We recently had some news coverage and a blog post discussing "alternative" starts to cybersecurity. The article below explains how 6 non-technical majors (like music and sociology) could be great starts for the next cybersecurity experts.
Many of you started your careers elsewhere. Anyone have interesting career starts or majors and want to share? Comment below and let us know! I might have some fun swag to send out for interesting comments!
For the latest news coverage like this, follow us on social media!
So I have had some interesting detours in my cyber security path. These detours were not setbacks, but mere opportunities of learning that I rely on daily to help improve my career.
The first came when, after enrolling in computer programming classes to follow my passion, I encountered a horrible teacher. He taught way above our level and out of a class of 15 computer programmers, 13 admitted that we were lost and I think the other 2 were lying about not being lost. When one of our group, who were all self-admitted geeks, explained that we were all lost and asked if he could explain it in terms we could understand better, he promptly told her to leave his class and never come back. It was rumored that he was going to be teaching all of the computer classes and I knew I didn't want to be taught by someone so obnoxious, so I dropped out of the IT industry. I switched my major over to auto mechanics. This taught me the great skill of focused troubleshooting and understanding how things work. If you want to be good at cyber security, understand how things work. Once you understand how things work you can devise how someone may attack them or notice when they are not operating like "normal".
After struggling to find work in auto mechanics, I took up airplane painting. I knew I didn't want to do that the rest of my life so I decided to get a degree in Psychology. Knowing how people work is incredibly helpful in the cyber security world. If you know the impulses or tendencies attackers use when scripting that phishing email (i.e fear of account loss/lockout so the user needs to click immediately), you can better prepare or advise your workforce in how to respond because you know how they might respond and can instruct them not to act on their fears/emotions/etc..
During this time of painting airplanes and going to school for psychology my wife asked me one day "What kind of work would you love to do if you could do it for a job?" I told her I would love to get back into IT. She encouraged me to and I immersed myself back in to IT. This taught me a lot about how technology works. Having an understanding of how things worked in my field and how people might react to them has helped me become immensely successful in this field. I also saw lots of security jobs going undone and volunteered myself for those jobs. It is amazing to look back and see how much experience I was able to put on my resume just because no one else was doing it or no one wanted to take initiative to get a cyber initiative going forward.
So my advice to new people entering the cyber security field would be these items:
1) Learn how the technology works. I have setup numerous test labs everywhere I worked using old equipment that was just laying around.
2) Learn about management ideas and leadership qualities, yes they are different. If you do not already know they are different, learn how they are different.
3) Look for jobs going undone and ask your bosses if you can take them on.
4) Volunteer, even if it is not in technology. I volunteered for such extra tasks as:
a) Dispersed Librarian (had to update technical manuals in several paint shops across an 11 acre plant. This gave me exposure to people in all of the shops which allowed me to network. It also made me better at my job since I knew how to perform the job according to the manuals. It helped me become a Subject Matter Expert (SME)
b) Safety Team Member/Lead - This allowed me to visit all of the shops, not just the paint shops, and increased my name and reputation across the plant. The Team Leader quit so his position opened up and I volunteered for it and got it. This gave me a team lead role to put on my applications.
c) Doing the work senior members did not want to do, even though they were getting paid to do it. Even though I didn't get paid any more to do what rightfully should have been done by the senior staff, it gave me senior level experience that I could add to my resume and I became a person my supervisor could count on when they absolutely had to get the job done. This again added experience which allowed me to become a SME in my field. This also helped me when a senior spot became available because I had the experience AND a supervisor that supported my promotion.
d) Relief Supervisory duties - Again this was taking on additional duties without additional pay but, back when technology was newer, gave me access to an internal email address which senior management already had. This allowed me to further network outside my profession. I was able to increase my supervisory duties that I was able to put on my resume to prepare me for future leadership roles.
There were many people who were offered the same opportunities that I was offered, but refused to do them because it provided no immediate pay in the moment. I saw that I could use these as stepping stones to future success. I tell my children I wasn't hustling for today's money/opportunities, but for future money/opportunity.
5) Finally, consistent learning. This field moves fast but not so fast you can't keep up. You have to keep learning. Once you learn how to do something, teach it to others. Sharing your learning helps reinforce the training and helps others. Give back to the community.
P.S. Once I got back into to IT, I was in love. I do not feel like I have "worked" a day in my life since then. Sure I showed up to work sites for the past 16 years but it didn't feel like work. I feel like I am getting paid to follow my passion and I am thoroughly enjoying it. So my last piece of advice is to follow your passion.
Wow. This is an incredible post! Thank you so much for sharing your diverse and interesting background with all of us. You are an inspiration to others. Your advice on volunteering and following your passion is fantastic. Thank you again.
I came to cybersecurity from the legal field. I was very keen on law school after college (took the LSAT, was working for a law firm) and just realized that I enjoyed technology and business more than legal services.
From that point, I started doing more work with corporate business transactions, systems programming and incident management on the finance side. In financial terms, an increasing amount of risk was coming from the cyber domain and I just knew that my technology skills could be of use in securing systems.
I then proceeded to obtain a Security+ from CompTIA, and a CAP from ISC(2). My legal knowledge helps me think critically about security and ask LOTS of questions. I am constantly aware of balancing the needs of stakeholders, especially when it comes to obtaining the best capabilities with a budget. For a long time, I wished I had a technical degree, but I think that the logical reasoning and research skills gained in the legal field have provided a tremendous base of knowledge for managing technology.
Growing up my dad wanted me to be an engineer. Funny thing is he never said what kind of engineer. I don't think that he had ever dreamed that I would become one of the best and brightest cyber security engineers in the world developing secure cloud solutions. That's where I am now. How I got there would take me hours to describe. Stay tuned for my autobiography;) I made my way by forging my own path through legal and software engineering studies. I listened a lot to professors and industry professionals along the way. Finally, what clicked in propelling my career was having a mentor that was a CISSP. How cool was that? (ISC)2 has always been there for me despite challenges of being told where my place was in the workplace. I challenged norms and consistently searched for people that were progressive in their thinking about equality in the workplace and had the mindset of getting things done. It was that kindness that drove me to search and work for organizations that had a culture and commitment to protecting data and individuals right to privacy.
@AppDefects Thanks for sharing about your CISSP Mentor and how (ISC)² has been there for you in your career journey. We love hearing that.
Happy New Year!