Cyber security careers/qualifications

Owlet

Hi

I'm interested in switching careers to work in cyber security. I am late 30s, kids will both be at school from September, I gave up (paused) my career for a few years while they were young. I do not have a technical IT background but I am computer literate, I was previously a civil servant working internationally and the travel doesn't suit family life now. Ready for a big change.

I am happy to dedicate some time and money to studying a qualification but I don't want to be doing something for years on end e.g. a degree type undertaking. Finding it a bit hard to navigate the qualifications. I was very interested in audit/risk certifications as I can see this being an area with huge growth potential, with but I see that to get some of them you need 5 years' practical experience to actually get the certification... can you do the course, get a job and then build up the experience? How feasible is that?

Basically is there any sort of course up to one year in length that would have a clear path to employment either self employed or for a company.

Thanks!

MarkY91

I'm in a similar situation. Hoping someone can chip in :)

Martel

Hey,

"Finding it a bit hard to navigate the qualifications"

Yeah, there are a lot of them. Security as a domain is somewhat obsessed with them.

"I was very interested in audit/risk certifications as I can see this being an area with huge growth potential, with but I see that to get some of them you need 5 years' practical experience to actually get the certification"

On the audit and risk side there are probably two certifying bodies that have the biggest rep, (ISC)² and ISACA.

I'm guessing you've already looked at these a bit, as I'd guess "5 years' practical experience" is a reference to CISSP from (ISC)², which is probably the best known security cert. Last I checked (N.B. everything I say here is based on this condition... I haven't looked recently) it required 5 years of experience, or 4 years and a degree. You can become an "Associate" by passing the exam without the requisite experience and then gain the experience later. Without having a background in this field, there would be quite a lot to learn in relation to CISSP, as it covers quite a lot of material. It's positioned sort of in the middle of the field in terms of technical knowledge, i.e., for a techie person it's the non-techie-manager cert that's meant to demonstrate that they have a more holistic understanding of security, while for GRC (Governance, Risk, Compliance) people it seems to be viewed as quite technical as it requires at least a limited understanding of areas like cryptography.

Sticking with (ISC)², there a number of other certs like CC, SSCP and the recently renamed CGRC. CC is a fairly recent cert and is meant to be an entry level cert. I think they were giving away training on a limited basis. This might be a decent one to look at as first step. You're probably not going to get a good job based on the strength of it, but it might help you with some of the terminology and fundamentals. SSCP is sometimes viewed as a more junior cert in comparison to CISSP, but given what you've said I don't think it'd be the right step for you, as it's more security administration based as I understand. CGRC is Governance, Risk, Compliance-based. I really don't know much about it tbh. It was called CAP (Certified Authorised Personnel or some such) before. Perhaps it was rebranded because the purpose of the old cert was unclear. This cert would seem quite relevant to you, but won't have much name recognition, for now at least. The other (ISC)² are more specialised, e.g., specific to software development, cloud, healthcare, etc.

The big certs for ISACA are CISM and CISA. CISM probably isn't really relevant for you now, as it's meant to be for people with security management experience. CISA is an auditor cert, so would seem relevant for you, and it's fairly common among experienced people from audit backgrounds. I don't have any ISACA certs (I have two (ISC)² certs), so can't tell you much about the process or rules. Both orgs do have a membership element, and ISACA put on talks/conferences from time to time.

There are loads of other certifying orgs like CompTIA, GIAC (SANS), etc. There are also certs available for things like ISO 27001 auditing and such, so there are plenty of options.

KkomradeWarrior

I've been diving into the realm of cyber security lately, and I'm genuinely amazed by the vast opportunities in this field. Whether it's ethical hacking, penetration testing, or securing network infrastructures, there's a niche for everyone. I'd strongly recommend newcomers to start with certifications like CompTIA Security+ or CEH, which provide a solid foundation. But beyond certificates, hands-on experience is invaluable. Setting up home labs, participating in CTF challenges, or using platforms like Hack The Box can be game-changers. Always remember, in cyber security, continuous learning is the key.