Career Change Advice Cyber Security

addison666 on 18/05/2022 - 11:01

Hi everyone, I need some advice. First off a little about me:

  • I'm 44
  • I'm currently a teacher
  • I have studied IT at uni as part of the education degree, so very basic IT skills
  • I own my home so I can afford to take a year off on lower wages

I am looking at a one year full time course Certificate IV in Cyber Security at RMIT https://www.rmit.edu.au/study-with-us/levels-of-study/vocati… the question is, how many jobs are actually out there after this qualification. I mean I know we need a ton of people, and courses are popping up everywhere, which is kinda my concern, everywhere I look there are these courses. Newly 'qualified' applicants are being created constantly. Will I actually find a decent job after this or it all hype? Is one year enough to learn the skills required? Will my age work against me in in this field?

Computing

Comments

  • Master Bates on 18/05/2022 - 11:18
    +1

    Build a social/professional network in this area whilst you are studying. Attend meetups and make connections. If you’re another grad pumping out CVs at the end of your course, you will have to be very lucky to get a start.

    Definitely a need for experts in this field, but always underfunded and an afterthought in most companies.

    YOLO, so do it if you want to.

    • addison666 on 18/05/2022 - 11:35
      +1

      Yep I'm thinking YOLO also, I can always fall back on CRT work as a teacher.

  • dust on 18/05/2022 - 11:32
    +1

    What kind of cyber security job do you want? Have you tried looking at the job market for cyber security roles and seeing what you might need to get the role you want?

    • addison666 on 18/05/2022 - 11:37

      I've looked on SEEK, and there seem to be a lot of jobs in this general area, but I'm not sure about specialisations just yet. I'm pretty open, like I'm thinking once I'm in the course then I can look at specific roles, but I don't know what specific roles there are. I don't know what I don't know.

      • dust on 18/05/2022 - 11:45
        +2

        I find cyber to be one of those industries where qualifications actually don't matter too much. Have you tried applying for some entry level cyber roles and seeing how you go? Probably better than investing a few years in study and then finding out it wasn't necessary to get your foot in the door.

        • DreadPirateRoberts on 18/05/2022 - 12:10
          +1

          This is a pretty good idea. Sometimes they need "cybersecurity" professionals that are less technical (getting the technical chops to be a hardcore cybersec professional is difficult and takes many years) to do things like audits, compliance, training, etc

  • notmywifi on 18/05/2022 - 12:17
    +2

    I did a career change due to covid killing off a 15 year travel career. I did a 6 month crash course in cyber that was fairly basic and whilst relevant I would honestly go and bash out a comptia sec + or similar entry level cert before you devote time and money into a uni cert or similar.
    I consider myself non technical and there are plenty of non tech roles out there. Think of the soft skills that you would bring in from an education perspective. Certifications I would say are when you want to go from an entry level role to the next level and would of course help, but to get a job I would say many organisations are looking for a diverse skill set with an interest in cyber. Linked in and networking is key to landing a role.
    I am 18 months in now and would likely consider having an industry certification in the next 18 months would be ideal, time permitting.
    Good luck!

  • mshanann on 18/05/2022 - 14:08
    +2

    Subjects in the course look pretty reasonable. It is probably not a bad time to get in to the industry with many non-tech companies hiring such staff on very decent wages - and having literally no idea what the said professionals do, nor anyway to validate their credentials/worthiness.

    I'd say a good portion of the self-proclaimed security professionals I have come across rely almost exclusively on vulnerability and penetration toolkits to do their job. They learn how to script and leverage the opensource and paid toolkits and produce nice reports and create best practice documents. Only a very, very, small few I have come across have the deep understanding and technical skills to identify true vulnerabilities in network/OS/stack/software on their own. They likely work for highly specialist security companies and/or governments (a vulnerability arms race).

    That course will teach you to be the former. The latter is the type of person that enjoys reading crypto library and kernel source code to see if anything has been overlooked that could be exploited. Ideally you are the highly paid manager of such a person :)

    • serpserpserp on 18/05/2022 - 15:01
      +1

      They likely work for highly specialist security companies and/or governments (a vulnerability arms race).

      These people are likely working on open source projects in the domain and usually via that route, they'll make connections to people that already work at Google, Apple, etc. that will help in gaining a nicely paid job in the field.

      So if you want to go the technical route, you need to learn those basic skills somewhere (via Uni, slowly) or throw yourself down the open source project rabbit hole and basically devote your life to it for a while and hope for the best that way.

      Pure tech cybersecurity masters are almost like artists. The best of them can come out of nowhere purely because they took the time to master their skills by devoting their life to it. Some of the best that ended up in Google have been a bit like this.

  • Benoffie on 18/05/2022 - 14:09
    -3

    At 44, you'll be uncompetitive unless you're talented.

    Think about where in teaching you can navigate yourself with IT. School based IT, teaching IT or the various D&T subjects, digital learning and remote curriculum planning, educational complementary fields such as AR, VR. Or, if worse cones to worse, go through the pita to teach Cybersecurity VET at school level.

    It isn't worth throwing away all the progress in education when, if manipulated properly, that would get you further than simply staring over and competing with 16 yr olds in entry level jobs.

  • nomoneynoproblems on 18/05/2022 - 14:21
    +1

    I can’t offer any advice, but congratulations on owning your own home at 44!

    • serpserpserp on 18/05/2022 - 14:55
      +1

      haha underrated comment.

    • addison666 on 18/05/2022 - 15:38

      When I say home I mean apartment, when I say apartment I mean shoebox, and when I say own I spent a lot of time and money fixing up my last place + covid driving prices up artificially = I could afford to buy a shoebox I can call my own lol. I am lucky though yes I agree.

    • Clear on 18/05/2022 - 23:43

      Meanwhile in some parts of the country it's unusual not to have one by your early twenties.

  • ZippyRoo on 18/05/2022 - 15:24
    +5

    I would recommend you consider roles such as Scrum Masters, Iteration Managers, Business Analysts, Product Owners or Product Managers. I have always worked in IT since uni, and over those 15 years, I have met a number of people who made successful transitions into these above roles from a teaching job. You can still go and do the Cyber Security course if you have a strong curiosity about it, and it will help you tremendously if you land a job in a Cyber Security firm, but I wouldn't want to start as a full on cyber security engineer. Good on your for having the courage to change, when writing up your LinkedIn profile, your CV and cover letter, make sure you mention this briefly, it is a great selling point. Some recruiters might not take notice, but the ones that do are the ones you want to be working with anyway as they value initiative, a thirst to learn and ability to adapt.

    • yokel on 18/05/2022 - 16:05
      +1

      Wholeheartedly agree with what is written here. I would offer some alternative advice. While BA is the appealing starter role also consider going to an agency to get your foot in the door as project officer at a LARGE organisation. All IT projects carry Cyber risks. Be open to working in IT infrastructure roles where you are doing refreshes or replatforming of stuff that has gone end of support. Leverage the less glamorous stuff to get where you want to go. Retraining by certs is the slow lane.

    • Quantumcat on 18/05/2022 - 23:39

      Definitely this. I think to be good at cyber security you have to be really keen and interested in it, with good IT skills, and be researching things on your own and have gained some hacking/script kiddy skills.. It isn't a sit at your desk and do paperwork type job (whichever part of it you land in). Business analysts / project managers need people skills but not tech skills (tech skills help but enough broad understanding can be acquired as you interact with devs).

      Wanting to get into cyber security without tech skills or a keen interest in it (which leads to you figuring things out on your own), would be like wanting to change jobs to being an accountant after having dropped out of maths in year 9, or wanting to change jobs to being a fashion designer when you've never sewed anything before or had much interest in clothes.

  • thatonethere on 18/05/2022 - 15:31
    +1

    Like others you should start participating in industry meetups etc.

    Getting the cert is good but you should have an idea about what you want to do. Operations centre, open tester, governance etc.

    If you can get a security clearance (eg baseline or nv1 with the first gig) golden after that.

  • abovethelimit on 18/05/2022 - 15:36
    +3

    Op, I work in Cyber Sec specialising in Cloud & M365 Security. The hype is real and was always there but covid/WFH has put it in spotlight and we see a lot of candidates these days aspiring to get into Cyber who generally thumb their noses pre-covid. If you're in this for the money, yes the money is great so is the amount of work you have to do. 10 to 12 hr days is a norm for me, worse when there is a breach. I have to keep myself updated regularly of the constant and emerging threats (i.e.UKR & RUS War - enforced a geoblock in my clients firewalls) and provide timely recommendation for threat mitigation. Not all threats are equal! Life of cyber security specialist is akin to that of prison warden, we have to keep the systems alive in the firing zone whilst ensuring our defences are rock solid and this is no easy feat.

    I had a look at the RMIT course content and nowhere it says that they will teach you anything about securing cloud assets. In this time and age when every large enterprises in AU is and have moved to the cloud, learning about on-prem security whilst good for foundations will not get you anywhere growth wise. What I feel is lacking in AU for Cyber Sec is good quality teachers in Primary/Secondary to teach them about the fundamentals of Cyber Sec which also covers teaching them how to be safe online, securing their devices and to great extent coding in Python and or exposure to Kali Linux etc.

    Instead of doing career change and slog your ass off by starting again from the bottom of the barrel in a completely unrelated field, I would embrace your teaching experience with your new found passion for Cyber and put yourself in a commanding position at schools with the curriculum that you can set for them. With kids as young as 3 who are online these days, not all parents are IT savvy and know what to do, this is where you and the school steps in!

    If you do insist on a career change, I would actually do some foundational courses on Udemy first to see if this is where your liking is. If you decide that this is for you, I would actually look up courses that offers you knowledge and exposure in Cloud, Endpoint protection and or M365 security. Good Luck!

    • notabank on 18/05/2022 - 22:30
      -2

      10 to 12 hr days is a norm for me, worse when there is a breach. I have to keep myself updated regularly of the constant and emerging threats (i.e.UKR & RUS War - enforced a geoblock in my clients firewalls

      🤣 I think the Russians have the capability to launch attacks from systems physically/logically located outside of Russia.

      Life of cyber security specialist is akin to that of prison warden, we have to keep the systems alive in the firing zone whilst ensuring our defences are rock solid and this is no easy feat.

      You are doing it wrong you automate it all to remove the human element. Surely you aren't on call 24/7 waiting for the next call to "block China", "block North Korea", "new version of emotet is out call John McAfee and make sure they know", constant panic is a marketing ploy by infosec to make people think they are doing things. They spend their times arguing over taxonomies like kill chains and how to name ttps and no time understanding how a computer works or even basic computer science.

      • Clear on 18/05/2022 - 23:47

        You are doing it wrong you automate it all to remove the human element.

        The number of significant breaches due to automation is too damn high. Many that made headlines were a direct result of eliminating the human factor in management.

        • deme on 19/05/2022 - 08:45

          Which ones?

  • Zippy135 on 18/05/2022 - 21:10
    +1

    I moved into cyber 18 months ago after a long career in travel and love it. Whilst I did do a short cyber security course which mainly taught the fundamentals and a bit on coding etc, it was the passion and showing your committed to continue learning cyber that helped me through my interview.
    Check out https://www.austcyber.com/resources/dashboards/NICE-workforc… for some ideas of what area of cyber you’re interested in and then focus on the skills you need for it. You might want to do this free intro course to get a taste of different areas - https://www.mosse-institute.com/certifications/mics-introduc…
    Otherwise you can find many other free micro courses online.

    Coming from teaching you’ll have a lot of great skills (eg people skills / converting tech language to non tech people) for many of the non technical roles which you’ll find easier to get into. Many employers are starting to look at people who are changing careers who can bring different ideas to the industry. But you still need to read up and understand the industry and language. Tons of acronyms to learn.
    Finally network and have your LinkedIn profile updated.
    [DOTM] (https://twitter.com/dotmclub?lang=en) is a good meet up among security people. Super casual and they do one in a number of cities around Australia.
    Good luck with your decision.

  • Asydney1990 on 19/05/2022 - 13:56

    Hey i moved into Cyber around 3 years ago, i'm in sales, i know there's a huge need for network security engineers,it's complicated but very rewarding.

Login or Join to leave a comment
Login Join