Should Age Be a Barrier To Cybersecurity Education...

cybrarian63

Hi, I'm new to this platform and currently enrolled in the ISC2.org One Million Certified in Cybersecurity Program. I plan to be certified by the end of January 2026. I'm a retired nurse, age 63, and this is my journey into the technology field. I still want to work in healthcare, just not at the bedside anymore.

I'm also enrolled in the Npower IT program in NC, where I completed the CompTIA Tech+ and CompTIA A+ Certification exams. (The A+ Core1 was very challenging for me, and I have to re-take the exam to pass)

My topic question came about because family and friends are questioning whether I am "late to the party".

In other words, they assume that this industry is just for the "young and nimble"; I say otherwise.

I know that ageism exists, the stereotypes about learning ability, and assumptions that older adults can't learn new tech. In reality, older adult learners often EXCEL with applied, contextual instruction. We already come with built-in discipline and focus. I personally spend about 4-6 hours a day studying, even on weekends!

I'm completing the Google Cybersecurity Professional Certificate as I write this, with only three modules left. I've already completed the Google IT Support course. I enjoy it all and am excited to learn something new and different at this stage of my life.

Age should NOT be a barrier to cybersecurity training; anyone aged 16-60+ (like me) can enter and thrive.

My grandchildren think I'm cool now. I can speak their language.

PS: I have a T-shirt that reads "Nana Knows CODE."

nkeaton

@cybrarian63 Age is definitely not a barrier. The comments that you are getting are from people that do not know cybersecurity. People think pentesters/ethical hackers and what the movies show as cool. That is not a profit center so very few hires and is only cool when not writing reports and other tasks. Coding is absolutely not needed. While I was a business application programmer and very good at it, I have done zero coding in cybersecurity as is not needed at my level of work. I have only been in it since 2008 with a heavy IT technical background before. Since you want to stay in healthcare, I would recommend reading ISC2's HCISPP CBK. While they no longer offer the certification, it does a nice job at tying cybersecurity and healthcare together. You might also look for local cybersecurity chapter meetings. I know that there are many people in the healthcare vertical in my local chapters. I am not in GRC (Governance Risk and Compliance), but I do assist them and is a possible avenue as well.

@emb021 Healthcare is definitely not my vertical. I can speak to HIPAA and HITECH a little but know that you could tie into that better in the field.

emb021

What @nkeaton said.

Cybersecurity is a wide field and there are many who are doing a lot of technical stuff, and people doing very little. I have a bachelors and masters degree in computer science, but my career has been as a systems administrator and now in cybersecurity and I've done VERY little coding.

As @nkeaton noted, we need more people in healthcare that understand cybersecurity, what with the requirements of HIPAA/HITECH. I used to do a LOT of HIPAA risk assessments and training, and am still in the healthcare space. This knowledge is still needed. Some people forget that GRC (governance, risk, and compliance) is a part of cybersecurity.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow

dcontesti

Welcome to the crazy world of Cybersecurity where one never stops learning regardless of age.

You mention that you want to stay in the Healthcare arena. In the US, you will need to understand HIPAA but you also need to understand the Privacy laws in the state you are working (Nevada has the Consumer Health Data Privacy Act, California has the CCPA, as do other states) and do not forget the My Health My Data Act (MHMDA) that passed in 2023.

if you are not in the US, you will need to check what the local regulations are. In Canada, one must follow the guidance provided by the Canada Health Act PIPEDA as well as Provincial regulations.

Again welcome to this crazy world.

d

Alten

I love you.

I'm proud of you.

It's freakin' awesome that at 63 you're learning to code and spend the time that you do educating yourself on a topic like cybersecurity.

It is out of the love that I tell you - the chances of you landing a junior cybersecurity job in your position are extremely small.

You can blame ageism or w/e, but AI has evaporated junior cyber positions. And it will continue to do so. Get certified if it makes you happy, but a handful of certifications likely isn't going to get you started in a cybersecurity career at 63 years old.

I've worked in cybersecurity for 20 years. At 40 years old, I'm a dinosaur where I work. And all I do is provide input for proposals and manage.

For some reason the internet thinks if you get a degree or certification a job will be waiting for you. That is rarely if ever the case. Certifications are great at demonstrating skills, negotiating salary, and qualifying for specific positions.

Sorry, but I think authenticity is more valuable to you than a "you go girl".

Message me anytime.

nkeaton

@Alten It is not the internet that tells people this. It is the "schools" that pass on what I call the big lie. Lots of jobs (yes, but not at entry level), high pay (not at entry level), remote work (not for entry level), and set your own hours (doubtful, especially at entry level). The Google certificate which even Google doesn't recognize advertises the big lie in conjunction with their certificate. It has mostly been coupled with Security+ in my experience over the years. I have actually had people ask me where the jobs are like they just pass them out when pass an exam with zero experience. I really feel bad that this propaganda is passed out to those that do not know better. These people spend a lot of money and time for something that does not exist no matter what they have been told.

Squadfather

I was about to ask the same question...I'm 56 almost 57...I'm guessing that there is no age limit, although it may be challenging for an old dog like me to learn new tricks.

I have my CC exam on Saturday so I reckon we'll see what happens.

Wishing you peace and joy on your journey.

Well-argued nonsense is still nonsense.

Alten

@nkeaton Very well said.

I do a fair amount of interviews. Someone is telling people when you get Sec+/CC you're entitled to a job and when you have CISSP you should get well over 6-figures (at least in my locality). It's entirely possible it's the trainers and schools.

Out of ~20 interviews for a junior cyber role, about half had higher-level certs with less than 2 years experience. Only a handful had lower level IT certifications and showed progression. Less than half were in the IT field currently.

A conversation can be had about how technical someone has to be to do cyber, but it's getting silly in my little corner of the industry.

nkeaton

@Alten Thank you. I have been working with cybersecurity (poorly named information assurance at the time) support and certifications since 2015. DoD started the certification "mess" in 2005, and unfortunately private industry followed. CompTIA got most of the business because Security+ fit so many of DoD's designated roles compared to most. Only the CISSP covered more, but of course need documentable work experience for it. We have a "school" here that says that for a mere $17K, they can make a person employable within a very few months. None of us hire from them and are well known. I did at least talk one person out of borrowing the money. Guaranteed employment is can give a part time job to answer the phones after their program which many do not complete...guarantee obligation met. It is pretty disturbing that people are misled like this with no recourse. It is very profitable not to be a honest broker. DoD has changed their focus to experience and education which is where I believe that it should have always been with certifications to a much lesser extent. Hopefully private industry will follow again. Unfortunately that will not help a lot of people who invested a lot of time and money on false promises.

Should Age Be a Barrier To Cybersecurity Education or Work?