Even after nearly 25 years, I continue to be excited and passionate about security. I enjoy discussing my experiences, opinions, and crazy ideas with the community. I often respond to questions and comments on my blogs and in LinkedIn, as it is a great platform to share ideas and communicate with others in the industry. Recently I responded to a network administrator seeking a career in cybersecurity. With that person’s permission, I’ll share a bit of the discussion in the hope that it will help others.
I have been in the information technology field as a network administrator for 16 years and am looking to get into the cybersecurity field, but the opportunity for someone who lacks experience in this specialized field is quite difficult. I too recognize the importance of education and believe it is critical to optimum performance in your field. What would your recommendation of suggested potential solutions be for breaking into this field?
Glad to hear you want to join the ranks of cybersecurity professionals! The industry needs people like you. You have a number of things going for you. The market is hungry for talent and network administration is a great background for several areas of cybersecurity.
Depending on what you want to do, you can travel down several paths. If you want to stay in networking, I recommend either a certification from SANS (or other reputable training organization with recognizable certifications) or dive into becoming a certified expert for a particular firewall/gateway/VPN product (for example, Palo Alto Networks, Cisco, Check Point, Intel/McAfee, etc.). The former will give you the necessary network security credentials to work on architecture, configuration, analysis, operations, policy generation, audit, and incident response. The latter are in very high demand and specialize in the deployment, configuration, operation, and maintenance of these specific products. If you want to throw caution to the winds and explore areas outside of your networking experience, you can go for a university degree and/or security credentials. Getting both is better but may not be necessary.
I recommend you work backward. Find postings for your “dream job” and see what the requirements are. Make inquiries about preferred background and experience. This should give you insight into how best to fill your academic foundation.
The cybersecurity industry is in tremendous need of more people with greater diversity to fill the growing number of open positions. Recent college graduates, new to the workforce, will play a role in satiating the need, but there remain significant opportunities across a wide range of roles. Experienced professionals with technical, investigative, audit, program management, military, or analysis backgrounds can pivot into the cybersecurity domain with reasonable effort. This move can be a great prospect for people who seek new challenges, very competitive compensation, and excellent growth paths. The world needs people from a wide range of backgrounds, experiences, and skills to be a part of the next generation of cybersecurity professionals.
An open question to my peers: What advice would you give to workers in adjacent fields who are interested in the opportunities of cybersecurity?