I’m a cyber security engineer, supporting my family and putting my wife through college. 10 years ago, I was a grocery store cashier. How did I get here?
People always tell me they want to get into CyberSecurity. Nothing wrong with that. In fact, we need more skilled people in the field. So I figured I’d explain how you can get into the trade, and how I lucked into it myself.
Notes on getting the job
First, I would like to point out, Cyber isn’t an entry level industry. I was a systems administrator before I became a cyber security analyst. Most people in Cyber work other roles in IT or in development before transitioning.
Why is this? Well, Cyber requires a lot of prerequisite knowledge. You have to be skilled enough to be a developer with a DevOps slant or a sysadmin to start getting into it.
I don’t say these things to deter you. I just want to set your expectations appropriately. Don’t go into a 3 month bootcamp and expect to get a job in Cyber right afterwards. The talent pool for Cyber jobs is full of people with extensive experience in other fields of technology. That is what you’re up against.
Actual advice
The best advice I ever got was to take my most powerful desktop computer and install a virtualization platform on it. Then build an environment that mimes what you see in real businesses.
Then tear it down.
Then build it again.
Then tear it down again.
Then build it back up with automation.
Then tear it down, again and again.
And rebuild it, automating as much of it as you can.
Having a home lab is the single most important thing you can do for your IT career, regardless of specialty. Security practitioners, sysadmins, even Helpdesk staff should have a lab where they can sharpen their skills and practice without fear of breaking something in production.
For a CyberSecurity person, a homelab is an important area where you can practice with various enterprise grade tools to protect systems. Also, it allows you to experiment with malicious software in a safe environment. (Safe, assuming you isolate it properly. Again, this isn’t entry level.)
Path to CyberSecurity
Your first goal should be to either get a job as a SOC analyst or security analyst at a corporation. This is going to require some work in other fields of technology first. So before landing that first Cyber job, figure out what you like doing.
Do you like developing software? Become a junior software dev. Do you like helping people? Helpdesk is a great starting point. Do you like building systems and defining strategy? Sysadmins do that, but you’re not going to get a sysadmin job off the bat. Most people will start on the Helpdesk.
So focus on getting a Helpdesk job. Get your A+ certification. Get your Security + certification. Then cosplay a sysadmin in your homelab. Show your boss what you build and how you automate it. Make sure they know you want to move up and that you’re building the skills to do so on your own.
Once you get off the Helpdesk to a higher level role, such as jr sysadmin, now you can plan your transition to CyberSecurity. Focus on getting certifications that prove you know what you’re doing. Focus on security certifications in the specialty you eventually want to hone in on.
It isn’t easy getting into CyberSecurity. It takes years of practice and learning unless you get lucky. And if you get lucky, unless you’re absurdly lucky you won’t get too far.
My path
I started as a cashier in 2012, my first grown up job. I worked my way up to the cash office, and eventually to cash office manager. Then, I pivoted to the corporate IT department for the grocery chain. This took years just to get into IT. I really had to prove myself first.
After getting into corporate IT at the grocery chain, I worked my way up from cleaning computers to managing projects. I replaced systems, rebuilt servers, manicured server racks. I ripped out entire antiquated POTS lines and replaced them with VOIP, terminated hundreds of CAT 6 cable.
After a couple years of that, I moved on to a Helpdesk job at a local MSP. I stayed there for 3 years working my way up to being a sysadmin. Once I had some sysadmin experience, I found my current employer and got hired to be a sysadmin in the corporate world again.
Then, I told my boss I wanted to specialize in Cyber. I worked hard. I learned so much. I executed on so much. I again, really had to prove myself. Then I got moved into a security analyst role.
Finally, after serving in that role for years, I moved into an engineer position. This is where I’m at today.
Certifications
I got several certifications along the way. In the beginning, I got my A+ and Security+ certs. Then I got a Microsoft Security Administrator certification. Then I got a Microsoft Security Analyst certification. Then I got a Microsoft Security Engineer certification. Finally, I got a Microsoft Security Architect certification.
Can you see what I specialize in? I hope so. You might think I love Microsoft. Well I’ve just been following the money. Don’t get me wrong, Microsoft makes some amazing products that shape the world we live in. But at home I use a mix of macOS, iPadOS, and Linux for my client devices. I still have a few Windows servers and Windows client virtual machines for practicing on, as one does.
You can do it too
I’m not particularly smart. I’m not particularly talented. I work hard, but I’m a slow learner. I put in over a decade of work to get here. If you’re smarter than average, you can do it faster. With a bit of luck, anyone can make it where I have today.
Leave a Reply