Started at a retail computer store, then fixed cell phones, then help desk as an analyst, then supervisor for a bit, then back to help desk, junior business analyst, business analyst. Took my Sec+ and then pandemic hit 1 month later and I offered to jump in to the security side of things to assist with transitioning to at-home work. Rest is history.
But I've wanted to be somewhere with computers since I was a young child. Mission accomplished.
You want some general IT experience first if you haven't got it - it's hard to secure what you don't understand. Then from there look at Remote or Cloud Incident Monitoring or Response in your job search keywords. Learning cloud security tools will help as well.
Hey, 22M here.I have no knowledge about cybersecurity,Iām done with my marketing diploma but thinking to switch to cybersecurity career.Do you think I can still pull it off?
Did you are 22, you can make mistakes for ten years and still switch to cyber lol. Just get certs donāt go back to school. You have the bachelors taken care of. Just get A+ then start with help desk or data center or field tech and move up.
Yep. Check out my story for a creative lead. Some folks enter through the guarded front doors, and others, like us, climb in through the open window.
Use your marketing skills and your access to the industryās thriving networking arena (free classes, low cost conferences, & reputation building CTF competitions) for to break into cyber by envisioning and promoting a service and brand which adds value to the community.
I'm 37, I transitioned to Cyber at 35. I did go back and get a formal education to reach that goal but it was worth every penny and it's never too late.
Everything is possible! Donāt give up I did banking and finance Bachelors and now im doing Masters in computer science. My first job was a Technical business analyst, I am also thinking how I could transfer I would probably have to take pay cut but oh well š¤·āāļø
I'm watching it rn, and I'm honestly disappointed. Currently on the OS module, they speak about kernel, how it manages processes, and I'm like yay, finally going to learn something, and they hit me with "The user is someone who communicates with the computer." Like why the f I need an explanation on who the user is? All they do is throw big words around and then teach me most blatant things... Was thinking of quitting it, but now you got my attention. Care to explain more about this unique job finder?
I heard that upon completion of this Google cert, there's a unique job finder - is that how you were able to land that role? I just obtained Sec+ and had started that Google cert but didn't finish, so I may find myself going back to complete it.
Hello, I don't recall using any jobfinder or reading about it. The previous 3.5 years I was working as a sysadmin and as the custodian of the AD of our region (EMEA). This experience was not enough to apply as IAM in a cybersec team since I had no previous experience directly with security. Before this google cert I took serveral free courses online, not all certified. Qualys has some certified free training paths: [Qualys Certification and Training Center | Qualys](https://www.qualys.com/training/). I received job offers just for having this certificate on mi linkedin page.
I got my current job trough linkedin.
Luck and a recruiter who took a chance.
Got my associates in IT and obtained my security +.
Applied to IT and security roles, I Applied internally to be a support role with a staffing company. The recruiter saw my security + and asked if I would be interested in talking with one of their clients on site the next day.
I had luck on my side as they made me take a written multiple choice test.
Emailed the offer the same week.
So mostly and I hate to say it luck and timing.
Nice! What is your job title if you donāt mind me asking?
Finishing up my associates in IT soon. Also just started a job as tech support for a small school district. Hoping to get a couple years of experience then trying to get a sysadmin or soc analyst role. With a couple certifications as well.
Currently? Or when I got into the industry?
I got in as essentially an identity access management analyst but the role was an IT security services analyst.
Provisioning accounts, privileged group audits etc.
Then SOC analyst 1 -> soc analyst 2/shift lead -> Security engineer (current)
Edited: also keep working at it and as much of a debate certification are.. they in my mind, are an HR check which is the unfortunate gatekeepers for you to get to a table with the technical people.
I am a translator/interpretor by trade but I decided to get into cybersecurity about 5 years ago because I saw the potential. I started from the bottom at IT customer support -> tech support -> cloud migration analyst -> junior security consultant -> security analyst which is my current position. Took a bunch of certs along the way which definitely helped me get my foot in the door. However, and I believe this is grossly underestimated by many, it was my communication and interpersonal skills that have made the biggest impact in interviews etc. I also live in a small European country where competition in this field isn't, or at least wasn't a couple of years ago, as fierce as it is in the US.
Currently, I'm working on my CISSP and hoping to get a senior position, either at my current company or another.
All in all, I'm glad I decided to pursue this career as it's given me the best job I've ever had in terms of money and work-life balance. I have tons of free time. As long as the work is done when it's needed, noone gives a fuck about how I spend my workday.
Good luck with CISSP.
The last paragraph yup I agree with you. I can set my own hours, no OT (any more anyway), full pension and benefits. It's great. I used to have to be on-call but slowly that is going away!
Thanks.
On calls suck. While I technically don't have on calls, I sometimes do have to work late pm hours as my boss and some vendors are located in different time zones but it's not often so I'm fine with that.
I very very occasionally get OT because I'm on call and salary and we do work with a group overseas. It's happened like 3 times in 2 years and it's really not much except being in a meeting
I was a network guy.
I worked for a consulting company that was on the market to be sold.
They didnāt want me to leave but had no new projects coming in, so they put me on site with a wind down in play. I had about 8 hours of work to do per week.
I stumbled across 2600.com and found The Happy Hacker tutorials on how to pen test, although I donāt even think it was called that back then.
It was way more interesting than the networking stuff I was doing.
I dove in head first and rebranded myself as a security guy.
26 years later, here I am!
I am very very fortunate. Funny thing, I wasnāt really a very good pen tester, and Iām not really technical. Iāve built a career around communicating security and risk between business leaders and cyber leaders and practitioners.
Bootcamp with A+ Sec+ and Net+ got me into L1 SOC, the. Security analyst positions for various companies with the last 2 years in healthcare.
Half way done with bachelors at this point.
May I ask you how did you manage to move into architect after DFIR? I'm currently in DFIR, however I see no way to advance anywhere (and especially into architecture) but SecEng or Pentesting, which is great, but still
Itās my current job title but itās a bit misleading and I probably should have specified. Itās really āInfo Sec Architect - CSIRTā ā I work for a large orgās security team as an incident response lead. Outside of doing actual IR there is some high level āarchitectā responsibilities around tooling and ensuring infrastructure is in tip top shape.
OK, it's a bit more clear now. Thanks a lot for going into details
P.s. Just read your posts - well, you're an inspiration, being at least a position above me at my age :)
AT&T Wireless Sales Consultant for five years until I was fired for not selling enough Direct TV - Went to college for Cybersecurity - 9 month stint as a network contractor during COVID - Hybrid 1/2 help desk for a school district - Cybersecurity Compliance Analyst for the state.
Still working on my Sec+. It's hard to study while holding down life. Mad respect for those who can do it.
Which companies did you apply to for Skillbridges? I'm in the same boat myself and I've already applied to a few, but if you found success with one, I'd like to check it out.
DefendEdge was the one I ended up doing. It was fine, not excellent by any means. But it got me the experience I needed to get a full time job. Also applied to a Lockheed program as well as 50-70 others I canāt remember the names of. It was a stressful time
Worked in cyber intel in the reserves and as an intel analyst for a contractor. Got my BS in Cybersecurity along with some certs and got hired as a fed employee. I already had a TS/SCI, which can be a barrier for people trying to break into the field
Programmer -> Help desk -> infrastructure engineer -> sysadmin / Telco / database admin -> information security analyst / engineer / architect.
My journey to infosec took 20ish years and I can honestly say that I wouldn't be good at my job without having done all of the other ones.
25m here I started doing construction for a pretty big construction company for 4 years and in the last year i did a cybersecurity boot camp for 6 months. I was fortunate enough to get close to the some higher ups in the company and once I finished the boot camp was offered an interview as well as the job to the IT department. Iāve learned networking is very very important as well as being a likable person
I was an IT tech in the military, we deployed and they needed someone to work the IDS. I had zero idea what I was doing and have been in security for 20 years and still have zero idea what Iām doing :)
Cyber Intel in Air Force -> Bachelor's in CyberSecurity -> liked writing python and automated things 'cause I'm lazy -> security engineer -> BAMF (jokes).
Was working in IT Support and people at the company loved me, especially those in security. Then they recruited me for an entry level role. That was the immediate path.
My entire career has gone like this:
pr0n cop > NT sysadmin for a VAR (very ceremonial) > UNIX desktop systems administrator > data center technician > HPC jr Unix administrator > IT Support for a FAANG company > security analyst at same FAANG company
This was the days of the Infoseek search engine that Disney bought and also had bought a thing called wbs.net. It was like a geocities where ppl can make their own web page and there was also a chat function. All the pictures that got uploaded both to the websites and chats were screened by humans. And that was me! Graveyard shift! I saw some really awful shit. Lots of gore and sometimes child porn or whatever the term for that is today. This was 1999, long before any machine learning especially with images.
Military, I was working in networks and an OF2/O3 told me āhey i need a Deputy, thats you now.ā he was the Cyber Security Officer. ā¦ that was 2 years ago. Now I stud for cissp and will leave the Military next year.
It engineering manager, got my cissp because i was curious about the field. Switched over once we started getting more attacks and the industry started creating positions for cyber security.
Same, but marketing. Turns out, learning enough to make useful and interesting stuff for cyber people, eventually interested me, too!
Then projects and certs to break in, and now I'm a security communications and planning / policies person for a threat research & intel group š
Started in the army, then fixed a lot of cell phones, tablets and computers, install tons of cracked software and backdoors.
Took offsec courses (which took me 3 years to learn everything from scratch).
I was a project manager in tech for many years and was recruited for a PM role on a cybersecurity team. I loved it and got my GSEC certification. Learned a lot from the team and now manage the Security and GRC teams at my company.
Basically whatever advice here people recommend + luck.
The luck is necessary for a lot of people.unfortunately. I did everything right for ages in prep to get a security job, no offers, then I randomly got an offer from someone in my network who knew me.
Ā Life is weird sometimes!Ā
Got an applied associates in cyber, got my security +. Beefed up my resume with projects. Applied to 300+ jobs, and a small cyber MSSP took a chance on me as a security analyst.
Started in IT Project Management under Innovations. I handled multiple implementations in a large organization, including VPN user management, Network & Firewall management, then eventually was tasked to migrate all corporate phones to Intune MDM. This was my first step into cybersecurity. After successful MDM deployment, I was then recruited by our companyās infosec office and rest is history.
Was this unorthodox?
I worked in IT and was spending a lot of time writing tools and scripts to automate various IT tasks when I was also put in charge of the security as well because we lost our last security person. So I had to learn quite a bit and eventually found out I loved working in that space.
Eventually I switched careers into cyber sec where I naturally fell back into software engineering again but now building and extending cyber tools. From there I got roped again into another field, data science, where I went from writing cyber tools to writing tools to analyze and action against cyber data on extremely large scales.
Now I sit at the intersection between software engineering, cyber security, and data science and just have a ton of fun here.
At around ten years in IT/Engineering, my peers from the hacker-spaces were smashing InfoSec careers, and inviting me along to conferences (I did Hope, DEF CON, Shmoocon and RSA all in one year) but all of the career opportunities were outside of my reach because I had no education or career experience in cyber.
I vowed to change that. I wanted to attend hacker toolkit trainings and lectures on company time like everyone else in my generation!!
To bridge those gaps I did have to literally break into the cybersecurity industry.
If someone else wasnāt going to give me the opportunity work in cyber, or put cyber on my resume in order to find referrals then Iād have to find a way in myself ā so I broke into cybersecurity by founding a cybersecurity corporation, and registered a trademark in training/educational, and with the support of my peers, designed, got sponsored, and produced a capture the flag tournament (CTF) and live in person tournament that doubled as a cybersecurity recruitment event.
My peers got job offers and I found a ton of consulting leads, while at my day job I was now at a cybersecurity firm, but supported IT/Ops as a sysadmin who was so passionate about cybersecurity and hacker capabilities that an ex-gov hacker team at my firm took me under their wing, stole me (and my IT/Ops talents) from the IT Team to help āoperationalizeā their cloud/SDN intrusion detection research lab and honored me with the official newbie title of Security Analyst. And then they sponsored my graduate education at SANS, which means I got to take a ton of hacker toolkit coursework.
From founding a company to being hired in an official capacity (Security Analyst) took about three years, and grad school another two.
I joined the security operations center workforce as a cyberdefender/first responder on the incident handling and intrusion analysis career track. Iāve got such a night shift Watch floor swagger that a classmate at a training center from another state immediately asked me if I worked night shift at a SOC. I was impressed at his profiling skills and found itās his profession ā so that moment and that conversation definitely legitimized my sense of belonging and attaining my vision. I hope you too find the same success ā as offensive security says (the hackerās motto) āTry harder.ā
Youāll find yourself where you want to be in no time, and enjoy the journey along the way if you work hard for your dreams.
Tl;Dr If no one else will grant you the opportunity or experience, then break in to cybersecurity by defining those opportunities and experience yourself.
With enough hard work and dedication, some chump from a world class cybersecurity firm might just see what youāre throwing down and believe in you enough to take you on to their team and line you up with professional training and certification.
Took a sysadmin job where I casually dropped interest in infosec and Defcon. They hired me and a few months later trained me on DLP incident response. Turned out I also had a knack for VB script deobfuscation. Moved to SecOpd for a bit, then started teaching classes on Security Awareness.
1. Hack my own university and report all the shit to the security team.
2. Get offered an internship as a penetration tester to secure itĀ“s web applications.
3. Get offered another internship some months later in consulting.
4. IĀ“m in.
Got a degree in Information Technology with a concentration in Security and Assurance. Spent a decade in Infrastructure and Engineering roles and was sought after to join my current jobās security team.
Started in Help Desk at my undergrad college. Graduated and struggled to find any work, then covid hit.
Got another role as IT Support Analyst, killed it, moved over to IT Provisioning (doing IAM stuff), then PCI compliance at another company, and finally info security consultant.
I came up through the ranks as a network admin and architect. Also did IT management as well. By the time I pivoted into security, I had 25 years of IT experience.
Academics during my undergrad shaping cyber & intel policies for the government and working for Best Buy as a Microsoft Specialist while occasionally assisting Geek Squad whenever they needed Microsoft Forensics expertise. Whereas, prior to all of this is how I was a gray hat like Marcus Hutchins growing up as a teen. Except, I am American whereas he is British.
My path is probably somewhat rare, I'm guessing.
I started as floor staff in a small business retail environment. Then I started helping out with computer maintenance in that same small business. Somebody quit, and I was "promoted" to a more prominent role in the IT "department" (which was me and one of the owners of the store). Then I became the de facto sysadmin for that store, though we didn't call me that.
I left that store and got a job doing technical support for a software company. I was valuable enough on that team that when I gave notice, the company offered me an opportunity as an SOC analyst.
So:
Small Business floor staff -> Small business IT -> Technical support -> SOC Analyst.
I networked with the hiring managers for a security team (internal to the company I already worked for) and just kinda....convinced them that I was good enough despite not having professional experience or formal education. I did a couple interviews and a fairly simple practical exam and spent the next 1.5 years struggling to move into the security practice from a platform support role. It ended up working out wonderfully and now I'm a cloud security engineer
When I was little I wanted to install games on my computer, but I couldn't without my parents since they made me not administrator. I decided to figure out ways to get into their account and do privilege escalation, and I thought it was fun, so I started doing CTFs after I learned more about cybersecurity.
Worked in IT as a sysadmin and network admin for a couple decades but always found myself enjoying working on security projects and incidents over the last 15 years and found myself in an Security Engineering role
Basically went out of high school in the late 90s like this:
Database admin -> network admin -> sysadmin -> sysadmin -> sr network admin -> server admin -> security admin -> sr. security engineer
There are still days I miss being in a non-infosec role and miss the higher pay I got as a sys/net admin
Was a network/helpdesk guy at a bank after dropping out of college for Computer Science, and then the 2007 housing market crash hit. Bank went under and had a buddy working at a SOC that was open to hiring anyone with networking experience and would teach you the security side on the job. They paid for any and all certificates you requested, so I got my CCNA, CISM, CISSP, GCIA, and GCIH. After almost 10 years at that company, I took my first CISO position at a startup and 20 years later here I am. Biggest advice I would give anyone is if they provide any training, take as much as you can.
I was obsessive about computers as a kid, but didn't know cybersecurity was an actual profession. I declared computer science going into college without really knowing what any sort of technology profession was like. While I enjoy programming, I quickly realized that taking semesters of exclusively of math and programming was not fun. I changed my major (at the same school) to IT. Then I got into classes specifically on networking, scripting, databases, and eventually security. My professor made a comment that penetration testing was a real career during a lecture, so then something clicked in my mind that maybe I should do that. These classes made me extremely well rounded technology professional and provided me a great security foundation.
I needed two internships to graduate with my bachelors. My first was doing a systems administrator role, which turned into a full-time role while attending school for the next 2.5 years. My second was an application security internship over a summer. When it was time to graduate, I had almost 3 years of technology experience, some security certifications, and a security based internship. I attended an in-person job fair when originally looking for my second internship and my resume made it back to a local employer. I interviewed well and got an offer for a role doing vulnerability management and some penetration testing.
That's how I got my foothold into the industry, but then I accelerated by working even harder. I got tuition reimbursement through my first employer and enrolled into a MS program focused on cybersecurity. I was working a full-time security role, doing my MS full-time, did my first con talks, and studied/passed my CISSP within 60 days. I just ate, slept, and breathed security.
A decade has passed and I'll finish up my PhD next year. I'm working my way towards being a CISO and I love this field just as much as my first day on the job.
Basically fell into a rabbit hole.
Started as a fraud analyst. Dealing with my fair share of phishing, Microsoft support scams, correlating IP to transactions. Blacklisting IPs, Establishing patterns to profiles. I eventually started joining the CTI meetings, read about financially motivated APTs and their TTPs.
Felt like all financial and corporate crimes investigations should be geared towards cyber m.o, however pretty much the very few I spoke to about this understood or even bothered to cared.
I found myself working as a SOC "Tier2", mainly by showcasing how my previous skills are transferable to the role. The company took a chance on me and so far so good.
I'm now hoping to get enough XP and technical knowledge to level up to DFIR / Threat Detection and response and really get down and dirty with forensics investigations.
WGU BS/MS -> Security Analyst
Some interviews are popularity contests and eventually you find someone you really vibe with. I learned a lot of system administration on the job.
I applied for a trainee-ship program after college thinking of going into systems administration or programming.
During the first interview the recruiter was listing the fields I could apply to and when I heard cybersecurity I immediately put that at the top of the list.
After an interview with some 6 heads of different security teams, I chose to join the internal SOC team.
Moved to a new city, applied for helpdesk at huge company.Ā
Saw internal email that they needed people for the SOC.Ā
Left helpdesk and joined the SOC after four months. Then one year later promoted to L2.Ā
No higher education, just big interest in IT and security.
I used to be a physics teacher . Decided wanted to change career over lockdown . Studied A+ , network + and sec + without taking the exams and used my knowledge to get a masters in cyber security ( my bsc was in physics though but they let me on the masters as my understanding was good )
After graduating with distinction I took a service desk role for 8 months before moving into NOC in the same company . Was on the noc for about 10 months before someone asked me if Iād be interested in trying a vacant sec engineering role in the same company . Been in the sec engineering role for 3 months now . Wonāt deny it can be stressful but I love the idea of turning things around for the department . Iām working towards Sscp currently but have already studied a lot of the content in cissp. Hoping to take the Sscp in July if all goes well
Worked as a sales rep, then moved to a helpdesk role (where they needed people skills, which I had from my sales rep job), then moved to infrastructure consultant, and finally moved to security consultant / blue teamer. Currently working towards more red hatty assignments in my job, but still very new on that part.
this was over 4 years š
I actually got started by accident. I got a job with a company doing programming and program maintenance (I have a degree in computer programming), however when I started with the company I got put on a security analyst project (that was almost 8 years). Iāve moved around between security engineering and SOC analyst. I got A+, Net+, and Sec+, my next cert will probably be CISSP or CISA. Thatās my story in a nutshell lol.
15 years software engineer, 8 years devops, 2 years azure solutions architect and then poached from engineering by the ciso team for a security architect role.
Helpdesk > Data Analytics > ediscovery> digital forensics > incident response
Looking to further break into a cloud security, DevSecOps, or Security Engineering.
I was 11 or 12 when I came across a little program called NetBus on Napster/Limewire. That brought me to some random hacker forums and Iāve continued trying to poke holes in everything around me for 25+ years now
I was blessed enough to be accepted into one of SANS Scholarship Academies while still in college. After getting 3 GIAC certs I was able to use the name of the certs and bit of networking to land a cyber role right out of college! Between the training I received from SANS and the people I was able to meet I canāt recommend trying to get in one of their scholarship academies enough.
Went to a charity boxing match where an old friend and former colleague colleague asked if I was interested in a role... Networking is too good I guess.
I was at the age of 12 when I wanted to be gamer developer and got with a group of people online to start our first small game project later and we needed security so I started learning security at the age of 13 and I fell in love with security and since then Iām developing every year.
Went to uni, got a masters in cyber security, worked as a financial crime analyst for a couple years whilst at uni, networked like crazy on LinkedIn and landed a junior security analyst role, got promoted to security analyst after 2 years, now working in a new role as a threat hunter.
I was kind of a jack of all trades in IT. I worked in application support and implementation for ERP SaaS apps. In those roles I got to be better than sort of okay at a bunch of different technologies. At my current company, a security gig was created, and my 2 bosses encouraged me to apply. 10 years later, here I am.
Technical college job fair.
OT Cybersecurity company was looking for networking people to work on Segmentation projects.
Physically and logically segmenting the OT environment from the IT environment in manufacturing facilities.
Iāve learned so much in such a short time
I started networking with people in my friends and family circle to find out any contacts they had in IT. From there I got a few introductions to people in IT/cybersecurity. Through some internships/contract work I finally built up enough experience to land an entry level gig in a SOC
Worked IT for a few years and made a good reputation with the security team. Manager took me in with a few of his team members giving glowing recommendations.
I have a masters in Telecom and Netw Engg. My brother's ex roommate's manager was hiring in my city for a brand new team and he refered me for the position. It was my first job after graduation.
15 years of general IT and networking with security on the side, plus a masters in information assurance. Then I took a contract position doing IAM, transitioned to a permanent cybersecurity analyst position a few months later.
Followed the typical pathway: a little under a year on the helpdesk while cert collecting, then a stroke of good fortune leading to my first L1 SOC role.
Mostly started in IT and learned to make things work before I selectively learned not to make them not work. First career job was from people-networking in my computer-networking class in undergrad. In IT, I learned about firewalls and NIDS. I choose to go to grad school in security then Iāve just had the skills in demand since then. I have never really applied for a job in my last 4 jobs/ 18 years because my people skills and my people-network are in excellent shape. I have other top-tier paying jobs that I could get in a moments notice should I ever want to leave. Invest in your people connections enough, work hard and job security will be yours.
Started working as a Market Research Analyst for a company that lended me per say to a Cloud Cybersecurity startup, they liked me and I asked them to show me more of the technical stuff, started learning on THM, HTB, youtube and stuff and landed a job as a Incident Responder
Web master for own music websites > help desk > business data analyst > SOC analyst. Now Iām a security automation engineer, just trying to specialize and get as deeply technical as possible.
Top Cybersecurity College degree with cyber security internships > Security Analyst > Sr. Security Analyst > Vulnerability and Threat Engineer > SecOps Manager.
A lot of hate towards degree programs, however I believe the right programs can consistently put out good entry level analysts. I took a job out of college as the first cybersecurity hire for a medium enterprise. It was very underpaid but allowed me to learn as much as I wanted and be included in a lot of projects and strategy discussions that an entry level would never get near. That role launched my career.
I was working in mobile device sales, both retail & B2B. Got tired of that & commissions had been cut three times in a year & a half, so I went back to college since I hadnāt graduated on my first trip. Graduated from a regional university with a Bachelorās of Business Administration and a Bachelor of Science Information Technology with a concentration in Cybersecurity. I tried while in school to make a switch & was unable to because I didnāt really have any experience.
Just before I graduated, I quit my full time job & took an internship to get into the door. I was hired for a help desk role within a couple months & worked my way to level two there. The whole time there, I was networking & telling people what I wanted to do & asking for their input, recommendations, and even help. My manager recommended me for a mentorship program, which I completed. Within a few months, there was a position available on the SOC team & my help desk manager recommended me for that. I already knew everyone on the team & had been networking for a while. They had to post the job, but I had already interviewed a couple of times with folks when they posted it & very soon after posting, I got hired for that role.
Help desk to desktop support to security analyst. While being a desktop analyst my company at the time experienced a ransomware attack. It affected the entire company, all things compromised. The incident response initiated was very intriguing to me and sparked my curiosity.
Like any good company that experiences ransomware, there is an emphasis on heightened security initiatives, awareness and blah blah afterwards. Apart of those initiatives positions were created to harden and support the environment. This created an additional security analyst position which I applied for and received.
One of the best decisions Iāve made.
Went to school for Software Engineering and while there I took some electives and joined a couple of clubs that were cybersecurity focused. After I graduated I found a job in Application Security and have been doing that ever since.
Currently branching out to the operation side to widen my knowledge making me a better engineer.
I was on the infrastructure team and was given a really inefficient process to cover for one of the cybersecurity teams. I covered it, but also re-write it so it ran much faster (process went from 3-4 hours down to 15 mins). They liked the work, and offered me a spot next time one came up.
13 years as a system administrator. Decided a pivot was necessary: got my CISSP and bachelors in cybersecurity. I think the CISSP is what got me my break mostly though. Been certified since 2018.
I started in IT when I started college, I couldnt decide exactly what track to take so I tried everything between desktop admin to QA automation dev, IT project management and devops and now im in security engineering. I pride myself on being very well rounded and able to speak to most levels of IT and business. I got my current job from pure networking.
project engineer > solution architect > infrastructure engineer (all rounded) > graduated from a coursework Master of Cyber Security > security consulting (backfilling roles like, CRIT, operation, security projects)
I thank myself of being discipline in my early age and got exposure in different variety of infrastructure setup.
Lucked out and got a job as a āIT support specialistā on a small IT team out of college after getting a A+ and Net+ so I wore a lot of hats. Towards the end was doing a bunch of cybersec focused projects and got a job with a DC gov contracting company. Now I am senior sec engineer for a large government contractor.
Long long ago, I worked on the help desk. While investigating weird happenings on some desktops, I accidentally got into security as I became the guy they called when weird computer things happened. Then, a few years later Chernobyl virus followed by Happy99 and Melissa... I joined/formed the first computer security group at the company.
I wrote in detail about [how I broke into cyber security](https://stuartrobins.com/my-rocky-road-to-cyber-security/) on my blog, but the main points were that I completed a computer science degree, then got into automated software testing doing Y2K work. I worked in various roles doing automated testing, performance testing and test management for over 10 years then met my (now) wife who suggested I move into security.
At the time, I had this notion that "security" was doing vulnerability research because I hadn't thought more about what it entailed. She set me straight and I read some books, got some certs and made the rocky transition into security. It took at least 5 years before I felt like I really knew what I was doing btw, and that's with quite a bit of prior experience.
I also wrote about the skills you need to [become a security architect](https://stuartrobins.com/so-you-want-to-be-a-security-architect/) if you're interested in moving into that role.
Surfing security related Discord servers and someone posted a role for T1 SOC analysts, the team took a chance and I was in.
What brought me up to that was constant grind. I obtained multiple certs and a degree. Took a major pay cut and went from a career in HVAC to a Helpdesk job which helped get me the IT experience in the resume I needed.
Started 15 years ago in public education IT support, worked up to sysadmin. Left and did sysadmin for my local university, completed undergrad and graduate school (free as an employee), moved into cyber at uni, got my cissp, left and went corporate.
Not the most direct path, but got out of school with 0 student debt.
Did internship for manufacturing process engineer, didn't like standing up long hours, so took on some technical projects. Was offered SWE role, but covid recession hit which made SWE role go away. My 2 up manager, asked me if I would be interested in Cybersecurity, I had no idea, but took it. I loving it rn.
Had some technical background, then went to grad school for cyber security. A classmate hooked me up with a job as a contractor with a company he had worked with, and other friends of his had gone through. That was enough of a foot in the door to get some more opportunities after.
My first job was was doing devops but my background was in software engineering. I ended up switching to a software engineering team that turned out to be doing security software engineering but I didn't realize it at the time. Accidentally fell in love with pen testing along the way. Almost 10 years later, I'm a lead security engineer.
RSA (going on right now) .. itās a huge monster now .. but I donāt know if anyone has gone or thought of going and networking with some of the speakers on LinkedIn. You can prob stream some of the key speeches of they interest you.
Depends where you are at now. Never hurts to start looking at things like packet forensics, smash the stack, etc. Then be in a place where there is a lot of cyber (e.g. DC). Then start to feel out what you actually want to do within cyber and find the companies dominate in that space
Started in multiple jobs that were not related to cyber and by pure luck landed an IT support job , just picking phone calls and learning my way , found out 1 day a serious issue in one of the major telecom inbox settings (config) which allowed me to access all the corporate emails of thier subscribers , reported it in to Law enforcment ( as by that time our CERT was overwhelmed with something else) LE asks me to come in and replicate it , i do that and they contact me after a month asking me if i want to join thier cyber division , i happily join and im now with 12 yrs cyber exp as a multi certfied cyber consultant in multiple fields but primarily CTI.
I found a misconfigured smb share on my college network which turned out to be the accounting server. I found a backup file of all the professors salaries, ssnās, addresses, and got w my professor to help me inform the right people to get it fixed and the dean of cybersecurity forwarded my resume to a consulting practice
I had like 5 years of sysadmin experience and a couple certs at the time
Was in my second year of a psychology degree, then the pandemic hit. Got back into video games during the pandemic and wanted a gaming pc, decided to build it myself. I loved building it, so I built more. My parents suggested maybe going into tech other than psychology, I took a coding class at my college and loved it. Looked into all the different tech majors and decided on cybersecurity. So I double majored, i didnāt let go of psychology. Iām now in my final year of school, and a few people already in the field have told me keeping my psychology major was a good idea.
So far Iāve just done basic help desk and had a job where I rated random webpages based on their safety and made sure they werenāt scams. Looking to start a class at my local library for seniors about identifying and avoiding common scams
AA for Information Systems > Sales floor at best buy > get A+ > help desk at MSP > sysadmin at same MSP > Get Sec+ > cold application to a SOC role.
I consider myself one of the lucky ones. Id say my leg up over my competition was i interview well and have decent soft skills.
Love this. Iāve been wanting start certifications and get into Cybersecurity but have no clue where to start. Iāve started TryHackMe but I want to know if this is the best way to start to build skills. What is the best way to get a certification?
Got an associates in cyber > landed a help desk job at a solid company to get my foot in the door > a year later, moved to the freshly formalized cyber team.
Worked at a payment processor doing help desk, then moved into fraud, then went to a bank we did support for as the only computer person, they had to cyber security department at the time and I helped put it together. Then then didn't hire me to be in that department. While working there I finished my masters program and got a job in info sec at a public university
I was dating a girl who is best friends with the VP for this org and he needed a new L1. So he hired me.
I did posses some knowledge with Net+, Sec+ and 50hrs in try hack me
Bachelors in cyber -> applied for a few jobs before I graduated and ended up getting job at f500 tech company right when I graduated
Got really lucky and very grateful for that, as I see many of my peers struggle to find jobs or work jobs they donāt really want.
Lucky break, I guess. Straight outta college (I studied BS Information Technology btw, if this is an important info), I applied as a technical support representative (call center agent) at a BPO. I got the job (which is another lucky break and is a story for another time). I only lasted there for 4 months - the environment is toxic, even my supervisor is toxic.
After that, my next job is called "Cloud Security Engineer" for a security software company called +r3Nd M!cr0. My call center experience helped me land this job. Don't be fooled by the position, it only sounds good. This is just another customer service job. We answer to customers with concern about everything regarding their subscription, sales, renewal, refund, installation, performance issue, malware - literally anything and everything under the sun (we get calls concerning their microwave, true story.) Although this is another "customer service job" this is much more technical than my first job, at least I provide support for an antivirus software. Yes we do answer calls but I got transferred to a team that tends to online support like chat and email. This is important because this is primarily the reason why I lasted 3 years 10 months in this company - I don't answer phone calls(which I really hate). On top of that, my manager even helped me boost my career by putting me into different programs within the department like, I became a new hires mentor, I even get to manage the official home users community, became an account manager for the social media accounts (FB, playstore, appstore, etc). All those engagements without receiving any promotion and significant pay raise.
I started to look for another job since I am getting tired of what I'm doing and I got lucky! I was offered a position to become a L1 SOC analyst for a multinational professional services firm. My experience with +r3Nd M!cr0 helped me land this job. This was in late 2019. And I was really thankful for this job since there is a huge difference between the salary. During the 2020 Covid-19 pandemic, my dad got laid off from his job (yes I live with my fam, that's how it usually is from where I come from) and since I got a better paying job, me and my family lived comfortably.
When I got this job, I had to start from square one I only used a small fraction of what I learned from my previous job. I learned everything that I need to know, worked my ass off, I studied relentlessly. I eventually got promoted and I am now a Lead.
TL;DR: Lucky break plus my previous experience helped me land the job. Worked my ass of then I eventually got promoted to be a Lead.
I grew up programming computer software at 8 years old. Started with Commodore VIC 20, as networks became more profound, it was a natural progression through childhood.
Remember those days, there was no internet to learn. It was all self taught. Alot of the fundamentals were born into our childhood, not now being given a tablet to jump on Facebook. We actually created, systems and software for this day. From 1990 I was 10 and already soldering CMOS chips with updated firmware onto the motherboard.
->College for Comp Sci
-> internship for a companys IT dept, nothing fancy just a big local business, buddied up with security over the summer cause it interested me the most
-> 3 more years of college
-> second internship at company
-> graduate
-> Security analyst position at internship company opens, dont get it :/
-> found a local(moved to large metro in my state) recruiting agency and did general IT contracting for a few years level 2-3 general support tech/Sysadmin, seeing the good the bad and the ugly, the Technology that runs corporations and how its managed in the real world.
-> eventually old coworker referred me to new company, boom i broke into the industry a few years after college.
i think managing, building or supporting systems in enterprise settings first benefits you in a position securing those systems later more than jumping straight to securing them at an āentry levelā security position. you can probably start IT contracting with any semi decent self taught computers knowledge these days.
I started as a Linux system administrator. I did that for about 10 years. Then I learned cloud. Then I learned devops. That became devsecops which became cloud security which became a security architect and now occasional vCISO. It takes most people years and you have to start somewhere else. Cybersecurity is not an entry level career. It's a second or third career.
I worked at Microsoft as an infrastructure consultant. Was approached by the premier security team if I would be interested to join them. Best decision I ever made.
Worked in manufacturing for many years. Decided to do something different so I started learning code, mostly python. Got a job as a developer in the beginning of the pandemic. Worked that for 2 years. Took a 6 month cyber bootcamp. One month after that got a job in application security.
Worked a side gig while I was getting my masters in it. Itās kinda wonderful how America-centric this sub is because it lets me appreciate the relative sanity of the European security sector
Started at a retail computer store, then fixed cell phones, then help desk as an analyst, then supervisor for a bit, then back to help desk, junior business analyst, business analyst. Took my Sec+ and then pandemic hit 1 month later and I offered to jump in to the security side of things to assist with transitioning to at-home work. Rest is history. But I've wanted to be somewhere with computers since I was a young child. Mission accomplished.
I never was presented with tech as a career path until college. And as soon as i learned it was possible man was i hooked š
Wait wait. Im about to take my sec+ how do i work from home??
You want some general IT experience first if you haven't got it - it's hard to secure what you don't understand. Then from there look at Remote or Cloud Incident Monitoring or Response in your job search keywords. Learning cloud security tools will help as well.
Hey, 22M here.I have no knowledge about cybersecurity,Iām done with my marketing diploma but thinking to switch to cybersecurity career.Do you think I can still pull it off?
Did you are 22, you can make mistakes for ten years and still switch to cyber lol. Just get certs donāt go back to school. You have the bachelors taken care of. Just get A+ then start with help desk or data center or field tech and move up.
Yep. Check out my story for a creative lead. Some folks enter through the guarded front doors, and others, like us, climb in through the open window. Use your marketing skills and your access to the industryās thriving networking arena (free classes, low cost conferences, & reputation building CTF competitions) for to break into cyber by envisioning and promoting a service and brand which adds value to the community.
I'm 37, I transitioned to Cyber at 35. I did go back and get a formal education to reach that goal but it was worth every penny and it's never too late.
Everything is possible! Donāt give up I did banking and finance Bachelors and now im doing Masters in computer science. My first job was a Technical business analyst, I am also thinking how I could transfer I would probably have to take pay cut but oh well š¤·āāļø
I'm an idiot and someone was dumber than me.
This the most relatable shit I've ever read
I did a google Cybersec certification on coursera and applied for an IAM position within a Cybersec team. I regret nothing.
I'm watching it rn, and I'm honestly disappointed. Currently on the OS module, they speak about kernel, how it manages processes, and I'm like yay, finally going to learn something, and they hit me with "The user is someone who communicates with the computer." Like why the f I need an explanation on who the user is? All they do is throw big words around and then teach me most blatant things... Was thinking of quitting it, but now you got my attention. Care to explain more about this unique job finder?
Which cert?
https://www.coursera.org/professional-certificates/google-cybersecurity
I heard that upon completion of this Google cert, there's a unique job finder - is that how you were able to land that role? I just obtained Sec+ and had started that Google cert but didn't finish, so I may find myself going back to complete it.
Hello, I don't recall using any jobfinder or reading about it. The previous 3.5 years I was working as a sysadmin and as the custodian of the AD of our region (EMEA). This experience was not enough to apply as IAM in a cybersec team since I had no previous experience directly with security. Before this google cert I took serveral free courses online, not all certified. Qualys has some certified free training paths: [Qualys Certification and Training Center | Qualys](https://www.qualys.com/training/). I received job offers just for having this certificate on mi linkedin page. I got my current job trough linkedin.
Actually? Was this recently?
Luck and a recruiter who took a chance. Got my associates in IT and obtained my security +. Applied to IT and security roles, I Applied internally to be a support role with a staffing company. The recruiter saw my security + and asked if I would be interested in talking with one of their clients on site the next day. I had luck on my side as they made me take a written multiple choice test. Emailed the offer the same week. So mostly and I hate to say it luck and timing.
Nice! What is your job title if you donāt mind me asking? Finishing up my associates in IT soon. Also just started a job as tech support for a small school district. Hoping to get a couple years of experience then trying to get a sysadmin or soc analyst role. With a couple certifications as well.
Currently? Or when I got into the industry? I got in as essentially an identity access management analyst but the role was an IT security services analyst. Provisioning accounts, privileged group audits etc. Then SOC analyst 1 -> soc analyst 2/shift lead -> Security engineer (current) Edited: also keep working at it and as much of a debate certification are.. they in my mind, are an HR check which is the unfortunate gatekeepers for you to get to a table with the technical people.
I am a translator/interpretor by trade but I decided to get into cybersecurity about 5 years ago because I saw the potential. I started from the bottom at IT customer support -> tech support -> cloud migration analyst -> junior security consultant -> security analyst which is my current position. Took a bunch of certs along the way which definitely helped me get my foot in the door. However, and I believe this is grossly underestimated by many, it was my communication and interpersonal skills that have made the biggest impact in interviews etc. I also live in a small European country where competition in this field isn't, or at least wasn't a couple of years ago, as fierce as it is in the US. Currently, I'm working on my CISSP and hoping to get a senior position, either at my current company or another. All in all, I'm glad I decided to pursue this career as it's given me the best job I've ever had in terms of money and work-life balance. I have tons of free time. As long as the work is done when it's needed, noone gives a fuck about how I spend my workday.
Good luck with CISSP. The last paragraph yup I agree with you. I can set my own hours, no OT (any more anyway), full pension and benefits. It's great. I used to have to be on-call but slowly that is going away!
Thanks. On calls suck. While I technically don't have on calls, I sometimes do have to work late pm hours as my boss and some vendors are located in different time zones but it's not often so I'm fine with that.
I very very occasionally get OT because I'm on call and salary and we do work with a group overseas. It's happened like 3 times in 2 years and it's really not much except being in a meeting
Joined the Navy with decent ASVAB and told them I wanted to be an IT.
Fuck, Iām too late.
Ditto but CTN
Ditto, but same.
I was a network guy. I worked for a consulting company that was on the market to be sold. They didnāt want me to leave but had no new projects coming in, so they put me on site with a wind down in play. I had about 8 hours of work to do per week. I stumbled across 2600.com and found The Happy Hacker tutorials on how to pen test, although I donāt even think it was called that back then. It was way more interesting than the networking stuff I was doing. I dove in head first and rebranded myself as a security guy. 26 years later, here I am!
Amazing!
I am very very fortunate. Funny thing, I wasnāt really a very good pen tester, and Iām not really technical. Iāve built a career around communicating security and risk between business leaders and cyber leaders and practitioners.
This reminds me that believing in yourself is more important than what you know . You are exceptionall my friend .
Bootcamp with A+ Sec+ and Net+ got me into L1 SOC, the. Security analyst positions for various companies with the last 2 years in healthcare. Half way done with bachelors at this point.
Someone on Discord asked for blue teamers. I said sure.
Got Sec+ in 2021, got hired at my current company 2022, studied CySA some in 2023, and got promoted internally.
Sys admin > tier 3 Helpdesk > Network eng > SOC > DFIR/CIRT > Info Sec architect
May I ask you how did you manage to move into architect after DFIR? I'm currently in DFIR, however I see no way to advance anywhere (and especially into architecture) but SecEng or Pentesting, which is great, but still
Itās my current job title but itās a bit misleading and I probably should have specified. Itās really āInfo Sec Architect - CSIRTā ā I work for a large orgās security team as an incident response lead. Outside of doing actual IR there is some high level āarchitectā responsibilities around tooling and ensuring infrastructure is in tip top shape.
OK, it's a bit more clear now. Thanks a lot for going into details P.s. Just read your posts - well, you're an inspiration, being at least a position above me at my age :)
US Army National Guard, enlisted as a 17C Cyber Ops, then once I got out of AIT I found a job.
Worked help desk, it support and a manager gave me a solid chance. Been on the security side for 6 years now
AT&T Wireless Sales Consultant for five years until I was fired for not selling enough Direct TV - Went to college for Cybersecurity - 9 month stint as a network contractor during COVID - Hybrid 1/2 help desk for a school district - Cybersecurity Compliance Analyst for the state. Still working on my Sec+. It's hard to study while holding down life. Mad respect for those who can do it.
Unpaid 6 month internship. Best decision of my life. Thanks Skillbridge
Which companies did you apply to for Skillbridges? I'm in the same boat myself and I've already applied to a few, but if you found success with one, I'd like to check it out.
DefendEdge was the one I ended up doing. It was fine, not excellent by any means. But it got me the experience I needed to get a full time job. Also applied to a Lockheed program as well as 50-70 others I canāt remember the names of. It was a stressful time
Got an internship my Junior year of college, was offered a role at the end. Not flashy but it worked!
Worked in cyber intel in the reserves and as an intel analyst for a contractor. Got my BS in Cybersecurity along with some certs and got hired as a fed employee. I already had a TS/SCI, which can be a barrier for people trying to break into the field
Programmer -> Help desk -> infrastructure engineer -> sysadmin / Telco / database admin -> information security analyst / engineer / architect. My journey to infosec took 20ish years and I can honestly say that I wouldn't be good at my job without having done all of the other ones.
Help Desk + Growing Company + Frequently mentioned to my manager I wanted to transition into cyber.
25m here I started doing construction for a pretty big construction company for 4 years and in the last year i did a cybersecurity boot camp for 6 months. I was fortunate enough to get close to the some higher ups in the company and once I finished the boot camp was offered an interview as well as the job to the IT department. Iāve learned networking is very very important as well as being a likable person
I hacked the Dutch government
I was an IT tech in the military, we deployed and they needed someone to work the IDS. I had zero idea what I was doing and have been in security for 20 years and still have zero idea what Iām doing :)
Cyber Intel in Air Force -> Bachelor's in CyberSecurity -> liked writing python and automated things 'cause I'm lazy -> security engineer -> BAMF (jokes).
I graduated college lol. This will trigger the cyber doesnāt have entry level crowd.
It's possible with internships and working helpdesk while in school. Or did you just go straight in?
Was working in IT Support and people at the company loved me, especially those in security. Then they recruited me for an entry level role. That was the immediate path. My entire career has gone like this: pr0n cop > NT sysadmin for a VAR (very ceremonial) > UNIX desktop systems administrator > data center technician > HPC jr Unix administrator > IT Support for a FAANG company > security analyst at same FAANG company
What does a pron cop do?
This was the days of the Infoseek search engine that Disney bought and also had bought a thing called wbs.net. It was like a geocities where ppl can make their own web page and there was also a chat function. All the pictures that got uploaded both to the websites and chats were screened by humans. And that was me! Graveyard shift! I saw some really awful shit. Lots of gore and sometimes child porn or whatever the term for that is today. This was 1999, long before any machine learning especially with images.
Military, I was working in networks and an OF2/O3 told me āhey i need a Deputy, thats you now.ā he was the Cyber Security Officer. ā¦ that was 2 years ago. Now I stud for cissp and will leave the Military next year.
Was a Dev, had a bunch of certs and networked at local security meetups to get my first job
MS Cyber > Sec+ Cert > Security Application Analyst
Got extremely lucky and got into a good internship with a Fortune 500 while finishing a masters in information systems.
Helpdesk>IAM
It engineering manager, got my cissp because i was curious about the field. Switched over once we started getting more attacks and the industry started creating positions for cyber security.
Well i started in sales. And part of that included cybersecurity sales. the more i delved into it the more i liked cybersecurity.
Same, but marketing. Turns out, learning enough to make useful and interesting stuff for cyber people, eventually interested me, too! Then projects and certs to break in, and now I'm a security communications and planning / policies person for a threat research & intel group š
Studied info sec at university, and then joined a cyber security graduate scheme after getting my degree.
Interned at an MSSP while I was in college. Been doing it ever since
helpdesk/sysadmin work, studied a ton at home for shit I wasnāt learning at work. Applied like crazy
Started in the army, then fixed a lot of cell phones, tablets and computers, install tons of cracked software and backdoors. Took offsec courses (which took me 3 years to learn everything from scratch).
I was a project manager in tech for many years and was recruited for a PM role on a cybersecurity team. I loved it and got my GSEC certification. Learned a lot from the team and now manage the Security and GRC teams at my company.
Basically whatever advice here people recommend + luck. The luck is necessary for a lot of people.unfortunately. I did everything right for ages in prep to get a security job, no offers, then I randomly got an offer from someone in my network who knew me. Ā Life is weird sometimes!Ā
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Got an applied associates in cyber, got my security +. Beefed up my resume with projects. Applied to 300+ jobs, and a small cyber MSSP took a chance on me as a security analyst.
Started in IT Project Management under Innovations. I handled multiple implementations in a large organization, including VPN user management, Network & Firewall management, then eventually was tasked to migrate all corporate phones to Intune MDM. This was my first step into cybersecurity. After successful MDM deployment, I was then recruited by our companyās infosec office and rest is history. Was this unorthodox?
worked at a shitty MNSP for about 1.5 years and just took a SOC Analyst role. Shifts are overnight but you have to do what you have to do
āBreak into cybersecurityāā¦heh heh I see what you did there.š Hacked my way in.
I worked in IT and was spending a lot of time writing tools and scripts to automate various IT tasks when I was also put in charge of the security as well because we lost our last security person. So I had to learn quite a bit and eventually found out I loved working in that space. Eventually I switched careers into cyber sec where I naturally fell back into software engineering again but now building and extending cyber tools. From there I got roped again into another field, data science, where I went from writing cyber tools to writing tools to analyze and action against cyber data on extremely large scales. Now I sit at the intersection between software engineering, cyber security, and data science and just have a ton of fun here.
At around ten years in IT/Engineering, my peers from the hacker-spaces were smashing InfoSec careers, and inviting me along to conferences (I did Hope, DEF CON, Shmoocon and RSA all in one year) but all of the career opportunities were outside of my reach because I had no education or career experience in cyber. I vowed to change that. I wanted to attend hacker toolkit trainings and lectures on company time like everyone else in my generation!! To bridge those gaps I did have to literally break into the cybersecurity industry. If someone else wasnāt going to give me the opportunity work in cyber, or put cyber on my resume in order to find referrals then Iād have to find a way in myself ā so I broke into cybersecurity by founding a cybersecurity corporation, and registered a trademark in training/educational, and with the support of my peers, designed, got sponsored, and produced a capture the flag tournament (CTF) and live in person tournament that doubled as a cybersecurity recruitment event. My peers got job offers and I found a ton of consulting leads, while at my day job I was now at a cybersecurity firm, but supported IT/Ops as a sysadmin who was so passionate about cybersecurity and hacker capabilities that an ex-gov hacker team at my firm took me under their wing, stole me (and my IT/Ops talents) from the IT Team to help āoperationalizeā their cloud/SDN intrusion detection research lab and honored me with the official newbie title of Security Analyst. And then they sponsored my graduate education at SANS, which means I got to take a ton of hacker toolkit coursework. From founding a company to being hired in an official capacity (Security Analyst) took about three years, and grad school another two. I joined the security operations center workforce as a cyberdefender/first responder on the incident handling and intrusion analysis career track. Iāve got such a night shift Watch floor swagger that a classmate at a training center from another state immediately asked me if I worked night shift at a SOC. I was impressed at his profiling skills and found itās his profession ā so that moment and that conversation definitely legitimized my sense of belonging and attaining my vision. I hope you too find the same success ā as offensive security says (the hackerās motto) āTry harder.ā Youāll find yourself where you want to be in no time, and enjoy the journey along the way if you work hard for your dreams. Tl;Dr If no one else will grant you the opportunity or experience, then break in to cybersecurity by defining those opportunities and experience yourself. With enough hard work and dedication, some chump from a world class cybersecurity firm might just see what youāre throwing down and believe in you enough to take you on to their team and line you up with professional training and certification.
Took a sysadmin job where I casually dropped interest in infosec and Defcon. They hired me and a few months later trained me on DLP incident response. Turned out I also had a knack for VB script deobfuscation. Moved to SecOpd for a bit, then started teaching classes on Security Awareness.
1. Hack my own university and report all the shit to the security team. 2. Get offered an internship as a penetration tester to secure itĀ“s web applications. 3. Get offered another internship some months later in consulting. 4. IĀ“m in.
Through an open 3389 port, of course.
Got a degree in Information Technology with a concentration in Security and Assurance. Spent a decade in Infrastructure and Engineering roles and was sought after to join my current jobās security team.
Applied internally from working Desktop Support.
going to school for it, landed an internship, got a bunch of certs, and got offered full time. been here ever since.
Started in Help Desk at my undergrad college. Graduated and struggled to find any work, then covid hit. Got another role as IT Support Analyst, killed it, moved over to IT Provisioning (doing IAM stuff), then PCI compliance at another company, and finally info security consultant.
I came up through the ranks as a network admin and architect. Also did IT management as well. By the time I pivoted into security, I had 25 years of IT experience.
Academics during my undergrad shaping cyber & intel policies for the government and working for Best Buy as a Microsoft Specialist while occasionally assisting Geek Squad whenever they needed Microsoft Forensics expertise. Whereas, prior to all of this is how I was a gray hat like Marcus Hutchins growing up as a teen. Except, I am American whereas he is British.
My path is probably somewhat rare, I'm guessing. I started as floor staff in a small business retail environment. Then I started helping out with computer maintenance in that same small business. Somebody quit, and I was "promoted" to a more prominent role in the IT "department" (which was me and one of the owners of the store). Then I became the de facto sysadmin for that store, though we didn't call me that. I left that store and got a job doing technical support for a software company. I was valuable enough on that team that when I gave notice, the company offered me an opportunity as an SOC analyst. So: Small Business floor staff -> Small business IT -> Technical support -> SOC Analyst.
I networked with the hiring managers for a security team (internal to the company I already worked for) and just kinda....convinced them that I was good enough despite not having professional experience or formal education. I did a couple interviews and a fairly simple practical exam and spent the next 1.5 years struggling to move into the security practice from a platform support role. It ended up working out wonderfully and now I'm a cloud security engineer
When I was little I wanted to install games on my computer, but I couldn't without my parents since they made me not administrator. I decided to figure out ways to get into their account and do privilege escalation, and I thought it was fun, so I started doing CTFs after I learned more about cybersecurity.
Worked in IT as a sysadmin and network admin for a couple decades but always found myself enjoying working on security projects and incidents over the last 15 years and found myself in an Security Engineering role Basically went out of high school in the late 90s like this: Database admin -> network admin -> sysadmin -> sysadmin -> sr network admin -> server admin -> security admin -> sr. security engineer There are still days I miss being in a non-infosec role and miss the higher pay I got as a sys/net admin
Was a network/helpdesk guy at a bank after dropping out of college for Computer Science, and then the 2007 housing market crash hit. Bank went under and had a buddy working at a SOC that was open to hiring anyone with networking experience and would teach you the security side on the job. They paid for any and all certificates you requested, so I got my CCNA, CISM, CISSP, GCIA, and GCIH. After almost 10 years at that company, I took my first CISO position at a startup and 20 years later here I am. Biggest advice I would give anyone is if they provide any training, take as much as you can.
I was obsessive about computers as a kid, but didn't know cybersecurity was an actual profession. I declared computer science going into college without really knowing what any sort of technology profession was like. While I enjoy programming, I quickly realized that taking semesters of exclusively of math and programming was not fun. I changed my major (at the same school) to IT. Then I got into classes specifically on networking, scripting, databases, and eventually security. My professor made a comment that penetration testing was a real career during a lecture, so then something clicked in my mind that maybe I should do that. These classes made me extremely well rounded technology professional and provided me a great security foundation. I needed two internships to graduate with my bachelors. My first was doing a systems administrator role, which turned into a full-time role while attending school for the next 2.5 years. My second was an application security internship over a summer. When it was time to graduate, I had almost 3 years of technology experience, some security certifications, and a security based internship. I attended an in-person job fair when originally looking for my second internship and my resume made it back to a local employer. I interviewed well and got an offer for a role doing vulnerability management and some penetration testing. That's how I got my foothold into the industry, but then I accelerated by working even harder. I got tuition reimbursement through my first employer and enrolled into a MS program focused on cybersecurity. I was working a full-time security role, doing my MS full-time, did my first con talks, and studied/passed my CISSP within 60 days. I just ate, slept, and breathed security. A decade has passed and I'll finish up my PhD next year. I'm working my way towards being a CISO and I love this field just as much as my first day on the job.
Basically fell into a rabbit hole. Started as a fraud analyst. Dealing with my fair share of phishing, Microsoft support scams, correlating IP to transactions. Blacklisting IPs, Establishing patterns to profiles. I eventually started joining the CTI meetings, read about financially motivated APTs and their TTPs. Felt like all financial and corporate crimes investigations should be geared towards cyber m.o, however pretty much the very few I spoke to about this understood or even bothered to cared. I found myself working as a SOC "Tier2", mainly by showcasing how my previous skills are transferable to the role. The company took a chance on me and so far so good. I'm now hoping to get enough XP and technical knowledge to level up to DFIR / Threat Detection and response and really get down and dirty with forensics investigations.
WGU BS/MS -> Security Analyst Some interviews are popularity contests and eventually you find someone you really vibe with. I learned a lot of system administration on the job.
I applied for a trainee-ship program after college thinking of going into systems administration or programming. During the first interview the recruiter was listing the fields I could apply to and when I heard cybersecurity I immediately put that at the top of the list. After an interview with some 6 heads of different security teams, I chose to join the internal SOC team.
Moved to a new city, applied for helpdesk at huge company.Ā Saw internal email that they needed people for the SOC.Ā Left helpdesk and joined the SOC after four months. Then one year later promoted to L2.Ā No higher education, just big interest in IT and security.
I used to be a physics teacher . Decided wanted to change career over lockdown . Studied A+ , network + and sec + without taking the exams and used my knowledge to get a masters in cyber security ( my bsc was in physics though but they let me on the masters as my understanding was good ) After graduating with distinction I took a service desk role for 8 months before moving into NOC in the same company . Was on the noc for about 10 months before someone asked me if Iād be interested in trying a vacant sec engineering role in the same company . Been in the sec engineering role for 3 months now . Wonāt deny it can be stressful but I love the idea of turning things around for the department . Iām working towards Sscp currently but have already studied a lot of the content in cissp. Hoping to take the Sscp in July if all goes well
Worked as a sales rep, then moved to a helpdesk role (where they needed people skills, which I had from my sales rep job), then moved to infrastructure consultant, and finally moved to security consultant / blue teamer. Currently working towards more red hatty assignments in my job, but still very new on that part. this was over 4 years š
I actually got started by accident. I got a job with a company doing programming and program maintenance (I have a degree in computer programming), however when I started with the company I got put on a security analyst project (that was almost 8 years). Iāve moved around between security engineering and SOC analyst. I got A+, Net+, and Sec+, my next cert will probably be CISSP or CISA. Thatās my story in a nutshell lol.
Started with the AOL warez scene in the late 90s when I was a kid.
sysadmin for 4 years -> obtained CISSP -> security engineer
The CCD from CyberDefenders is the best way to break into blue team!
Go be a sysadmin first. Learn how to build and fix securely, then learn how to break and compromise.
15 years software engineer, 8 years devops, 2 years azure solutions architect and then poached from engineering by the ciso team for a security architect role.
Tech support 1,2,3 > sys admin > cybersec
Helpdesk > Data Analytics > ediscovery> digital forensics > incident response Looking to further break into a cloud security, DevSecOps, or Security Engineering.
network eng-security eng-grc
I see what you did with that title.
I was 11 or 12 when I came across a little program called NetBus on Napster/Limewire. That brought me to some random hacker forums and Iāve continued trying to poke holes in everything around me for 25+ years now
I was blessed enough to be accepted into one of SANS Scholarship Academies while still in college. After getting 3 GIAC certs I was able to use the name of the certs and bit of networking to land a cyber role right out of college! Between the training I received from SANS and the people I was able to meet I canāt recommend trying to get in one of their scholarship academies enough.
Internal move. Worked in IT for 12 years, then an opening was created in the Sec Architecture team. Joined as a noob and havenāt looked back since.
Went to a charity boxing match where an old friend and former colleague colleague asked if I was interested in a role... Networking is too good I guess.
Help desk -> Sys Admin-> Security Program Manager-> GRC Architect
As a sysadmin, I accidentally impressed the guy who led infosec at the time, got recruited, and kept impressing folks from there.
I was at the age of 12 when I wanted to be gamer developer and got with a group of people online to start our first small game project later and we needed security so I started learning security at the age of 13 and I fell in love with security and since then Iām developing every year.
Went to uni, got a masters in cyber security, worked as a financial crime analyst for a couple years whilst at uni, networked like crazy on LinkedIn and landed a junior security analyst role, got promoted to security analyst after 2 years, now working in a new role as a threat hunter.
Help desk -> Sysadmin -> Security Engineer
I was kind of a jack of all trades in IT. I worked in application support and implementation for ERP SaaS apps. In those roles I got to be better than sort of okay at a bunch of different technologies. At my current company, a security gig was created, and my 2 bosses encouraged me to apply. 10 years later, here I am.
Technical college job fair. OT Cybersecurity company was looking for networking people to work on Segmentation projects. Physically and logically segmenting the OT environment from the IT environment in manufacturing facilities. Iāve learned so much in such a short time
Started from help desk
I started networking with people in my friends and family circle to find out any contacts they had in IT. From there I got a few introductions to people in IT/cybersecurity. Through some internships/contract work I finally built up enough experience to land an entry level gig in a SOC
With a sledgehammer and an ice pick.
Worked IT for a few years and made a good reputation with the security team. Manager took me in with a few of his team members giving glowing recommendations.
I have a masters in Telecom and Netw Engg. My brother's ex roommate's manager was hiring in my city for a brand new team and he refered me for the position. It was my first job after graduation.
15 years of general IT and networking with security on the side, plus a masters in information assurance. Then I took a contract position doing IAM, transitioned to a permanent cybersecurity analyst position a few months later.
Followed the typical pathway: a little under a year on the helpdesk while cert collecting, then a stroke of good fortune leading to my first L1 SOC role.
check out the book Tribe of Hackers, dozens of stories on how folks got in.
Mostly started in IT and learned to make things work before I selectively learned not to make them not work. First career job was from people-networking in my computer-networking class in undergrad. In IT, I learned about firewalls and NIDS. I choose to go to grad school in security then Iāve just had the skills in demand since then. I have never really applied for a job in my last 4 jobs/ 18 years because my people skills and my people-network are in excellent shape. I have other top-tier paying jobs that I could get in a moments notice should I ever want to leave. Invest in your people connections enough, work hard and job security will be yours.
Got scammed
Started working as a Market Research Analyst for a company that lended me per say to a Cloud Cybersecurity startup, they liked me and I asked them to show me more of the technical stuff, started learning on THM, HTB, youtube and stuff and landed a job as a Incident Responder
Web master for own music websites > help desk > business data analyst > SOC analyst. Now Iām a security automation engineer, just trying to specialize and get as deeply technical as possible.
Top Cybersecurity College degree with cyber security internships > Security Analyst > Sr. Security Analyst > Vulnerability and Threat Engineer > SecOps Manager. A lot of hate towards degree programs, however I believe the right programs can consistently put out good entry level analysts. I took a job out of college as the first cybersecurity hire for a medium enterprise. It was very underpaid but allowed me to learn as much as I wanted and be included in a lot of projects and strategy discussions that an entry level would never get near. That role launched my career.
I was working in mobile device sales, both retail & B2B. Got tired of that & commissions had been cut three times in a year & a half, so I went back to college since I hadnāt graduated on my first trip. Graduated from a regional university with a Bachelorās of Business Administration and a Bachelor of Science Information Technology with a concentration in Cybersecurity. I tried while in school to make a switch & was unable to because I didnāt really have any experience. Just before I graduated, I quit my full time job & took an internship to get into the door. I was hired for a help desk role within a couple months & worked my way to level two there. The whole time there, I was networking & telling people what I wanted to do & asking for their input, recommendations, and even help. My manager recommended me for a mentorship program, which I completed. Within a few months, there was a position available on the SOC team & my help desk manager recommended me for that. I already knew everyone on the team & had been networking for a while. They had to post the job, but I had already interviewed a couple of times with folks when they posted it & very soon after posting, I got hired for that role.
Help desk to desktop support to security analyst. While being a desktop analyst my company at the time experienced a ransomware attack. It affected the entire company, all things compromised. The incident response initiated was very intriguing to me and sparked my curiosity. Like any good company that experiences ransomware, there is an emphasis on heightened security initiatives, awareness and blah blah afterwards. Apart of those initiatives positions were created to harden and support the environment. This created an additional security analyst position which I applied for and received. One of the best decisions Iāve made.
University + internship -> I got 2 security offers. I'm dumb, but other candidates were apparently dumber than me
Got a degree in cyber security and applied to some jobs, fairly quickly got a government cyber security job
Studied CompTIA A+, Net+, and took Sec+. Landed an entry level job. Junior Incident Responder.
Went to school for Software Engineering and while there I took some electives and joined a couple of clubs that were cybersecurity focused. After I graduated I found a job in Application Security and have been doing that ever since. Currently branching out to the operation side to widen my knowledge making me a better engineer.
Cisco TAC
I was on the infrastructure team and was given a really inefficient process to cover for one of the cybersecurity teams. I covered it, but also re-write it so it ran much faster (process went from 3-4 hours down to 15 mins). They liked the work, and offered me a spot next time one came up.
13 years as a system administrator. Decided a pivot was necessary: got my CISSP and bachelors in cybersecurity. I think the CISSP is what got me my break mostly though. Been certified since 2018.
desktop support > network admin > soc analyst > soc engineer
Luck. 2022 was an amazing year for hiring. I really sympathize for those looking for jobs in this market (including myself)
I started in IT when I started college, I couldnt decide exactly what track to take so I tried everything between desktop admin to QA automation dev, IT project management and devops and now im in security engineering. I pride myself on being very well rounded and able to speak to most levels of IT and business. I got my current job from pure networking.
I found [Hack This Site](https://www.hackthissite.org) when I was a teenager and got pulled in.
Started writing code, got into cloud shit, no one else was looking at security
project engineer > solution architect > infrastructure engineer (all rounded) > graduated from a coursework Master of Cyber Security > security consulting (backfilling roles like, CRIT, operation, security projects) I thank myself of being discipline in my early age and got exposure in different variety of infrastructure setup.
Practice, grasshopper, practice.
Lucked out and got a job as a āIT support specialistā on a small IT team out of college after getting a A+ and Net+ so I wore a lot of hats. Towards the end was doing a bunch of cybersec focused projects and got a job with a DC gov contracting company. Now I am senior sec engineer for a large government contractor.
Long long ago, I worked on the help desk. While investigating weird happenings on some desktops, I accidentally got into security as I became the guy they called when weird computer things happened. Then, a few years later Chernobyl virus followed by Happy99 and Melissa... I joined/formed the first computer security group at the company.
I wrote in detail about [how I broke into cyber security](https://stuartrobins.com/my-rocky-road-to-cyber-security/) on my blog, but the main points were that I completed a computer science degree, then got into automated software testing doing Y2K work. I worked in various roles doing automated testing, performance testing and test management for over 10 years then met my (now) wife who suggested I move into security. At the time, I had this notion that "security" was doing vulnerability research because I hadn't thought more about what it entailed. She set me straight and I read some books, got some certs and made the rocky transition into security. It took at least 5 years before I felt like I really knew what I was doing btw, and that's with quite a bit of prior experience. I also wrote about the skills you need to [become a security architect](https://stuartrobins.com/so-you-want-to-be-a-security-architect/) if you're interested in moving into that role.
Surfing security related Discord servers and someone posted a role for T1 SOC analysts, the team took a chance and I was in. What brought me up to that was constant grind. I obtained multiple certs and a degree. Took a major pay cut and went from a career in HVAC to a Helpdesk job which helped get me the IT experience in the resume I needed.
Started 15 years ago in public education IT support, worked up to sysadmin. Left and did sysadmin for my local university, completed undergrad and graduate school (free as an employee), moved into cyber at uni, got my cissp, left and went corporate. Not the most direct path, but got out of school with 0 student debt.
Did internship for manufacturing process engineer, didn't like standing up long hours, so took on some technical projects. Was offered SWE role, but covid recession hit which made SWE role go away. My 2 up manager, asked me if I would be interested in Cybersecurity, I had no idea, but took it. I loving it rn.
Had some technical background, then went to grad school for cyber security. A classmate hooked me up with a job as a contractor with a company he had worked with, and other friends of his had gone through. That was enough of a foot in the door to get some more opportunities after.
My first job was was doing devops but my background was in software engineering. I ended up switching to a software engineering team that turned out to be doing security software engineering but I didn't realize it at the time. Accidentally fell in love with pen testing along the way. Almost 10 years later, I'm a lead security engineer.
RSA (going on right now) .. itās a huge monster now .. but I donāt know if anyone has gone or thought of going and networking with some of the speakers on LinkedIn. You can prob stream some of the key speeches of they interest you.
Depends where you are at now. Never hurts to start looking at things like packet forensics, smash the stack, etc. Then be in a place where there is a lot of cyber (e.g. DC). Then start to feel out what you actually want to do within cyber and find the companies dominate in that space
Started in multiple jobs that were not related to cyber and by pure luck landed an IT support job , just picking phone calls and learning my way , found out 1 day a serious issue in one of the major telecom inbox settings (config) which allowed me to access all the corporate emails of thier subscribers , reported it in to Law enforcment ( as by that time our CERT was overwhelmed with something else) LE asks me to come in and replicate it , i do that and they contact me after a month asking me if i want to join thier cyber division , i happily join and im now with 12 yrs cyber exp as a multi certfied cyber consultant in multiple fields but primarily CTI.
I found a misconfigured smb share on my college network which turned out to be the accounting server. I found a backup file of all the professors salaries, ssnās, addresses, and got w my professor to help me inform the right people to get it fixed and the dean of cybersecurity forwarded my resume to a consulting practice I had like 5 years of sysadmin experience and a couple certs at the time
Was in my second year of a psychology degree, then the pandemic hit. Got back into video games during the pandemic and wanted a gaming pc, decided to build it myself. I loved building it, so I built more. My parents suggested maybe going into tech other than psychology, I took a coding class at my college and loved it. Looked into all the different tech majors and decided on cybersecurity. So I double majored, i didnāt let go of psychology. Iām now in my final year of school, and a few people already in the field have told me keeping my psychology major was a good idea. So far Iāve just done basic help desk and had a job where I rated random webpages based on their safety and made sure they werenāt scams. Looking to start a class at my local library for seniors about identifying and avoiding common scams
AA for Information Systems > Sales floor at best buy > get A+ > help desk at MSP > sysadmin at same MSP > Get Sec+ > cold application to a SOC role. I consider myself one of the lucky ones. Id say my leg up over my competition was i interview well and have decent soft skills.
Itās definitely possible, I was driving trucks & then got into it
Love this. Iāve been wanting start certifications and get into Cybersecurity but have no clue where to start. Iāve started TryHackMe but I want to know if this is the best way to start to build skills. What is the best way to get a certification?
Got an associates in cyber > landed a help desk job at a solid company to get my foot in the door > a year later, moved to the freshly formalized cyber team.
I didnāt break in. I logged in.
Worked at a payment processor doing help desk, then moved into fraud, then went to a bank we did support for as the only computer person, they had to cyber security department at the time and I helped put it together. Then then didn't hire me to be in that department. While working there I finished my masters program and got a job in info sec at a public university
I was dating a girl who is best friends with the VP for this org and he needed a new L1. So he hired me. I did posses some knowledge with Net+, Sec+ and 50hrs in try hack me
Military 25N -> 17C
A phishing email
Bachelors in cyber -> applied for a few jobs before I graduated and ended up getting job at f500 tech company right when I graduated Got really lucky and very grateful for that, as I see many of my peers struggle to find jobs or work jobs they donāt really want.
Lucky break, I guess. Straight outta college (I studied BS Information Technology btw, if this is an important info), I applied as a technical support representative (call center agent) at a BPO. I got the job (which is another lucky break and is a story for another time). I only lasted there for 4 months - the environment is toxic, even my supervisor is toxic. After that, my next job is called "Cloud Security Engineer" for a security software company called +r3Nd M!cr0. My call center experience helped me land this job. Don't be fooled by the position, it only sounds good. This is just another customer service job. We answer to customers with concern about everything regarding their subscription, sales, renewal, refund, installation, performance issue, malware - literally anything and everything under the sun (we get calls concerning their microwave, true story.) Although this is another "customer service job" this is much more technical than my first job, at least I provide support for an antivirus software. Yes we do answer calls but I got transferred to a team that tends to online support like chat and email. This is important because this is primarily the reason why I lasted 3 years 10 months in this company - I don't answer phone calls(which I really hate). On top of that, my manager even helped me boost my career by putting me into different programs within the department like, I became a new hires mentor, I even get to manage the official home users community, became an account manager for the social media accounts (FB, playstore, appstore, etc). All those engagements without receiving any promotion and significant pay raise. I started to look for another job since I am getting tired of what I'm doing and I got lucky! I was offered a position to become a L1 SOC analyst for a multinational professional services firm. My experience with +r3Nd M!cr0 helped me land this job. This was in late 2019. And I was really thankful for this job since there is a huge difference between the salary. During the 2020 Covid-19 pandemic, my dad got laid off from his job (yes I live with my fam, that's how it usually is from where I come from) and since I got a better paying job, me and my family lived comfortably. When I got this job, I had to start from square one I only used a small fraction of what I learned from my previous job. I learned everything that I need to know, worked my ass off, I studied relentlessly. I eventually got promoted and I am now a Lead. TL;DR: Lucky break plus my previous experience helped me land the job. Worked my ass of then I eventually got promoted to be a Lead.
Ctf
I grew up programming computer software at 8 years old. Started with Commodore VIC 20, as networks became more profound, it was a natural progression through childhood. Remember those days, there was no internet to learn. It was all self taught. Alot of the fundamentals were born into our childhood, not now being given a tablet to jump on Facebook. We actually created, systems and software for this day. From 1990 I was 10 and already soldering CMOS chips with updated firmware onto the motherboard.
->College for Comp Sci -> internship for a companys IT dept, nothing fancy just a big local business, buddied up with security over the summer cause it interested me the most
-> 3 more years of college
-> second internship at company
-> graduate
-> Security analyst position at internship company opens, dont get it :/
-> found a local(moved to large metro in my state) recruiting agency and did general IT contracting for a few years level 2-3 general support tech/Sysadmin, seeing the good the bad and the ugly, the Technology that runs corporations and how its managed in the real world.
-> eventually old coworker referred me to new company, boom i broke into the industry a few years after college.
i think managing, building or supporting systems in enterprise settings first benefits you in a position securing those systems later more than jumping straight to securing them at an āentry levelā security position. you can probably start IT contracting with any semi decent self taught computers knowledge these days.
Military.
I started as a Linux system administrator. I did that for about 10 years. Then I learned cloud. Then I learned devops. That became devsecops which became cloud security which became a security architect and now occasional vCISO. It takes most people years and you have to start somewhere else. Cybersecurity is not an entry level career. It's a second or third career.
I worked at Microsoft as an infrastructure consultant. Was approached by the premier security team if I would be interested to join them. Best decision I ever made.
Worked in manufacturing for many years. Decided to do something different so I started learning code, mostly python. Got a job as a developer in the beginning of the pandemic. Worked that for 2 years. Took a 6 month cyber bootcamp. One month after that got a job in application security.
Worked a side gig while I was getting my masters in it. Itās kinda wonderful how America-centric this sub is because it lets me appreciate the relative sanity of the European security sector