A random person contacted me on social media last week to ask me a question. They said they wanted to change careers and heard cybersecurity was the way to go. Did I have any advice for them? Whoa, boy, what a loaded question…. I reluctantly set up a time to chat so I could add “mentor” to my LinkedIn profile.
When the time came, I first had to disabuse him of the technology media narrative. This was where he learned about the massive demand for cybersecurity professionals and all the fat salaries and benefits.
“Sure, there are lots of cybersecurity job openings,” I said, “but you have to see beyond the crap written by tech-adjacent scribblers with a deadline for a sensational article. After you filter out the hype, you must delve into details. For starters, do you hold a current DOD security clearance?”
He laughed and said, “Of course not.”
“Then you can write off a big chunk of those cybersecurity roles. The next large groups of industries that make investments in cybersecurity are banking and finance, healthcare, manufacturing, and government. Having experience in one of these industries really helps. Next, you must consider all those ghost jobs on those job websites just placeholders for corporate HR wonks. No hiring manager will answer the phone or return a call based on your current (very thin) resume,” I replied.
So, I continued. “Do you currently have experience in computer networking, systems administration, programming or even risk management and compliance?” Another negative reply.
“Well, you have two things going for you,” I stated, feeling a glimmer of hope returning to his demeanor. “The first is that the cybersecurity landscape is continually evolving, driven by new technologies, emerging threats, and regulatory changes. The second is that you haven’t failed yet. To capitalize on the first, you can self-assess and see if one of the emerging areas maps to your capabilities and desires. You can see if you can leap on a trend, get some specialized skills, and get a gig that way.”
“But that seems like a crap shoot,” he replied.
“Yes, it certainly is, but the only other way is the old-fashioned way: start somewhere - anywhere - at the bottom and work your way up. You could volunteer to help a school’s IT department or get an internship in an IT department at a family member’s business. Start studying to take an industry or vendor certification. Heck, one of the true titans of cybersecurity started his career by setting up a small network of computers for an automotive sales team. Of course, it took him nigh on three decades to rise to what he later became in the industry. Is that what you are willing to do?”
“Geez,” he replied, “I guess I was thinking it was easier than that since there is a big need for cybersecurity people.”
“There is a need; there isn’t any appetite for growing your own experts, “ I said. “In all my years of experience, I have yet to run into a cybersecurity organization with a ‘farm team.’ They don’t exist in modern corporate or government environments. You must bring something to the table for that first job and the key to acquiring that “something” is what you are looking for.”
Before I asked him the next question, I already knew his answer. “Do you have a network of friends, colleagues, and acquaintances in this career field?” I got the expected negative reply. “You will need these relationships to begin and sustain your career if you manage to squeeze your way in. These people represent your next job when your current one goes south. They are also friends who can help you research trends and gain new insights.”
He let out a long breath, and I could see we were coming to a conclusion.
“Let me add one thing to what we have already discussed,” I said. “Cybersecurity writ large can be a high-pressure field where the stakes are incredibly high. Cyber incidents, including financial loss, reputational damage, and legal liabilities, can severely impact organizations. Consequently, cybersecurity professionals are often tasked with significant responsibilities, from safeguarding sensitive information to responding to breaches. There is pressure to perform and make crucial decisions during critical incidents. These can lead to high levels of stress and burnout. Are you still interested?” I ask.
“Well, I have always wanted to be a rock guitar player….”
“You’re likely to have better luck there. But you’ll need a guitar and some lessons first….”
