How to Transition to a Cyber Security Career at Any Age

Are you thinking about doing a mid-career transition to a cybersecurity position?

It is a great field to join.  There are currently millions of unfilled cybersecurity jobs in the US and countless more around the world.  There are not enough qualified applicants to fill these jobs.

Because qualified applicants are limited, the salaries for cybersecurity jobs are on the rise.  It is common for cybersecurity positions to pay more than six figures to folks who have some strategic IT certifications and just a few years of experience.

In your 30s, 40s, or 50s?

It is never too late to get into cybersecurity.  I know plenty of folks in the industry that got started in their 40s and 50s.  With age comes valuable experience.  Combine your current expertise with some cybersecurity training, and you will have a great head-start over many of the younger folks who are trying to break into the cybersecurity industry.

Perhaps you have years of experience in management, sales, teaching, or another profession where you deal with people.  Such people skills can make you very attractive to a technology company.  Many people who get into the field are introverts.  A whole team of introverts requires leadership and someone with the interpersonal skills needed to deal with the clients and manage the people.  With a little bit of cybersecurity education and a few certifications, you will be able to talk the talk, understand the mission, and become a leader or manager in this growing field.

Here is what you need to do:

You first need to prove that you know the basics.  If you have been working with computers your whole career, then you probably have a good head start on your transition.  If you have little experience with computers, then you have a bit more work to do.

Step 1: Get Certified

The first thing that employers look for is certifications.  Certifications prove to the industry that you know your stuff.

CompTIA certifications should be your first step.  Each certification will likely take up to a couple of months of preparation to pass.

For the absolute beginner, you should first choose the CompTIA A+ certification.  If you already have a good background in computers, then you could skip to the Security+ certification.  Here are the CompTia certification paths:

The certifications get harder as you move along the path.

Passing the Security+ exam will begin to open doors in the industry.  The Department of Defense categorizes the certifications.   The three levels are IAT1, IAT2, and IAT3.  The Security+ certification puts you in the IAT2 category.  Here is a visual of the certification levels:

You can see the value of each of these certifications by searching the job search engine, Indeed.com for IAT1, IAT2, and IAT3.  You will find that the higher IAT levels qualify you for positions at higher average pay.  As an example, here is a summary of jobs that are available in Northern Virginia for people who hold the Security+ (IAT2) certification:

But your ultimate goal should be to earn an IAT Level 3 certification.  It will be a pretty significant commitment to studying and passing the CASP exam.  The CASP exam does not require any experience to sit for it, but it is designed for well-experienced professionals.  If you can do it, then you are setting yourself up to be qualified for a six-figure income.  As an example, here is a summary of positions that are available in Northern Virginia for people who hold the CASP (IAT3) certification:

The CASP certification clearly demands a higher salary range.

Step 2: Get some experience

The next step is to get some experience on your resume.  This might not be as hard as it seems.  Many businesses are looking for computer help.  Since you are already working, you may be able to pick up some additional job duties at your existing company.  You could volunteer to help out with configuring laptops, troubleshooting issues, and a wide array of other tasks that can build your credibility in the industry.

One way to gain the needed experience is to start your own cyber consulting business.  You can set this up as a sole proprietorship or a limited liability corporation.

You will need a website and some business cards.  You can have a lot of fun and learn a lot if you set up your site using WordPress.  There are plenty of tutorials online about how to get a WordPress site up and running.

You can then start approaching small businesses and offering your assistance as a part-time gig.  The experience you gain can be strategically incorporated into your resume.

Step 3:  Find your first position

After you have your certifications and have a bit of experience, then it is easy to get an entry-level job in cybersecurity.  You may have to start at the bottom, but you can quickly leverage your skill to move up the ladder.

You may find it a bit harder to step into the industry in a mid-level position, but it is certainly not impossible.  You can leverage your professional experience to get into a leadership position.  You can then continue to learn and grow without having to be the one that does the highly technical work.

Step 4:  Keep learning and growing

The fun thing about cybersecurity is that it continues to evolve and change.  This requires continuous learning.  After you are full-time in the field, you should continue to gain certifications.  Your goal should be to get to IAT level 3 (CASP or CISSP).

37 thoughts on “How to Transition to a Cyber Security Career at Any Age”

  1. Mark
    Thank you Donald. I have an option of attending Thomas Edison State on line to pursue a BS in Cybersecurity engineering. I’m wondering if that is the correct path. Or do I pursue these certifications instead? Thank you
    • Donald
      Mark, If you have the opportunity to go get a degree in cybersecurity engineering, I would recommend that, for sure. It is both a big financial investment and time investment. But, I would also recommend that you pursue certifications. A degree along with certifications will be very valuable. For most cybersecurity job descriptions, you will see that certifications are required and a degree is preferred. Having both will ensure that you are a top candidate.
  2. Oladapo Gafar
    Hi Donald, I will be turning 37 this year and i am considering going into cybersecurity, do you think my age has already put me at a disadvantage and if No, what certificate should i start with?
    • Donald
      Your age really has no bearing on this – You can get into the cybersecurity field at any age, for sure. I was over 40 when I started the certification path. If you are pretty tech-savvy, you could start with the Comptia Security + exam. This is an entry-level cert, but it still has great value in the job market. Plus, this stuff is really fun to learn. The SEC+ exam is what I started with. Good Luck!
  3. Jennifer
    I am considering a cybersecurity bootcamp but I am worried it might be too expensive. I have no experience outside of personal use. What resources would you recommend that I use to self study that would get be ready for security+ exams as well as a career in risk management.thanks.
    • Donald
      Jennifer,I am not a fan of boot camps. I think that there are many ways to successfully get ready for the SEC+ exam that are more effective and much cheaper. One of the best books that you can get is the “Security+ for Dummies” book. You could easily prepare by reading this book alone. But, if you like the idea of a teacher, you can choose online classes from Udemy.com or from Cybrary.it. These very low cost or free video training are, in my opinion, just as good as any Bootcamp. Good luck!
  4. Peter liggett
    I worked on I.B.M computers for nine plus years. This was in operations and some technical support.I also studied 3 programming languages.My main exposure to computers is the lower half of the FORTUNE 500.How difficult would it be to get into cybersecurity??
    I have also studied networking technologies
    • Donald
      Peter, It sounds like you have a great foundation to make the transition into cybersecurity! Of course, it will take a bit of work. The best thing to do is to start obtaining some certifications. Since you already know networking, I would suggest grabbing some study materials and work toward the CompTia Security+ certification.
  5. Doliven Mae Sumanpan
    Hi Donald I’ve been thinking about getting cybersecurity training. I am currently an RN but like to transition to cybersecurity which I think is also a great career. I’m 30 y.o. What do you think of this training focus below? I’m planning to start in May 2021.
    Trianing Focus:
    ISC2 – Certified Authorization Professional (CAP)
    FISMA / RMF / NIST SPECIAL PUBLICATIONS/ SSP/ SAR/ POAM
    Prepare
    Categorize
    Select
    Implement
    Assess
    Authorize
    Monitor
    Training Benefits:
    Job focused hands-on training
    Job Interview Preparation
    Certification Preparation
    Resume Build
    On the job support
    Access to training videos
    Provision of training materials, documents, templates, reports
    • Donald
      Doliven, This sounds like a great plan. CAP is an IAM Level 2 Certification that would prepare you well for a position such as ISSO (Information Systems Security Officer). ISSOs focus on the RMF steps to accredit systems. There is an incredible demand for ISSOs, and this demand will most certainly continue to grow.
  6. Simone
    Hello Donald,My current background is in finance and accounting. I have been in this career path for the last 5 years but I do not enjoy it. I have been wanting to switch over to something else but I some how keep getting sucked back into accounting/finance by recruiters because it is where the majority of my experience lies. I am thinking about switching to cyber security but I am not sure if I will like it or not as I do not have any hands experience or knowledge on what the job entails. Do you have any recommendations on what I should do or how I should go about this? Also, do you have any suggestions on the most cost effective approach to getting the needed exposure/training without going back to school for a degree in cyber security?
    • Donald
      Hi Simone,If you have an accounting background you are well-poised to get into cybersecurity. Specifically, you have the skills necessary to get into cybersecurity auditing. This is more of an administrative role, and does not require hands-on experience.A cybersecurity auditor is a very important role that focuses on either internal or external audits. As in internal auditor, you would prepare your customers to do pass required cybersecurity audits (Such as FISMA audits). This person would look at past findings (known as NFRs) and work with the ISSOs and other stakeholders to remediate any findings. Also, this person would be proactive to identify and resolve other issues that might be a negative finding in an audit. An external cybersecurity auditor is hired to conduct these audits on companies and agencies.You would likely need to obtain a certification such as CISA in order to break into this role. The good news is that there is an unbelievable demand for cybersecurity auditors. If you obtain the CISA certification, you should have your choice of positions. Additional schooling is not a requirement, but it would look good if you can add some cyber training to your resume. One great technique to beef up your resume is to add a TRAINING section and list 5 or 6 cybersecurity trainings that you have recently completed.
  7. Ray
    I’m about to be 26, have a useless general studies degree, and have been working under the state of MN (SSA disability) for 3 years now. I don’t enjoy my job and am considering switching fields to cybersecurity. I’m wondering if at this stage in my life whether I should pursue a second undergraduate degree in cybersecurity or perhaps obtain a Computer Forensics post-baccalaureate UCERT through an online university. Kind of lost and trying to figure out what my best options are for further education in this field.
    • Donald
      Ray,Perhaps you should get your feet wet in cybersecurity before you jump headfirst by getting into a degree program. I would suggest that you start by studying for some entry-level certifications (I suggest the Comptia Security+ certification) Then, if you find that you have a passion for cybersecurity, invest in taking online classes to get a degree. There are a ton of great online degree programs both at the graduate and undergraduate levels. Good luck!
      • Pietro Malino
        Hi Donald ! My name is Pete . I am 57 years old and work in pharmaceutical manufacturing . I am not passionate about the work that I do . And at my age the physical work it requires to complete assignments is beginning g to become very taxing on my body . I am not computer savvy at all . But I love to learn and I would like to work in a field that I can work doing something I enjoy , live well and retire young enough to enjoy retirement . Can a person like myself transition Into cyber security with no computer skill and knowledge .
        • Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
          Hi Pietro, Yes, of course, you can do this. But, it will take a lot of studying. I would recommend starting the certification path. Start with Comptia A+, and work your way up from there. With hard work, you could get yourself certed up enough within about a year. You should be able to break into the industry. Good luck!
  8. Abigail
    Hello,
    I have a doctorate in clinical psychology and am a licensed psychologist currently working as a therapist. I’m interested in possibly transitioning into cybersecurity but don’t know if my skills are a good fit or transferable. Does this seem like a reasonable thing to pursue? Thank you!
    • Donald
      Hi Abigail, Your psychology skills would be very valuable in the world of cybersecurity. We need to study how hackers and victims behave and act in different situations and scenarios. If you get a chance, pick up the book or audiobook called “The Art of Deception”. I think that you will love the book and you will also clearly see how your current skills would be of use in this exciting field.
      • Jay
        I agree. I just read “Ghost in the Wires” by Fred Mitnick, and it is an amazing insight into the psychological thoughts of a hacker.
        • Donald
          Yes, Kevin Mitnick. I highly recommend his books.
  9. Angel
    Hi Donald, I’m a 45 year old Mortgage Loan Officer looking to transition into a new role. I’ve been thinking about the demand for Cybersecurity and thought it might be a good opportunity. Where would you recommend I start and do you think my age would be a disadvantage. Thanks!
    • Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
      Your age will not be a disadvantage. I was in my 40s when I started the transition to cybersecurity. Sure, you will likely be surrounded by a lot of younger folks in the industry. But, this can be an advantage. With age comes wisdom. With experience comes better problem-solving skills and more mature reaction ability. I started out by getting some certifications. I believe that this is the best way to break into the field. After you get a Security+ or higher, you will find that employers will be willing to talk to you about positions. The demand for employees in this industry is insatiable and it will only get tighter.
  10. Wendy
    Hi There! I am a 41 year old Graphic Designer with 20+ years. The graphic design industry is dying and being outsourced for little to no pay. I am thinking of switching over to Cyber Security. It sounds like an interesting career and is in high demand. I do not have any programming skills or coding background unfortunately. From some of the info I found only, it seems like you need to have a heavy understanding of coding and programming to get into this field. Is that true? Would jumping into a bootcamp or certificate program be worth it?Cheers
    Wendy from San Diego!
    • Donald
      I am not a big fan of boot camps, but they certainly can help people pass certification exams. Coding and programming is only needed for some positions. Many positions, however, do not need coding.
  11. DominusEditHi Donald,Thanks for the beautiful writeup. I presently work in Data Analysis with majority of my experience in Engineering (Oil and Gas). I am very much interested in transiting into cyber security but not sure how to get on. Do you think the certifications you mentioned will help and will my experience assist in any way.Thanks
    • Donald
      Hi Dominus,If you are an engineer, you have a great step up on most people. Engineers solve problems and so do cybersecurity experts. Yes, I recommend hitting the books and picking up a few certifications. This is definitely the first step. Doing this will also solidify your decision to get into cyber. “Security+ for Dummies” is a great book that will teach you a ton of good information and will also prepare you for the SEC+ exam.
  12. Christian
    Hi Donald,Thank you for writing this article as I was very curious about prospectively moving into the cybersecurity field and have thought about it for years. Like someone before had mentioned, I too have a degree in general studies and minor in chemical engineering and currently work as a New Product Development Engineer. I was wondering if you could help layout a plan for how I need to get where I want to get. I don’t have any IT experience but am savvy enough and technologically inclined that I feel I can start with the SEC+ certification. My goal is to be an ethical hacker and get my CEH, so what pathway do you think I should pursue after achieving the SEC+ cert? I’m taking a SOC Analyst career path course through Cybrary right now while concurrently studying for the SEC+ exam I hope to take in a couple weeks, but would love to hear your input.Thanks
    • Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
      Hi Christian,
      After you get the Sec+, you should be able to jump right to the CEH exam. Several years ago, the CEH exam was not as valuable as it is now. The test questions were readily available on the internet, so the test lost credibility. Since then, however, the CEH has been completely revamped and is much more challenging than it used to be. The price of the exam also was raised significantly. But, for someone with your education and background, I would say go straight from Sec+ to CEH. With your engineering background, you should be quite marketable in the cybersecurity industry. You should also do some penetration testing using some of the online platforms, like hackthebox. Good luck!
  13. David Jackson
    Donald, thank you for the great advice on how to get started with a cybersecurity career. I am retiring from the Navy after a 30 year career in operations and would like to transition into cybersecurity. Past military experience includes overseeing cyber defense and electronic warfare operations, managing digital data links, supervising computer system and electronic repair. In addition, I have a Bachelors in Computer Information Science and a CompTIA A+ certification. Currently studying for my Network+ and Security+ certs. What else should I so to help make me a good cybersecurity candidate? Thank you for your assistance.
    • Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
      Wow – your skills and experience will certainly make you in high demand after you leave the Navy. Knock out those Network+ and SEC+ certifications and you will be well sought after in the civilian workforce. Well done! Let me know where you land.Reply
  14. Anish
    Donald, brilliant article. Thank you so much. I am an Automotive engineer with a masters degree and slightly over ten years of experience in this field. I, however, wish to explore the field cyber security and am looking at formal education(MSc Advanced Security & Digital Forensics from Edinburgh Napier University). The program is accredited by NCSC of UK so I am inclined to assume it’s sought after. Your suggestions about certifications have given me more relevant ideas to think about. I would consider certifications along with the MSc program (which I do intend to do in a part time schedule in order to not jeopardise my present career and learn networking and computer science modules that I will need).
    My primary target is Security Audit and Compliance. Would you be kind enough to suggest if it’s a good plan or not? I am 32 and looking at at least 2+ years into formal education towards my target.
    • Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
      Anish, It sounds like a great plan. Cybersecurity auditors and compliance folks are in tremendous demand. One of the best certifications in this domain is the ISACA CISA certification. If I would you, I would use your studies to also prepare for the CISA. A degree, along with a certification will allow you to break into cyber at a high level and a nice salary. I encourage you to go for it!
  15. Jay
    Hello Donald,
    Thank you for your guidance. I am making a career change as well into the cybersecurity field, as someone who is in his mid-40’s. From looking at the other comments and other’s experiences that are similar to mine, I think I’m going to go for the SEC+ certification. I don’t have any other certifications but I know a lot about computers. How long does it take to study for this exam in general (weeks/months)? And do you have any tips on what’s the best way to study for this exam or if there are any good prep courses/materials that you recommend?
    Thank you so much and have a Happy New Year!
    Jay
    • Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
      think that 30 days of studying for a couple of hours per day should be sufficient. Practice tests are key to passing the tests. So, I recommend 15 days to review the material and 15 days of taking practice tests. Security+ for Dummies is an excellent resource. I also like the teachers at ITProTV. Let me know how it works out for you!
  16. JJ St Marie
    Donald, thanks so much for the article. I have been obsessed with tech since I was little but found myself in the sales/psychology career path. I’m 33, and a bit nervous about a complete industry change. Any advice? I’ll look into the certifications.
    • Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
      You can get inexpensive bootcamp-type training at Udemy.com. I would recommend that you watch the videos and prep up for the SEC+ exam. That will be enough to get you started in the industry. You are still young! The transition to cyber should be an easy one for you.