cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rokey1
Newcomer I

Looking for advice on career change into Cyber Security

Hello,
I'm looking for some support as I am currently working in the world of Social Media, however am keen at looking into changing my career. 
I'm very interested in Cyber Security, and have spoken with friends who work in the field.

I wanted to ask for some expert opinions on how likely this would be, and what people believe the best method might be.
I am not looking to go back to study full time and that's not a feasible option. 

I'm wondering if part-time self-study is best, and which courses they may be and why?
Is experience more important first and how would someone go about getting that chance? It feels a little chicken and the egg.

Would a role in IT be a good stepping stone first?

I'm really excited to hear from yourselves, so if you have any support at all please do respond.

16 Replies
Flyslinger2
Community Champion

I would start by reviewing the requirements on ISC2's website for the cert that you are interested in.  I've included the CISSP requirements as a starting point.  It's certainly an excellent field to work in and the certifications give you a huge boost in your career. The money is amazing as well.

rslade
Influencer II

> rokey1 (Viewer) posted a new topic in Career on 02-11-2019 09:41 AM in the

> Hello, I'm looking for some support as I am currently working in the world of
> Social Media, however am keen at looking into changing my career.

I'm very hesitant about advising you, since you don't seem to have any real reason
to get into security. (Also, your comment about getting into IT first is worrying:
do you have *any* real background in tech?)

>  I'm very
> interested in Cyber Security

Why are you interested in security? What is it about security that interests you?

> and have spoken with friends who work in the
> field.

And what is it that they said that interests you? Also, what do *they* think about
how you should go about getting into security?

> I wanted to ask for some expert opinions on how likely this would be,
> and what people believe the best method might be. I am not looking to go back to
> study full time and that's not a feasible option.

So, you want it cheap and easy?

Well, I doubt it's going to be easy. But we can start you out with cheap. The best
single text in the field is "Security Engineering," By Ross Anderson. You should
buy it, but, if you don't want to spend any money, you can read an earlier edition
online for free: https://www.cl.cam.ac.uk/~rja14/book.html

>  I'm wondering if part-time
> self-study is best, and which courses they may be and why?

Well, I did it with independent research and self-study, so I know it can be done.
But I also know I wouldn't exactly call it part time. I put in thousands of hours
over the years ...

> Is experience more
> important first and how would someone go about getting that chance?

You don't wait for a chance to get experience, you go and *get* experience.
Study your own computer. Are you safe? Can you make yourself safer? What
about the social media work you do now? Is it safe? Can you make it safer?

> It feels a
> little chicken and the egg. Would a role in IT be a good stepping stone first?
> I'm really excited to hear from yourselves, so if you have any support at all
> please do respond.

Where are you? Find a local security group. The Vancouver Security SIG always
has lots of attendees/members who are either students or looking to change careers
and get into security.

Once you get through "Security Engineering," here are some other texts you
should look at: http://victoria.tc.ca/int-grps/books/techrev/mnbksccd.htm

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Half of the harm that is done in this world is due to people who
want to feel important. They don't mean to do harm. But the harm
does not interest them. - T. S. Eliot
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

> Flyslinger2 (Contributor II) posted a new reply in Career on 02-11-2019 12:57 PM

> The money is amazing as well.

He's lying. You probably won't starve to death, but you'll never make a ton of
money in security.

Unless you're in sales ...

(And then you're really not in security, are you? ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
He who dies with the most toys is, nonetheless, still dead.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Flyslinger2
Community Champion


@rslade wrote:
> Flyslinger2 (Contributor II) posted a new reply in Career on 02-11-2019 12:57 PM

> The money is amazing as well.

He's lying. You probably won't starve to death, but you'll never make a ton of
money in security.

Unless you're in sales ...

Yes, I make it practice of lying.  Suffice it to say that I did extremely well in my role last year and my work will double this year.  You can make a lot of money in any career field if you make yourself valuable. 

mgorman
Contributor II

The first thing I would do is look at the field, and see what you want to focus on.  There are a lot different pieces of the cybersecurity field.  Policy, regulation, compliance, security operations, application security, analysis, network security, on and on and on.  It sounds like you are really starting your career, so if you don't have a lot of background, you might not have a lean in one direction or the other to start with.  I would spend some time here, and on other communities and blogs, etc. to get a feel.  You might also look at cybrary.it.  They are a free (of course they have a premium version, too) web based training resource.  They lean towards certifications, but taking even their free courses on the certs will give you an idea of different aspects of the space, and the kinds of skills you might want to develop. 

 

If you can't go back to school full time, I would seriously look at a certification.  Especially if you are outside the field trying to get in, they can help get you through the automated screening systems in place with HR teams these days.

rokey1
Newcomer I

Hello @rslade, thanks for taking the time to respond to me.

Not that it should matter, but mortgage repayments mean I would need to aim to earn similar salary to what I am earning now, and this would be difficult/ impossible to do so if I went back into full time study.

I do not want it "cheap and easy" but instead am looking at a sustainable way to venture into an exciting new career.

I'm quite interested in social engineering, and ethical hacking, however I do not have coding skills.
My comment about IT came from advice from a security architect  – apologies that this seemed to worry you.

 

As previously stated, I currently work in Social Media Management, not tech.

I came to this forum for support, hopefully your response could be exactly that, rather than what appears to be a knock at confidence.

For clarify, I dont have experience in this field, but It is something I have an interest in and am keen to get involved. 
Thank you.

rokey1
Newcomer I

hi @mgorman this was really helpful advice!

Thank you so much.

I'm interested in social engineering I think, especially after a friend told me a story of how his business had their security tested from someone attempting to steal their own data by hiring a team to pretend to be from the business' internet provider, break in, and steal their data by attaching something to their printer.

I'm also interested in the threat and risks within social media, and wonder if I could use this as a way to boost my chances of an entry level role.

Which qualification would you recommend for a complete beginner?

Thank you.

mgorman
Contributor II

I'm not sure about certs along the lines you are looking at currently, though social engineering and user behaviors are key.  I would say to look through cybrary and other sources, like stack skills, etc (there are a lot) and take some of their social engineering courses, they may have some good resources that can guide you more, and keep asking here, others may have a better idea.  I just don't have a lot of experience on that side, I come from a Network Engineering background, with Cloud and Software more recently.

Shannon
Community Champion

 


@rokey1 wrote:


I'm also interested in the threat and risks within social media, and wonder if I could use this as a way to boost my chances of an entry level role.


Getting into a role related to this will depend on your skills, experience, & credentials --- if employers do look at your interests, it's after the other criteria are met.

 

Nonetheless, you needn't depend on a post to garner skills; as @mgorman said, you can use online sources for this. (I'd begun a course on social engineering on Cybrary but got too bogged down with my work, & have yet to complete it)

 

After developing skills, you can attempt to portray them --- legitimately --- either where you work or elsewhere to get recognition and more opportunities.

 

Like @rslade was saying, you might not see the monetary fruits of your labor, but if you've got an interest and aren't solely motivated by financial benefits, that shouldn't stop you...

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz