When I signed up to be a guest blogger for Cover6 Solutions, I didn’t know what I would write about, especially since I don’t have years of experience in cybersecurity in general like many others do. So I figured I could write about my journey from my first career in software quality assurance (SQA) to my second career in cybersecurity doing incident management support as my first blog post.
In the past few years, I’ve mentored some individuals who are interested in getting into cyber. When they ask me how to start in the field, I usually respond with a question of my own:
Regardless of the job, what do you enjoy doing and what are you good or great at?
I ask that question because cybersecurity is such a vast field. Think of it as an umbrella over a group of individuals, and each individual represents a specialized area of cybersecurity. If you’re able to answer that question, then it will help you to narrow down the areas you might be interested in learning more about.
Now how did I end up doing incident management support? Early in my SQA career, I took the CompTIA Security+ course because it was part of the certification track I was working on at the time. My instructor told us that if he was to start a different career, he would have gone into computer forensics.
Even before starting in SQA, I had a fascination with forensics, but I didn’t know that the field of computer forensics existed. It was that professor who gave me the “aha!” moment that led me to computer forensics. By nature, I am a very inquisitive person who is always asking questions, and I love investigating something just to get to the bottom of it. For example, when I was in SQA, I had figure out how to replicate a user error and its root cause in order to inform the software developers of how to fix the issue.
I had been working with a start-up company for 4 years before deciding that I would leave to pursue my studies. After I left the start-up, I joined another company while I prepared to get my EC-Council CHFI (Certified Hacking Forensic Investigator) certification, and I wrote to a number of companies to find out about possible computer forensics internships. Unfortunately, without experience or some knowledge, there were no opportunities available. I returned to SQA for a few more years until I decided to pursue a master’s degree in digital forensics. While I loved SQA and could have done extremely well in it, I really found forensics exciting, and I wanted to utilize my skills in a way that I could contribute to society and help fight crime on different levels.
I was accepted at my first choice of school and received my master’s degree in early 2015. However, during my graduate studies, I took a year off from working to raise my family. Half-way through the program, my program director submitted my resume for a job opportunity working as an Insider Threat Investigative Analyst at a federal government agency. However, by then I had given birth to another child and was raising a growing family, studying, and working full-time. Ultimately after a little more than a year, I decided to leave the government for personal reasons.
Then, after taking some time off, I returned to the job market. At the time, I was looking for a position doing malware analysis because that’s what I decided I wanted to do after taking a malware analysis course (it was so much fun!). For six months, I was not having any success and became unsure about my path. I went back to speak to my program director and she told me that that I was going about my job hunt the wrong way. I was fitting myself into a job instead of the other way around. She said that due to my lifestyle, the path I wanted would take me away from my family because of the demands of the role. I realized she was right; I needed to find a position that would give me a work/life balance and I knew it was out there.
Eventually, I found a great internship at the same time I was selected for another job, and I picked the job mostly because of the salary, even though the work was not really what I was looking for. Meanwhile, a friend of mine had given my resume to her colleague, who heard about my reputation as an investigative analyst at my first government job. The next thing I knew, I was offered a position at another organization doing incident management support, and I’ve been there ever since, progressing from Journeyman to SME I, and now to SME II Incident Management Support.
This position gives me a great work/life balance, and while I am not doing forensics, I still get to perform some investigations and try to figure out how the security incidents occurred in the first place. As my career has progressed, my goals have continued to evolve, from forensics, then to malware analysis, and most recently to threat hunting and security research (at some point in the future!). I’ve been in the cyber field working in incident management support for 3 years now. I really enjoy what I do and I’m grateful for all the wonderful support I’ve had (and continue to have) along the way.
Whether you’re just starting out or transitioning into cyber, it’s not going to be easy. There will be periods where you might feel down or that your career is not moving forward fast enough, but that’s okay! Your time will come as long as you have a plan on how to get there. When I transitioned, it wasn’t easy for me. I did a lot of research into figuring out which school I wanted to apply to for my master’s degree. I didn’t know much about certifications. I didn’t even know anything about cybersecurity! I still have a long way to go, but I’m happy with the choices and sacrifices I made to get to where I am today.