How to start a career in IT/cyber security
Hi everyone! I need some help. I'm in my mid-thirties, and I had a growing career that, since covid, has gotten so flaky I can't properly provide for my family anymore. I have always been interested in tech, and would like to start a career but I'm not sure how to.
Can anyone in the field give me some advice? I don't have much college experience, only did 1 year 17/18 years ago. Looks like I need some sort of college degree, which I'm fine with.
I also saw some online "bootcamp" things... are they good? I would like to do something where I was helping companies be protected from hackers and work from home as much as possible. White hat hacker type of thing... if that's real!
Thank you everyone!
Be careful about "boot camps", and I say this as someone who teaches at one on the side (coding, not security). A lot of them are kind of like degree mills - pay money, get stamp, maybe worthwhile or maybe worthless.
If you go that route, do a lot of research. The biggest thing I'd look for is that the instructors work in the field full time and teach on the side (because they love sharing info and teaching the next generation). Hire rates for grads is also a good indicator... But take close note of where those hires are at and ask if it's not published.
Any time I've come across these kind of programs where the boot camp instructors only job is teaching, the info is usually 10+ years dated and relatively useless past the absolute basics.
This 100% My experience only mattered because I was able to really involve myself and had a great relationship with my instructor, and still do, actually. There were people who failed out, so my specific program isn’t something I’d classify as a degree mill, but I 100% could’ve coasted through and retained nothing.
The relationship with the instructor is something I wanted to touch on but thought I'd maybe rambled too much already.
If it's a good program, they WANT you to succeed and they want to give you every possible advantage. You can show up to class, do the bare minimum, and maybe pass. But going the extra bit and asking good, useful, questions will get you much further.
I've never met an instructor who cares that isn't up for side discussions, private tutoring, and literally anything that helps the student squeeze as much info as possible before, during, and after the class. I have zero respect for anyone who teaches a class and refuses to do anything outside of the prescribed class hours... Makes me angry just thinking about it.
Edit: also if the instructor is working in the industry then they have a network that you can tap into... which is often more important
Trying to go entry right in to Security is a recipe for failure. You'd only be able to find something on a large security team that's wanting to underpay and security teams are generally small, low turnover affairs, the entry level jobs are scarce.
Now let's talk entry level IT.
Usually this means help desk. It can be other things, but the lions share of entry level IT is help desk.
Let's say I open a position. Help Desk I. Minimal experience, Minimal pay.
I get 100 resumes immediately.
Let's play the what's in my inbox game.
50 of them are zero effort generic carbon copies from a resume template. No certs, no experience, no or unrelated work history. 30 of them are some effort, I make excel sheets, I'm an exec assistant, No certs, but some semi-related experience with basic office apps. 10 of them list every technology that exists, no certs, no experience but they list that they know how to do everything under the sun. 5 of them will have a small amount of real experience 5 of them will be straight out of college with no experience.
The first 50 are out.
The next 30 I'll weed through. If they read genuinely and show intelligence, I'll pick some of the best ones for a phone screen. The 10 that list everything are straight up trash. I've phone-screened hundreds of those. As soon as you ask them any questions past what is DNS, they fall apart and start just swearing they they can do anything. The 5 with experience are worth a phone screen. probably 1:20 is a reasonable candidate The 5 straight out of college are probably worth a phone screen, but they're looking for greater than starting wages, and the chances of getting a couple years out of them is slim, they just need the experience to get on to their next gig.
If someone comes in with little experience but has certs, especially Microsoft certs, I'll always call them. Those certs are hard to get and they're pretty relevant. It's no sure thing, but it's a damn good indicator.
You should be able to install windows, have a working knowledge of replacing/upgrading drivers, googling for and finding/editing/creating keys in the registry, reading windows logs, you should know where the various AppData folders are and what their purposes are. How do you put something into auto start, how do you find all the different things in auto start to disable them? Go find all the health dashboards for the different services (Azure, AWS, Office 365) know where they are so you can use them as examples for practical questions. Be able to open a command window with admin privileges and know why you'd need to do that. Basic wired network card setup.
Go sign up for a free account on Spiceworks. Set up a fake help desk. Work on workflows, create and resolve tickets. Go over every feature for a couple days.
Go get some trash parts, put together a working pc. If nothing else, just get a old pc, strip and clean it then reassemble it, you just need a screwdriver and tiny fingers :)
All this extra curricular stuff, it's all for the resume. No lies. Be clear but don't be too wordy. I'm looking to leave my current field of [x] and enter the IT field. list out the things you've done and worked with in the name of job preparation. When they read your resume, you need to sound like you're interested, dedicated, and are ready to take initiative.
In interviews, own that you do not know things. I don't know how to do that, I'd start with a web search with the following keywords [x,y,z]. If I had to take a guess without looking it up, i'd probably say it was [whatever you can come up with].
I’m a SOC Analyst in my mid 20s.
I did a boot camp, it got me a job. BUT I already had a degree, though in a completely unrelated field. For people just out of college age like me, that degree requirement was much more about showing you’re capable of committing to something than it was about specific knowledge.
You’re going to need to get certifications no matter what you do. My boot camp prepared me for Sec+ and CySA+, but you could 100% do that on your own.
At the end of the day, it’s going to come down to how much time/money you’re willing to invest. If you’re able to get a degree without significant hardship, I’d do that. There’s so much value to education, no matter the subject.
If you’ve got less money and time than that, consider a boot camp. I had an amazing time in mine, and the schedules are often designed for working adults. My class had people of all ages, though the ones with some previous interests/hobbies in IT definitely got the most out of it.
Feel free to DM me, mentoring and networking is a huge part of cyber!
Hiring manager here, the best thing you can do is work on certifications. Microsoft Learn has a ton of info and the certs are reasonably cheap. There is also a ton of stuff on YouTube, for example Professor Messer's Security+. There is also a great demand for VMware admins.
If you can setup some computers at home and make yourself a lab, build VMs on hypervisors of your choice and talk about that during your interviews that's big bonus points too.
I also want to push Microsoft learn. I'm a 30 something year old who is 2 years into an IT career. It's been awesome so far. I think the Microsoft route is best bang for your buck. Basically self guided learning and you pay for the test. At my job specifically, certs are what's really going to make you stand out.
And to add to this conversation, I have 10+ years solo IT for a company. Microsoft Learn will help you with whatever task you can think of within the 365 and Azure environments. Whether you use the platform for a certificate or not, you’ll benefit from the step by step instructions for just about everything Microsoft.
Hi there, I'm a recent college grad with about a year and a half working as an admin in a VMware environment. I've actually been struggling to find other places to use this knowledge, could I ask where is my skillset so in demand? Might make finding my next job a lot easier!
I would suggest a recruiter as that is where I find my candidates.
Alright, I'll give that route a shot. Thanks!
Currently in my first IT job. I'm over 40, and been intheis job less than a year. Computers have always been a hobby of mine. A couple years ago I started taking some classes at the local community college: networking, cyber sec, sysadmin... After 6 or 7 classes, a professor recommended I apply for this job (Helpdesk+). I think certs are a great idea, and I'm planning to get some myself as I plan to steer into infosec. You really can't beat personal networking/connections though. I got mine through school, but also maybe there are some clubs or events like a local Linux Users Group where you can meet people and make friends.
Without a degree or any IT experience, I’d say try to get one basic IT certification from CompTIA (A+, Sec+, or Network+), then apply for a HelpDesk job just to get in. You can try going straight to a SOC analyst role if you’re confident in your knowledge/skills. Those are basically the entry points for IT and Security for someone without a lot of experience. Once you’re in, you can start leveling up with experience or move laterally to your desired role. You’ll also be able to get your employer to pay for training and certifications.
Thank you!
First off, aiming to start in security is a fools errand. Security is one of the many paths that your career might take after you gain some knowledge.
Some more random thoughts before real advice. The two hardest things in IT are getting into help desk, and getting out of it. The reason is two fold: 1) help desk is the great entry point for the greater IT industry, and 2) one person in a help desk role is fairly similar to another when it's time to move out of help desk.
Now: If you have the time, go to your local community college and take their it/networking/security program. The degree will help - you won't skip help desk (unless your lucky), but you are better equipped for getting out of it. You will also learn a bunch of stuff, get some projects to stick on a resume, etc.
If you don't have that time you can go the cert route. Be warned however - certs do not substitute for real experience. Do not fall for the trap of thinking that getting X cert is your ticket to Y job. You will be in for a ride awakening when your sitting across from someone like me that only asks situational, hypotheticall questions with no correct answer ( I care about how you think and approach problems over book smarts).
Ok. Last bit of advice: the 10 things I look for (in order) when interviewing entry level help desk.
I can teach you how to fix a printer, design a network, or spin up infrastructure in the cloud. I can't teach you how to act around people.
Well said, I cannot stress not being an asshole enough :)
Do: (at the end if they ask for any questions)
Ask questions about the company culture
Ask questions about your coworkers. (tell me about your team)
Ask questions about the craziest thing they've ever seen.
Engage them, get them talking about the things they like.
This is the right answer. Help Desk is by far the right entry point.
I've got some college but no official degree as well. I did a bootcamp for a CCNA with 0 experience in 2012. It was like learning a foreign language. I had to buy the official cert guide and studied hard for a year, I eventually got the CCNA cert in 2014. After that I kept getting additional Cisco certs, CCNA - security, CCNA - cyberops, and now am working on the CCNP. Once I got my CCNA I was able to get into a help desk position, and have moved up to analyst, and engineer. With each job jump have increased salary 30-50%. Honestly in tech I'd recommend moving around every 1-3 years to get that pay bump.
If you have a good manager, they will recognize that a college degree in IT and security specifically is not really necessary.
Some certs to look at for entry level network security, Cisco cyberops associate or CompTIA security+
I knew of more than a few that started as a grunt at an MSP (managed services provider) and soaked up all they could and kept getting promoted or moved to other MSPs. They're great for learning hands on and quickly. Or go get a diploma or something.
Get your hands on some used computers, and maybe an 8-16 port switch, then dive into the world of home lab! Setup your own servers and network stacks. Deploy services, containers etc.
Hell, you'd be surprised at how involved setting up a headless Linux Minecraft server can be if You've never done it. Little projects add up to a lot of hands on experience you just don't get from a book.
Plenty of good suggestions in this thread. I'll add on that I recommend you read Alyssa Miller's "Cybersecurity Career Guide". It will answer many of your questions and provide you a roadmap to land your first job. https://www.manning.com/books/cybersecurity-career-guide?ar=true&lpse=A
Learn Terraform. It's easy and in very high demand right now.
Start at a temp agency
If you want to have a taste of the basics you should check out the OWASP juice shop, basically a game-ified insecure web application to poke holes into. It has tutorials, an achievement system and the different challenges all have a difficulty rating.
https://owasp.org/www-project-juice-shop/