How do I retrain in cyber security?

[CyberSecurityRoundabout]

I'm going around in bloody circles. Will someone put an end to my misery? 😆

I have a foundation degree in computer science but no actual work history other than I was Cisco qualified. But it's out of date now.

I deeply regret not sticking with cyber security and its time I get back into it. I'm in my 30s.

I live in a rural part of the UK so just looking at UCAS and choosing a course isn't helpful (was looking at doing a Top Up degree!) And Open University aren't doing their Top Up degree until next September 2023. I missed the boat.

I'm willing to invest time and money into retraining and was wondering if there was another industry wide recognised course I could do?

Yesterday I retook an old CCNA practise test for a laugh and passed. So I'm not over the hill YET!

But I appreciate it'll be hardwork but it's my long term goal.

Anyway, any thoughts? Remember I'm rural af (but looking to move closer to cities in the next 3 years! Can't afford it right now!)

Don’t let your age put you off! I started in cybersecurity at 35 with no previous experience. There are also some mentoring sessions run by a non profit called SheCISO, it’s worth looking them up on Linkedin.

You're an inspiration. You make me feel like I can do it 💪

Don’t have any advice, but I do wish this thread had been on the Mature Study and Retraining board, so it could have been useful to other people wanting to retrain!

www.mumsnet.com/talk/mature_students

Oh sorry @Edmontine I had looked in there and Back to Work but threads didn't have very many replies...

I'm happy with my decision to add it to Chat 😊

My chap works in cyber security and doesn't have a degree, just lots of experience. Try following infosec communities on Twitter to hear of opportunities. There's a lot of word of mouth from what I hear.

I started as an ISO27001 remote security consultant with 0 relevant qualifications (I had a degree in biology) It's nearly impossible to hire people so most companies will train you. A couple of Udemy or Coursera courses will show willing and should be enough to get you an interview at junior level. I did online courses for Security+, CIPP/E (data privacy) and ISO27001 auditor in my first year but didn't bother to take all the exams. I hated my boss so didn't last long.

Rather than focusing on qualifications now, you want to get in at entry level with an infosec analyst type role. Then once you’re in the door, be open and willing to taking any vocational courses they thrown at you. Some of the big ones would be CISSP, CISM, CRISC, though they’re not entry level and plenty of people work without them.

You also don’t necessarily need to be overly technical to work in cyber security. Infact, the higher up you go the less technical you need to be and the industry is still crying out for more people, so it’s not a bad time to get in and progress quickly if you have the aptitude.

Wow cool! Where did you find the role?

Not yet, dh has cancer now and I’m his carer. Other people on the course have jobs now. One woman a week to the day of finishing.

Oh my goodness fluffy, I'm so sorry to hear that. But thank you for the heads up - I'll have a look at that x

I found it on LinkedIn. Try searching for information security on Linkedin and look for consultant and analyst roles rather than engineer. Make sure you're up to date on current risks by reading trade news like ThreatPost and HackerNews.

Most of it is honestly just trelling people over and over not to use password123 or to send their login to a Nigerian princess...

Reminds me of the time I went into Waterstones and by the front door they had a display of little books with "passwords" on the front

I was like "noooooo" cue facepalm.

Meanwhile my mum said "what a pretty book. What a clever idea!" And bought one...

And even though I explained all the risks she continued to buy it because it was so neat. Pah

Best way to prove ISO27001 understanding? Or is (ISC)² the best way?

Thanks all 😊

Where can I find details out about this please

Reading a bunch of blogs so you understand the content and know that it's been updated this year. Mostly it's just common sense. They wouldn't expect you to have an auditor's level of understanding without training.

The norm text is behind a paywall. You can often find illegal copies or paraphrased summaries, but make sure you know for an interview that they are technically dodgy!

Thanks @StamppotAndGravy I just had a read and watched some YouTube videos as a refresher. It's all very basic and common sense isn't it.

I also watched a refresher video in SQL just to see if I remembered anything and all the database stuff came flooding back. So that's another string to my bow!

forgot how much I enjoy sql

Yes ISO is very much common sense and the great thing about the frameworks is that in most cases they are very similar across all standards so if you can read up on clauses 4-10 of ISO 27001 then those are pretty much the same in ISO27701 (privacy) and ISO 9001 (quality assurance) and ISO 20000 ( IT service delivery) ...... then you have the annex A controls which are about the security domains like access control, cloud security, physical security....

Honestly, I think if you genuinely like sql you'd be wasted doing ISO audits! I hated it because I wasn't doing anything technical. It's all reviewing documents rather than implementing stuff and really anyone who knows what the internet is could do the job. Do some SQL refresh, make sure you know how to use PowerBI etc and get some buzz words on your CV.

Is this any use? It's delivered by Capita but funded by U.K. Gov

https://content.capita.com/Skillsbootcampsforyou?utmsource=Social+media&utmmmedium=Facebook&utmcontent=Paid+media&utmmcampaign=DigiSkillsBootcamps-Education-Programs-EL-CPS-22

The cyber isc squared one looks good

I don't agree that being an ISO audit is something anyone can do, far from it.

To pass the ISO 27001 (information management security system ISMS) lead auditor exam and be able to lead a full audit in an organisation whether seeking certification or undergoing their 3 year re-cert, you need to

• know and understand all clauses of the Standard including Annex A controls and the technical implications of how these are implemented in an organisation
• be able to recognise and articulate any breaches and deviations from the standard (and that isn't always clear-cut on first review) which requires strong technical skills and decision-making as to the implication of any deviation
• be able to effectively lead a team of auditors and determine what you're going to focus the audit on (taking a risk-based approach)
• appreciate and have skills in auditing behaviours

it may not be everyone's career cup of tea but it is a prestigious role and can lead into many other information security role opportunities