Are you thinking about doing a mid-career transition to a cybersecurity position?
It is a great field to join. There are currently millions of unfilled cybersecurity jobs in the US and countless more around the world. There are not enough qualified applicants to fill these jobs.
Because qualified applicants are limited, the salaries for cybersecurity jobs are on the rise. It is common for cybersecurity positions to pay more than six figures to folks who have some strategic IT certifications and just a few years of experience.
In your 30s, 40s, or 50s?
It is never too late to get into cybersecurity. I know plenty of folks in the industry that got started their 40s and 50s. With age comes valuable experience. Combine your current expertise with some cybersecurity training, and you will have a great head-start over many of the younger folks who are trying to break in the cybersecurity industry.
Perhaps you have years of experience in management, sales, teaching, or another profession where you deal with people. Such people skills can make you very attractive to a technology company. Many people who get into the field are introverts. A whole team of introverts requires leadership and someone with the interpersonal skills needed to deal with the clients and manage the people. With a little bit of cybersecurity education and a few certifications, you will be able to talk the talk, understand the mission, and become a leader or manager in this growing field.
Here is what you need to do:
You first need to prove that you know the basics. If you have been working with computers your whole career, then you probably have a good head start on your transition. If you have little experience with computers, then you have a bit more work to do.
Step 1: Get Certified
The first thing that employers look for is certifications. Certifications prove to the industry that you know your stuff.
CompTIA certifications should be your first step. Each certification will likely take up to a couple of months of preparation to pass.
For the absolute beginner, you should first choose the CompTIA A+ certification. If you already have a good background in computers, then you could skip to the Security+ certification. Here are the CompTia certification paths:
The certifications get harder as you move along the path.
Passing the Security+ exam will begin to open doors in the industry. The Department of Defense categorizes the certifications. The three levels are IAT1, IAT2, and IAT3. The Security+ certification puts you in the IAT2 category. Here is a visual of the certification levels:
You can see the value of each of these certifications by searching the job search engine, Indeed.com for IAT1, IAT2, and IAT3. You will find that the higher IAT levels qualify you for positions at higher average pay. As an example, here is a summary of jobs that are available in Northern Virginia for people who hold the Security+ (IAT2) certification:
But your ultimate goal should be to earn an IAT Level 3 certification. It will be a pretty significant commitment to studying and passing the CASP exam. The CASP exam does not require any experience to sit for it, but it is designed for well-experienced professionals. If you can do it, then you are setting yourself up to be qualified for a six-figure income. As an example, here is a summary of positions that are available in Northern Virginia for people who hold the CASP (IAT3) certification:
The CASP certification clearly demands a higher salary range.
Step 2: Get some experience
The next step is to get some experience on your resume. This might not be as hard as it seems. Many businesses are looking for computer help. Since you are already working, you may be able to pick up some additional job duties at your existing company. You could volunteer to help out with configuring laptops, troubleshooting issues, and a wide array of other tasks that can build your credibility in the industry.
One way to gain the needed experience is to start your own cyber consulting business. You can set this up as a sole proprietorship or a limited liability corporation.
You will need a website and some business cards. You can have a lot of fun and learn a lot if you set up your site using WordPress. There are plenty of tutorials online about how to get a WordPress site up and running.
You can then start approaching small businesses and offering your assistance as a part-time gig. The experience you gain can be strategically incorporated into your resume.
Step 3: Find your first position
After you have your certifications and have a bit of experience, then it is easy to get an entry-level job in cybersecurity. You may have to start at the bottom, but you can quickly leverage your skill to move up the ladder.
You may find it a bit harder to step into the industry in a mid-level position, but it is certainly not impossible. You can leverage your professional experience to get into a leadership position. You can then continue to learn and grow without having to be the one that does the highly technical work.
Step 4: Keep learning and growing
The fun thing about cybersecurity is that it continues to evolve and change. This requires continuous learning. After you are full time in the field, you should continue to gain certifications. Your goal should be to get to IAT level 3 (CASP or CISSP).
Donald Korinchak is a Cybersecurity Program Director serving customer in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in leadership and cybersecurity issues.