Any Advice for career change in Cyber Security?

Any Advice for career change in Cyber Security?

Author
Discussion

Rooster2212

Original Poster:

90 posts

64 months

Thursday 4th February 2021
quotequote all
Hi All,

I am looking for advice from people in the industry.
I am a Mech Engineer, project manager. I am 33 and have lost all enthusiasm for it, I feel a complete change is needed for me.

I used to really enjoy the problem solving aspects of my job, but I changed and its all gone away. So I am looking at careers where there will be lots of problem solving, analytical thinking out side the box type stuff. A friend advised me to look at Cyber security.

Entry level jobs seem abundant and progress paths look to be more accelerated than my industry is. He has told me many times there are more jobs than skilled people to fill them (his company have had openings for a while with no one to fill them). He said there are a lot of mature career changers in the industry, so not flooded with fresh faced grads.

I am looking to re-learn in my own time and jump ship to Cyber Sec. Planning on doing the CompTIA A+, Network+, Security+, Ethical hacking and some CySA.

If there is anyone else with advice on changing into the industry, courses to take, courses to avoid etc I would appreciate any advice - good or bad.

Thanks!


Pete102

2,130 posts

193 months

Thursday 4th February 2021
quotequote all
Hi,

I'm already on the fringe of the industry, dealing with Safety Instrumented Systems (and the associated CS threats).

I was looking at a masters course at York or Bath Uni, as well as augmenting my learning with youtube and the various resources available. As for CS specific short-courses I can't help too much (I'm sure there are a few on here who can though!)

Pete

klan8456

947 posts

82 months

Thursday 4th February 2021
quotequote all
Anecdotally I know that hires into too large companies are compensated very, very well. It sure how that translates to the general population though.

Rooster2212

Original Poster:

90 posts

64 months

Thursday 4th February 2021
quotequote all
Pete102 said:
Hi,

I'm already on the fringe of the industry, dealing with Safety Instrumented Systems (and the associated CS threats).

I was looking at a masters course at York or Bath Uni, as well as augmenting my learning with youtube and the various resources available. As for CS specific short-courses I can't help too much (I'm sure there are a few on here who can though!)

Pete
Thanks Pete, so are you looking at the masters because you cant progress without one?

dibblecorse

6,951 posts

199 months

Thursday 4th February 2021
quotequote all
klan8456 said:
Anecdotally I know that hires into too large companies are compensated very, very well. It sure how that translates to the general population though.
Non anecdotally as as I have recruited into the CS space, you're right the deepest tech and senior sales roles are, but that won't last forever as more and more of it will head towards automation and then it will not be afr off the 90's / 00's gold rush where everyone went mad on MCSE and similar accrewdiations.

Rooster2212

Original Poster:

90 posts

64 months

Thursday 4th February 2021
quotequote all
dibblecorse said:
Non anecdotally as as I have recruited into the CS space, you're right the deepest tech and senior sales roles are, but that won't last forever as more and more of it will head towards automation and then it will not be afr off the 90's / 00's gold rush where everyone went mad on MCSE and similar accrewdiations.
So are you saying the Cyber Security industry is set to collapse?

quinny100

960 posts

193 months

Friday 5th February 2021
quotequote all
dibblecorse said:
Non anecdotally as as I have recruited into the CS space, you're right the deepest tech and senior sales roles are, but that won't last forever as more and more of it will head towards automation and then it will not be afr off the 90's / 00's gold rush where everyone went mad on MCSE and similar accrewdiations.
In the technology sector certifications without significant practical experience have always been of questionable benefit. There's still a decent living to be made for experienced MCSE's and it's a complete arms race at the moment for people who have transitioned to Azure. Six figs on offer at the moment for Azure/AWS bods with MSP experience. You're bang on with the automation piece - I had a demo of a SOAR solution from a top tier security vendor this week and their key selling point was the potential to reduce security analyst headcount through automating response to security events. You'll still need the more senior specialists to set all this stuff up, but this is one area where AI and machine learning have real potential to reduce low level work.

Cyber Security is a pretty broad church but pretty much any branch of it requires a very solid theoretical grounding in networking in particular, but ideally right across the infrastructure piste and a working knowledge of the components of an operating system and how software interacts with OS. I'm not a fan of the CompTIA + courses - I've managed to make a decent living in IT in the last 20 years without ever learning the pinouts of an RS232 interface or a parallel port - which is pretty much where A+ starts. Personally I'd suggest you start with Cisco CCNA - since the curriculum changes last year it's actually a really nice initial certification to get because it's broader than it used to be - you'll cover routing and switching but also wireless and security essentials. I think it will also give you a real flavour of whether this change is really for you - I find people either get networking and it just clicks, or they don't and it's just not for them and they never get beyond the basics. I've worked with some excellent infrastructure engineers who don't get networking and I've come across "Network Managers" who I've had to spend hours explaining what a VLAN is and why it might be a good idea to introduce them into their flat network with a couple of thousand devices on it that keeps grinding to a halt.

There are plenty of online resources for CCNA - some free, some you'll have to pay for. Pluralsight have a decent CCNA course, as does CBT Nuggets - the latter being more expensive but it does have a vast range of material on there. Plenty of free trials for knocking around - it's as much about finding a delivery style that works for you as the content.

Once you've got CCNA your best steps towards getting a job are probably to look at some of the security vendor specific training. Fortinet - one of the big 4 vendors - has made all of their material free following COVID. https://www.fortinet.com/training/cybersecurity-pr...

Getting practical experience is going to be your biggest challenge - you might have to start at the bottom of the ladder but there is no reason you can't climb the ladder pretty quickly. My advice would be go and work for a Managed Service Provider initially - it's the best way to build your experience quickly because you'll be working on many different environments with lots of different kit. If you're personable and can talk technical to non-techies that's a big help.

anxious_ant

2,626 posts

86 months

Friday 5th February 2021
quotequote all
Very good advice from poster above.
My mate went in CS (then was compliance) same time as when I just started in IT as systems support.

Many years and qualifications later he is doing rather well, as CS is currently in demand. Hard work though.

Bathroom_Security

3,467 posts

124 months

Saturday 6th February 2021
quotequote all
Something to think about but you may wish to consider just how monotonous that sort of role might be for you especially at analyst level. I say this because you might well be an engineer, sounds like you enjoyed it too. So if you are wired up that way have a good think. Personally I have no desire to enter a role where I loathe myself or become a st eater.

Perhaps network engineering might be worth a look? CCNA as mentioned above will get you in the door, I make a good living as a CCNP/CCNP Security project engineer. Plenty of overtime (and I do mean plenty) is often available in peaks and troughs. Project based roles in service provider land will get you out and about, different sites, different customers etc which I think helps relieve some of the boredom you get from say a support role, going to the same place to do the same thing day in day out.

re. Automation, its all bks. Using automation (like rest etc) to deploy firewall rule bases is a god send especially on st systems with st GUIs, as is using it to retrieve information en masse. We are just moving toward an era where we no longer have to use putty or some st terminal program to scour a CLI for information so I wouldn't worry about that.

Automation in terms of something like SD WAN or SD Access still requires an engineer to be able to migrate something, provide connectivity in and out of old networks etc. Under the hood its all the same old st cobbled together to build a new solution thats going to change the world and deliver swift cost savings.... it still goes wrong. You still have to dig in and have a look at whats going on.

I am sure we will all be redundant one day when we enter a network utopia that allows us to deploy a pizza box in a rack and everything gets done in a single click of a button by an engineer that gets paid £30k a year.


mholt1995

568 posts

88 months

Sunday 7th February 2021
quotequote all
Hey,

Cyber security practitioner here. I did a security+forensics degree (graduated in 2016) followed by 3 and a half years in various IT roles which weren't security focus but would often get into it before finding myself in my first full-time security role in late 2019.

In the meanwhile, I had a series of fantastic conversations with someone on here who is in a leadership role within security and it gave me the drive/re-focus and determination I needed to really break in, so hopefully I can pass that on to an extent.

Security+ is... interesting. Done the learning myself but haven't taken the certification. It's a great curriculum to get yourself familiar with a lot of the concepts but does tend to (in my opinion, ymmv) dwell a bit too much on legacy systems but is useful nonetheless.

As you will soon discover, there are many different areas to security, with a whole heap of different specialisms to get yourself invested in if you find your calling.

I personally ended up finding myself in application security (vulnerability management, penetration testing, secure development etc.) and as far as I can tell, am happy to follow that all the way up to architecture level and can see that doing me very nicely for the medium term.

I'm actually currently in the process of transitioning from a hands-on analyst role (mangaging vulnerabilities, organising penetration testing) to a more strategic one (working with secure development lifecycle tooling, containerised environment configuration and other bits and bobs) and I'm really enjoying my work.

That's such a small piece of the puzzle however. Just on the blue team, there's security engineering (so actually building tools with the outcome being to enable security teams), incident response, supply chain assurance, management/leadership, risk management, infrastructure security, audit/certification.

Absolutely tons of roles out there.

If you're interested in the technical and offensive side of security (which I get the impression of from the courses you're picking out) then I'd wholeheartedly recommend getting yourself familiar with hackthebox and capturetheflags generally, really interesting stuff if you've got the knack for it and, as mentioned, the skills are certainly in demand.

Good luck!

lyonspride

2,978 posts

162 months

Wednesday 10th February 2021
quotequote all
Cyber security is becoming saturated, I know several who qualified and cannot get jobs, I know others who got jobs at barely minimum wage, and I know one who got in early, made a good wage in his 20's/30's, got made redundant, then 6 months later they wanted to rehire him on £22k, putting him £8000 down on what he was earning 10 years earlier (now 44).

That said, OP wants to get out of engineering and I can completely understand that, it's tough work, there's no respect and you're basically disposable at any time. I keep going from one ship to the next, hoping it'll be different, but finding the same old sh*t every time, only difference is i'm getting older and the disrespect is coming from admin staff barely out of school.

Art0ir

9,405 posts

177 months

Monday 15th February 2021
quotequote all
Just to echo the "broad church" comments from the above. I'd hazard there is a niche that will suit anyone that is competent. I work for a medium sized organisation so have the luxury/pain (delete as you wish) of having to deal with most of these but in larger orgs there will be entire teams dedicated to just one of the below.

I'm still somewhat of the opinion that to be really successful in IT you do need some time at the coal face, but I accept that's a bit of an old fashioned view and probably not as relevant for some of the newer roles that have popped up in recent years.


Consigliere

352 posts

48 months

Thursday 16th March 2023
quotequote all
Been offered a Cyber Security job in automotive sector. One of the chaps i worked with previously pointed me to it (we were both systems/electrical engineers previously - i still am). It will be working for his boss, so my mate and I will be working together.

Hes given me an honest view and it seems appealing, I've been an engineer for nearly 20 years now and this seems to be interesting and something I can learn whilst working (full training will be provided). Its a new industry though, i know nothing about automotive or specifically automotive cybersecurity.

Anyone in this area of work, recommend it or not? Any advice appreciated.

ben_h100

1,547 posts

186 months

Sunday 26th March 2023
quotequote all
Currently in a compliance/cyber risk management role, but I have a strong networking background and have worked in ‘Cyber’ for a couple of years.

The main cert I’m aiming for is CISSP, which having studied quite a bit for, is worth doing to consolidate/broaden your understanding. It appears to be well revered. That said, it’s not for a ‘newbie’ and full certification requires peer verified experience.


deja.vu

456 posts

23 months

Monday 27th March 2023
quotequote all
Saw this on LinkedIn earlier.
Many a true word…


Consigliere

352 posts

48 months

Monday 27th March 2023
quotequote all
ben_h100 said:
Currently in a compliance/cyber risk management role, but I have a strong networking background and have worked in ‘Cyber’ for a couple of years.

The main cert I’m aiming for is CISSP, which having studied quite a bit for, is worth doing to consolidate/broaden your understanding. It appears to be well revered. That said, it’s not for a ‘newbie’ and full certification requires peer verified experience.
Which industry are you in, assuming its not automotive

bigandclever

13,948 posts

245 months

Monday 27th March 2023
quotequote all
Consigliere said:
i know nothing about automotive or specifically automotive cybersecurity.
Neither do the good folks at Tesla smile

https://www.teslarati.com/tesla-hackers-win-model-...