Two and a half months ago I realized cybersecurity was the industry I wanted to dedicate my career towards, but this realization took many months of research, frustration, reflection, and writing. 

How I came about this realization is for a different day. Today I want to share with you how I went from deciding on cybersecurity to landing a position within two and a half months. 

Before I dive into my process, I want you to know that this post isn’t a “zero to hero” or “if I can do it, so can you” kind of thing. This is real life and hopefully, from my brutal honesty, you’ll be able to take the lessons I learned from this experience and apply them to your career shift. 

My “strategy” for making this shift into cybersecurity is simple to understand but difficult to execute. Below is a high-level summary of the two main pieces of my approach.

  1. Learning: Whenever shifting into a different industry it’s important that you’re spending every free moment learning the fundamentals and lingo used within that area. Also, when learning you should be gaining credibility that can be shared either through certifications, teaching others via videos/writing, or building personal projects. 
  2. Luck: Some people like to think that hard work pays off, but that’s only true if you’re lucky. This is a hard truth for most people to accept especially as Americans. The beautiful thing about luck is that you can increase your chances of “getting lucky”. 

Here’s the formula… 

Learning + Luck = Possible Success

Before diving into the specifics, I want you to know that I realize everyone’s life circumstance is different and my tactics won’t fit your lifestyle, so you should focus more on the higher-level principles. Take these principles, then mold them into something that’ll fit your life circumstance. 

Table Stakes – Learning

No matter what industry you’re shifting towards, learning the fundamentals is “table stakes”. 

The amount of free education varies by industry, but there’s always going to be free or close to free content for most industries. 

For me, I approached this learning journey in a few phases. 

  1. Industry: Most industries have many career paths and cybersecurity is no different and it can be overwhelming for any newcomer. My first challenge was to better understand the topology of cybersecurity, uncovering all the different roles, skills, and traditional paths taken in this space. Once I figured out which paths interested me most, it was time to create a curriculum. This curriculum was created by understanding the skillsets needed today and in the future. 
  2. Fundamentals: I’m in a fortunate position and can dedicate a large amount of my time to learning, which isn’t the case for everyone. I think allowing yourself to have 25% – 50% of your personal time dedicated to learning is a good start. I went to the extreme end of this spectrum reading books 4 – 5 hours a day, then doing hands-on projects for another 2 – 3 hours.  
  3. Immersion: An interesting phrase I’ve recently come across sums this phase up, which is “It’s not what you know, but actually being in the know”. The idea here is not to only understand the fundamentals but to be “in the know” when it comes to what’s currently happening in the industry. My approach was to fill up all my free time (e.g. workouts, life admin, etc.) with cybersecurity-centric podcasts, Twitter profiles, YouTube Channels, newsletters, Slack channels, and Discord channels.  

Learning is nice, but it’s not enough on its own, so instead of learning in a silo, I decided to build credibility through certifications and learning in public.

There are many ways to build credibility, which varies by industry and is something you’ll want to figure out for your career shit. In cybersecurity, certifications carry some credibility, depending on the person you speak with, but another important part of certifications is that they’re a great way to learn the fundamentals in a structured way. 

I decided to lock myself into my apartment for two weeks with four textbooks and get the Security+ certification

Another way I built and continue to build credibility is something I like to call “learning in public”. Over the past 6+ months, I’ve shared my journey via videos and blog posts, documenting all the interesting tools, concepts, and books I came across. This approach definitely helps with building credibility because you’re showing interest and have more than a simple resume to share. More importantly, by forcing myself to teach others, I’ve understood each topic at a deeper level. 

Remember learning and continuing to learn are table stakes. 

Luck, the key to “success” 

If I could reduce this section down into a single quote it would be this… 

“I’m a great believer in luck, and I find the harder I work, the more I have of it.” – Thomas Jefferson

Luck is a game of chance, it’s all about being at the right place, at the right time. 

Fortunately for us, there are certain scenarios where these chances of getting lucky can be increased. I envision luck as a flat surface created to catch water (luck) and the more flat surface we have, the more water (luck) we’ll catch.

My approach to increasing this surface for catching luck in the context of shifting careers was through building relationships. The more relationships I built, the larger my luck-catching surface area increased. 

Once I built “enough” credibility and understood where I could apply my previous experience, as well as newly acquired cybersecurity knowledge I created a list. This curated list consisted of two types of companies I admired in cybersecurity, those that were doing cybersecurity “right” and those that were strictly focused on cybersecurity.

After narrowing this list down from 60+ companies to 10, it was time to reach out to interesting people doing interesting things inside each of these companies. LinkedIn was my best friend here and it’ll be yours as well. 

This is the most important part of this entire “luck” strategy, so if you ignore everything else, at least remember this! 

When contacting those I admired, I was coming from a place of curiosity, with the intention of gaining new friends in the industry, not jobs. Let me repeat that… DON’T ASK FOR JOBS!!!

I genuinely think that every person has a unique perspective and story, so I explored those during these conversations. Asking about how their careers unfolded, the advice they’d give to their younger selves, skills they think will be needed in the coming years, their perspective on the company culture, etc.

The number of conversations isn’t as important as the quality of those conversations, so I selectively choose people that I truly find interesting. 

Before every conversation, I would prepare at least eight questions, but I never relied on these, instead, I only lean on them when needed. Each conversation I had helped build my understanding of each company, culture, and role available, which narrowed that list of 10 down even further. 

Building relationships with the people I admire, increased my chances of possibly being referred to either their company or other companies they’re aware of… Getting referred is nice, but it’s only the first step, next I had to prove my value, pulling on previous experience and the knowledge I gained while making this shift. 

There’s more to this story, but we’ll leave it there for now. 

For those of you making the career shift, remember… Constant learning is table stakes and luck is a form of chance that can be increased.