cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jack_Burton
Newcomer I

Career change

Hello ICS2

 

I am a 40 year old Talent Acquisition professional (recruiter) for a top 10 US Bank (household name) looking to make a career change and enter into the world of Cybersecurity.  I have a BA in Psychology and no technical training whatsoever.  The majority of my career has been cororate and agency technology recruiting.

 

I was advised by a Security Executive in my company to study for and take the CISSP exam as he said this would be the most appealing cert to Info Sec hiring managers.  Since I dont have the prerequsite work exp to actually become CISSP certified, I realize I would only become and Associate if I pass.  Im ok with that.

 

Here's my question; should I go straight to the CISSP or are there other (read:easier) certs that I should pursue first?  I work full time, have 2 kids and they are home with us full time given the pandemic so study time is scarce but I am willing to make adjustments to my life to make it work.  

 

Whats my passion you ask?  Ultimately I would like to be as close to the tech as I can be... things like Pen Testing, Red Teaming, Malware Analysis, and the like are very interesting.  I have never written code, nor do I have an infrastructure background but I am not at all afraid to learn.  My secondary career choice would be threat intelligence and threat risk management (advising the business as to how to maintain secure operations, etc) if I were somehow unable to learn the tech.  There are Security pros in my bank that would help me transition into their field so I am extremely lucky in that regard...

 

Having heard all of this, do you agree with my Security Executive's opinion that I should go straight for the CISSP or would you recommend starting with smaller or easier certifications?  My primarly goal at the moment is entry into the Info Sec field.  I dont have to step straight into the tech side; taking another role in the field and latticing into the technical stuff would be fine.  

 

Thank you all in advance for any thoughts you have.  

 

 

14 Replies
Jack_Burton
Newcomer I

Thanks @CraginS there is a lot here to unpack.  Ive ordered the CISSP CBK as you recommended just for its guidance; I agree that there is just too much about the field that I dont know and if you feel that this is a good reference manual for the field then that is where I will start.  The link you provided for the cybersecurity workforce framework didnt work, I suspect this was the address you were trying to take me to: NICE Cybersecurity Workforce Framework.?

 

Im going to start by reviewing the CISSP CBK as a reference manual and then consider the CompTIA certs.  Ill consider a Masters degree if I get to a point where I feel its required, but at the moment I dont want to commit to that level of schooling given the weight of other responsibilities in life at the moment.  I suspect my interests will galvanize (and change) as I learn more about the field.  I have a conversation lined up with our Sr Manager of Threat Intelligence (to which our CSOC reports in to) later this week.  Our SOC does more entry level hiring than any other corner of InfoSec so it seems like a good point of entry to consider (it also sounds interesting!).  Im told from at least one gent that works in my Bus Tech Rism Mgmt function that starting in the SOC is a good place to learn how the organization looks at and handles threats on a basic, front line level.  That sounded like a plausible statement; anyway, Ill be speaking with that Sr Mgr this week.  

 

For the time being, the CISSP is going to take a back seat.  

 

I appreciate your direct and practical advice CraginS and Ill continue to update / ask questions as I learn more.  

Jack_Burton
Newcomer I

That was a very intriguing piece of his post. The idea hadnt even occured to me but its one Ill look further into for sure
Jack_Burton
Newcomer I

Very helpful Alec, thank you. I am fascinated by the tech and for the moment, I do think I want to go in that directon but Im going to begin reading the CISSP CBK as CraginS mentioned and have a few more conversations before I take action on the certs you mention.
Jack_Burton
Newcomer I

Thank you CISOScott, Ill dive into these links this week
Jack_Burton
Newcomer I

Thanks Steve, at the moment, all of it is interesting. I feel like a kid in a candy store but Im sure that will change as time goes on. The tech seems the most intersting, the policy side seems the least; I suspect I may end up somewhere in the middle but we'll see