From Bugs to Breaches : Insights from my Career Transition from Software Testing to Cyber Security and Your Guide to do the same

Kuldeep Kumar

My career transition from software testing to cyber security was exciting as well as painful at the same time. I am sharing my journey and also the guide so that you can have a smooth transition to cyber security.

Table of Contents

  • Alerts !!
  • My Journey
  • My Tips for transition to cyber security 
  • Conclusion

Alerts !!

  1. Cyber Security is not for you if you love to work in your comfort zone.
  2. Cyber Security is surely not for you if you do not enjoy the learning forever attitude.

My Journey

  1. The background
    • I have a background in C++, Unix, SQL.
    • I have worked as a software test engineer for 5+ years where I tested a variety of systems and wrote automation tools and scripts from time to time in languages like VisualBasic, Perl, Shell, Java, Python.
  2. My first steps in to security
    • I was in a testing org which was setting up a unit for performing security testing where I got introduced to OWASP and other training resources under OWASP. 
    • My transferable skills moving into security were my breaking the software aka testing skills.
  3. Getting out of comfort zone was painful
    • First steps were easy but as I started reading the OWASP testing guide and other resources I found that it was really a tough learning curve and was painful to say the least for the initial 6 months to 9 months.
    • Reason was that I was in my comfort zone in software testing where I knew a lot of my tools, techniques and applications.
    • I had urges and sensations in my body asking me to stop this pain as I was not used to reading and learning so much in my past domain.
    • Coffee and willpower were my friends.
  4. Game Changer – Accidental entrance into cloud security
    • While I was doing pen testing, a security lead in a cloud team under the same organization got injured and I was asked if I could fill in the position as a backup for some time.
    • This was a game changer as I found that I enjoyed learning about aws and cloud security much more than the pen testing.
    • I realized at this time that I should explore different options available in cyber security.
  5. Making the choice and change
    • After exploring different areas in cyber security I found product security was the one that I really liked and was really close to my passion.
    • CEH certification really helped me here as it gave me a fundamental knowledge of different domains in cybersecurity even including areas like Risk Management, Compliance.
  6. Intentional move to product security
    • I created a long term learning plan and started looking for a job in product security and found that after struggling for 6 months in the job market.
    • For the next year, my whole day used to be spent reading, learning, watching youtube seminars, and listening to podcasts.
    • I worked as a product security engineer and architect and realized that there are sub domains even inside this domain 😀 and it is possible to be an expert in one of those as well.
  7. Next Steps – Jack of all trade and master of none
    • My strength is that I have good enough knowledge about many areas but I am not a master in any one and I love looking at the big picture and solving bigger and complex problems.
    • I figured out that the next stop in my journey is to establish myself as a seasoned product security architect and further strengthen my skill set in that area.

My Tips for transition to cyber security

  1. Leverage transferable skills
    • Explore different areas and domains inside cyber security.
    • Identify skills in your current job that can be transferred to a particular area in cyber security.
      • Example – Software test engineer’s skills can be transferred to penetration tester role much easily as compared to some other roles.
    • Learn those skills (certifications are helpful in learning but are not mandatory).
    • You can create your own plan or follow this one.
    • Learn and Learn and Learn.
    • Move into the relevant area in cybersecurity first if you want to do this transition as smoothly as possible.
    • Exception to this section – If you are a genius or are madly passionate about a specific area which does not map to your current skill set.
  2. Explore CyberSecurity
    • Once you are in a domain within cybersecurity, start exploring the domain which you are passionate about. This is a good place to know more.
    • Some certifications like CEH explore a little bit of all the domains can be helpful at this stage.
    • Decide the domain which you feel most passionate about.
    • Create a long term (1-3 year) learning plan and transition plan to move into that.
    • Example – You entered as a pen tester and found during this phase that cloud security excites you more. Start gearing up for that.
  3. Establish yourself
    • Once you have selected a domain (let’s say product security) create your learning plan and career growth plan.
    • At this step I would say that the transition is complete as you may be enjoying your work and role (hopefully).
    • If not, explore other areas in cybersecurity as you can do a lot here.

Conclusion

Cybersecurity is a rewarding career option but one must have a learning attitude among other attributes in order to succeed here. Best of luck with your transition !!

Happy to hear your comments, questions and feedback on my linkedin handle.