Career Change: Moving into Cyber Security

Posted by Patra Frame

BSides San Antontio Capture-the-flagYou’ve seen the predictions of large shortages in cyber security work. You’ve heard many such jobs pay very well. Now you are thinking about making a change into the field. How will you do that? Research shows most successful career changes are based on a series of small steps.

Learn About Cyber Security

Start by investigating the field.

  • What jobs currently exist?
  • What education, experience, skills, and certifications are in demand?
  • Where are these jobs located – what employers have the ones which interest you and what locations?

These investigations can be started with simple online searches. Begin with a search engine. Search for ‘cyber security careers’, ‘cyber security education’, and so on. Next search job boards, like, for actual entry-level and journeyman-level positions. Expand your search into cyber security blogs, newsletters, journals, and professional organizations to learn about the field, current issues and trends.

You want to learn as much as possible about how to move into a cyber security career and determine which jobs match your interests. If you are not already in some form of IT work, you may need to begin there in your learning efforts and in getting some experience.

Cyber security roles fall into several groups. Entry level jobs may include Cyber Security Technician, Penetration Tester, or Incident Responder. As you do your research, look at multiple role options to see which might be the best match for your interests and skills. These include:

  • information assurance
  • defense in depth techniques
  • risk management
  • cryptography
  • network, application, host, communications, data security
  • incident response and recovery
  • policy (usually more senior level)

Once you know which jobs might really interest you, then learn about the requirements for such jobs. Look at both entry- and mid-level jobs so that you understand what you might need to learn now as well as what is necessary for a longer-term career. For example, I see many people going for an AA degree in some aspect of cyber work who do not plan to go on for a Bachelors. Yet, many entry level and almost all jobs above that level require a Bachelors or even advanced degrees. Especially in the cleared community.

Don’t forget to gather information about actual salaries of the jobs you are interested in. You want to know what is realistic. Far too many people have focused on the big dollar statistics without understanding the experience and knowledge required in those jobs. Check out Glassdoor and Vault for general information. Ask people you talk to who are in the field what they are seeing in the market.

Practical Experience

Most companies want some form of cyber security experience, although a small number will do on-the-job training. The challenge with moving in to the cyber security field is an employer is not going to hire you to defend their network if you’ve only studied it in school and have no practical experience defending a network. The analogy we often hear is to medicine — you don’t want a surgeon operating on you if they’ve only studied surgery in school, but have no hands-on experience.

You need to demonstrate to employers what you have done to develop practical experience beyond your degree program. If you are in school, the internships, research projects, community groups and cyber competitions you participate in make you far more marketable than your classmates who solely focus on their degree.

Many hiring managers will ask about your personal learning activities. Common questions include those about:

  • your home laboratory set up and what you have learned from your experiments,
  • the books, online courses, articles you read,
  • contributions to open source projects,
  • conferences or meetup groups you participate in,
  • activity in capture-the-flag or other competitive events, plus
  • volunteer work you have done in the cyber security community

Certifications are often a requirement for cyber security positions in the defense contracting community. You will see these listed on many job requirements. If you are in an educational program, check to see if they offer any support in getting such certifications. One of the most common basic ones is CompTIA Security+. You might also look at ISACA’s CSX Cybersecurity Fundamentals. Later on you may want to consider their CISM or CISA certs. Or plan ahead for your CISSP

Planning for this career change needs to include learning about all these growth options and selecting those which make the most sense for you to be actively involved. Develop a plan for the education, training, certifications and practical experience you need and get started now. Work to master hacking and penetration testing (digital forensics) tools. Participate in projects, capture-the-flags, hackathons, conferences, meetups and community events.

Develop Your Cyber Security Network

Employers seek out people who are known within the cyber security world. You should develop relationships with people in the field. Start with people you already know. Connect with those you meet in your training and education activities. Add in people you meet at hackathons, professional events, conferences and meetings. Look into people on cyber security social media groups or those whose blogs/articles you have read and connect with those who interest you. In the cyber security community Twitter is the most popular platform.

Once you have started to build relationships with a range of people in cyber security, you can begin to look at specific employers and join their talent communities. If you are currently employed in an organization which has a cyber security function, get to know those people. Then make an effort to get into that function – employers like to have people they already know are great contributors move into such jobs. Another smart route into cyber security is to consider employers in the same community you already have experience in. If you worked in the intelligence community, for example, you already have an understanding of how that community works and the challenges such employers face which makes you an attractive candidate to them.


When you are changing careers, you need to pay special attention to your resume development. Look at cyber security social media profiles and resumes online to get ideas and to see what is most common. Focus on those in the same role you currently seek as well as those in one level higher positions. What are they all highlighting? What seems to make one stand out more than another? Remember: a resume in an advertisement for you! Looking at how others present their skills and education can help you improve how you present yours.

Be sure your resume addresses the common skills, education, and other requirements for the job you seek. Translate the experience from past work into what is valued in the new role. For example, many non-IT jobs also include a lot of computer work, database manipulation, data analysis – if yours did, be sure to show those achievements clearly and relate them to the required job skills.

‘Soft skills’ – especially those which involve your ability to work with other people, are critical to many cyber security roles. If you worked in health care, law enforcement, legal or similar fields, you can use that work to demonstrate your ability to work with confidential data and situations requiring confidentiality. The ability to deal with a range of people in difficult circumstances is another vital area and your work with customers, clients, teams, or across projects can also be used to show you can bring those skills to the new role.

Look at your past achievements carefully. Then translate them using the most common keywords you have seen in job postings. Your ability to describe your most relevant achievements in other fields in terms the hiring manager can see as valuable is critical to making your resume stand out.

Consider starting your resume with a headline of the job you want. Then show your cyber security education if you are getting a new cyber security degree so that the potential employer sees that effort right up front. If you have participated in cyber security special projects, done research papers, been an intern, or participated in competitions, be sure you show those within your education or right up front. If you do not plan to add a degree, lead with your certifications. These efforts all demonstrate to an employer that you are committed to the career and focused on their needs.

Changing careers can seem like a huge leap into the unknown. Your best bet to succeed is to learn as much as you can in advance and then to create a plan to move forward. You can always adjust the plan as you keep learning. Then execute your plan with support from your network. Build in celebration as you achieve milestones along the way too. You can do this!


This entry was posted on Monday, November 13, 2017 10:44 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of updates to this conversation