Does anyone work in cybersecurity?

[YellowMoth]

If so, do you enjoy it? Is it flexible in terms of working from home, maybe reducing hours etc.? How did you get into it? Is it realistic for me to retrain and enter this field in my 40s with no prior IT experience? Assume I would have to do quite a few qualifications, work on a helpdesk first? Thanks.

I did a free course through Chichester College online. I was also at the same time doing another online course for free which led to some recognised qualification which people recommended

Never finished either one as it bored me to tears and decided it wasn't for me. But look for free stuff and boot camps, etc.

Any thing is possible, but with no IT experience it would be very hard. By the time you had the qualifications you would be competing for entry level jobs with graduates. Also the hours can be horrendous if an incident happens, you cannot just walk away from it especially as you progress through the ranks.

It's a big field with lots of different speciality areas. I work in information Security Governance, Risk & Compliance. I have a good overall understanding of the concepts and the technical security controls but don't have the skills or knowledge to actually implement them ie I know what type of Anti-virus is needed, but wouldn't know how to configure an Anti-virus tool for a global network of various types of devices.

My job is to take international standardised frameworks like ISO27001, NIST, SOC2, CyberEssentials.... make sure we have policies and procedures in place that meet those requirements, audit that we implementing those policies and procedures correctly and obtain certifications.

You need to really think about what your skills and interests are to answer the questions of whether you'd like it and if you'd be any good at it.

It's bit, busy, quick to change, often urgent and usually companies forget about it till stuff goes wrong.

I like it 5hough, and it's very flexible and 100% WFH.

Thanks, this is really helpful. It actually sounds like more the side of things I'd be interested in. I'm currently working in a records management role and have a strong interest in data protection. Can you tell me a bit more about the path you took to your current role - what qualifications did you need etc.? Thanks.

I didn't follow any kind of prescribed path, I started in call centre work, moved up through various team leader roles until I ended up in IT Service Management, that got me involved in ISO20000 which is all about Information Technology System Governance, that expanded into ISO27001 which is about Information Security and continued to expand. I now look after our Global compliance program which covers ISOs 27001, 9001, 14001 & 22301, SOC2 Type2, PCI, FedRamp, StateRamp & CyberEssentials.

I have no formal qualifications, all self taught.

If Data protection/privacy is your thing then look at CIPP/E
If you would prefer more of an auditor function then you can do ISO auditor or implementer courses, there are ISO frameworks for all kinds of industries so if you have particular sector experience then it's worth going down a specific route, for example 9001 is about quality management, 27701 is about privacy, 14001 is about environmental sustainability, but there are ISOs for lab work, mechanical engineering....

Once you have a good understanding of the frameworks the kinds of roles you'd be looking at for entry level are GRC analyst, Compliance Analyst, GRC auditor and a general idea of Entry Level salary is around the £35k mark.