My career transition from software testing to cyber security was exciting as well as painful at the same time. I am sharing my journey and also the guide so that you can have a smooth transition to cyber security.
Table of Contents
- Alerts !!
- My Journey
- My Tips for transition to cyber security
- Conclusion
Alerts !!
- Cyber Security is not for you if you love to work in your comfort zone.
- Cyber Security is surely not for you if you do not enjoy the learning forever attitude.
My Journey
- The background
- I have a background in C++, Unix, SQL.
- I have worked as a software test engineer for 5+ years where I tested a variety of systems and wrote automation tools and scripts from time to time in languages like VisualBasic, Perl, Shell, Java, Python.
- My first steps in to security
- I was in a testing org which was setting up a unit for performing security testing where I got introduced to OWASP and other training resources under OWASP.
- My transferable skills moving into security were my breaking the software aka testing skills.
- Getting out of comfort zone was painful
- First steps were easy but as I started reading the OWASP testing guide and other resources I found that it was really a tough learning curve and was painful to say the least for the initial 6 months to 9 months.
- Reason was that I was in my comfort zone in software testing where I knew a lot of my tools, techniques and applications.
- I had urges and sensations in my body asking me to stop this pain as I was not used to reading and learning so much in my past domain.
- Coffee and willpower were my friends.
- Game Changer – Accidental entrance into cloud security
- While I was doing pen testing, a security lead in a cloud team under the same organization got injured and I was asked if I could fill in the position as a backup for some time.
- This was a game changer as I found that I enjoyed learning about aws and cloud security much more than the pen testing.
- I realized at this time that I should explore different options available in cyber security.
- Making the choice and change
- After exploring different areas in cyber security I found product security was the one that I really liked and was really close to my passion.
- CEH certification really helped me here as it gave me a fundamental knowledge of different domains in cybersecurity even including areas like Risk Management, Compliance.
- Intentional move to product security
- I created a long term learning plan and started looking for a job in product security and found that after struggling for 6 months in the job market.
- For the next year, my whole day used to be spent reading, learning, watching youtube seminars, and listening to podcasts.
- I worked as a product security engineer and architect and realized that there are sub domains even inside this domain 😀 and it is possible to be an expert in one of those as well.
- Next Steps – Jack of all trade and master of none
- My strength is that I have good enough knowledge about many areas but I am not a master in any one and I love looking at the big picture and solving bigger and complex problems.
- I figured out that the next stop in my journey is to establish myself as a seasoned product security architect and further strengthen my skill set in that area.
My Tips for transition to cyber security
- Leverage transferable skills
- Explore different areas and domains inside cyber security.
- Identify skills in your current job that can be transferred to a particular area in cyber security.
- Example – Software test engineer’s skills can be transferred to penetration tester role much easily as compared to some other roles.
- Learn those skills (certifications are helpful in learning but are not mandatory).
- You can create your own plan or follow this one.
- Learn and Learn and Learn.
- Move into the relevant area in cybersecurity first if you want to do this transition as smoothly as possible.
- Exception to this section – If you are a genius or are madly passionate about a specific area which does not map to your current skill set.
- Explore CyberSecurity
- Once you are in a domain within cybersecurity, start exploring the domain which you are passionate about. This is a good place to know more.
- Some certifications like CEH explore a little bit of all the domains can be helpful at this stage.
- Decide the domain which you feel most passionate about.
- Create a long term (1-3 year) learning plan and transition plan to move into that.
- Example – You entered as a pen tester and found during this phase that cloud security excites you more. Start gearing up for that.
- Establish yourself
- Once you have selected a domain (let’s say product security) create your learning plan and career growth plan.
- At this step I would say that the transition is complete as you may be enjoying your work and role (hopefully).
- If not, explore other areas in cybersecurity as you can do a lot here.
Conclusion
Cybersecurity is a rewarding career option but one must have a learning attitude among other attributes in order to succeed here. Best of luck with your transition !!
Happy to hear your comments, questions and feedback on my linkedin handle.