To consider retraining in cyber security in my mid thirties?

[32flavours]

I have no experience in this field, but I do have a strong science background and a very logical brain. I currently work part time for myself and have two very young children. I'm craving a challenge though and feel like my brain is stagnating. Is this a completely ridiculous idea?

Not at all! We employ a former higher education languages lecturer who changed to computing in his mid 40s and I met someone last week who is now a Uni renewables lecturer, having been a consultant surgeon until his mid 40s. You're a relative youngster.

Do it! There is shed loads of money to be made here - and the industry will only grow, grow, grow.

That's all very encouraging, thank you. Would you say in terms of job prospects it's a secure industry to move into?

Dd did it. Job prospects are good. From my observations, the tech industry is quite fluid - lots of employment but don't expect one job to last forever. Aim to develop further skills as you go, remember you are managing your career, no-one else is.

If you want to move to Ireland our Government will need you - our Health Service was hacked 4 weeks ago by International cyber criminals and it highlighted how awful our government cyber security is.

Good lock OP - I would love to retrain in it myself but I have already retrained and kind of need to start earning in the last effort

Good luck!!!

@32flavours

That's all very encouraging, thank you. Would you say in terms of job prospects it's a secure industry to move into?

Are you kidding?

This is a sector that is so ridiculously understaffed. Threat actors and risk increases every single day, and the need for IT involvement in our lives will only grow.

Microsoft said apparently that at this very moment there are some 2.3 million information security roles that are unfilled.

Do it! All the very best of luck!!

@32flavours

That's all very encouraging, thank you. Would you say in terms of job prospects it's a secure industry to move into?

Rock solid secure - but also a career in which constant learning and development will be absolutely critical. What you learn today is unlikely to still be relevant this time next year as the industry moves quickly. But in my last 20 years in IT, I have only seen increased demand and desperation for good security knowledge/people.

It depends. Are you comfortable with:

• Lack of a structured path. There are many cybersecurity qualifications.And each of them presume background knowledge in a whole host of other things. Nobody will give you a syllabus and say ‘here, study this, then you can become qualified’.
• Boring and mundane work. 80% of security work is checking that people put the correct settings on things, correct file types, looking through pages and pages of log files for the ONE suspicious thing.
• Steep learning curve/constant learning. Not only will you have to constantly keep up to date on new developments but learning your trade requires many hours of practice. There is no substitute. And sometimes you will get frustrated and spend hours, even days on something that once you crack it looked very solvable.

Having said that cyber security (pen testing, security consultants etc) is very intellectually challenging and well paid. But only after a certain level. A lot of people don’t realise the sheer amount of work needed to get there and quit within a few years. Even within the industry a lot of highly paid professionals start as programmers or sysadmins ... before developing a strong security focus.

* you can guess my profession can’t you :D*

Also to add sorry if my message sounded negative - it wasn’t meant that way! It’s just that cybersecurity careers as marketed can be quite misleading and I’ve seen many people disappointed. The majority of work isn’t very glamorous and to reach the challenging part takes many years of work trying a lot of things. It takes a certain mindset.

Unlike something like web development which is more accessible

This is the industry I work in, across tech there are lots of people coming in for a second career and lateattates post is a great one, if your mind is set on this go for it, but if you just want the general tech sector their will be more accessible careers too.

Oh my goshhhhh do it!! So many of us talk ourselves out of retraining or changing career because we're 'too old'. Fact is, those years will pass anyway whether you're training or not so do what you want to do :) Mid-30s is still young!

Do it! It's definitely a growing area with massive demand. There's also a need for a diverse range of backgrounds and experience. Cyber security isn't just computers, it's people as well, and they need staff who can cover both sides of it. Having said which, anyone massively tecchy will be very welcome too!

@LateAtTate not at all, I appreciate your honesty. And thank you for the insight and encouragement from everybody else too. I'm not unrealistic, I realise it will be a lot of hard work. I guess I just need to figure out if I can balance that with 2 little ones.

If you want to go far, you need to be very sharp, able to think outside the box, and not be afraid to break the rules.

I work in Cyber Security - I get so many messages from recruiters on a daily basis it's nuts.

You have so many different areas - Risk, 3rd party risk, pen testing, vulnerabilities / security analyst, governance (yawn), security architect, access governance (Identity Access Management - IAM), security training and awareness, recertifying ISO 27001 / Cyber Essentials and other 'certs' the org needs to show clients... and writing policies and standards... the list goes on and on...

I did a BSc / PhD in computer science and have worked in IT since I graduated and Cyber Security for the last 15 years. I manage a team and they comprise of a range of senior people, junior people and we currently have an apprentice who's 18.

Yes, it is well paid and if you get a good company, you don't have to work stupid hours (I work in FS, very nearly 6 figures, 40 hours a week max) BUT.... it really depends on what you want to do in Cyber Security - Good Pen Testers seem to live and breathe it, are trying to break 'chip and pin pads they bought off eBay by meeting a bloke in a car park' on a Sunday night at 3am - they're exceptionally good and earn an absolute mint, but to get to their level, you have to do a number of very technical certifications (CREST - CRT / CCT) and potentially hold a Government clearance... You don't have to, obviously... but there are certain qualifications that companies like - same with CISSP / CISM which you can get by taking an exam and working in InfoSec for 5 years or more.

I'd certainly never be out of work and could (hopefully) walk into another job if I was made redundant - However I'll be honest with you, it's not overly 'sexy' and as a previous poster said, a lot of it is reporting - patching, vulnerabilities, fixing gaps highlighted in pen tests... I'm currently working with a colleague on deploying a honeypot and it's the most exciting thing I've done for ages.....

My ideal job would be running an animal rescue center - but I will never leave Cyber Security due to the high salary and job security. If you're craving a challenge, it's CERTAINLY challenging and there are a lot of groups for women in Cyber Security who offer help and support to anyone looking to get into the domain....

If you have any specific questions, feel free to ask

Yep, I've gone from call centre manager to Cybersecurity, no training just made a lateral move into the governance team and then started getting involved in everything and doing self-learning through google and talking to colleagues.

I've had 2 promotions in 6 months and have another in the pipeline, huge growth industry and very in demand.

@HalfShrunkMoreToGo I did similar - started in support and then slid into the development team 😂
To be honest it’s a lot easier to learn when you’re immersed in it as you pick up the core skills quickly. Then learn to fill gaps which is also quicker as you have a base understanding. Compared to starting from 0, which is like a huge information dump.

@32flavours there is no rush though, why not try out some of these resources for a taster:
Hopper Roppers academy (the best beginner resource I’ve found so far)
TryHackMe( learning ‘rooms’ which have information and then small exercised
Bandit/Hackthebox(some good challenges)

If you love these then you’re on the right track!

Also if you’d like to apply for a general job in something unrelated (like tech support or service management) and then go into cybersecurity as pp have mentioned - it’s a good option. I know people with random degrees including myself who have made the jump (film studies is a memorable one)...

*Hoppers Academy

Late had a good summary. I used to work in software on (for the last decade or 2 before retirement) cyber security products. One of the team managers had come in as a grad trainee having done an English degree, one of my colleagues used to be an accountant, and, though I do have a numerate degree, all the relevant stuff I learned on the job. It's easier now as there's YouTube !

A few years ago I was having a new product handed over to me, and daytime would be me typing notes while they said "It protects against X using method Y" ...

and evening would be me in the hotel room watching "X explained!" and "Deep Dive Into Y" on YT and writing notes for the rest of the team.

The ability to read and comprehend, and to look up the stuff you don't yet know, and, as Late said, trawl through 5 tons of logs ruling stuff in or out (while providing calm and reassuring replies to panicking customers or colleagues and not telling them to FO and let you concentrate) is not restricted to people with CS degrees.

How to get in though! Good question.

This sounds so interesting.
Ive been considering a move into IT, specifically cyber security and in my late 30s. I've been teaching for 11 years (not STEM) and I have no idea where to start!
Any advice? I'll look at the recourses posted already but and grad schemes to look at? I think a structured path would suit my circumstances better

@TedDansononmyown you might consider doing a distance learning MSc Cybersecurity if you want to get onto a grad scheme. There also may be adult apprenticeships. However because of how easy it is to self learn these schemes rarely take people on with zero relevant experience (they’re normally people who have been working in adjacent roles, being sponsored to do a degree).
Unlike however web development (where people can complete a 6 month boot camp and then get a job) there’s no such thing for cyber security.
There are quite a few career changer programmes though (and you have an advantage as a woman). While not technically cyber security they’re for general IT roles which will then make it easier to pivot.

I have no idea where to start!
Any advice?

Learn Python in your spare time. There are a bunch of free MOOCs (free courses) that you can use.

I only wish you were a ballet dancer asking this question!!
Sounds an amazing job though, I’d definitely go for it and good luck.

Not at all go for it