switch careers IT cyber security

Switching jobs is a scary experience at the best of times but switching entire careers can be a stressful nightmare for most people. In these economically difficult times, a lot of people are looking to future-proof their careers and get more long term stability by moving to better paying jobs. While no job line is recession proof, cyber-security is still relatively stable compared to other careers given the high demand for professionals. In this post , I go over how to switch careers from IT to cyber security in 2022.

πŸ”€ Switching careers to Cyber security

If you are in the IT field and feel like moving into cyber security then you have a distinct advantage over other non-IT workers given that most cyber-security jobs require a technical background. I have done a detailed post on the different career paths that are available in cyber security but let us focus on how to transition career paths and which jobs are suitable for which background.

All of these are of course my own subjective opinion and I have tried to map cyber security jobs with their IT counterparts and what skills you will need to acquire for an easy switch.

πŸ‘¨β€πŸ’»οΈ 1. Network Admin ➑️ Network Security

Network administrators are the backbone of most IT departments as they make sure that the network infrastructure remains up and running. It is usually quite easy for Network admins to make the transition to network security given they usually are the ones who setup the security appliances in the first place !

Network Admins usually have one of the smoothest transitions to a cyber-security role in my experience

πŸš€ Cyber security skills / certs to acquire

Network Admins will already know about tools like DDOS and Web application Firewalls but in addition to the existing knowledge; the below skills need to be acquired to impress your cyber-security manager and fill in the knowledge gaps

πŸ‘‰ Incident Response. Know how the process works not just the alerting part !

πŸ‘‰Threat Modeling. Know how to identify security risks in existing network designs.

πŸ‘‰ Endpoint security. Network Security does overlap with endpoint security so understand how your DLP, endpoint security tools work

πŸ‘‰ Infrastructure as Code. For cloud environments, your network architecture will be capture in code templates only.

For Certs I would recommend going with CISSP to augment your networking knowledge and gain a thorough understanding of security concepts.

πŸ‘¨β€πŸ’»οΈ 2. Systems Administrator ➑️ Cloud Security

Like Network Admins, System Admins are another rock of the IT department, making sure that the day to day IT infrastructure remains stable and secure. Given that purely on-prem infrastructure has a limited life span due to large scale cloud adoption; a lot of system admins make the move to either managing cloud infrastructure or to a Cloud Security role

πŸš€ Cyber security skills / certs to acquire

Moving to Cloud Security from system administration requires a larger skill change compared to the previous role. While managing servers in the cloud can be similar to on-prem, Cloud environments and security itself is quite different from on-prem ( something I have talked about many many times ! ). At a minimum make sure you acquire the below skills:

πŸ‘‰ Cloud Security Posture Management : Understand how to monitor the security posture of your cloud environment. A must for multi-cloud environments !

πŸ‘‰ Infrastructure as Code : Same as above. No escape if you are managing infrastructure in the cloud

πŸ‘‰ Single Sign On (SSO): Single Sign On becomes almost a mandatory security practice given how much importance identities are given in the cloud. Know how SSO works from a cloud perspective.

For Certs, similar to the previous role, investing in a CISSP or CCSP will pay off a lot in the long run. Additionally make sure to acquire the certs for whichever environment you are managing such as AWS, Azure, Google etc.

πŸ‘¨β€πŸ’»οΈ 3. Application Development ➑️ DevSecOps

If you are an application developer then chances are that you would have already interacted with the security team in your day to day job. Application Developers form the center of any code security strategy and usually closely work with the cyber-security team. This gives them a great opportunity to transition into a full time DevSecOps role given their strong foundation in application development.

πŸš€ Cyber security skills / certs to acquire

As a DevSecOps engineer you will be required to seamlessly integrate security into the application lifecycle. Additionally you will be treated as the security expert and the person whom application developers will be going to when they face a security issue. To make this transition and be eligible for a DevSecOps position, the below are the key skills to have:

πŸ‘‰ Static and Dynamic Code Analysis : Learn how to integrate these tools and how to communicate the findings. No one is going to read a 500 page report ! Included in this would be security of containers and orchestration.

πŸ‘‰ Threat Modeling : Learn how to identify security weaknesses in an application design and how potential risks will emerge.

πŸ‘‰ Secure Code training : Learn how to give security trainings to internal stakeholders so you can build trust across the board.

πŸ‘‰ OWASP standards : Learning OWASP will give you an objective way to relate findings with industry benchmarks. I made a detailed video on API security which you can view.

For Certs I would recommend investing in SANS training courses if you have the budget otherwise both Azure and AWS have application specific certifications you can look at.

πŸ‘¨β€πŸ’»οΈ 4. IT help-desk ➑️ Cyber Security engineer

IT Help Desk technicians are possibly the most well known in a company being the first level support for any IT issue. Their knowledge of the IT environment is usually unmatched by any other department given the level of issues they fix on a daily basis. As Help Desk typically does not contain great long term prospects, IT help desk technicians look at cyber-security for a better career and Cloud Security is a great stepping stone.

πŸš€ Cyber security skills / certs to acquire

To be a good cloud security engineer, the following skills need to be acquired:

πŸ‘‰ Integration: Learn how to integrate cloud services and cloud is just a big pile of API services. Learn how these services β€œtalk” to each other and automate as much as you can.

πŸ‘‰ CASB, SSO and CSPM : These three form the pillar of any effective cloud security environment. Learn how these tools work and how they integrate together to protect the cloud

πŸ‘‰ Automation and Remediation : A key part of the cloud is to auto-remediate given the speed at which events happen. Learn how to enable and monitor auto-remediation for cloud security events so you can focus on the larger issues.

For Certs I would recommend investing a beginner certification like CCSK and a vendor specific cert for AWS , Azure etc. This would depend on your unique environment.

Switch careers from IT to Cyber Security

I hope this article helped you out if you are considering a move from IT into cyber-security. Given the number of roles that are present, I could not cover them all and will be continuing these roles in a second part soon !