifications and experience.

I don't think anyone's saying qualifications and experience aren't required. Boot camp course don't give you experience, and self study is perfectly possible (I think actually preferable) and costs almost nothing in comparison.

 

[clv101]

Wouldn't any half decent company employ you first - then put you through the training? I wouldn't go spending personal money and time on such training.

 

[dowie]

Wouldn't any half decent company employ you first - then put you through the training? I wouldn't go spending personal money and time on such training.

Probably better to be able to demonstrate your interest in a field than just say you're interested and then expect to be spoon fed.

I guess it depends on the role tbh.. it isn't exactly going to harm your chances and would usually make you a better candidate if you proactively work on stuff, gain some experience etc...

 

[Zefan]

Wouldn't any half decent company employ you first - then put you through the training? I wouldn't go spending personal money and time on such training.

no... do you really expect to be able to walk in to a specialised, sought after role that almost always demands a combination of experience, a degree as well as technical certification, with none of these pre-requisites? Employ me in your company as CEO, I'll do a good job once you train me, honest

 

[Conanius]

I know job titles don't mean anything these days.... but what actually is your current role?

The courses being talked about in here are a mix of junior level and 'more hands on' cyber qualifications. My interpretation of a Product Manager is a world apart from this (I currently provide Product Owner services for a client, and I've previously formed & ran Cyber Security teams for one of the worlds largest Telecoms firms).

If you're a Product Manager like I'm thinking, these quals are going to get you no where close to your current seniority and remuneration - is that what you're expecting?

Edit - just read some replies above again and people are saying the same. I think you probably want something more like CISM, but I'm guessing at what you want to do, what gaps you have in your knowledge, etc.

 

[Ev0]

I know job titles don't mean anything these days.... but what actually is your current role?

The courses being talked about in here are a mix of junior level and 'more hands on' cyber qualifications. My interpretation of a Product Manager is a world apart from this (I currently provide Product Owner services for a client, and I've previously formed & ran Cyber Security teams for one of the worlds largest Telecoms firms).

If you're a Product Manager like I'm thinking, these quals are going to get you no where close to your current seniority and remuneration - is that what you're expecting?

Edit - just read some replies above again and people are saying the same. I think you probably want something more like CISM, but I'm guessing at what you want to do, what gaps you have in your knowledge, etc.

From the original post I wasn’t sure if he was wanting a career move to do something totally new, or if he was wanting to still work in the world of product/offering management.

Doesn’t say whether the stagnant is just a product of having nowhere left to move, or is it also due to boredom/had enough of things.

But then the last line says about having seen PM roles within IT, making it sound like that’s of interest, maybe.

Being new to the field I still reckon something like Sec+ content is a reasonable thing to take a look at to get an idea of the fundamentals, and might give the chap an idea of where he wants to go in security. I’m not necessarily advocating going and doing the exam, but just grab a book like the Mike Meyer’s all in one guide and have a read.

If it bored the pants off him and puts him off then it’s a few quid gone, but something in there may ignite a spark of interest for a particular area.

You’re right that CISM and CISSP type certifications would be more suited to a PM/OM type role in Security, but not as a first foray into things but more something to work towards (as they both have experience requirements).

Dealing with PM/OM teams in Security for many years now seems to be very much a juggling/balancing act where the security knowledge will help in understanding the business challenges the products need to help with, along with all the general skills needed in this role regardless of industry.

All boils down to what is it they want to do in Security, and why.

Is the interest purely financial, want a particular level of responsibility, want to do something different that they enjoy.

The great thing is there are a wide range of roles in the sector there’s usually something that can give someone what they want with regards to pay, responsibility, enjoyment etc.

 

[Conanius]

Loads of great stuff in Ev0s reply above OP - read and digest. Agree with all of it.

I will say one thing. If the OP is a Product Owner in the Scrum/SAFe world of Agile delivery joy - I would personally not be going anywhere - and would be looking to compliment skills. There seems to be huge demand for 'New ways of working' as part of all the Digital Transformation/DevOps/you get the picture/etc deliveries that every company and his dog is frantically deploying.