COMMUNITY BLOG - Craig Ford - The road less travelled
The community blog posts are written by InfoSec professionals from diverse sectors who have kindly provided articles for free to support the demystifying of cyber.
Author: Craig Ford
What is the right path for you to get into cybersecurity? Honestly, I have absolutely no idea and I think it's okay if you don’t either. I get asked this question a lot, by industry peers, by people wanting to get into security and by the people doing the hiring but I really don’t know the answer. My path migrating from an IT support background dating back to the dinosaurs (really just early 2000s but sometimes it feels that way), doing a masters and a transition over via a dual IT/cybersecurity role, it’s a path I would feel is quite common. Is it though? I was in IT for more than ten years before I did my first degree, I did the degree because I was moving into management type roles and wanted to expand my skills in that area, that’s why my first degree was the “Master of Management (Information Technology/Digital Forensics focus). I honestly choose Digital forensics because I thought it sounded cool. I had been asked to do some reports for legal cases before as an expert in IT and I thought why not learn the principles so that I could better provide that service. Makes sense, right? I found my passion with this decision; I didn’t know it at the time, but I got the security bug and that has been my drive ever since. That transition was not an easy one though, even with two master’s degrees and almost 15 years of experience in IT roles I was still finding it difficult to make the change. It is baffling, I had all of the foundation skills, I knew how systems worked, I had the job of fixing anything and everything, I was perfect for a SOC analyst or incident responder. I could learn that skill quickly.
I kept failing though, missing out on jobs, rejection after rejection. I didn’t stop I kept volunteering for any Security related activities in my IT focus roles and I was building the experience but that still wasn’t enough. I either didn’t have the right certs (I had two master’s degrees for heaven’s sake) or I didn’t have the minimum of five year’s experience for an entry-level job. It’s ridiculous. I know change is hard and it doesn’t happen overnight but we as the industry need to figure out what we are doing. With an avalanche of threats facing businesses, we need to pull down that wall, the barrier that is stopping them from chasing their dreams. Look not everyone is suited to every role in cybersecurity, some do require specific skills or talents that just can’t be ignored but many roles can be taught, people can be taught.
I have gotten a little side-tracked though, I want to talk about your path, yes you. Your path doesn’t need to be like mine or any other person already in the industry. I get it, you have role models, you want to be like them, that’s awesome I get that completely but don’t try and walk their path. You need to do you. What do I mean? You need to walk your own path, find your own way, not a well-trodden path that has come before you, the one that is overgrown and covered in vegetation. The one that scares you and pushes you out of your comfort zone. If you have a goal figure out how you can get there.
Let’s expand on this a bit, I don’t even know if my path was the right one for me and your idol that you want to mirror may have parts of their own journey that they regret or think was unnecessary. They might think their path is perfect, but does that mean it will be for you? No, I think you will find it is not the case, maybe it is but probably not. We are all individuals and should not try to fit a round peg in a square hole or vice versa. The cybersecurity industry needs new ways of thinking, not old ways. We need you to take a path less travelled, to have a different viewpoint, a different perspective. I know it won't be easy, I know at times many of you will want to give up. I did a few times. I want you to keep going, forging new paths, doing things a bit different. If you have read my A Hacker I Am book series you will know that is my jam, walking the slightly different path, doing things a bit differently. I think it makes me who I am, not everyone likes how I do things and that’s completely okay because I am doing me and they are doing them. Remember we are all different and we need to do things how we need to. So what was the point of the article? It is simple (well in theory anyway) when figuring out how to break into cybersecurity, think less about what everyone else has done. Think about your goals, your skills. What makes you a good candidate for security and build on that. Find your path, one that works for who you are. Expand on what you love, what you are good at. The opportunity will come when you least expect it, don’t rush it just enjoy your journey and when that opportunity does come knocking don’t hesitate, seize it.
COMMUNITY BLOG - guest author Craig Ford - 25 April 2022