Seeking Advice on Career Switch to Cybersecurity

Hello everyone
I am considering a career switch into cybersecurity. I have done a lot of research and I find this field very interesting, evolving, and full of emerging opportunities. I have decided that pursuing a college diploma in cybersecurity might be the best starting point for me, as my technical background is minimal I am mostly familiar with Windows and internet research, but I lack formal IT knowledge.

I understand that it will take time to become job ready and some senior IT professionals have told me that it could be very challenging and possibly a waste of time given my background in finance and hospitality. However, I am determined to learn and make this career transition.

At the same time, I am a bit cautious because I have family responsibilities and limited scope for practical experience outside college.

I would greatly appreciate your advice.

• Is pursuing a college diploma in cybersecurity a good decision for someone with my background?
• Or should I consider other options to transition into IT/security more effectively?

Your insights and guidance would be extremely valuable to me, as I am at a critical point in my professional life.

Thank you in advance!

I am not a fan of any “cybersecurity” degree program; I think you are better off getting a computer science degree if you choose to go that route. This will open more doors in IT, GRC, Software, or Cybersecurity.

I would also be wary of cybersecurity bootcamps that want you to pay huge sums for 15 weeks of firehose training. Very few people can keep up with that kind of schedule, and most will forget what they have learned as it is just too much in too short a time frame.

The best and cheapest way to get started is to take advantage of good books. These are the books I recommend for beginners:

This book covers different types of attacks, common tactics used by online adversaries, and defensive strategies you can use to protect yourself. You’ll learn what security professionals do, what an attack looks like from a cybercriminal’s viewpoint, and how to implement sophisticated cybersecurity measures on your own devices.

This book teaches why and how to use fundamental open source and free tools such as ping, tracert, PuTTY, pathping, sysinternals, NMAP, OpenVAS, Nexpose Community, OSSEC, Hamachi, InSSIDer, Nexpose Community, Wireshark, Solarwinds Kiwi Syslog Server, Metasploit, Burp, Clonezilla and many more.

I would also add two more books, one for understanding networking, and one for understanding the Linux operating system.

If you are paying for Cybrary then by all means take the Foundations Career Path. The Foundations Career path will get you working “hands on” pretty quickly. Don’t try and rush through the labs, do them multiple times, even to the point that you have memorized them. That will build some muscle memory for the tools commonly used in IT and cyber.

Thank you so much for these resources. I’ll be sure to check them out!
However, I find the bigger hurdle beyond learning all of the material (and keeping up with it as new things are discovered) is convincing a hiring manager that you DO actually know the things you claim to have studied. As someone who lives in the US, college is financially inaccessible for me, so the only other fancy paper I can get are the slightly more affordable certifications.

Are certs alone enough to land a decent position? What are some other ways one can confidently prove themselves to a hiring company?

I brought up college because you wrote “I have decided that pursuing a college diploma in cybersecurity might be the best starting point for me”.

As to the question “are certs alone enough to land a decent position”? I can say, depends but in most cases no. Certification companies like to boast about how their certification tracks are in demand, and that is true but it does not guarantee anything. Certs are mostly use as an applicant filter. No hiring manager is going to be impressed with your Sec+ (for example) and hire you on the basis of you having that cert.

Still, getting the Sec+ (for example) is still helpful. It forces you to learn how to certify, it removes a possible barrier for a given job, it teaches you a metric ton of terms and concepts, and the way you need to study to pass the Sec+ (drilling test questions) is a great way to prep for a job interview.

But getting work is tough. Once you have the certifications you want and you have developed a lot of hands on skills to back those up, plan on applying to 5-10 jobs per day for months and months. It’s a numbers game: 200 resumes = 5 interviews = 1-2 call backs = 1 possible offer. If you can get your head around contract work and never being employed in the traditional sense, then the odds go up. Contracting is a good way to get a few years of real experience under your belt. It’s also the path to big big money as you specialize. Of course paying for medical insurance and setting aside cash for estimated tax payments is a real consideration.