I completed my Ed.D. in November (2020) and have not worked in a career position related to my education.
I am interested in moving into cybersecurity and would like input on the best path. The local community college has an associated degree option that will get me the basics and ready to obtain certs, but I have also heard that the education is not necessary and that I should focus on learning for the certs.
Would love some input to help me transition. The goal is to obtain a fed job or strong contracting position that will utilize my career and education background.
"Does it make sense," you ask. Something about a cart being before the horse, comes to mind. That is some "out of the box" thinking for you to consider - from a well-seasoned H-R professional who has now transitioned into vocational counseling and retirement after MANY years of H-R work!
Give some serious thought to making a hard assessment of YOUR TALENTS before assuming what seems like such a very drastic shift from education.
Give some SERIOUS thought to the TALENTS that are uniquely yours. Sure, everyone wants to know about your education and experience; but throughout my career, it was the people who had the TALENT that brought success to the employer - and NOT the education or experience they brought to the table.
EDUCATION is fine, but to me, it means that someone CAN learn and has demonstrated that they HAVE learned. EXPERIENCE is also fine, but that means the person has some exposure to the problems at hand. Not very valuable.
All of which, baits three questions: 1 - what are the TALENTS necessary to do the job you are contemplating pursuing, and 2 - Just what are YOUR talents? 3 - Is there a correlation between the two?
But for one simple example: Would you hire an introvert (talent) for a customer-facing receptionist position? I think not.
IF you are not clear about what YOUR talents are, there is a great assessment tool (free) that will help guide you. They also have an on-site interpretation of the results that may point you in a good direction too. If you have some difficulty interpreting the results and would like my off-channel assessment (also free), please provide me with the 4 letters and the percentage of each [should look something like I-42, N-8, T-45, J-50] to my e-mail address firstname.lastname@example.org.
The website for the assessment address is: http://www.humanmetrics.com/personality
Regards, Dr. Hank
First, thank you for your service fellow veteran.
Your question is not unique, but comes up frequently in the Information Security (InfoSec) community & industry by those looking to join. When posed this question, I typically point folks to Lesley Carhart (@hacks4pancakes on twitter) and her blog series on InfoSec careers and education called "Starting an InfoSec Career – The Megamix" [https://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/]; and specifically her post "College and Infosec: To Degree or not to Degree?" at [https://tisiphone.net/2017/05/15/college-and-infosec-to-degree-or-not-to-degree/]
I would also suggest, or rather recommend is some reading:
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Clifford Stoll https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_%28book%29
How To Become A Hacker http://www.catb.org/esr/faqs/hacker-howto.html
How To Ask Questions The Smart Way http://catb.org/~esr/faqs/smart-questions.html
The InfoSec industry has grown & evolved on its own, organically. Much in this field will be learned on our own or on the job. If you have a degree, awesome - but getting another degree in the field should not matter much unless that is how you best learn & measure success for yourself. There is much to learn, and much to be learned on your own (hence the links provided).
Note a recommendation for a CISSP earlier in this thread; keep in mind the CISSP is not for entry level, but for folks who have at least 6-7 years of experience in InfoSec and/or IT (doing security related tasks). The CISSP is intended for individuals who are managing InfoSec programs and efforts. Unfortunately individuals have grasped onto this as being the "be all, end all" certification for our field, which is not the case. Yes, there is an "associate" level for those without the years of experience but this is not considered relevant and is never asked for in our industry.
There are a few programs that are geared to help veterans get into InfoSec, I would suggest looking at the VetSuccess Academy program with SANS [https://www.sans.org/about/academies/vetsuccess/]. They provide the most technical, hands on training anywhere for our field. Note that speaking the language is not enough, knowing the what & why and how it would impact the risk level of the organization is key. If you do not know it, you will be sniffed out and your effectiveness will be limited.
Also in your area of MD, there are quite a few companies that are always hiring Infosec talent. See if you can get a security analyst role in the industry and work your way up from there. Any of the Fed InfoSec roles typically need some InfoSec experience, but there may be some CyberCom analyst roles (they were hiring about a year ago).
Good luck, feel free to reach out if you would like further clarification.
This is what I did. Don’t think of a career in cyber as something totally different, think of it as an enhancement. I saw a reply where someone stated you will have interviews where you are tested to perform tasks. If your interview is like that you applied for the wrong role. I found these guys and I graduate the program in November. I am getting interviews for senior leadership positions because now I can speak nerd.
It depends; if you are interested in the Governance side of Cybersecurity is not heavily training. You might want to start with the Associated Certified Information Systems Security Professional (CISSP). Therefore, you can have a grasp of everything within Information Security and Cybersecurity.
Entry level cyber security positions are generally going to put you through a demonstration of skill interview. You will need to know protocols and data flows that are pretty specific to the company you want to work for.
I hire for these types of positions and I never recommend training boot camps or university backed programs for anyone wanting to get into cyber security. They teach foundational knowledge. They will teach about a lot of work I end up off-shoring. Those programs don’t usually offer an ROI for the students.
Best way to break into this field is to find a way is two fold.
1) figure out what part of cyber security is most interesting to you (network, application, OS, container, etc.) then
2) find companies focused on that part of the security chain and get a job with them that matches your existing background.
From there, learn the platform and the applications (for free). Grab certifications in their internal training programs, then move into an operational cyber security role either with them or one of their main clients.
I would work towards attaining the certifications. I would research certifications directly from the vendors. For example, I work for Genesys and some of the work experience we require for cloud jobs includes: For example see requirements for Senior Cloud Consultant below:
• Bachelor’s degree in a Telecommunication/Computer Engineering, Computer Science, Computer Technology, related technical discipline, or equivalent professional technical experience
• 3+ years of experience with the Genesys Cloud Platform
• Knowledge on Amazon Web Services (AWS)
• 8+ years of related experience
• Excellent communication skills
• Software: Wireshark, MS Visio, MS Office (Word, Excel, PowerPoint, Access), Email (MS Outlook)
Highly Desired Technical Skills
• IP Telephony & Hardware: Genesys Cloud Edge, AudioCodes, Cisco Gateways, IP Telephones (Polycom, Cisco, etc.)
• Cisco/Juniper/other network routing and switching devices is an added advantage
You do not need another degree.
Get quality certifications. Beware, the quality of certification providers is very uneven, especially among community colleges.
Most of the large system companies (SAP, Oracle, IBM, Microsoft, etc.) offer courses to be certified in their system.
Check referrals and qualifications.
Network with those in the field for suggestions.
I am impressed with your education but also with your drive. My suggestion: Your degree plus a J. D will open up doors to very senior corporate/education/Government management positions across the board and will set you on a challenging and rewarding life time career track. Take the Law School Admission Test, (LSAT), free trial test on Google. If you do not do well, continue with your present plans. If you do well, think about a life changing Law School education. Contact me for more info. I am on the Board at the University of San Diego, School of Law.
Please log in to answer this question.