Transitioning into Cybersecurity - The journey of a thousand miles

In today’s career landscape, the decision to change careers is completely normal. In the pursuit of a job that is aligned with your passions, you may at some point have to transition from one specialty to another.

The field of cybersecurity is fairly new and one that has become quite appealing in the last 15 to 20 years. Roles such as penetration tester, ethical hacker, red teamer and purple teamer are some of the sexier terms that entice prospective candidates to take the leap into the vast universe of cybersecurity.

From a statistical perspective the career outlook for cybersecurity is quite encouraging. For example, for a security analyst role, according to the Bureau of Labor Statistics, employment of information security analysts is projected to grow 33 percent from 2020 to 2030. This is much faster than the average for other occupations. About 16,300 openings for information security analysts are projected each year, on average, over the decade.

These and many other examples are among the multitude of data that would cause one to expect that it would be a seamless process to transition into this field. My journey to becoming a cybersecurity professional has been one of great revelation, tests, trials and achievements.

There are so many different stories about the struggles faced by newcomers entering the field cybersecurity. I came across so many of these, that it would be easy to resign to the opinion that it is a near impossible feat to achieve.?This is the caveat that comes along with career change and there is no doubt in my mind that this is reflected in other fields.

What is remarkable about cybersecurity and information technology in general is the fallacious nature of weight placed on certifications. Disclaimer here, certifications do have their place and are indeed indicative of one's willingness and ability to assimilate information. The issue is the expectation that these certs will get you a job. Certifications are not cheap and can be very difficult to pass. However, this is not a consideration for prospective employers, that require years of experience for entry level roles.

I have now acquired over twelve (12) certifications in addition to my undergrad degree in cybersecurity. Although this may sound like a lot, but it would prove to be insufficient for an entry level role. I recall going through four rounds of interviews for a security role, only to be told that the role was for someone with more experience. I thought to myself, well it would have been nice to tell me that before wasting precious time!

My insatiable thirst for knowledge proved itself to be somewhat of a relief as I have found alternative routes to becoming actively involved in the world of cybersecurity. Governance, Risk and Compliance (commonly known as GRC) is a big element in this field and is a great way to get your feet wet. Heck, you might even like it enough to stay. I stumbled onto the PCI DSS framework, which is a standard that requires all merchants that process, transmit or store cardholder data to be compliant with. This falls directly under the compliance aspect of GRC, but also requires the use of governance and risk assessment. This was such a blessing as it was perfectly aligned with the vision I had for myself as a cybersecurity professional.

Now I'm a consultant to level 1 PCI DSS clients, finding compliant security solutions, while enabling core business functions. Never before have I had the opportunity to add this much value to multiple organizations. Through this path I got the chance to prove that I am capable to do the job and do it well. My journey continues and though it comes with some level of frustration, I think I'm on to something.