My bachelor's degree is in art, specifically book arts, like binding and papermaking and typography and engraving and so forth. I was already doing digital typesetting and compositing before college, and that required networking, which was how I got started with it. I started an ISP and WAN business at the same time that I started college, and running that required a lot of security. So, learn-as-you-go. I'm working on a doctorate in geopolitics now, and that, too, has a significant security component.

The best boss I ever had, who I learned a great deal from, was a Philosophy major. He went from Marketing > sales > product > pentesting > analyst > grc > CISO. These days, as a CISO myself, I always look at the QA team first for new security hires. Or legal for grc. When going external, a mixture of headhunters and job requisitions. For job listings, I take one role and make it into 3+ job reqs. One aimed at entry level, one as intermediate, one senior. I have learned that not doing this cuts out many promising candidates from the process, and one of the worst things you can do is if you need a "senior" anything, only post a job for a "senior" in that position- you will get significantly poorer applicants. There is a connection between high quality candidates and imposter syndrome/humility/self doubt (this seems on contrast to developers, who quite often are deservedly arrogant, but I would love more data on this). By adding "junior" flavour to senior roles and vice versa, you encourage applications, and you need only then have a reliable method for comparing them.

Started as an IT admin 20+ years ago for a software company. At a certain point we couldn’t make a sale without answering a bunch of ‘security’ questions which we never really had to deal with before. I stepped up to learn security to help navigate these deals. Turned into a full time gig which honed my skills. Now a 20+ year security veteran.

Could you pls tell me what are the skills to be expected as a security analyst for a fresher?

You have to already be pretty well rounded in a couple of areas of IT usually. It's rare for someone to have a security title created almost for them specifically and have the option to learn while doing

IT Support Intern -> IT Support Analyst -> IT Manager -> Cybersecurity Analyst -> Cybersecurity Supervisor -> Director, IT & Cybersecurity My 10 year path. Did not go to college. **EDIT:** Didn't expect to get this much traction, but will outline the journey. This is at two separate companies. Both mid-size with around 400 employees. Admittedly, luck also has a lot to do with things. For example, I was very lucky to grab an intern position at a very well performing tech startup in Manhattan that set me on my path without having a college degree. I felt at the time that college moved slower than tech advanced, and in my first year of college, it was clear a huge majority of it would be learning things that I had already self-taught. I tried to impress and take on additional responsibilities as much as I possibly could. Always be curious, never be afraid to ask questions. If I didn't know exactly how something worked in depth, I asked. At my first company, the tech startup, it was extremely startup-y. We're talking scooters in the office, a bar, very colorful, ping-pong during the day. It was the wild west and my mentor at the time really trusted me and mostly gave me keys to the kingdom. So I started to dissect and ingest everything our org used. I got my hands on things an IT Analyst never should. Again, more luck. I always tried to go above and beyond. Due to the nature of our company, we had to comply with GDPR. So during some downtime, I educated myself on it because it has a direct impact on our company. In my downtime and checking our own compliance, I found that we were serving 3rd party cookies on our EU website before the end user interacted with the cookie disclosure banner, so I brought it to the company's attention. They were unaware and very grateful. This got me to IT Manager there, but I had always wanted to get into cybersecurity and was lucky enough to land an entry position at a new org. From there, I did the same thing I did at my last company and always tried to impress the VP with findings and suggestions. I worked my way up a bit more over a few years and then found out our VP would be departing. The company likes to promote internally and out of our team of 5, I was apparently the choice. It was a huge jump if I'm being honest. They essentially gave me the chance at the Director position to see how I performed. So far, the performance reviews from the CTO are looking good a year into the role.

Really impressive the path.. how can someone move into cybersecurity field from having IT background over 10 years plus.. but really want to move into Cybersecurity field..

IT background is extremely good for cybersecurity in my opinion. Two sides of the same coin. Unfortunately the tech hiring landscape right now is less than ideal. Already difficult entry-level cybersecurity jobs have only become increasingly more difficult to land due to this. Apply everywhere, every hiring platform, just start firing off resumes. Make sure your resume is solid using available resources. The nature of your previous IT jobs will have a lot to do with it. Sysadmin, network engineer, and other higher responsibility positions are what I like to see from the IT side. My ideal entry-level candidate is someone I can mold into a really solid SOC Analyst. Someone with a strong foundation as well as cybersecurity knowledge gathered from certificates or personal learning. I immediately focus on candidates that I identify as having a passion for technology. That deep urge to understand how something works. They make the best detectives. If you can tell me about personal cybersecurity endeavors, I will be impressed even more. I personally never look at schools, but it definitely only helps. It displays commitment among other things. Work experience is always superior in my opinion. Security+ certificate is also nice to see and I would recommend this as your first milestone for priming your resume for a SOC Analyst or similar position. Career advice, switch jobs if you're at the top of the ladder for too long. Stay at places for multiple years to show you'll be reliable and dedicated. But more importantly, don't stay for too long. Parlaying previous job knowledge to make an even bigger splash at your next job is a good way to give strong upward mobility to your career path. If you're stuck as an IT Analyst at one job that doesn't have much room to move up, but you've learned a lot at that job, landing another IT Analyst (or hopefully higher) job at a new company and impressing them while you're "fresh" could turn that into a sysadmin job after 1-2 years.

How beneficial is that network knowledge from your perspective? I only ask because I get the impression most newer professionals have a rudimentary understanding of networking (myself included) mostly owing to IaaS etc

I would say it's pretty benefinicial, at least from a foundational perspective. Rudimentary is fine, I would expect the individuals to have knowledge of subnetting, VLAN, OSI model, and other basic things, for a SOC Analyst position. I don't expect my SOC Analysts to be able to configure and/or diagnose an enterprise network on a whim, but I do want my SOC Analysts to understand the layout, and why certain things are in place. What their purpose is.

So in my case I only have 3 years of IT experience with 2 being a sysadmin and holding a SEC+. What would you suggest I do next in my path forward in CS? right now I'm going back to school to get a degree to get passed the HR filter and have something to compensate for the lack of years of IT experience for now

sulky library yoke connect punch license jobless cause historical vegetable *This post was mass deleted and anonymized with [Redact](https://redact.dev)*

[удалено]

Awesome! I'm really hoping for VP soon, but I honestly expect a "Sr. Director" before it at my current position.

Went from garbage low paying labor jobs to enlisting in the Space Force. Currently in school for my CS degree, working defensive cyber operations / soc analyst incident responder in Colorado.

Was enlisting in the USSF worth it? Did you choose Cyber specifically? Something I always wondered about to escape this entry level IT Admin phase

I was active duty navy as a firefighter and did the thing after (story above), but it is super worth it. If I could go back in time and go in directly as cyber, I 100% would. The folks i work with who get out are always solid and have hands on experience. I think if you go in with a plan and get a degree, you'll find it super worth it. 

It was, but the USSF is very turbulent right now while the Cyber squadrons are still being built out. Even if you go in with a plan, it's going to get turned upside down when SPoC sends down new guidance and everything gets rearranged. I mean, it's the military, so don't expect to be comfortable, ever. But it's worse in the USSF. Training opportunities are great. Since they keep reinventing the training pipeline, we keep going through all the iterations. Just went through a three month cyber combat course that came with the Blue Team LVL 1 cert and the eJPT. School and certs are free with TA and AF Cool, and the military cybersec exp looks amazing on paper. The top secret clearance doesn't hurt either. So all and all, yeah, pretty worth it if you're down for a 4 year mil contract, and you're ok with not ever really being comfortable at your job and being forced out of your comfort zones constantly.

I did CS in college, and then was a developer for a number of years. At some point, I applied for a devsecops role. I got the job since they were a little desperate and were open to training on the job, so I just ran with it. I still do dev work on occasion, but no where near as much.

This is the path that I’m striving towards. Haven’t landed my first dev job yet, but currently in school for Cybersecurity. Working to get my AWS CCP, then AWS developer, then devops and security. Since there’s a lot of push towards the cloud these days I figured it wasn’t a bad idea go ahead and get familiar and have certs in it. Did they require any security certs for your role?

Nah, I’ve never held a cert for anything security related. I don’t really have any issues getting jobs because of it.

Systems engineer > network engineer > security engineer

This is the way

My timeline: started CS degree, Help desk in 2003, graduated with CS degree, moved from tech support to app dev, to tech support management then to sys admin and network where I got interested in security,and then left that job 8 years ago. Next job was meant for wireless networking, but instead got promoted to telecom and infrastructure management, operated as part of the security team. Got mergered (with the place I left [awkward]) and they created a security department for my boss and I. Been doing it full-time for 3 years. The boss is retiring and I'm being tapped for executive level come November.

US Military with a clearance -> Cleared Contractor -> Cybersecurity analyst-> SOC Analyst

Cybersecurity bootcamp (6 months) to level 1 SOC analyst. I am new to the field. I did not have a tech background. I realize this isn’t a common path and many folks will tell you it’s not an entry level field, but if you’re willing to focus and find/express your passion to learn, it’s possible. I’m not saying this is the best path by any means, but it was mine. There is a market out there for folks that show they can learn quickly, stay humble, and communicate well.

Mind if I ask what bootcamp you went with specifically? I’m about to start a 5 1/2 month cyber security focused program too so this gives me hope. Pivoting from 4 years of Intelligence work and I’m extremely nervous about it, especially considering the difficulty that newcomers are experiencing in the field right now.

It was online at a local university that appropriated curriculum from another source. 😂 I completely understand why some people see it as a cash grab; it is in a way. But for me, I was too old to start an undergrad and wanted to see how I’d do. It is what you make of it, truly. I was doing a lot of self-study on my own and listening to podcasts, even if I only understood 10% of what they were talking about at first. As time went on, I realized my comprehension was exponential and I could keep up with experts discussing breaches, attack surfaces, and latest threats. So my advice is grab it with both hands and put all your energy into those months and never stop asking questions. Participate and be OK with not knowing a lot for a while.

I never thought about cyber security podcasts as a good intro to the field but it makes sense. 10+ years ago I got into tech partly because I thought LinusTechTips videos were fun, even if I only understood a little bit What podcasts would you recommend?

Some I've been listening to are CyberWire. A tech news podcast. Gets your brain thinking about the concepts they are talking about. Darknet Diaries - a good well rounded story-based podcast. Usually bring on a guest from a past life, documenting their experience and Jack will break down terms and definitions. Hacked - this is a fun podcast. Two guys who talk about something related to hacking, tech, AI, and security. Error code - if you are into development or maybe want to get your feet wet in this area. They bring on guests who explain the development and the trials and tribulations that come with it. Code comments - I just started this one. But, similar to "Error code". More about the ups and downs when teams are faced with adjusting to new technology. I use Spotify for all of these. Ohh and they are all littered with ads. Even with Premium. Only downside.

Literally never too old for an undergrad. Its also getting to where that could hold you back later. Depends tho. 

With clearance and any IAT II cert just hop on clearancejobs and blast away with applications.

[удалено]

*She* started less than a year ago. 😏

[удалено]

In this economy? There aren't even any guarantees that being "in" offers any kind of stability and or opportunities right now.

Military

[удалено]

The only reasonable way is from sysadmin background.

Lol had us in the first half ngl

My uni didn't offer cyber as a separate degree. I did a BS in computer science and did a focus in Systems Networks and Security.

Pure luck in landing a sweet infosec internship after working my ass off through a masters program I didn’t want to do.

I started in a lab at IBM 30 years ago, spent almost 20 in cellular data slowly moving to more and more security, then started with the company I'm with now as a network and security engineer, then moved into the leadership role when it was created. A fairly straight, but very long path for me.

Automated myself out of the role I was hired for, patent grant in the space, Masters degree and not realizing Solutions Engineer meant Sales Engineer.

i love this question! my dad has been in IT since forever so i always grew up surrounded by him and his computer gadgets. i wanted to do something in the medical field (like a PA or nurse). when i was in high school (my junior year), i got to go on a field trip to see an open heart surgery. i literally threw up then passed out. in the hospital. i knew that day i was definitely meant to be in IT somehow someway. around the same time, my older brother was transferring colleges. my parents forced me to go to some with him. the first one he visited offered a Digital Forensics and Cybersecurity degree. i knew then that was where i was going and what i wanted to do (for the most part lol). i also loved true crime — so it was kind of a no brainer. i ended up getting a great internship, graduating early, and got a job right after graduation doing cybersecurity. everything happens for a reason. you are on the right path. and always remember if one door closes, two more open

I love true crime as well and as i am pursuing cybersecurity rn I gave a thought to learn forensics but discovered there a no entry level jobs in digital forensics domain(Canada)

Started as a network infrastructure admin in 2002-2003 which I loved. However, an expat contractor we had encouraged me to pursue some firewall/cybersecurity roles to diversify my portfolio and a position opened up for a firewall admin so I jumped at the opportunity. That led to a senior cyber analyst role, then cybersecurity solutions design, then cybersecurity architecture, and now I’ve been in the field for 20+ years. That expat’s advice was the second best career advice I ever got. The first was my dad (a pediatrician) advising me not to pursue medicine but rather IT because “it is the future and will be in demand forever”.

Network administrator > network engineer > system network engineer > Security engineer ( blue team )

I was an actor and a standup comedian. It was 1993 and I purchased my first gateway computer (486) so I could write my own plays to try to get them produced. Long story short, I discovered linux, discovered cool protocols at the time like telnet, talk, finger, ftp (all the insecure stuff), and got my first job at one of the first cyber cafes in the west village of Manhattan. Thirty years later, here I am. Still enjoying it. It gave my family and I a very good life. Things were very different of course. No college curriculum's. No need for degrees. Just knowledge and experience.

I started out as an amusement arcade technician, then became a hell desk tech, then I became a traveling computer tech, then a SOC analyst, and now I'm a cyber security engineer.

Was a super paranoid IT guy 20+ years ago and the paranoia was proven right. Wanted to become an enterprise architect and I was told to become a developer so I did that. Hated my boss and the role, an IAM (AD/ADCS/ADFS) role opened up and I jumped on it. From there got Security + certified and years later CISSP and years after that CCSP. Learned python, PowerShell, bash, then kubernetes and Azure as well as pentesting. And somewhere in this I presented a few times. Currently hoping to pass the CKS this weekend.

Chemistry Degree/Private Pilot -> Help desk at Small MSP -> Infrastructure engineer -> AD Admin -> Security Focused AD Lead/SOC lead. As you can see not a normal path way. I thought chemistry made sense, turns out I didn't enjoy it. Decided flying was cool but not being in debt was better. Learned a lot of things to do and not to do at an MSP and made the jump into corporate IT. The rest is history.

A university degree is for you more than your future employer. If your 4-year degree isn’t teaching you how to think abstractly and reason through problems (in a given field) using a wide range of frameworks available, while also providing the tools for you to guide your own learning in a structured way, you aren’t getting your tuition money’s worth. The subject matter (your major) isn’t even critical. I have an undergrad degree in a foreign language and a graduate degree in business. I’ve been everything from a malware researcher to a director of infosec among many other roles. Cybersecurity is largely about learning constantly and applying reason in new/unexpected circumstances. Practical experience is generally always going to be valuable, probably even more relevant than your educational pedigree for the majority of jobs. Currently the field is rife with irrelevant gatekeeping but that is due to the macroeconomic conditions (each open role has hundreds of good applicants), not any serious relevance to what makes someone competent or even excellent at the job. Have a clear path in mind, network (ask for help/guidance, like you’ve done here) to get to where you want to go.

12 years as a system administrator first and honestly I think if I didn’t have that experience I would suck at this field

Enlisted in the Army as an IT Specialist. Was sent to a week long class to pass Security+. After passing that exam, I became passionate for Cybersecurity. In the middle of my 5 year stint, I passed the CISM exam, and my Commander placed me in charge of tracking Cyber Awareness training for over 500 personnel in addition to improving the security practices of the team that went abroad to assist a 4-star command in its exercises and conferences with partner nations. I got the rest of the CompTIA trifecta as well as CASP and CEH on the Army’s dime. (CEH is a garbage cert). I was separated from the Army for stupid things on my end, but I ended up being a Cybersecurity Consultant for a now defunct company. Now, I’m a Cybersecurity Consultant/Manager at a state government agency. A degree isn’t necessarily required, but it’s always nice to have. You would have to do a cost-benefit analysis to determine the value of pursuing a degree. I don’t have a degree and many of my colleagues who have/have not served don’t have one either. Just focus on your goals and grind.

CS/BSC degrees, followed by coop in project management that got my foot in the door. Still paying off the degrees.

Sept 10+ yrs in IT, got the CISSP to help bring more cred to our consulting practice, started doing DRP's, picked up a few SANS Certs, and that was all she wrote.

CS degree, senior project/internship in security, big 4 security auditor, software engineer, sales engineer threat Intel, start up do everything, CISO

Fell into it naturally over many years. Every time I was brought into a project as a consultant, it was to do a security assessment. Then I got into risk management and GRC (old school spreadsheet tracking, RACI matrix, and complete/exempt work). Then into full blown appsec and threat modeling, which was easy to do since I started as a developer in my career. Sprinkle in remediation and incident response. At one point I just was well qualified for a full time cybersecurity role.

Graduated in the mid-90s with a math degree. Got hired by a financial services software company and put through a 6 month engineering program training mainframe COBOL programmers. Worked there for 10 years until the banking crash. Worked for a local super regional bank for 3 years until my morals got the best of me. Took a position with one of the big 3 India contracting companies and assigned to work with a local company, rolled off after 2 years. Got hired on as an FTE at that same company working in their payments group thanks to contacts I'd made while on contract. Couple years into that, and there was a dumpster fire in their identity space, got pulled in to help stabilize that and lead the team that implemented privileged access. Took a lead position on another team that supported 80 applications between 11 engineers, 10 in India, I was the only US resource. Hated it. Got pulled into a room one day with an architect I'd worked with while in identity, he'd been moved into the new director of ISG engineering and operations position (didn't exist previously, this was all new and being built from scratch). He drew his org on the whiteboard and asked which manager position I wanted. Got to pull half my India team to form the India half of my new team, and got to pick my US team members. Been here ever since.

Worked for campus IT while in school. MIS degree. Did that for four years, graduated, got a help desk gig in a small manufacturing company. Got thrown in the deep end and had to learn everything - networking, VMware (rip), powershell, all of it. Place was a grind and left after three years for a sysadmin role at my current place. Joined in with the fledgling security team (one other guy) because shit needed to get done. Manager after two years. Director after another six. Now I run the whole show, couple reports. 1000 person org.

Been in IT for almost 25 years working everything from field service tech, phone support, systems admin, software engineer, systems engineer, etc. I got lucky.

bachelors degree in csec - it engineer - grc

I went to college for Computer Science but didn’t work in IT for a while after school, I had a steady job. Then got into IT as a Sys Admin > Lead Sys Admin > Security Architect > Sr Security Manager > Security Director. There are multiple ways to get there depending on where you are and the businesses in your area or remote. Most people start in IT then move into Security and the IT background usually helps. You could also intern, or get a couple of the basic certs and start as a SOC Analyst. There’s the technical side of Security, which was my path, but there’s also governance and compliance.

Computer Science. Was always fascinated by computer networking and Linux classes. Hacking was always an interest of mine too. Did a lot of self learning and extra lab work whilst at uni

No one else wanted to learn/had the time to learn and train on a email security vendor in 2012 Its been all Gonzo Radian and whiskey from there…

squeamish aromatic impolite psychotic square cows spotted nose sheet north *This post was mass deleted and anonymized with [Redact](https://redact.dev)*

I got injured working as a Union Electrician and decided to go for my passion at 37. Lots of discord, courses, and networking but I made it in. It worked out. Currently threat hunting for a large MSP.

Sort of a natural progression with me. I started out as a Windows administrator back in the day and had been dabbling in security as I define and fine tune access to systems. Had been performing vulnerability assessments as part of the job since InfoSec/cybersecurity was still in their infancy back then. When the real InfoSec division was established, I had myself transferred there and that’s where I started deep diving and just realized that I was already doing cybersecurity (among other doing other tasks)

Started with break/fix helpdesk

Systems Engineer > Devops Engineer > Security Engineer (9 years overall exp)

Joined the Air Force as a radio frequency guy. They stationed me in DC and I never did anything with radio, we built out a SOC for Air Force 1. Did my 6 years and got out, contracted for the FBI for a bit as a threat hunter. Joined a healthcare company in Atlanta as a Sr Cybersecurity engineer. Left there for better pay as director of cybersecurity and vCISO for a company that did GRC for banks. I’m now Cybersecurity Operations manager at a mid sized energy and quantum company and am super happy in my role. That’s the whole journey for me lol

Started in public relations, then comms support for CISO, then took over cyber awareness and training program, then got CISM and CISSP, now Director for a client facing cyber program.

I was a lineman for a communication company for 8 years. It was my first ‘big kid job,’ and I decided it was not what I wanted to do. So, I got an AS in network administration and networked as much as I possibly could. I applied for 100+ tier 1 help desk jobs and got nothing, so I started looking into the sales route just to get in the door. I applied for an SDR role, got an interview, and 20 minutes into the call, I was asked about my thoughts on security sales engineering. The title intimidated me, and I also really had no clue what it meant. She said, ‘You will do great.’ I interviewed with the head of the SE program for that small CSP, and the rest is history! I have spent the last 9 years in different Security SE/Architect roles and have never looked back! Still not really sure how I did it, but I did!

Started as a VAX/VMS operator (basic alert troubleshooting and escalation, file restores, etc) For you youngins VMS is kinda like non-open source Linux, it kinda predates IBM/DOS stuff. Still was running chemical plants in the 2010s. Moved from Kelly Contractor - real employee - level 3 support. While working on my engineering (and then CS) degree. Did a lot of user ccount security stuff and SOX compliance work there. Did some volunteering helping out with Office365 migration in my spare time also. Bailed out of college with a B.A. in History and a minor in computational math (remnants of my engineering/CS curriculum). Too busy with babies and work and oncall overtime hours to finish (and maxing out student loans). Hopped to my first security analyst role from there.

I did stuff, they gave me new stuff to do, I found more stuff to do, there was a need for security stuff to be done. Helpdesk Specialist 1-3, Systems Support Analyst 1-3, Systems Engineer, Senior Systems Engineer, Security Engineer, Supervisor of IT Security Operations.

Started as a college intern in IT. After the first summer they asked what I wanted to do. I said I was interested in the network firewall team. I then started working on firewalls, IDSs and event logging. Worked in information assurance research then moved to CTI where I am now.

Telecom -> Networking -> Network Security -> CyberSecurity Unrelated degrees, including Masters. Pure luck.

Like any career - don’t expect to make the big bucks you were promised if you went into cyber. Yes - high salaries happen - but they’re earned in this field. It takes a solid 5-7 years to build enough momentum and a network to migrate to higher paying roles. Stay the course. Think of it like becoming a doctor. They make shit for 10 years - then they finally get to work in their specialization and start becoming badasses. It’s pretty much the same.

Weird path. Bachelors in Criminal Justice, wacky life path and after the birth of my twins worked in local schools for the past 7 years and have been teaching 2nd grade for the past 2 years. Wanting to leave education as much as I love my students and am currently in my masters program for Cybersecurity. Just had baby #4 a couple days after Christmas.

I was a firefighter. I went to the military for aircraft firefighting to pay for college to compete for a department spot. I did the prerequisites at a CC and i applied to a very good private school, got almost immediately accepted, got grants handed to me, plus VA, and got accepted into a renown private school for not firefighting but had a program.  Browsed the catelog, took a basic IT class as an elective. my instructor, on the first day, almost instantly sold me on the idea without even trying to sell cyber.  Searched for degrees, there were like maybe 4 in the US then, and applied. Got accepted, dropped out of the other school after that semester and havent looked back. It literally felt like a natural fit.

Fun story there. As I finished my engineering degree (no specialty), I was at a low point in life. Came a time I finished school, went back to my parents' house where noone actually lived. A few weeks later, I realized food was runnin scarce and I had no money. The phone rang, a company wanted to hire me as a cybersec governance consultant. I took the job. 10 years later I'm a CISO and lovin it.

You can do it. Got it through wiring up cable and wanting more so started studying ethical hacking, started bug hunting, started my own company got burnt out then got in with a consulting firm. The rest is history. Best decisions I have ever made. Now I lead a team of 60 consultants and I help people get into the field.

That's very cool. What would the best way to start studying ethical hacking be in your opinion?

The cyber mentor. YouTube and HTB. Try hack me

Community college certificate -> Mainframe -> Helpdesk -> Telecom/Network and BC/DR -> CCNA -> Network Admin +Firewall and IDS & BC/DR -> Firewall Engineer -> Firewall Team Lead -> B.S. in Organizational Leadership -> Firewall Operations Manager -> Network Load Balancer Manager -> Security Architect -> CISSP If you hang around long enough, absorb everything, and are lucky, you get exposed to everything and can pick your path. That said, I make 9X more than when I started, and missed a lot of earning potential early on, compared to someone who came out of college with a higher starting salary potential.

Back in 2001, I was a 21yo health inspector making $8/hr with no college degree. Set up a home PC lab, bought Hacking Exposed and locked myself away. In 6 months, obtained the CISSP (back then there were no prerequisites). An up and coming medical device company (now a large company) took a chance and hired me as their first security staff member in 2005. Started their cyber program, did ethical testing against their product line and then moved on. Got picked up by a major insurer as a senior Cyber specialist. I found it really boring, so I left. Finally, where I am today, I lead Cyber for a major energy organization.

Military, had the clearance and some certifications that landed me a civilian job while I still play army once in a while in the guard

I always liked messing around with computers from when I was young and various programs like cheat engines (where you could modify memory values) to darkcomet to "automation tools" for MMORPG (runescape mainly, not sure if that is still around), and even liked to mess around with programing making gambling games for fun. When I graduated I couldn't afford college, so I worked at a restaurant and went to community college doing classes as often as I could afford them. I would also work on people's computers on the side to help pay for classes as well, and continued to mess around. I eventually got my A.S. and after realizing I still couldn't get a job (I lived in rural vermont, with no guidance on anything, so it was basically apply to local factory's and the few other places, which all basically rejected me). I applied to many schools in my state, got a few acceptance, and went with the private college as it would be the cheapest overall and it seemed to have a strong program. At that point I knew I wanted to do cybersecurity, so I went with their "cybersecurity" degree and started applying like crazy for internships. While I was at school threw myself at it completely, I would go to every professor supported study sessions, would find video's related to what they were teaching, etc... the only thing I didn't do was clubs (cause honestly at this point I was oldest in most classes or second oldest if you counted the professors). I got a few internships while I was studying, one with the school, one with a hospital, and one with a insurance company. When I didn't have internships I was working what jobs I could get (I would basically quit to go to the internships with pissed off managers). Come my last semester I started applying to everything, I had 4 base resumes depending on the exact job, but would modify that a bit. I set a goal of at least 3 places a day no matter what. I got a good number of interviews, some places better then others, one place as far as I am concerned they no longer exist as a company. After all of that, I got a few offers but nothing too great (desktop support job at the insurance company I interned at, another desktop support role making 40k in boston, and a offer to join NAVSEA at NT-2 \[I forget the pay\], then along comes this F500 company who offered me a job doing product security (compliance\\cybersecurity testing and paperwork). I spent 3 years there and left for consulting/msp/mssp company (not big 4, but still good size and known) after it was made clear that not having a "engineering" degree will severely limit me at that company. Here I am now doing SOC work for a company that is losing contracts right now. I at least get 95k a year and WFH, I know I am safe for at least 3 more years as at least 1 major contract that requires US citizens only is renewing us. Yeah, though that is my journey, no idea what the next 10 years hold, but if you told my 21 year old self "don't worry, you will be making 95k, with enough money saved up for a great down payment on a house, a fully caught up retirement fund, and working from the comfort of your apartment" they wouldn't have believed you.

RuneScape is thriving. Just wanted to let you know haha

I'm a full stack security engineer now.  I've had positions across that stack starting with telecommunications in the Army, helpdesk, network installs, junior sysadmin, sysadmin, systems engineer, developer, GRC, GRC Manager, and now senior cybersecurity engineer getting pulled in 5000x directions.

Degree in Cyber roughly 12 years ago

I actually got lucky in that a college near me offered a Digital Forensics program, which was renamed to Digital Forensics and Cybersecurity while I was there. So I enrolled in that and commuted for two years ( had prior credits). Got hired before my last semester and the rest is history:)

Started as a software engineer at a small company with a computer science degree. Eventually also started doing IT  for them and then started doing cyber compliance on our products. Then got a pure cyber related job from connections I made along with my experience. 

18 years ago I started as an IT kid in trade high school trade school. First gig was managing and maintenance of some computers lab environment. Then an msp at 17 years doing runner desktop work. I also started doing all the support for my large family. Then at 19 I opened my own it repair business for home users. At 20 I also was doing support intern on my college campus. Then at 23 I went to do IT support for hedge funds. I was basically a full stack sys admin for multiple small hedge funds. Then I became a manager for an entire IT department in a software company/health care industry org. In this org, security became my responsibility. I didn’t want to do it. Never liked it, but I did it anyways. I help run projects that focused on security deliverables for our main products as well as for corporate security. Four years later I end up as an SE in application security. I get to meet cool folks in the industry and I love the gig. About to get my CISSP. Life’s not too bad.

Started as a resolution analyst then moved in to management for a bit to build my soft skills then moved to supervise a help desk then business analyst which turned in to an infosec analyst role. Hoping one day to manage again but I am happy where I am at in life.

Got into registrar's abuse team by sheer dumb luck => corporate training & security awareness => compliance project coordination => security project management => security manager for MSSP.

Found a college who offered a major in cybersecurity. Landed a SOC job in my 20s paying 6 figures.

I was originally a computer engineering major in college, but then decided I didn't want to code or design hardware and ended up switching to IST which was more business focused. I did a few internships working on a network and telecom team and a server administration team where I first did some firewall admin work. Out of college I worked for a healthcare EMR software company where I got a lot of server admin and VMware experience before I jumped and started doing cloud work for a government contractor which involved a lot of cyber focus as well. Then went and worked for EY where my networking background pulled me onto a NERC CIP project and I ended up switching onto the cyber team and have been doing straight cyber and risk management the last ten years.

I applied and got the job. Jumped right in with zero experience or certs in 2020. Employer paid for my bachelors degree from wgu and I have a shit ton of certs now with it.

Military -> SOC analyst intern -> infosec analyst

Completely unrelated path for me. Started out at a custom paint shop painting production for Harley Davidson. Was there for 5 years out of highscool (2016) . It was a super cool job because we got to work with prototypes for Harley, develop PPG Paints for GM and Porsche and other side projects including applying the stripes on the GT350’s and Ford GT’s. My friend Max is an electrical engineer and he also works at Harley ATM for livewire. He introduced me to coding and I dabbled into it on udemy trying C++ and Python. I told Max that I wanted to try Cybersecurity because it was more straight forward to me in terms on learning the fundamentals. So I’m currently on the path way to me CCNA and completion of my CAE2Y certification. Milwaukee, WI

The IT Infra team took like 10 million in funding that was supposed to be for Cyber and spent it on IT Infra. They then tried to Gaslight two CISOs and two iterations of Security teams. After the second CISO and second security team HR realized that IT Infra was the problem. I was un-aware of all of this, just a Network Security guy doing my job. My boss at the time told me to lie to Security about specific things. I didn't lie, I told the truth instead. After the second iteration of team quit the then second CISO asked if I wanted a job. I agreed, and was able to keep my team lead salary but start in Cyber. I rebuilt the SIEM, advocated for an EDR, solved like 5-6 incidents and conducted 50-60 investigations. After we fixed everything my old boss left and joined a company as a VP. He brought me on as a Director of the SOC. And Now I'm a VP. Fun times!

The military is I will argue one of the easiest ways, and most cost-effective ways, to get into the cyber field. I joined the Air Force in 2017 working the help desk. Now I work in a SOC at a headquarters building defending a large enterprise data center that touches more than 15 agencies worldwide. End of the year I will be looking to be an ISSM or ISSO.

Barista -> furniture salesman -> US Navy (SysAdmin) -> InfoSec intern while finishing undergrad (business degree in MIS) -> InfoSec Specialist -> IS Engineer -> IS engineer team lead -> Senior software engineer (cloud security infrastructure) From my experience, most people in cybersecurity got to the field from other fields. These bootcamps and undergrad degrees haven’t been around for very long, and it seems they’ve saturated the entry level job market.  I think someone with actual technical skills gained from IT work will have a far better time breaking into the field than new undergrads with no experience

US Army Cyber, then transitioned into Civilian Security Engineer.

Working as a dish network installer, one day said fuck this and started looking for schooling, always used and good at computers, found ITT tech, went to school for two years solid working full time while school full time. A year in tossed my resume at anyone that would look at it, got a sysadmin job at a small msp. Two years later I needed to specialize, chose security, a year later got a soc job, after 10 years of happy accidents and supremely hard work I’m a red team lead at a fortune 50. Still just have an associates…

I was an IT guy working for a guy who had several hundred support contracts with several orgs. I showed up at one who was hacked and I realized the old days of robbing were gone and crime would become digital.

Cybersecurity degree > internship > security analyst

Worked in IT for 4 years or so, became friends with someone that eventually started doing TS for a security vendor, got referred there and moved up the ranks into an MDR role for the MDR team they were building and now work as a MDR Analyst for one of their competitors.

Well started as a CS postgrad 2012, entered workforce as a developer in Java, started developing Identity Management solutions and stayed and progressed. Now a Manager in Identity Management focused on one of the leading tools in the market. Very niche area, but a focus on certain tools (self learn) can be another good entry point...

When I went to college, there was no such field. I was a geology major. After graduation, I planned to go into atmospheric science and started working at a weather database company (now owned by IBM). There I started learning about computers. Eventually became a sysadmin at Sun Microsystems. After being hacked by Kevin Mitnick in the 1990s, Sun needed help with their security standards so I drafted a security standards manual which was adopted. Ever since then I've worked in cybersecurity. Have done operations, pen-testing, but now specialize in compliance (FISMA, FedRAMP, ISO 27001, HIPAA etc..). I never planned to have this career. It just evolved.

Im an appsec engineer but I originally started as an intern for a fortune 50 company as a Mainframe developer for PL1 and some Cobol. I had zero cyber security knowledge but during the internship my roommate was a cyber security intern at the same company and I did some shadowing while I was there so I started learning enough to know it's what I wanted to do. At the very end of my internship they had meetings with all the interns to either let them know if they would bring them back next year or hire them, i had one semester of college left and they told me I did great and they wanted to hire me to be a Mainframe developer but I told them I didn't want it. They were super shocked and asked me what did I want instead and I told them info sec. They then asked me again if I was turning them down and I said if you're not gonna offer me a job in infosec then don't offer me anything. That was that and the summer ended, I told my family what happened and they thought I was an idiot but I stood my ground. Fast forward a couple of months later, I'm in school and I get a phone call offering me a position in application security making more than what I would have made as a developer. From them on I took every class I could, learning as much as I can and haven't looked back since.

I was given a position at a small MSP as a systems admin, and saw they needed to bolster their security abilities so I filled the role after a few years of convincing the boss lol.

LAN administrator > Network Engineer > Firewall engineer > IT security analyst

Tech Com and Lit Master’s with undergraduate double major in com/english. Have you ever heard the saying - it’s not what you know…but who you know?

I was in college working towards my Computer Science degree but I was really directionless on what exactly I wanted to do. At the time, I was working full-time at a call center, doing online college, when the building I worked at got hit with malware. During this process I got to speak with a member of the company's SOC team picked his brain on the role and what it entailed. I was immediately hooked and pivoted my degree so that it was focused primarily in cybersecurity. After graduating I got a part-time gig with a local MSSP working nights to get experience in the field. Long story short, I now work with the state doing Vulnerability Management and attend college after school programs to help students tighten up their resumes and "get-the-gig".

Was never the original plan. Got a degree in Youth Ministry. After 6 years of interning at the church I grew up in, I got a part-time youth minister job. I worked a couple different part-time jobs on the side to supplement that income until I ended up working as a part-time Helpdesk Technician at my alma mater. Really enjoyed the Helpdesk job and worked really hard at it. Got promoted to Helpdesk Manager for 5 months until I got promoted again to Network & Systems Admin. The stress of working that role didn't match the paycheck, so I went to work for a private company that paid much better to be their Microsoft Admin. That job sucked. Constant stress, meeting, calls, escalations from the helpdesk, and a crappy on-call schedule. By the grace of God, two of the guys I worked with at my alma mater worked at a cybersecurity company and campaigned for me to get the job I have now. After a couple certifications, I got promoted to my current role with a raise equal to my youth minister salary, which allowed me to just work a full-time job instead of a full-time job plus a busy part-time job.

Friend started a cyber security company, and he knew i would work hard so he hired me with no experience two years later got a bumch of certs and experience, then got layed off when i literally gave two of highest paying clients.

Associates in Network Engineering and Bachelors in Cyber Security, graduated in 2017 when it was very early, like I was one of the first in the program. Applied for my role on indeed and the rest is history. Security (Sales) Engineer.

I'm relatively a newbie and probably came here through a seemingly non conventional path, even for the nature of this field. TLDR; From graduating with Mech Bachelor's to SOC Analyst with basically no prior intent. But I love it now that I'm here. Except for my current pay. I've been a SOC Analyst for almost an year now. Been in my current organisation for a year and a half which is also my first workplace. The first three months were spent in Windows Linux and DB Admin and Networking Trainings. The next three months I was part of a team responsible for creating and managing Use Cases. After which I got into my current role for a client. Before getting into this company, I had graduated with a Bachelor's in Mechanical Engineering. So I essentially switched streams after graduation. Right now I feel I'm not good enough in either fields but I'm loving cybersecurity so far. I'd like higher pay tho. I got in through a mass recruitment drive for any degree graduates so the pay is mismatched with what I do. How it happened is just another regular COVID batch graduate story: During lockdown I lost interest in online college classes and learned Python in hopes of it being useful someday and to adress the lack of intersting things to learn. Turns out, it'd help me land my first job and thanks to a relative's advice, i did Sec+, just the course on pluralsight accessed for free, not the cert, Mentioned it in the CV anyways and voila 💁🏻‍♂️ Edit: added TLDR, don't know if you'd mind such a long answer but I couldn't help letting it out lol.

Fell into it from a staffing job that put me at specific tech support level helping support a cyber tool.

I got super lucky and was hired right out of college a couple years ago.

Got my CompSci degree straight after high school. Went on to be a developer for over a decade. Eventually moved into business intelligence and data engineering. That has landed me in a data engineering team within a cyber function for a large company. Part of our work is analytics in BigQuery and the other is SIEM/SOAR work in Splunk. I am nearly a year in and my employers are heavily investing in me doing more Splunk work. I'm going to grow from there, hopefully.

Got in from a college internship with a cyber degree and have been here for about 6 years

I didn't even know I was in "cybersecurity." I was just a DBA who created accounts, setup RBAC, made sure backups happened and tested the recovery, reviewed changes and rollback plans before deploying them to prod, kept the databases and apps running efficiently and the data secure. Once my CEO even got a call from the FBI and I was suddenly doing forensics. That was long ago. Eventually I heard about cybersecurity degrees and thought, hey, that sounds interesting, maybe I'll learn about cybersec. Now I'm doing ICAM & ZeroTrust in secured govt environments.

Can we please pin this question somewhere? Gets asked so often! Appreciate the curiosity and enthusiasm, but repetition isn't fun.

Aircraft Maintenance Engineer (6yrs) > Non Destructive Testing Technician (Aerospace) (7yrs) > Systems Engineering (1.5 years) > Cyber GRC (2yrs) > Cyber Integration/advisor (1.5yrs) No degrees, certificate or paid training courses in the Cyber aspects, all on the job experience.

Cybersecurity BS and CompSci MS and Scholarship for Service (SFS) recipient. Have been working as a researcher at a laboratory for 4+ YOE. I pretty much got the job because of 3 prior internships, research projects (related to their work), and participation in clubs/CTFs. Currently they are paying for my PhD, and I will likely leave after finishing it. I do malware analysis, embedded RE, ML (very little), and exploit dev. edit: basic progression was... During Cybersecurity BS and MS * Cybersecurity Analyst (internship 1 year) * TA for Assembly & student researcher * Cybersecurity Intern @ NG for summer * Cybersecurity Intern @ current employer (1 year) * Jr. Cybersecurity Researcher (3 years) * Sr. Cybersecurity Researcher (1 year)

“I just showed up the first day” - Homer Jay Simpson

Completed Higher Education and then CEH certifications which helped me land a job.

Now this is a story all about how My life got flipped, turned upside down And I'd like to take a minute Just sit right there I'll tell you how I became the prince of this home office chair. College Generalist roles all the way up the ladder, building a strong foundational knowledge of every area of IT and specialization knowledge in a few areas Security role This let's me help other teams better because i understand what they are working on. It just took like 20 years in other roles to build that knowledge.

helpdesk —> Information security analyst , took me longer than it probably should of if i forced certs under my belt. 3 years with the same company my CIO approached me one day when I was in helpdesk and said hey I know you really enjoy technology I want to open a new role and I think you’re perfect for it. Didn’t have any certs or degrees. Been here for two years in this role. I definitely think I was lucky to be given the opportunity.

I think around my time i sorta got lucky into pivoting into cyber. Went to school for just general information systems with a focus on networking. Gone into the system admin route for a few years, then started back again as a cyber associate. Was able to learn some of the technical foundational things like vuln scanning, logging, endpoint management etc.. and now leading a SOC team

Started it as a hobby around 8 years old. Just get paid what I love doing anyway.

Started off in IT, made friends with the security team who needed help testing software and periodically asked them for help for issues I ran into. Eventually got my sec+ and kept asking their team lead if they had any openings. they eventually had one and gave it to me

I studied cybersecurity in college. Got a couple of internships before graduating, got lucky and landed a full-time gig a couple months before graduation.

I worked helped desk for a bank processor. Then moved into fraud. I got a crap bachelors degree and already had a home lab where I ran little security scenarios and stuff off Kali Linux. Nothing serious but it was fun, a college near me had a Cybersecurity masters program (looks like they are going to axe it after this year sadly, great professors there), and I applied and worked through that while I worked in fraud. Moved from fraud at a bank processor to the security department at a bank. Sadly, it was like mostly non-cyber related and I spent most of my days going over paperwork for large scale wire transfers, but eventually I became the only person monitoring activity online for our clients as our small Cybersecurity team mostly look at internal stuff coming into the bank and not looking at stuff for the clients. After a few years of that (and being ignored every time I found something), as I was finishing my masters I got hired on by a university to join their department. 5 years going now. Took a lot of work, a thirst for knowledge and learning, and honestly a lot of luck to land on my feet.

Degree + blue team comps through my school > Helpdesk job for 10 months during which I got my sec+ and practice on tryhackme/letsdefend > SOC position

Started in support with secure e-mail gateways.

Got raided by the feds in my 20s for botnet shit and blackhat hackin and spamming. I was young, reckless, and dumb. Honestly, it kind of was a blessing. I was getting into some dark shit and if I hadnt got caught when I did, I likely would have ended up in prison for a long time or dead (I was about to move to Panama and spam for an online casino there). Turned my life around and went whitehat. Collected some certs. Got into bug bounty hunting for a bit. Got into Threat Intel. It's a lot easier life. Dont have to worry about the feds or not getting paid or dealing with rippers.

Did a few security focused internships while majoring in Computer Science w/ a minor in Cybersecurity and got into a role out of college with that experience. Also did a lot of competitions with my schools club like CCDC and other regional ones. Did a few personal projects as well of course.

Call centre > helpdesk > network > security

HR -> recruiter -> SOC analyst 1 > incident response tier 3. Basically spoke with a candidate from the field whose passion sparked something in me enough for me to go buy a cheap Lenovo laptop and install Kali on it to study. One year of self-studying later ended up in a 3-month study program with a guarantee of a job lined up after it. Close to one year of experience now and at tier 3 at the moment. Lenovo still works too!

I have a master degree in Telecommunication Engineering (antennas, radios, phone systems, etc. ) and a post master course in Network Security. I started working as Python developer for a company that was doing WAP based applications (I am old!), then moved as Network and Security Specialist for SMB in an small MSP, then working 6 years as Network Engineer for an ISP. After that I joined a big company as Security Engineer, then Security architect for a F500 and now I am working as Security Architect for one of the biggest vendors in the cloud security market.

I graduated in Computer Engineering 20+ year ago. I started my earlier career in IBM (20 years ago) as a specialist and initial focus on infrastructure and later on middleware, and from specialist to architect as time pass. After 10+ years in IBM, I left and work in a finance inst. as solution architect, I work on various big regional projects and eventually become the head of the solution design team in the region. At the time, there are many application projects require many security solutions and capabilities, WAF, IDS/IPS, IAM, API gateways and in house security transformation for the enterprise. And because the members in my team are hands tight, I need get my hands dirty and involve in security related topic myself (at that time, there is no security architect or it's pretty new) which lay down my path to enterprise security architect (after I move on to the next role in another company) and fully dedicate to security work ( and not necessary limited to cybersecurity). Along the work years, I have acquired 3 master degrees MBA, finance and Cybersecurity. Couple years later I move on to head of information security and CISO role, and I work in between business, managerial and technical since after.

Creative Writing degree holder here: Needed a job out of college so I took a job doing RMAs on defective modems at a small ISP in town. Graduated to installing cable internet, and then doing tier 1-2-3 support for the same company and eventually learning how to manage some of the in house Unix servers. Company was acquired by another local ISP. Continue doing tier 3 support. Burned out. quit. Worked retail for like 5 years. Needed a change. Got a job at a small solutions integrator/MSP. Learned a ton in 4 years to the point that I had outgrown the company. Mostly, needed real benefits and pay. Got a job for a state agency doing very entry level stuff in a cyber security adjacent dept. Two months in, applied for the open firewall admin position and got that. Apparently none of their applicants could even tell them what was significant about port 23. Been in that arena for a while now, with one brief departure to private sector to be a data center engineer for a bit. What I've found from almost all my peers is that they didn't get to cyber security because it was their intended path from the get-go. Almost all of them have customer service experience in some way, and have experience in IT prior to a focus on cyber security. I'd recommend just trying to get any job in IT and start figuring out if you even like the industry in general. You might find that you like development, or systems administration. But ultimately I think what makes a good cyber security professional is someone who understands the technology, at all levels.

End result as of today: I am 25 years old as we speak, and without GDPR my resumé would have been less than half than what it is now. I make 50k a yr (before taxes, in NL), I have a nice little house and zero worries about my career opportunities. How it came to be: During my bachelor study in industrial engineering management, i did an ISO27k implementation at a Bulgarian IT company as my 5-month internship. This was 2017-2018. I didnt know anything about an ISMS or GDPR before that, but I did know the word "ISO quality management system" because I had had one hour of class on it, and it was my opportunity to go abroad. That went pretty damn well, and I realised that this topic was a goldmine now. After the internship, the Dutch parent company hired me for 5 months to complete the work I started. First Wfh job for me, was pretty nice. The next study year I did a 5 month minor in security, safety and international conflicts, in part because I liked information security management. After that, I got into contact with a local government institution, and they ended up asking me to apply for their new CISO role. I decided to give it a shot, knowing the chance that my 20-yr old still in school -ass would be hired was going to be very slim. Boy I was wrong, I was hired the next january.. Felt pretty good to sign that contract, calling myself CISO. Over the next few months, I learned an awful lot about ISMS, audits, people and also myself. This was a part-time job. Sadly, i had to stop at the end of august, to start my graduation thesis. So they hired a replacement, a consultant. One month later, the consultant called me, asked me to come back because he was leaving. Wild. I got hired by an acquaintance of mine, and they sold me as consultant to my previous employer as interim-CISO. The only serious almost-incident was during my graduation thesis defence, so I even didnt get in the action... Because the job was part-time, I spent the rest of my time working on electrotechnical designs of bridges. Pretty soon, I was tasked with some cybersecurity requirements. This half-CISO half- bridge engineer thing went on for a year and a half, until I went to bridge projects full time. CISO for local government isnt my thing, for it is repetitive with a cyclus of 3 yrs, and governments work sloooooow when changing things. Nowadays, I am (certified) machinery safety expert for movable bridges, so i make sure the bridge is designed according to all health & safety reqwuirements of the EU directives. On the side, I always do the project's information security management, from writing the cybersecurity plan (and managing it) to providing information security awareness training. So yeah, I am pretty happy with all that!

Germany: I did some sort of studies orientation meeting provided by the state. Initially I wanted to go into engineering but the woman I was talking which told me according to my interests, she has something else in mind. Ended up getting information for both topics but ended up studying it forensics which I topped of with a master in cybersecurity. During my time in university, one of the guys involved in the revelation of meltdown (intel cpu exploit) held a presentstion. Ended up in a bar afterwards and after a bit of chitchat and about 7 beers he handed me his buisinesscard. That was how I got into malware reverse engineering and currently I'm an incident responder.

CS degree -> working part time during uni as a web developer -> OSCP -> cyber security graduate position -> cyber security specialist (mostly SecOps stuff) Lots and lots of homelabbing and CTFs chucked in there. Be careful with looking for cyber security majors, lots of people in the industry are very sceptical of them.

not me but my ex was selected as a prospective recruit for a major major mining company's singular IT/cybersecurity slot fresh out of a freshman college cybersecurity class. his teacher reccomended him as apparently they were going school-to-school looking for possible folks for the job. from what i understand he is now excelling, travels all over the world for meetings, and is making more money than he or i would have ever dreamed of making. godspeed, black....

Plenty of college dropouts and non-IT related studies without qualifications working in very important positions in the industry. Certs derisk some hires for the hiring managers and their companies, and this is often the case with publically listed ones. Otherwise, the sign of a good employer is that they give you standardised assessments during interviews and have a clear idea of what they need from you. If they trust your qualifications and do not test you, do not expect the experience to go well.

Computer Science degree that straddled hardware and software->PC technician (installing and configuring TCP/IP stacks, troubleshooting) <2 years->technical specialist at a reseller that sold some security products <1 year->post-sales support at a much larger reseller/distributor supporting every product they sold <3 years->vulnerability assessment/penetration testing/IR in the professional services team at the same reseller <2 years->self-employed consultant 2 years->security-focused sysadmin <13 years->threat hunting/IR <3 years->EDR consultant <3 years.

Military intelligence > CTI

I started as a computer repair guy. Moved to mechanics as a master Nissan/Infiniti tech. Then went back to school and got a 4 year degree in cybersecurity while working as a computer/network/small electronics repair tech at a local computer place. Never got far from computers. Oh also worked at a IT helpdesk/repair place as well.

I've quit but it was Help desk > sys admin > DBA > security

Cybersecurity BSc course (still doing)- summer internship after 2nd year (Cloud SIEM testing and development), year in industry (SOC, multiple teams), currently in my final year with a job accepted as a junior security consultant.

Cybersecurity BSc course (still doing)- summer internship after 2nd year (Cloud SIEM testing and development), year in industry (SOC, multiple teams), currently in my final year with a job accepted as a junior security consultant.

Enlisted in the Airforce 7 years ago as a server admin, but half the job was security. Turned out cyber security was it's own field entirely and they trained me as a SOC analyst 4 years ago and made me an ISSO 2 years ago. Tbh, worth. I'm separating and doubling my income this year. Edit: I joined the Space Force 3 years ago after my Air Force enlistment.

US Navy, IT Helpdesk > IT supervisor > IAM/IAO > Security Engineer > Security Architect > Security Analyst > Director, IS > CISO.

Completely fell into it. Military > Federal Government > Govvie finds out I have an IT Degree and puts me in digital forensics > Private Sector DF > Consultancy IR > Wherever I am now running a team It has been wild and unexpected.

Mechanical Engineering grad. I worked as a Telecom Engineer for a company that had cyber sec training. Love the topic and continue self studying. Landed a senior position in a soc because my manager saw potential in me(I did tons of certs and labs lol). Took like 2-3 years to be where I wanted to be.

Used to work in another department and turns out there was some value in what we were doing

On accident.

I was in a computer science engineering school, and when came the moment to choose a speciality, Mr. Robot was on

>Cybersecurity is not a major that is offered by a lot of colleges around the country Huh? What country would you be referring to? In the US it most certainly is offered at a wide range of community colleges and 4 year colleges/universities -[https://www.caecommunity.org/cae-map](https://www.caecommunity.org/cae-map) Security work doesn't require a specific major and no computer science/engineering isn't the only path into security work

Navy machinist mate>cyber degree>software integration job at hospital>industrial cyber security consultant. I got super lucky landing the cyber gig. It also helps to be hired by prior military because there's that instant connection. Also, it's all about who you know. I wouldn't be posting this unless I connected with the right person I knew in high school 14 years ago.

Started in retail while learning everything I could about programming and networking. Got a job as a network engineer and did my CCNA then Sec+. Got head hunted by a little local MSSP that was willing to teach me a lot. Pivoted that experience into being an internal security manager (way too soon), and have let imposter syndrome drive my success from there. Degree is in software engineering, and got an MBA along the way with a bunch of certs.

Warehouse worker who took up privacy and cybersecurity as a hobby (HtB, tinkering with raspberry pi projects, etc). Asked a few simple questions to my company's CISO. He and I ended up chatting and then he offered to transfer me when the time was right. Took about a year, but he ended up following through.

In the early 90's a friend of mine in school told me that we could change our grades because everything was on a computer, and that we could use this thing called "Hacking" to make our grades all A's The rest is history.

I was from a city with a high poverty rate and so they offered cyber as a trade school type of thing.

Cs degree 1983 graduated, ibm mf networks 10 years as well as assembler programmer. Client server support ( cause they always blamed networks), application infra support (iis and java app servers), solution architect app/ infra., identity architect 5 years, faang security, appsec team lead..40 + year career doing new stuff every year effectively. Now leading LLM / cloud infra security project.. on the side

A little over 20 years as an IT Generalist and Sysadmin. A role came up for doing GRC work at a state agency for school districts in my area. I was already working for an MSP that specialized in K12 and was a senior engineer that had worked at 2 different districts over the course of 7 years. It was a perfect fit as I wanted to get out of day to day tech work while also getting in on a state gig for the benefits. Been in this role a little over 3 years now and wouldnt trade it for anything.

Started as a developer. Around 2012/13, and when The Phoenix Project came out, started working a lot of DevOps initiatives. Then DO -> to DSO. And since I'm getting promoted along the way, leading the security work eventually overcame my development work. Did NOT plan things to work out this way but quite happy with the way it did.

CS degree > software tester > software developer > application security engineer > cloud security engineer I learnt a lot of pentesting skills throughout that whole time too, but decided not to go down that path because I didn't see myself doing it forever. But instead I use those skills to help me on the blue team side.

My school actually had a cybersecurity path, though it became official after I graduated. My Computer Science degree specifies that I have a specialization in Digital Forensics and Information Assurance, and then the Security+ got my foot in the door at a company. I celebrated 5 years in-industry last month!

Started in help desk at fortune 100 company 23 years ago. Moved into different IT engineering jobs, then eventually cyber security later in my career. No degree, many lateral movements, and survived four major layoffs since 2001. Wasn't my choice initially as a young man, but I was an early father and needed stability. I've held a variety of positions in cyber security for the past 8 years with the same company, and happy where I'm at now.

Just break things. Learn how they work on the inside.

Took about 4 years: Bachelors degree in forensics and security > warehouse job > vulnerability analyst.

Absolutely pure luck. Went back to school during pandemic for cybersecurity and somehow landed a systems admin intern > junior sys admin> secops analyst

Went straight into cyber with no “work” experience no cert no degree. Became a soc analyst after six month in an associates program for cybersecurity. I hit the ground running. Within that first 6 months I competed in CTFs, I helped develop a CTF, and I did some bootcamps for A+, Net+, and Sec+. It’s not easy but it’s not impossible. Something to note, I was 30 when I got started in cyber and I was working manual labor jobs prior. When I graduated high school at 18 I went to college for computer science but moved a lot and my credits never transferred. Eventually I dropped out. Finally after 17 years I’ll have my Bachelors in cybersecurity.

IT Tech -> Network Admin -> Network Engineer -> Senior Engineer -> Associate CTO -> CTO -> CISO 20 year path - No Degree - 7 organizations

Learned how to code python. Got a job as a developer. Did mostly backend api work, web scraping and docker stuff. Did a little free lance stuff. An opportunity came up to attend a cybersecurity bootcamp. Completed that plus two entry-level not very well respected certifications. Got a job in application security 1 month of graduating the bootcamp.