Career change to Cyber Security

Oxide™ · 20 Dec 2019 at 12:30

Currently a manual software tester within a financial institution. I'm needing a change from testing and as I have a young family now, securing higher wages with an option to work remotely would be ideal.

I've always wanted to go into cyber security but don't know enough about it to decide what specific area I would get satisfaction from.

My qualifications are:
MCSE+I - 2000
Business Analysis Foundation cert - 2012
Testing Foundation and Intermediate cert - 2016
Cyber Security Foundation cert - 2019

Just wondering what my next option is really to secure a better job.
- Do a penetration tester course, try secure a job which will give an idea of where in cyber security the salaries/job satisfaction is?
- Do a Security+/Ethical Hacking (don't have any programming skills though if this is a requirement) course, try secure a job in a SOC which will give an idea of where in cyber security the salaries/job satisfaction is?

Anyone in this field can give advice please?

dowie · 20 Dec 2019 at 12:57

Not in the field but just on a general point - if you’re in a big organisation then could be worth reaching out to your in-house team. Most people wouldn’t do it but if you offered to assist with some project for them on the side or even just ask if you can chat with them about the roles they do over lunch etc... then you might be able to facilitate a lateral move.

That isn’t specific to security but career changes in general when you’re already working in a large-ish firm.

Secondly - do you have a degree? There seem to be various specialist MSc courses out there in this field. If you’re aiming for higher paid work then that might be the way to go over certificates - for example Oxford has a part time course. Something like that on your CV would probably open plenty of doors at consultancies etc...

Oxide™ · 20 Dec 2019 at 14:09

Thanks Dowie - I will also speak to our fledgling in house team and see what they say and perhaps get a foot in the door that way

I don't have a degree, when I left high school the last thing I wanted to do was study further however I really should have as that really does open doors

Beerbaron · 20 Dec 2019 at 14:21

Security+ and CEH don't require programming skills.

Security+ is entry level and you can just grab the book and sit the exam.

Juicy Jama · 20 Dec 2019 at 14:29

Would also look into and consider some security based networking certs. CCNA Sec(which is expiring in Feb and becoming CCNA) JNCIS-Sec

dowie · 20 Dec 2019 at 17:57

Oxide™ said:
I don't have a degree, when I left high school the last thing I wanted to do was study further however I really should have as that really does open doors

Not too late to get one, granted it can take a fair bit of dedication now you're working full time but you could get a degree in say 4 years via the University of London International program, Birkbeck College or the Open University:

https://london.ac.uk/courses/subject/73

http://www.dcs.bbk.ac.uk/study/undergraduate/

http://www.open.ac.uk/courses/find/computing-and-it

No reason why you couldn't apply for new jobs when party way through a degree course either - just make it clear that your qualification isn't complete/you're still studying etc.. due to complete in say 2024 etc..

Also, if you're not earning much at the moment then a degree apprenticeship could be worth a look too - you work and study over 4 years and the employer pays the fees.

It might not be for everyone but if you've got a few decades left still before retirement then... that's a long time - you can still get a degree, look at studying a masters (better to pick a more academic degree if you fancy a master later - also better to get a decent level of mathematics in too at undergrad if you want to look at more specialist MSc courses later)

Ev0 · 20 Dec 2019 at 23:17

Seeing if there’s anything you can do internally would be a good start in possibly narrowing down what it is you’d want to do, especially if you can get involved in any shadowing or the like.

Pen testing and a SOC analyst are going to be pretty different roles, both can be good fun though and both are also in demand.

Sec+ is a great entry level cert that gives a good overview of things and may help you work out what you like and don’t like.

Not a huge fan of CEH, my experience was it ended up being an exercise in memorising lists of tools you could use for various things, higher than entry level but not a huge amount.

No programming knowledge needed for it, though for pen testers in general having some aptitude here can really help.

Degrees are becoming less of a requirement nowadays but can be useful as a differentiator, and ultimately you’ll also learn a lot and hopefully find it enjoyable!

It’s a great area to work in though

Oxide™ · 23 Dec 2019 at 07:51

Thanks for all the tips guys.

Discussed the possibility of doing a degree with the wife - it would be very tricky with a 5 month old and the loss of my salary. Open University don't seem to have a GCHQ approved degree in Cyber Security yet so will see if that happens and maybe look into that.

In the meantime I'll see if I can self study the Security+ cert and see where that takes me in house for a start.

malachi · 23 Dec 2019 at 09:39

Oxide™ said:
Thanks for all the tips guys.

Discussed the possibility of doing a degree with the wife - it would be very tricky with a 5 month old and the loss of my salary. Open University don't seem to have a GCHQ approved degree in Cyber Security yet so will see if that happens and maybe look into that.

In the meantime I'll see if I can self study the Security+ cert and see where that takes me in house for a start.

Definitely do the Security+ cert, this is what I am currently studying to get my foot in the door. Then will move on to CCNA Cyber Ops soon after.

My best friend works cyber security, he doesn't have a degree and is doing well. All you need is the motivation to do so with the right certs.

#Chri5# · 23 Dec 2019 at 15:39

A couple of the products we sell security orientated (Network Traffic Analytics - anomaly detection etc), so I get to speak to people who already have or are setting up SOCs. I'll often hear them say they struggle to recruit SOC analysts, even junior ones. If they are a public sector customer, they also bemoan trying to hold on to people once they have some good experience (2 or 3 years) as the private sector comes calling with a bigger chequebook.

dowie · 23 Dec 2019 at 17:51

Oxide™ said:
Discussed the possibility of doing a degree with the wife - it would be very tricky with a 5 month old and the loss of my salary. Open University don't seem to have a GCHQ approved degree in Cyber Security yet so will see if that happens and maybe look into that.

Do many undergrad courses have that? I'd have thought it should't matter too much at undergrad, depends what you want out of it I guess but you can use the undergrad to get onto a masters that is dedicated to the area - if aiming for an MSc eventually your undergrad could be any one of a number of STEM degrees - maths, physics, CS, engineering etc...

If the undergrad you do is more vocational then it might well be less suited as preparation for a specialist MSc course, but if you aim to finish at a BSc then perhaps that is preferable and gets you learning the applicable/specific to role stuff sooner.

The degree apprenticeships pay you while you work/study over the course of 4 years and seem to be a bit more vocational - IIRC from a previous thread on here they start at 20k moving to 30k by the time you graduate - that might well be a substantial pay cut for you if you work in finance though.

OU would be a more flexible option than say Birkbeck if you've got a small kid.... some optional tutorials vs a part time timetable of scheduled lectures a 2-3 evenings a week etc...

University of London International program is pretty much fully distance learning AFAIK - it might vary by institution a bit, one of my friends with a CS undergrad who wanted to fill some gaps in his mathematics knowledge before pursuing a post grad course did a grad diploma course in maths with them basically covering some undergrad applied maths and stats - it was administered by LSE and looked pretty thorough. On the other hand the undergrad CS degrees and diplomas they offer seem to be administered by Goldsmiths... so not too sure what those courses are like. They seem to have an Information Security MSc administered by Royal Holloway too.

Ev0 · 24 Dec 2019 at 13:23

#Chri5# said:
A couple of the products we sell security orientated (Network Traffic Analytics - anomaly detection etc), so I get to speak to people who already have or are setting up SOCs. I'll often hear them say they struggle to recruit SOC analysts, even junior ones. If they are a public sector customer, they also bemoan trying to hold on to people once they have some good experience (2 or 3 years) as the private sector comes calling with a bigger chequebook.

I work in a similar product area and echo this, my customers have the same struggles in SOC analyst recruitment and retention.

If it is an analysts role you’d be interested in then some of the systems you’ll be expected to use have free or trial versions that you can try out to see how they work and can be used, can be worth trying out.

HangTime · 3 Feb 2020 at 22:50

Oxide™ said:
Thanks Dowie - I will also speak to our fledgling in house team and see what they say and perhaps get a foot in the door that way

Our InfoSec team has grown in this way, taking on secondees and then converting to FTE as headcount gets approved.

NickK · 8 Feb 2020 at 21:55

I would start with the security understanding, threats etc have a look at NIST for a wider picture. However I would then looking at how this interacts with risk management too.