How to make a mid-career change to cybersecurity

Once upon a time, people graduated college and entered their chosen professions, where they largely remained throughout their careers. That model has been eroding for decades, and the COVID-19 pandemic accelerated the trend. 

“The Great Resignation” saw many workers quit their jobs to seek pastures away from traditional metropolitan hubs to places like Idaho, Texas, Florida and the Carolinas, where they could work remotely. That led many to seek alternative careers, and a good portion have landed in IT and cybersecurity.  

Cengage Group surveys of those who resigned in recent years unearthed their motivations, preferences and priorities. Half of those who quit during the Great Resignation switched industries completely, and 21% moved over to tech, a larger percentage than any other sector.  

Career change to cybersecurity 

With cybersecurity jobs at such a premium, it’s no wonder that careers in this industry have attracted many from unrelated fields. What is especially interesting is the number of people undergoing a cybersecurity career change relatively late in their working lives. 

Take the case of Dara Gibson, Senior Cyber Insurance Manager at Optiv, who started her career working in education. Over time, however, she made a career change to cybersecurity. She utilized her educational background in designing cybersecurity awareness training programs. She also uses that experience as President of the Arizona Affiliate for Women in Cybersecurity (WiCyS).  

When people tell her they plan to quit their current jobs and jump into cybersecurity, her advice is to first look carefully inside their ecosystem, discover what’s going on underneath the hood of their own business and learn how they can learn about cybersecurity in their ventures. 

On a recent Cyber Work Podcast, she cited an example of a pharmacist who wanted to do a mid-career change to cybersecurity. Gibson quizzed her on her background. The person was well-versed in HIPAA regulations and Governance Risk and Compliance (GRC) processes but needed to figure out how these long-utilized skills might relate to her intended career path. Instead of resigning and struggling to pay her bills while looking for a new role, she found a HIPAA compliance officer role within her company.  

“She didn’t have to quit her job or leave her location, yet she was able to transfer into cybersecurity because she knew compliance regulations,” said Gibson.  

Tougher cybersecurity job market  

The job market can be challenging, with tech layoffs increasing this year. Many need help getting the attention of potential employers. Even those with many credentials on their resumes may face long waits between cybersecurity interviews.  

Gibson, for example, lost her position during COVID-19 as her employer was forced to cut staffing drastically. She sent out 700 applications without getting a single interview. Hence, her advice was to first look into your own ecosystem for career opportunities in cybersecurity before pulling the plug on your current job. She turned to networking to regain employment via LinkedIn and other avenues.  

“It’s not what you know but who you know,” she said. “Networking still plays an important role in any industry today.”  

She advocates the value of career fairs, too. They provide an opportunity to talk to the people that have open positions.  

As for resumes, her experience gave her plenty of lessons on what not to do. HR departments use algorithms that search through applications to find what they are looking for. It starts with the subject line. If the first line doesn't exactly match the job description, the algorithm often doesn't look any further. Therefore, she suggests paying attention to the first words of your resume or application to ensure it fits.  

Further advice: keep the presentation simple and standard. Avoid fancy formatting and visual images.  

“Make sure your application is just black and white rich text, as that’s all those scanners are looking for,” said Gibson.  

Broad options for cybersecurity careers 

For those planning a cybersecurity career change, Gibson drew attention to some false impressions people often have. Many believe, for instance, that cybersecurity mainly comprises highly technical specialists operating as part of a security operations center (SOC) or within a team of threat analysts.  

Those skills certainly play an essential role in the industry, but many other opportunities exist. The field is much broader than people realize. (See 12 common cybersecurity roles). 

All large businesses now have major cybersecurity departments. Every small business — even mom-and-pop shops — now must pay at least some attention to cybersecurity to avoid a data breach. Every single vertical has a myriad of cybersecurity-related opportunities available.  

Take law. Some firms specialize in cybersecurity. But many more law firms deal with data privacy, the legalities of network breaches and the responsibility of their clients toward data security. They don’t have cybersecurity as a specialty, but it plays a role in an increasingly large percentage of legal cases.  

Similarly, Gibson cites examples of English teachers, professors and professional writers morphing into cyber-related technical writing and documentation. Long-term health professionals, too, may find themselves heading toward the CISO role due to their expertise in HIPAA. Insurance specialists can suddenly be on the shortlist for cyber-insurance positions within tech or cybersecurity firms — or discover a great new career path within their existing insurance company.  

“You don’t have to be the tech guru that counts the zeros and ones or what they magically know how to do everything on the tech side,” said Gibson. “You can have a business, HR or marketing position focusing on cybersecurity. There are so many other avenues that people can get into.”  

Importance of learning new skills  

Learning new skills is always a smart choice for anyone contemplating a mid-career switch.  

“This is a great time to start cultivating new skills,” said Jeff Pollard, an analyst at Forrester Research.   

He suggests that people take the time to pursue a basic or specialized certification in cybersecurity. Alternatively, they can become more of a subject matter expert in their current domain and add cyber skills to their repertoire.  

"More skills give you more opportunities and more opportunities lead to better compensation," said Pollard.  

For more on this topic, watch the full Cyber Work Podcast with Dara Gibson.