Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cguido
Newcomer I
a week ago
a week ago

Advice Needed: Career Change

Hello everyone!

 

I'm currently transitioning from a career in public history to information security, and I'm eager to learn from your experiences. The cybersecurity field is incredibly fascinating to me, and I'm open to exploring various career paths within it.

 

I recently earned my ISC2 CC certification, and I'm actively preparing for the CompTIA Security+ exam. I'm also considering pursuing CompTIA A+ to strengthen my foundational IT knowledge.

 

My background in public history has provided me with valuable transferable skills. Specifically, my experience at a history museum involved significant data analysis, meticulous auditing, and detailed record-keeping, all of which I believe are highly relevant to compliance roles within cybersecurity. I am also very proficient with research, and communication, both written and oral. I'm also open to roles in risk management, and security awareness training.

 

I'm aware that my lack of formal IT education might be a concern for some employers, but as I only received my degree a few years ago, going back to school is not really an option for me.

 

My questions are:

  • Given my background and certifications, what are the most effective strategies for breaking into the cybersecurity field?
    • What sub-field would you recommend that I start in?
  • What additional skills or certifications would you recommend I pursue to enhance my employability?
  • How can I best highlight my transferable skills and demonstrate my passion for cybersecurity to potential employers? 
  • Are there any specific entry-level roles or internships that would be a good fit for someone with my profile?

Thank you for any advice/ help!

Reply
28 Replies
dcontesti
Community Champion
Saturday
Saturday

What degree did you get?  If from a college or university, you should qualify for the one year experience for the SSCP.

 

Here is a grid showing the requirements for the DoD. Note both Sec+ and SSCP are listed.

 

https://www.wlac.edu/sites/wlac.edu/files/2022-11/Dod.pdf

 

 

Reply
cguido
Newcomer I
Saturday
Saturday

I got a BA in History back in 2021, so I'm thinking that I wouldn't qualify for the experience 😕

Thank you for the grid! This is super helpful to have
Reply
0 Kudos
Spirnia
Newcomer III
Saturday
Saturday

I would recommend getting the Network+ and the Security+ because you earn the certification once you pass each exam. I have both of those and truly feel they are both worth it!

 

I do not know how much weight the ISC2 Associate status holds as it is a designation and not a certification. I have just earned that designation through passing another ISC2 exam.

 

I highly recommend that once you are situated in the cybersecurity field that you go for your ISC2 CISSP, for sure! I very much enjoyed the CISSP curriculum.

 

I just began studying for the CCSP (cloud) curriculum. It will be many months before I sit for that exam.

 

The ISC2 CISSP and CCSP exams are known for their high degree of caliber!

 

I wish you the best of luck with your application to the next cohort of the SANS Cyber Academy which accepts applications in the month of May! Just in time!!

 

 

Reply
0 Kudos
dcontesti
Community Champion
Saturday
Saturday

@cguido  

The best folk to make a call on your experience are management.  I believe they would need to review  your courses etc to make a decision.

Reply
nkeaton
Advocate I
Saturday
Saturday

@dcontesti That is a nice chart for reference, but the 8570 was replaced by the 8140. I can find you a link if want but unfortunately is a little more complicated than that very succinct chart which have always liked. One thing that I really like about the 8140 is that DoD emphasis has been changed to what I believe is more important which is experience and education. Hopefully private industry will follow again. I don’t know the situation where you are, but in the US Security+ has completely flooded the job market. I think that we can agree that having Security+ does not mean that a person belongs in cybersecurity or can find a cybersecurity job.
Reply
0 Kudos
dcontesti
Community Champion
Saturday
Saturday

@nkeaton  if the Sec+ has gone by the way side, why is listed Under both Technical and Management in the DoD 8140.

 

FYI here is the 8140 table from https://enterprisetraining.com/dod-8140/

 

 

dod-8140-baseline-certifications.png

 

Reply
nkeaton
Advocate I
Saturday
Saturday

@Spirnia I have very mixed emotions on recommending CompTIA. While I have helped hundreds of our folks earn that certification, it does not carry the weight that it did when I earned mine in 2010 and has completely flooded the job market. Almost none of our people have A+ or Network+. No learning is bad. I would not recommend against reading their materials but would not recommend taking the exams. I have neither but earned Cloud+ and Server+ participating in beta exams. The Associate of ISC2 is very problematic to me. The biggest issue that I have seen with it is people misrepresenting themselves. I also do not like that people invest the time and money to get as you indicated, essentially nothing. It is only a membership and not a certification. For my CCSP I did read the Sybex book, but I feel that my best resources were no cost materials from CSA (Cloud Security Alliance) and NIST. The former is to me a very cool organization. They helped ISC2 develop their CCSP and ISACA their CCAK. Their materials (for their CCSK certificate) assume that have the cybersecurity knowledge and concentrate on cloud concepts and cloud security. That is about half of the exam with cybersecurity being the other half. Best wishes. Feel free to ask me questions. It is maybe my favorite certification especially for those active in the job market.
Reply
0 Kudos
nkeaton
Advocate I
Saturday
Saturday

@dcontesti Security+ was not on the 8140 lists for about 10 months which kind of had CompTIA scrambling. This is the official site: https://public.cyber.mil/wid/dod8140/qualifications-matrices I picked the qualifications matrices but is much more information on the site itself.
Reply
0 Kudos
nkeaton
Advocate I
Saturday
Saturday

@dcontesti I looked more at your link. I have never heard of this training vendor before, but there are other issues with what they posted. The DWCA has not existed for many years. I do not know why they got rid of it. My understanding is that certifications if the person does not have the experience or education are based on work role; so the IAT, IAM, etc designations are only relevant for 8570 which no longer applies. The table that showed should at least should have had the correct name for CAP which was changed a few years ago to CGRC. The names changed for the former ISC2 concentrations and for CASP+ to SecurityX are somewhat recent but not reflected.
Reply
0 Kudos
Spirnia
Newcomer III
Sunday
Sunday

IMG_0031.jpeg
IMG_0030.jpegIMG_0029.jpegIMG_0028.jpegIMG_0027.jpeg

 

I will allow the data to speak for itself.

 

It is good to hear differing views.

 

In the end, one makes the best decision based on available information to them.

 

I stand by my recommendations.

 

My recommendations are based on my personal experience and current available data and information.

 

The images I have posted are all from the respected cyberseek.org website.

Reply