Looking to switch things up but not sure how to do it? Security experts share their advice for switching career paths in the industry.
Lateral Career Move- Cybersecurity professionals have their pick from a diverse range of specialties within the industry, from network security to penetration testing to incident response. It’s not uncommon to switch specialties over the course of a career. The question is, how do you to go about changing?
“As part of normal [career] growth, I’ve noticed people want to move into different areas,” says (ISC)2 CIO Bruce Beam. Some people may not make the jump from offense to defense but instead switch from security operations roles to positions more focused on compliance.
A lateral career jump can be beneficial not only for security pros, but for the industry overall. The ability to move from job to job is needed because it introduces different perspectives into the workplace, says Kayne McGladrey, member of IEEE and CISO at Pensar Development.
“Right now we have an unprecedented challenge in hiring a diverse workforce in cybersecurity,” he explains. Still, it’s more difficult for some practitioners to make a transition because of obstacles in the hiring process. It may be easy for a Certified Ethical Hacker to apply for a job seeking the CEH, for example, but someone without that certification may be filtered out.
“Human resources, in a lot of organizations, has become a regulatory control function and inhibits hiring because of its focus on certifications,” McGladrey says. This is partly why it’s difficult for blue teamers to jump to the red team, a process that “looks to be an insurmountable and very difficult series of certifications,” he points out.
Another challenge for infosec pros seeking a lateral career move is the lack of time spent in their desired area of expertise. If HR sees two applicants with the same skills, but one has been in the related role for two to five years, they’re more likely to pick who has more experience.
“In cybersecurity we have a slightly more pronounced competition for talent, but also people change jobs more frequently in cybersecurity,” McGladrey says. It’s not unusual to meet a CISO who has held three different jobs in the past five years, he points out. In an industry where professionals commonly love learning and seeking new challenges, it’s likely they’ll also want to test new career paths.
For security practitioners who want to work in a new area of the industry but don’t know how to go about doing it, McGladrey and Beam share their steps and advice. How about you? Have you made a lateral career move? What tips would you offer security pros? Feel free to share your thoughts in the Comments section below.
Test the Waters
One of the advantages of swapping career paths today is the amount of available educational resources to help you prepare. “I think the first thing folks could do is start off with either free or low-cost online training to see if they actually like the work,” McGladrey says. You might like the work and want to continue, he says, or you might get halfway through and think, “Well, that’s terrible.”
Either way, it’s more practical to learn what you enjoy through an inexpensive course, rather than learn you dislike a topic in an expensive course that could cost thousands. Not sure where to start? StackSocial, Udemy, and Cybrary are all good places to find free or low-cost cybersecurity training, advises McGladrey, who says he is unaffiliated with the brands.
Don’t Let Your Background Hold You Back
It can be intimidating to learn an entirely new skill set, especially if it’s unrelated to your current role. That doesn’t mean you shouldn’t try, says Beam, diving into a story about how (ISC)2 unexpectedly found an application security hire.
The organization’s development and Web teams were working together, trying to integrate security into everyday operations. They recognized a need for an application security pro and began to recruit, a process that proved difficult. “We could not find that person,” Beam adds.