Career change - cyber security

dirtychinchilla · 14 Oct 2020 at 19:57

Evening chaps,

I responded to an advert (no, not that advert) for cyber security careers. I’ve been feeling like my own job has been stagnant for some time and I can’t see a career path ahead of me. I’ve been in the same company for nearly 8 years. I’m now a Product Manager, which puts me nearly at the top, so there’s nowhere else to go.

So I spoke to this chap about the cyber security stuff. Essentially, he was promoting a training course as he was from a training company (Robust IT) if anyone’s curious. He sent me a nice pack with an explanation the five qualifications and it ended with some good sounding jobs.

He also said that as I have middle management experience, and having achieved these qualifications, I could probably go into a middle management job in this field.

I was wondering, therefore, what you guys thought of it. And also, whether the qualifications which I’ve linked below are actually worth having. I’m doing some research but I really lack the understanding of the industry.

https://imgur.com/gallery/9YtoX37

Also, on LinkedIn I see loads and loads of Product Manager jobs and every single one is in IT (software largely). So I think the careers are there.

Thanks in advance for your advice.

dirtychinchilla · 14 Oct 2020 at 20:27

Zefan said:
The first 2 especially are not worth you bothering with. MTA is a dead certification as far as I'm aware (pretty sure you can't take the tests now) and you should now be looking at role based certifications if you're doing MS certs. Knowledge of Microsoft's popular infrastructure products? Sure. You can get this for free.

CompTIA, I've done both Net and Sec, they're alright but are a mile wide and an inch deep. Both essentially entry level.

The CEH is supposed to be for white hat pen tester types, but I wouldn't even begin to put this in your sights for now.

The problem with your position is you don't have experience to really know what you want to do, so it's very, very difficult to advise you. You should really have actual experience in a more broad IT discipline before specialising, as context really matters, especially in something like security which covers a massive scope itself.

There are some questions you need to ask yourself and produce answers for.

1) Why IT?
2) Why specifically security?
3) Why specifically cyber security?
5) What part of cyber security?
6) Why that part?
4) Why not the other facets of IT?

I am trying to be a bit provocative with the questions, but I see this quite a lot with our junior technicians and they often have dreams with little real reason beyond a seemingly glamorous job title.

Evening,

I completely understand your reasons for the questions. I’m asking myself similar things.

1) it seems like a very rapidly developing field with a lot of interesting stuff going on. Being on here, I’m obviously interested in computers already. The career prospects seem really good to me. Also, I’m bored of what I do now.

2-6) honestly, I’m not sure exactly. I am interested in my own personal cyber security. Within reason, I like to keep everything locked down. My father project manager exactly this type of work for years and seemed to really enjoy it.

Honestly, I’ve seen an opportunity to do something different and feel like jumping on it. But given the costs involved, I’m doing my research.

One thing the chap did say, and the company does seem well respected, is that they get recruiters involved very early on. My father suggested I get examples of actual job placements from them after having done the course.

Btw, I’m not uneducated. I have a BEng in mechanical engineering. I’d hope that that would aid my career prospects. I’m 30 so it’s not like I’m old and can’t change yet.

not sure about the glamour. I’m just interested in doing something different! My job has no clear path, as I say, I feel like something with qualifications might help that feeling.

dirtychinchilla · 15 Oct 2020 at 08:05

Ev0 said:
As above, I wouldn’t spend money on that course package.

Echoing the comments, I’m not clued up as to all the content on the MS exams but I’d guess it’s a similar high level type thing as the CompTIA Sec+ maybe? Not something I see people pursuing, or prospective employers asking for.

CompTIA Sec+ I found was worthwhile for someone new to the field, the fact it’s a mile wide and inch deep is ideal as it gives you a high level grounding as to the fundamentals.

CEH whilst I have my opinion on it’s value, it’s too advanced for someone new to the field. It’s all stuff that can be learnt parrot fashion though if someone really wanted to jump in right away.

With a product manager background, and mentioning IT on roles above, have you thought of ultimately working towards a move into security, or another area of IT, pm role?

(I’ve been doing sec stuff for a while now, and work closely with product management teams)

Definitely try to think ahead as to what sort of thing you want to do in security as that’ll help you focus on what you need to do, rather than be bombarded by training programmes from training companies

What sort of thing interests you?

There will be plenty of web articles out there on what roles there are in the industry, go have a read of those and see which things sound of interest to you which should then help you focus on what you need to do to get there.

Something like this:

https://www.cybersecuritychallenge.org.uk/resources/careers/typical-roles#

Note that you won’t likely see product management or sales based roles listed in these articles but these are also options.

Morning, thanks for your response.

I suspect the MS exams are to ensure that you have a base level of understanding of server and security principles if you haven't ever worked in those industries. So less about an employer and more about understanding the industry you're wandering into. Anyway - noted to ask the guy.

I have no idea about CEH...

Currently, my IT experience is limited to everything I've picked up by myself. I was the CAD guy at my current job for a while and that somehow involved writing lots of macros for Excel programs, which I'm very competent with now. Aside from taking apart PCs etc, I haven't done anything IT-specific. I just feel that IT might hold better job prospects for me, and it happens to be something that I'm interested in already.

In addition, I'm sick of working in a position where the company is reliant on me for sales - I may be a product manager but I'm also an untitled account manager trying to prop up a slow-growing product group. As an engineer, that stuff doesn't really interest me that much.

I'll have a good read of that link, thank you. I've made some notes to ask the guy as well. If I don't do a course with them, at least I may have an idea of what I could pursue. As far as what interests me, I'm honestly not sure. I feel a little adrift with work these days. Any interest I have in anything is more or less just personal. I've been thinking about jumping ship for a long time now but as I said in my OP (I think), every PM role I see these days is in software.

Just from a brief look at that list, two things stand out to me - Engineer, Architecture & Design, and CTO.

dirtychinchilla · 15 Oct 2020 at 13:04

ivrytwr3 said:
You really need to know which area of Cyber Security you want to go into. The guy you spoke to wants to sell you courses and the ones he has identified are not middle management as mentioned above. This is a decent guide to IT certification and levels:

https://hakin9.org/wp-content/uploads/2020/02/0-2-1.jpg

Bluescreen IT
Firebrand

Spring to mind, but there are loads.

Thank you. Yeah he definitely just wants to make a sale, although they are well rated. If nothing else, he's given me a little kick to actually do something about my career.

I'll have a read of the link, thank you.

I just spoke to a friend of my father's, who has worked for Intel for years. Given my product management experience, he suggested that I try and get into a larger company doing product management of hardware (or some sort of physical product), and then look to do courses within that company to move into other areas of interest.

I don't feel like I need to do a different job, but I need to do it somewhere else and in my industry, there just aren't to positions available.