I felt the need to write this article to address one of the most common questions I get in direct messages since I started blogging or joined multiple cybersecurity groups in my area, being also one of the most recurrent topics at all the cybersecurity conferences I have been to; How do I get started in cybersecurity? How do I join the field? Where should I start? It is the dissatisfaction of not finding the right approach to these questions in much of the content out there that made me feel the need to write this post.
In the realm of cybersecurity, it is easy to feel overwhelmed by the sheer volume of advice articles and YouTube tutorials promising the ultimate blueprint to kickstart your career. These resources often make it seem like there’s a single, well-paved path to success. But the reality is far from it. My personal journey and many of the journeys of those around me into the world of cybersecurity taught me that there is no one right way to break into this field.
The Beginnings: A Bilingual Help Desk Position
Picture this: no prior IT experience, no fancy certifications, and zero completed formal coursework in IT. That was my starting point when I decided to plunge into the technology arena. I took my first step by applying for a bilingual help desk position at a well-established managed services provider. Though this is just merely anecdotal evidence, my journey serves as proof that you can start from scratch, contrary to the conventional wisdom that insists you need a bulging portfolio of certifications before even contemplating a transition into IT.
Let’s face it; we have all read those ‘10 Steps to Cybersecurity Glory’ articles that make it sound like you’re climbing Mount Everest. But the truth is that many of us have started our journeys from rock bottom, with no crampons or carabiners in sight, and many of us did not even know that cybersecurity was the goal in mind. When my journey at the help desk started, I did not know my ultimate goal was to break into cybersecurity, instead of becoming a Linux engineer, or a network engineer. And that’s okay.
Starting at a large organization or help desk
Large companies, especially managed services providers, often resemble bustling cities of IT opportunities. They can be viewed as a tech theme park, complete with a variety of thrilling rides (read: job roles). In these environments, the volume of internal openings is usually high and in constant growth to support new customers, and that is definitely a good thing for aspiring cybersecurity enthusiasts.
And not only in the cybersecurity field. You can start on the help desk, but soon enough, you are likely to find opportunities to transition to roles like networking engineering, OS engineering, virtualization, cloud engineering, and yes, even cybersecurity. It’s like having a buffet of career options. Moreover, larger organizations tend to have well-structured training programs and mentorship opportunities. They offer the resources and support needed to obtain those coveted certifications that can open doors in cybersecurity.
Pros:
- Entry-level positions offer exposure to various aspects of IT, including the very valuable human networking, helping you make informed decisions about your future specialization.
- You will gain essential skills and hands-on experience that can be invaluable in cybersecurity roles and that many school programs or certifications do not offer.
Cons:
- Climbing the ladder from an entry-level position can take time, depending on organizational needs and promotion ratios.
- Initially, you may not see the direct results of your efforts, but perseverance is key. Patience is required.
Smaller organizations and direct entry into cybersecurity
While large organizations have their advantages, it’s essential to recognize that smaller setups and direct entry into cybersecurity teams can also be viable pathways. The key to a direct entry into the cybersecurity field is to do your homework. It is important to do some research and understand what companies or security departments hiring cybersecurity entry level positions around you value most in their cybersecurity professionals. Some prioritize certifications, while others place a premium on formal coursework or years of experience, and may be a bit more challenging to gain that entry at . Once you’ve got that intel, tailor your approach accordingly, and you might just find yourself sidestepping the help desk.
Pros:
- Direct entry can save you time. You will not spend years working your way up from an IT entry-level position.
- If you’re certain about your niche within cybersecurity, direct entry allows you to start in that specialized area.
Cons:
- Smaller organizations may limit your mobility compared to larger organizations with diverse internal opportunities.Transitioning from junior positions to intermediate or senior may take longer than at a larger organization.Requires in-depth research to ensure the environment is the right one for you.
- Starting directly in the cybersecurity field with no previous experience may trigger imposter syndrome or add pressure to acquire certifications or additional credentials right away, which may not be the ideal environment for everyone.
Transitioning to cybersecurity from another IT position
Transitioning into cybersecurity from a tech-related position, such as OS engineering, networking engineering, programming, or even fields like compliance and governance, can indeed be a smoother journey in some ways. These roles provide you with a solid foundation of skills that are highly desirable in cybersecurity teams. You already possess a deep understanding of systems, networks, coding languages, and compliance frameworks, making you an attractive candidate for many cybersecurity positions.
However, it is important to acknowledge the time factor. While your existing skills are valuable, gaining the necessary experience to make a seamless transition into cybersecurity may take several years. This extended timeline might not align with your initial career aspirations if your goal was to work exclusively in cybersecurity. Nonetheless, if you are open to the ride and view your current tech role as a stepping stone, you can accumulate valuable experience along the way that will ultimately enhance your capabilities as a cybersecurity professional. Remember, it is not just about the destination; it is also about the journey and the knowledge you gather along the way that makes you a well-rounded cybersecurity expert.
Completely underrated by most; the power of people skills
In my journey through the so-called ever-changing landscape of cybersecurity, one lesson stands out above the rest: the importance of being a people person. This field is not just about machines and algorithms; it is equally about human connections. Your ability to communicate effectively, break down complex technical concepts into layman’s terms, and work seamlessly with colleagues from various teams is your secret weapon.
Think about it – you are not just protecting data; you’re earning the trust and cooperation of individuals across your organization. Being approachable, empathetic, and an active listener can make all the difference in a successful cybersecurity career.
And let’s not forget the power of passion. When you genuinely love what you do, it shines through in your interactions with others. Your enthusiasm becomes contagious, and that’s something people notice and appreciate, especially when/if you are an outsider trying to break into the field. This is extremely important when the time comes to move from the help desk or other IT role into the cybersecurity field. I believe the biggest factor that made me a good candidate for my first SOC Analyst role was the fact that I had shown so much passion and determination to join that team through endless shadowing sessions and going the extra mile in any security related item or ticket that I came across while at the help desk.
Takeaways
In a world full of ‘cybersecurity success stories,’ remember that there’s no one-size-fits-all formula. Whether you start at a help desk, join a tech giant, or plunge headfirst into a cybersecurity team, the key is to adapt your approach to your unique circumstances and goals. Embrace the fact that there’s no single ‘right’ answer, but there is a right approach for you.
Stay adaptable, remain passionate, and connect with the people around you. After all, in this dynamic industry, your success often hinges on your ability to relate to others, on your side, above you, and next to you. It is not just about being a tech wizard; it’s about being a people wizard, too. So, as you embark on your cybersecurity journey, know that there is no need to follow the crowd. Be yourself, build bridges, and you will find your own path to success in this exciting and ever-evolving field.
Oh, and if you feel like you just struggle with interviews, check out this post on how I made interviews work for me.
______________________________________________________________________________
These are my thoughts around my own personal journey to joining the cybersecurity field. Did I miss any important point? Do you have any questions? Let’s continue the conversation either here, on Twitter @spapjh, or Mastodon (infosec.exchange) here.