Rethinking Cybersecurity Training: A Path for Career Transitions

Cybersecurity’s long attracted those seeking a challenging and financially lucrative career, but if you’ve ever tried to break into the field, you’ll know it’s far from straightforward. Whether you’re already in IT or coming from a completely different profession, figuring out how to pivot can be overwhelming. Check out r/SecurityCareerAdvice, and you’ll find plenty of questions like, “How do I move from help desk to SOC analyst?” or “What’s the best path from System Administrator to Security Engineer?” or even “How do I jump from Human Resources to Cybersecurity?” The interest is there, but the roadmap? Not so much! The problem is that cybersecurity career training today focuses on…

    1.  Those already in Information Technology
    
    2.  Teaching specialized Skills

These topics are valuable for certain roles, but they’re not really designed to help someone transition into the industry. How can we improve training to make it more targeted and relevant?

The Problem with Current Training

Most training is built around teaching niche technical skills like penetration testing, secure coding, or vulnerability analysis. These topics are key for advanced roles but aren’t useful for someone freshly earning a bachelor's degree, transitioning from help desk or SysAdmin roles to security, or entering the field from a non-IT background. On top of that, the sheer number of certifications and training options can make for a daunting if not intimidating experience. Certifications like the CISSP, CEH, OSCP, and Security+ are geared toward people who already have years of relevant experience. If you’re just starting out, how do you know where to begin? Without guidance, it’s easy to feel stuck!

Creating Better Paths for Career Transitions

To make cybersecurity more accessible, we need to shift the focus of training to career transition. Training should include clear and concise, step-by-step guides for transitioning into roles. For example:

Help Desk to SOC Analyst

If you’re coming from a help desk background, you’ve already got foundational knowledge about troubleshooting, ticketing systems, and user support. Transitioning into a SOC analyst role builds on those skills but requires a shift toward cybersecurity-specific concepts.

Incident Response Basics: Cover the lifecycle of an incident, including identification, containment, eradication, recovery, and lessons learned. Introduce learners to common frameworks like  NIST SP 800-61 Incident Response Recommendations.

Log Analysis: Teach how to read and interpret firewall and IDS/IPS logs, email headers, and network protocols. Break down how to identify suspicious activity, e.g., unusual login attempts or out-of-place data transfers.

SIEMs: Provide hands-on experience with Security Information and Event Management (SIEM) platforms like Splunk, Azure Sentinel, or QRadar. Training should include how to set up dashboards, write queries, and create alerts.

Hands-On Labs: Simulated environments should replicate real-world scenarios to create practical, immersive experiences that build critical skills. Cover diverse and dynamic situations such as identifying phishing, analyzing malware, developing response playbooks, and containing ransomware incidents. Each lab should integrate realistic data, tools, and systems that mimic enterprise infrastructure.

SysAdmin to Security Engineer

System administrators have a wealth of experience managing networks, servers, and infrastructure, all of which are critical components of security engineering.

Securing Infrastructure: Training on hardening operating systems, configuring firewalls, and creating/applying secure baseline configurations. Learning about tools like Ansible, Jenkins, or Terraform to enforce consistent security policies.

Identity and Access Management (IAM): Understanding how to implement secure IAM solutions like Okta, Active Directory, or IdentityIQ. Cover concepts like least privilege, multi-factor authentication (MFA), and role-based access control (RBAC).

Automation and Scripting: Leveraging scripting skills (PowerShell, Python, or BASH) to automate tasks like log collection, vulnerability scanning, or patch deployment. Exploring security automation tools like SOAR (Security Orchestration, Automation, and Response) platforms.

Cloud Security: Many SysAdmins are already familiar with cloud platforms like AWS, GCP, or Azure. Security engineers often focus on securing these environments, which includes setting up security groups, monitoring with tools like AWS GuardDuty, and managing encryption keys.

Non-IT Roles to Cybersecurity

Coming from a non-technical background doesn’t mean starting completely from scratch. Many of the skills in roles like HR, education, or project management may translate well into cybersecurity. 

Risk Assessment and Management: Project managers and HR professionals often deal with risk in some capacity. Learn how to apply those skills to cybersecurity by identifying potential threats, evaluating impact, and implementing mitigation strategies.  

Policy Creation and Compliance: Many roles in Governance, Risk, and Compliance (GRC) involve drafting and enforcing policies. Training should cover key regulations like GDPR, HIPAA, FedRAMP, or PCI DSS and teach how to align policies with frameworks.

Security Awareness: HR is uniquely positioned to influence the culture of an organization. Training should show how to develop effective security awareness campaigns, train employees, and foster a security mindset.

Foundational Cybersecurity Concepts: Begin with the basics! Understanding the CIA triad (Confidentiality, Integrity, Availability), recognizing common threats, and grasping how security tools work.

2. Skills Before Certifications

Certifications are useful, but they shouldn’t be the first step for career changers. Start by building practical skills with low-cost resources like home labs, online labs, Capture the Flag (CTF), or conferences. Once you have the skills, certifications can help validate them but they’re not the starting point.

3. Highlighting Transferable Skills

A lot of people underestimate how much their existing skills transfer to cybersecurity.

IT Professionals:

If you’ve worked in IT, you’re likely familiar with troubleshooting, managing systems, and working under pressure. These skills map directly to roles like SOC analyst or security engineer. For example, troubleshooting network connectivity issues is a foundation for investigating suspicious activity. If you’ve written scripts, you’re already practicing skills in areas like coding and automation. Addressing a user alert about a virus on their machine is the first step in the incident response process.

Non-IT Professionals:

Skills like communication, process improvement, and analytical thinking are often overlooked but incredibly valuable.

Communication: Roles in Governance, Risk, and Compliance (GRC) or security awareness require one to translate technical concepts into plain language for executives and employees. If you’ve written reports, led meetings, or developed on-boarding training, you’re already ahead of the game.

Process Improvement: Project managers and operations specialists often excel at identifying inefficiencies in workflows and streamlining the process. These skills are directly applicable to creating and optimizing policies or incident response playbooks.

Analytical Thinking: If you’ve ever analyzed data in the decision-making process, whether in finance, marketing, or HR, you already have the foundation for tasks like analyzing log data for anomalies.

One of my favorite examples is the idea that someone in agriculture, i.e., farming, possesses skills that can be applied to cybersecurity. Take, for instance, anhydrous ammonia, a chemical used as fertilizer. It's highly corrosive, colorless, and often involved in accidental spills that require the evacuation of surrounding areas. The planning and protocols developed for handling such scenarios translate to cybersecurity contexts like tabletop exercises, incident response, and disaster recovery!

4. Mentorship & Real-World Guidance

Training alone isn’t enough! Career transitions are often smoother when you’ve got a guide. Experienced pros can offer advice on how to position your skills, identify the right opportunities, and avoid common pitfalls. Finding a mentor can be challenging, and many mentors bemoan mentees seeking only hand-holding. Mentorship programs that connect newcomers with veterans have the potential to be a game-changer. These could include internships and apprenticeships that approach information technology and cybersecurity similar to traditional trades.

5. Simplifying Certification & Training Choices

The vast number of certifications and training options in cybersecurity can be overwhelming! From organizations like CompTIA, ISC2, Offensive Security, EC-Council, and The SecOps Group, to countless boot camps, online labs, outdated books, and blog posts (including mine), the options are endless. There’s so much specialized training on niche topics like application security (AppSec), penetration testing, bug bounty, blue/red/purple teaming, reverse engineering, and malware analysis. What a mess that’s been created! Training should provide a straightforward guide that explains which certifications, skills, and lessons are relevant to specific career paths.

SOC Analyst: Start with the CompTIA Sec+ and then progress to more specialized certs like the CySA+ or Splunk after gaining practical, hands-on experience in the workplace.

Security Engineer: Begin with networking and security certifications, e.g., CCNA, Pentest+, or AWS, before advancing to options like the OSCP or CISSP.

A Call to Action for the Cybersecurity Community

Our industry's in desperate need of new talent and there’s no shortage of people who want to step up but the current training landscape isn’t set up for them to succeed. By shifting the focus to career transition, we can:

1. Make cybersecurity more accessible to people from diverse backgrounds.
   
   
2. Build a more inclusive and skilled workforce.
   
   
3. Empower newcomers to find their place in this field.

If you’re an educator, trainer, or hiring manager, think about how you can help make this shift happen. Create training that focuses on clear career pathways, foster mentorship, and emphasize practical skills over certifications and degrees. If you’re someone looking to break into cybersecurity, know that your unique background and skills are an asset. Seek out mentors, focus on building foundational skills, and don’t hesitate to ask the community for help!