---

@ChristianC wrote:
I have ten years of experience as a retail manager for a very large well known home improvement store and am desperate to get into cybersecurity. I have experience leading teams of 140+, operational and some technical experience from solving issues on a daily basis but no formal tech experience. I’m wondering if the CC is enough to help me get my foot in the door.

---

You've got some management experience. Ask yourself, how do you hire people. Do you care that they took a training course/certification for the cash registers you have (probably not). You're more interested in are they reliable, professional, coachable? A lot of verifying those things come down some form of personal connection or recommendation.

Security is not really an entry level gig. It's a secondary level. Construction has laborers, sub-contractors, carpenters, etc. That's the parallel of entry-level IT and some specialization. Security is more akin, architects, building inspectors, and engineers - people who probably started in those other jobs or have at least spent a few years getting to know what those jobs do.

Having the CC or other entry-level certs won't hurt you, but I'd find someone in the industry that you want to be in a few years, and ask him, her, them, what you should be doing. They'll probably point you toward some IT roles. But I would focus on finding the right people more so than job titles. Who can you learn from and work with are really important in this industry.

Last comment, I always grimace a little when I see things like "lead" or "manage" hundreds of people. Yes, they may be in your reporting line, but unless you work at a nightmare of a place, the reality is most of us have only a handful of people who report to us. It's all hierarchy and delegation. That's a pretty important concept in security as it dovetails with governance concepts, policy, even privileges. Think of how you want to present that to an employer - you want to get across that you were important, but you also want to communicate that you can delegate and develop other managers.

Sorry to break it to you and everyone else trying to get into the field, but NO certification BY ITSELF will get you a job.

At best, they will help you get past the HR gatekeepers.

What companies are looking for is knowledge, skill, and experience.  Certs by and large indicate knowledge.  Very few indicate skills.  Some may indicate experience.

Its often VERY hard for people to get into our field, but you often have to pivot from related fields using your technical or other skill set.

One issue is you made no mention of WHAT kind of role you are aiming for.  I recommend you check out something like the NIST NICE framework, which lays out several IT jobs and what is needed for them.

I would ALSO recommend that you seek out local infosec/infosec related groups to meet and network with people in the field.  This includes local chapters of ISSA, ISC2, ISACA, maybe Infragard, maybe local Defcon groups, etc.  Here you can meet a wide range of people working in the field.  They can give you advise, maybe point you in the right direction.

You mentioned you are going for your CISSP.  Understand you will need to show you have experience in 2 of the domains over a period of 5 years.  Otherwise you'll only be able to obtain Associate of ISC2 status.

Am sure others here can add to this.