While I’ve found the work rewarding, I feel it’s time for a significant career change—potentially outside of this domain entirely.
I’m seeking advice from others who have made mid-career transitions:
• How did you pinpoint new directions that matched your skills and interests?
• What were the most effective ways to reposition your experience in a new field?
• Are there any resources or strategies you’d recommend for upskilling or building networks?
I've often thought about cybersecurity as something I'd like to specialise in, but it seems like bootcamps and the like aren't worth the money they charge (most advice has been starting at the bottom as an IT helpdesk worker and going from there, but I'm no spring chicken anymore. But I'm not against starting at the very bottom and working my way up).
I realise this is quite a broad ask, and apologies for the throwaway. I’d appreciate any insights, especially from those who’ve shifted from established careers to something entirely different. Thanks in advance!
As a contributor, you have to be an expert, but you're really not on the hook.
As a decider, you can be a generalist, but you're on the hook.
The traditional mid-life transition is from contributor to decider, into management or starting your own company.
In my lifetime, the value of contributors has diminished while the value of deciders has exploded, largely due to the pace of change and the leverage of capital. Contributor skills get stale fast, but deciders making the right decision at the right time is a gold mine, waiting to be tapped by capital leveraging the latest tech/policy.
Also, I think people mature more as deciders. It grows confidence and effectiveness. Contributors grow to become defensive and stuck, i.e., dependent on being specifically useful.
It's tempting to look for nearby opportunities, but it may be more transformative to ask what kind of person you want to be in 10 years (and what will the world be like). If you operate from that perspective, you're leveraging world change and relatively immune to personal difficulty. People respect that, and you can be proud of making your way instead of just fitting in.
Becoming a principal rather than an agent is something (like meditation) that applies at all fractal scales of life, so you can re-orient while in current roles.
And don't worry too much about realistic. Focus more on delivering value, and the principle of least action will arrange things for you.
Many people assume that excelling at a role automatically qualifies them to lead, believing firsthand experience is enough. Yet as the gap between how things are actually done and how they think they’re done widens, their decisions can become increasingly detached and counterproductive.
And in my case, always be studying.
So for me, I'm actually getting off the career train to become a craftsman, and I plan to go to school to become a luthier (violin maker). May not be as cool as that guy who switched from a Microsoft principal engineer to duck farmer, but it's probably similar. I was lucky enough to have earned and saved enough early in my career to make this change.
But as you say, "In my lifetime, the value of contributors has diminished while the value of deciders has exploded", and that is totally true. I've accepted I'll never make as much money as I used to (obviously not even close being a luthier). But I think I'll be much happier.
Take the strategy, user research and frameworks you do to drive better CX, and apply that to something you have a deep interest in away from the usual mainstream. It could be a hobby, it could be the cyber stuff you're interested in.
On that, you're more likely to enjoy getting into cybersecurity by joining a company doing that today as a CX expert and getting more technical over time and looking for a horizontal move, than you are from starting from scratch and working on an IT help desk and trying to work your way up.
I'd also suggest starting a blog or producing open source content in the field you want to move into. I'm starting to do this, because it can highlight my knowledge/skills while my CV is in a completely different field, in order to gently build traction and attention in my "target" industry.
One last thought: don't underestimate that you're stressed, burned out and just need a decent period of slow work to recover. I think most people looking for major changes in their career are just tired and fed up. I know I am. They say a change is as good as a rest, but a rest is as good as a rest as well.
I usually think about a career in sales engineering because of this.
I can't shake off the feeling of impending doom for roles like mine in the current market and the constant push for AI solutions.
So I am seriously thinking of moving and opening a coffee shop or wine bar, or even a coffee truck to be honest. Meeting people, making their day a little better, rather than staring at the computer all day every day.
I would encourage you to read up on Ikigai[0] to figure out what makes you tick and can give you the income you need. Not all passion projects pay the bills but some do.
[0] https://stevelegler.com/2019/02/16/ikigai-a-four-circle-mode...
My career stagnated as a JavaScript developer. Most of my peers were afraid to write original software which made it really challenging to do anything until I was finally laid off from worst of it. Everything had to be little more than copy/paste from some enormous framework into an enormous mono…monster of stupidity. If you ever proposed sanity people would get irate because it threatens to expose that nobody has idea what they are doing.
Simultaneously, though, I have a part time job in the military. In the military I learned networking (routers and switches), operations, security, management, and more. I still maintain my security certs and have a clearance.
Last year a recruiter reached out to me about a work from home job writing enterprise APIs. I passed the interview using my knowledge of data structures and the inner mechanics of WebSockets from years of writing personal software. For most of my career as a JavaScript developer it seemed the only way I could program at all was to do it on my own outside of work.
Since then they promoted to lead operations and at the same time to be a team lead in a different organization.
There are actually very few people above around age 45 or so that write code for a majority of their day (percentage-wise), and that includes people who still consider themselves in "individual contributor" roles. E.g. even a principal engineer is going to be spending a majority of their time reviewing code, doing systems and architecture work, mentoring more junior developers, organizing more junior developers, etc. When I was a principal engineer a huge part of my job was "project management" as you put it.
That is like saying “doctor” as you put it. It’s super cliche for people in software to title themselves as principal or expert or famed ninja grand wizard and yet simultaneously not know how the real world works. Project management is actually a real thing, seriously. It’s not just some imaginary invocation like lawyer or teacher. People actually do that for a job and get paid real money. Unlike software where developers pretend to be qualified against their own imagined baseline there is actually a license/cert from a universally recognized governance body.
This kind of nonsense is why so many developers that don’t have imposter syndrome want out.
If you want to see what real project managers do then peer into construction where they manage billions of dollars in assets with critical timelines that have multimillion liabilities.
I certainly didn't mean to denigrate the job of project management. But I do agree with the other response - project management is just about ensuring a job is done on time/budget by tracking and managing a complex set of dependencies. I will say, at least in my experience, that really great official software project managers (I mean that was their job title) are worth their weight in gold, but they happen to be quite rare (again, emphasis on "in my experience"). Too often I worked with project managers whose thought their role was scheduling meetings and constantly asking all the engineers if the Jira board was up to date. But I think this because, when done correctly, the project management role is a challenging one that takes an unusual combination of attention to detail, communication skills, and ability to stay motivated on what can feel like boring tasks in the moment.
In the grand scheme of things, project management is about making sure projects are done on time, on budget and meets requirements.
It’s about managing dependencies, from a software development methodology, it’s creating a directed acyclic graph but with people instead of computers.
It’s also dealing with managing stakeholders, contributors, blockers, budgets, scheduling meetings, keeping the higher up informed, etc.
If you put a gun to my head, I can be a competent project manager. As a “staff” software architect half of my job managing cloud projects as a tech lead with the other half being more of a solution architect when we first sign a customer and designing an implementation plan with work streams and epics.
Usually I end up splitting the project management part up with a real project manager.
It’s not because of a lack of competence. It’s bandwidth.
But just like you can’t be a good tech lead if you don’t have some level of competence technically, you have to be decent at project management.
Though that is my understanding of how you make a big career change. Do your current job in a company that does what you want to do. Then change roles rather than jump to the role you want straight. Kind of beat the chicken and egg problem, of needing experience to get a job and can't get experience without a job. A job that is adjacent to the one you want is "second hand" experience.
How does a person get such a job? They join the military.
When I joined cyber wasn't a thing, because I am old. I joined the first cyber organization shortly after it formed and was a member for about a decade. I was promoted out of that organization and shortly thereafter a formal cyber organization was created, not just a few units. By that point I had become an officer doing more generic systems integration and physical communication infrastructure things.
The biggest difference between the military side versus the corporate developer side is that military tends to run towards problems. The goal is have everything working so that you reach steady state and don't have to do high visibility work. High visibility is bad, because it suggests you are failing something important. Corporate developers, on the other hand, tend to be either trend chasers that want high visibility yet low effort work until things fall apart and then they run away or are long term employees that want boring steady constant employment.
So "Wrote SOPs for spectrum analysis using CV480 machines" became "Analyzed processes.and wrote detailed plans to spread domain knowledge across team".
The most important thing is to decide as specifically as possible what new role you want to take on and angle everyrhing in that direction. You can't just be open to whoever will take you - make your transition seem inevitable.
e.g., Learn enough to be useful, then talk to the security guys at your company. Prove you're useful and trustworthy; see if there's any tasks you can do for them without violating policy. If a spot opens up, see about changing roles within your company.
Or, join a smaller company, where your role and some security responsibilities overlap.
The short version is when people can ease sideways to a completely new role at their current employer. The longer version involves getting a new job doing the same thing, but at a company that does a lot more of the thing you want to do. Initially you do the thing you were doing before, but there's more opportunity to shift sideways when you get a good rep.
For me my greatest motivation was that I wanted to work with people individually, money be damned. I had a supportive spouse and we already lived frugally so I could build a business without (overwhelming) fear of failure.
If you can still stomach office work become an accountant. You’ll use all your analytic skills in a role that is useful to every sized company but your pace of work will be much more constant. Your ability to write small programs and debug excel will make you valuable.
You can go to industry and climb the ladder and make good money with less crazy workload.
I know a chief accounting officer at a public company and she earns 7 figures. She works a lot but also goes on vacations and has free time.
Then there's "doing accounting work for a company as part of an accounting department" which is much more likely to be 40h weeks, punch-the-clock type of work. However there can still be crunch time there as the deadlines are real deadlines not VP-pulled-out-of-a-hat deadlines (e.g. tax filing deadlines, SEC reporting deadlines).
Currently trying to become a wild beekeeper dropping hives anywhere anyone will let me while coding on side projects at the same time.
I recommend beekeeping. Go on a course somewhere, learn a little, get a hive, make mistakes, learn, scale, profit.
Oooof, I don't... maybe you know the secret, but being an amateur beekeeper and watching what the pros do, it looks darn hard to reach scale.
(Just a little joke, based the meme of developers quitting their jobs to start a goat farm.)
Also, I'm allergic to bees.
[0] https://web.bluebeansoftware.com/whats-all-the-buzz-with-sma...
I'm assuming no-touch hives are designed differently than honey-extractive hives.
You would be better off going into consulting or sales in a related industry.
People like to give you warm and fuzzies and tell you that “you are never too old”. Honestly, that’s not true.
As you grow older, you have more responsibilities and you need higher pay.
But the best way to transition is to slowly do it internally at a company you already work at.
(I’m 50 by the way)
So, I bought an old Dell server and started teaching myself Networking, Linux, VMware, KVM, Databases, Websites and anything else I could get my hands on. I built a portfolio of my best projects and started applying for jobs. It took countless applications, but I eventually got a QA position at a local startup. The rest is history as they say.
My portfolio is what sealed the deal, and I got a job offer from the only interview I had. Unless you are getting into a trade like lineman or trucking where they will train you, a portfolio is the best way to set yourself apart without experience. I took a 50% reduction in pay. But I was never really money focused, I learned that if you enjoy doing something, the money will follow.
Short answer - work for a small startup where you wear many hats. Scale, sell or fail - rinse and repeat.
Started as a mechanic, went back to get an engineering degree which got me into a auto manufacture. I found engineering cool but moved to slow and salary growth was very slow. During dot com days things were booming and I had an opportunity to jump to a marketing startup which helped me break out of my engineering shell(such a different world).
I found operations was a very good fit for me - complex machine you have to engineer to work efficiently as the world is on fire. I happen to make a career out of it working with several startups in numerous industries. My job was always started with - fixing stuff young startups get wrong to help them keep up with growth. Basically put business processes in place and be an interpreter between technical and business people so they stop making stupid technical decision that cause long term problems.
It was a great ride and learned a ton about business that you will rarely learn at a big company. I was responsible for various aspects of technical and non technical operations so always had a seat at the table.
Read Cal Newport's So Good They Can't Ignore You ( nice video summary: https://www.youtube.com/watch?v=dE-wvWdM6jY ).
Choose something that is likely to work out for you and put a lot more effort than anyone else does for long enough to make it happen.
You're probably looking to change paths because you know you don't feel satisfied, and their advice is to look for what fulfills your relationships, what allows you to perform service to the community (big or small), and what gives you purpose. Sitting down and asking myself, how well do you meet those needs now, and how can you better meet them, was what solidified my effort to truly shift from tech into fire fighting.
I used to be a software developer, now I cut up meat at an abattoir (combination choice/circumstance.) In one sense, I traded "work at a desk, go to the gym in my spare time" with "workout for work, sit at a desk in my spare time."
Upsides? Fitness, don't take your work home, redundancy less likely. Downsides? Less pay. Samesides? RSI in both jobs.
Doing the same thing every day is relative.
Building connections in domains of interest is something one should always pursuit and intensifying this might be the best immediate action to take.
Some other aspects:
- Keep your domain options as open as possible. Do not commit to a new career before securing it. This is vague advice, I know - but focusing on for ex. cybersecurity over general DevOps/cloud engineering with the security vector would be narrowing one's options.
- If you are not prepared financially, be very cautions.
- Manage your expectations, the major factor in a career switching is(IMO) luck and opportunity - over which you have no control but can sorta manage somewhat(ergo the networking).
Changing careers is a very general and realistic goal. Keep the way you go about it the same way.
I've found it very challenging, difficult and frustrating. Wouldn't do it again but glad I did it the first time.
Best of luck!
Back in my day they used to call this "resume-driven development"
(Sorry had to)
The tradeoff is that you have to not mind:
1) relocating to the greater Washington DC metro area, and
2) getting a US security clearance,
Though this website really makes it seem like cybersecurity is all about the world of web apps and commercial tech companies, I would actually posit that the US DOD / Intelligence community is the largest customer of cybersecurity research in the US. (It’s dispersed through a big web of contracting firms, but the end client of most of these firms is one of a handful of agencies or military intelligence divisions.)
I say this as someone who works in the field: if you can code, and you can get cleared, you can probably find someone in the cybersecurity field who wants to hire you. The field is hungry for experienced talent. The fact that you’ve previously forward developed web apps is not a drawback - if anything, it’s an asset. Knowing how developers think is a great asset that most pentesters and reverse engineering focused people in the field lack.
Your focus in UX, user research, and design is a huge asset. There are tons of dogshit web apps that government agencies use for important national security purposes. Trust me on this.
Edit: expanding on the note about the "big web of contracting firms" - there are a ton of little DARPA / pentest / cyber research companies in the DC metro area that would kill for an experienced programmer with an interest in cybersecurity research. They don't pay nearly as much as FAANG, but there's also substantially less competition for those jobs, and (in NoVA/southern MD, anyway) tons of opportunities to jump ship to different teams with different work and better cultural fit, if you're interested.
I think the level of scrutiny would be much higher if you were a dual citizen with a nation the US perceives as an adversary - i.e. Russia, China, Iran, North Korea.
I'd happily tell you what I make personally as an EE with ~15 years experience if you were to contact me privately, but I don't really feel like posting that on the internet.
Because to me, cybersecurity reads like "more digital" than "strategy, user research", not less, I'm not sure if I know enough about the poster's motives to help.
But what I can suggest is that the late Ross Andersons' book Security Engineering is a great starting point to get into system security.
BTW, I have enormous respect for people who are transitioning between professional areas, and while it consumes energy it probably will be the source of more energy, best of success for everyone!
-Had a very demanding IT job up until 2 years ago (12-hour days, stress...) -Asked for a demotion and moved to a more relaxed position -Used the extra time to go back to grad school -40% complete in Fine Art program (drawing/painting). It was an easy choice, visual art was a life-long passion, but math/physics took over early on and then I had to make money as the kids started to arrive...
Well I think these kind of thoughts are quite common. IMO it is helpful to realize that your thinking (rather dreaming) about doing cybersecurity may have very little to do with what it would actually feel like to acquire the necessary skills and find a gig (or some gigs).
Your choices are rather simple:
1. Dive straight in headfirst. Quit or change your job to part-time and commit to intense training in cybersecurity (e.g. enrolling in structured training program of some kind).
2. Find time, energy and motivation to learn/practice without changing your life radically or committing to anything. If you are seriously interested in something you'd be naturally drawn to do this thing. After a few months of doing so you will have a much better idea what switching careers would feel like.
3. Keep doing whatever your doing realizing your ideas and feelings are completely normal and valid but may have little to do with cybersecurity or your career. Try to understand what is actually missing in your life and how you can address the root cause.
Ageism is real in the industry. But it’s more nuanced. If you have experience commensurate with your age, a strong resume, and a network, the world is your oyster.
If you have none of those or your experience is with outdated tech, you’re screwed.
What do you want to live for?
Who can answer that for you?
I've been in infosec for about 10 years. It's a very broad field. Opinions vary but it's generally not considered an entry tech field. This advice is broadly applicable to most technical roles (SOC, pentest, security engineering). You are going to need to know what a current IT or devops engineer knows and then some for those.
For appsec you will need to know what a developer knows and then some. Languages may vary but the webdev languages are always in demand.
For GRC roles (governance, risk, compliance) you may not need to be that technical. These are policy / paperwork / audit type roles. Unfortunately supply and demand being what they are, they're also generally the lowest paid and (in my opinion) least interesting roles.
The catch here will be that the job market is very poor right now in security as in every other technical field due to layoffs and AI, and (speaking as a 48 year old) ageism is real.
In my case, I absolutely hated investment banking and this career and my Finance degree were wrong choices that I just didn’t want to admit to myself.
I started thinking what I used to enjoy doing before university and I realized that I always loved computers and even programmed a good amount of Visual Basic and Pascal back in days.
As for the transitioning process, I took the radical approach. I first combined learning to code (again) with my job but it was very difficult. So I saved 6 month living expenses, quit my job and locked myself in my apartment for studying. Ran out of funds before getting enough knowledge to land an actual job. Took side hustles from my previous career for about 2 years to continue learning. Eventually managed to land a job paying 25% of my past salary. But once I got into the industry, I grew rather quickly because of how motivated I was compared to my previous career.
The moral of the story is, if you feel like there’s something that is much better suited to your personality, it’s okay to start from scratch. It will be painful for sure, but the pain is temporary compared to a lifelong feeling of being miserable on a wrong path.
For me, the transition also took a number of years. I did a Masters degree in security, and started to get more experience in security in my non security role. Then I found a small software company willing to give me a chance as their security guy. I guess for me it took about 4 to 5 years to really complete the transition.
I wrote code for a digital agency for a while and it was cool but making stuff for huge corporations wasn't exactly inspiring to me.
So I got a job doing basically the same for a university library. Now I wake up every morning knowing that I'm working to make information available to the public for free. And my work is basically an answer to "What would you do with code if it didn't have to be monetarily profitable in any way?" every single day.
You could probably find a position doing something very similar to what you've been doing (if you want) but in a very different environment.
I don't know how this kind of job works today. My salary was somewhat less than I would've made in industry at the time (pre-dot-com), but now it seems that universities would likely pay much less than industry.
The obvious big issue is maintaining roughly the same salary level, but you’d be surprised how much you can tighten your belt if a making a big jump down. A non-obvious negative is getting used to loss of status. That hurt a bit initially, but I soon found that the novelty of re-inventing myself in a new domain was massively invigorating, plus I was suddenly working with very different (and much younger) colleagues. So I decided to shut up about the old job from day one and never mentioned it unless asked (no-one cared anyway).
But be aware of turning a hobby into a job though. I got into dev as just a hobby initially. Then it became a paying part-time gig when on leave, which eventually lead to a job offer via someone I knew in the business. You’ll soon find that doing your hobby for a living cools your enthusiasm for your hobby, especially when dealing with difficult customers, bosses, or ridiculous deadlines. That said, I’m really pleased I made the jump and don’t ever have to wonder “what if?”.
> You’ll soon find that doing your hobby for a living cools your enthusiasm for your hobby
I think a lot of software developers are in that situations. I suspect for a lot of us, programming started as a hobby.
> A non-obvious negative is getting used to loss of status
I can imagine. I never had a great status, it can sound very vain but I sometimes I wish I had one :) Ironically, working in a big tech company can send you to the very top of the salary range but nobody knows, you're just a "programmer" which isn't super prestigious.
That's one hell of a story. How did you end up in the trade to begin with? How long it take for you get promoted to captain? What kind of cargo did you typically carry? How big was your crew? What was the largest ship you captained? What are farthest points you've sailed to in all cardinal directions? Were you still you still operating with paper maps and sextants by the time of your captaincy or was GPS common on ships by that point?
And yes, I was probably one of the last generations of seafarers who used celestial nav and paper charts on deep sea trips before GPS became universal. We used Decca Navigator for coastal nav, now also long gone and forgotten. So electronic charts were way after my time! I lost count after 40+ countries visited, but it's really not the flex you might think because there was very rarely time to go ashore.
However the experience and confidence gained at sea helped enormously when (say) presenting a software proposal to CEOs and the like, most of whom were the same age as me. They tended to assume I was much more senior than I really was! I never regretted the jump though. If you can make the money work, then I’d recommend career changing to anyone for the new lease of life it gives you. Especially if feel you have gone as far as you can in the old career.
I've posted this here before, but:
I did the OSCP, a 3-month course + exam that teaches an overview/the basics of infosec and more specifically pentesting
It’s a fairly well-regarded certification (and a tough 24-hr exam), and got me interviews for Senior Security Consultant roles at firms like NCC Group with no prior security background
I think a typical progression is something like Security Consultant/Pentesting at a consultancy and then transitioning to Security Engineer/Security Researcher at a more specialized firm
I was actually able to bypass this and somehow land my dream job (binary/IoT reverse engineer) immediately after seeing them post on the r/reverseengineering subreddit and just going for it (they didn't care about the OSCP cert, but the things I learned and tools I used/was able to put on my resume helped a lot I think)
Besides the OSCP, what helped me land the role was playing microcorruption CTF
That job was one of the best I've ever had and made a lot of lifelong friends from it
For me the key was just to see this huge change as a series of small steps instead of a big "flip the switch and change" move.
Before I changed, I took courses in programming to see if I'd like it, I build projects in my own time to see if I would actually pursue it.
Even once I decided to change careers, I still kept my old things ready in case I needed a fallback plan (this happened over 10 years ago but I still pay my Bar fees every year).
For me, doing it slowly, with a plan, and a backup, removed a lot of the pressure and risk of the change and it worked fine.
I haven't done anything in Law in over 10 years now and am fully "converted" to development.
My advice for you: buy some Cybersecurity courses on Udemy. They might not be perfect, but they are usually cheap (always wait for sales) and see if you will like it. You can take dozens of courses for 9-12 USD there to see if that is the path before committing to something more serious and expensive.
This is just to see if this is really the area you want. The day to day of most careers tend to be heavily romanticized from the outside.
Once you've done that, try to see if you can find some education with a Co-Op component. I found it is much easier to get your foot on the door of a new career as a Co-Op in a course, though that is not required.
https://money.usnews.com/careers/best-jobs/lawyer/salary
- Hard shift: quit their job, went to grad school, and started over.
- Soft shift: got an adjacent job w/ a company w/ many roles (consulting, big tech, etc.), slowly got good at the adjacent role, and then title change.
I don't know what's best for you. Option 2 is safer. Could look like:
- Get a job doing UX in/around tech services/consulting/cybersecurity (eg IBM, Palo Alto Networks).
- Get on a team with cybersecurity engineers (eg, GTM for a "new cyber offering")
- Slowly build up your PM or technical skills (eg, start by learning SQL & doing reporting)
- When you're actually useful in the new area, ask about a role change
Keep in mind this is a lot of work.
- You're gonna need to go from No knowledge -> Junior -> Mid-Level -> Senior.
- Your opportunity cost is 1-3 promos in your current track, which would probably radically change your day-to-day anyway.
Good luck!
> How did you pinpoint new directions that matched your skills and interests?
I fell into it. I tried to start a business that required developers, and the developers didn't complete the work for the clients... so I did it. Zero experience, zero background, just me and youtube trying to make deadlines.
> What were the most effective ways to reposition your experience in a new field?
I built the plane in the air, so I don't have a great answer for this.
> Are there any resources or strategies you’d recommend for upskilling or building networks?
Start now. Try learning things, then reach out to your network for people that might be able to augment your learning. People are really great about that stuff when they see that you are interested in the same stuff they are it creates a bond.
Ask them out for coffee, beers, a phone call, whatever and collect as much info from them as possible. Get them to dive into how they got there, and what steps they’d recommend you take to get started.
Zoom in on one you feel most confident you’d want to pursue and try and find someone willing to mentor you through the process of getting started. This can be very casual, it doesn’t have to be some formal “meet every month and talk” thing.
I left tech this year and am back in grad school for an area I’ve found a lot of passion in through the above (clinical mental health, for anyone curious).
It took a few years of seeking out a new career but I am very excited for the transition.
The absolute key for me was finding someone practicing in a speciality I wanted to pursue and having them guide me through the steps necessary to get there.
Most people are going to be willing to help.
I'd take careful stock of your support network behind you, and of who you're supporting. But keep in mind, there's no "wrong answer". Live your life out loud and you do you. If your situation makes that untenable, do some soul searching and find peace without the shakeup. Lots of good advice on this thread, but you know you better than anyone (and if not, start there).
Know the risks though. My wife and I have changed our religious and political beliefs over the past decade or so and as a result have lost contact/intimacy with much of our families/friends. Losing community takes a much steeper toll than I would ever have guessed.
This limits what success looks like for your switch. Are you looking for a different work life balance? Learn something new? That can work.
Becoming the face of security in an organization? Not likely.
So, I'm not sure how replicable that was, other than keep your eyes out and be willing to take a chance.
I think the first thing is to imagine, broadly, what it is you want to do, and then look at the entry paths for that.
>As a contributor, you have to be an expert, but you're really not on the hook.
>As a decider, you can be a generalist, but you're on the hook.
My transition was from a decider at smaller companies to a contributor, working from home, at a large company. The deciders at my large company spend 30+ hours a week in meetings. I spend less than 5 hours a week in "meetings" though I may collaborate 1:1 or 1:small group much more from time to time.
Decide how you want your work to look in 5-10 years: on the hook, or not really?
The biggest variable to me is if you can justify taking money out of the market to pay for college. For me, it is a non-starter. A completely laughable idea.
Pushing 50, I need one more re-invention. Starting over in something like cybersecurity, I would just be getting beat out by the 25 year younger version of myself. I need an AI hedge basically. Something highly creative, non-standard, not something everyone else is already is doing. The process of trying to figure this out is what I think will lead me there.
My AI hedge is that I don't want to start trying to do this if I find myself completely unemployable with my previous experience and skills pushing 60.
It seems like we either get AGI and I am not employable in 10 years or we don't get AGI and we have such massive malinvestment that the job cutbacks also make me unemployable on my current path.
It’s a huge conviction, that means every dollar you earn during this phase has to be leveraged into this build out because at the end there won’t be any jobs left.
When this happens at scale, and everyone is on social security, the government will inevitably cut/tax your social security income, which is going to be insane for the retired crowd who will literally have no recourse in the economy. Foreign nations already want to de-dollarize, so a situation in 20 years can easily arise where America cannot raise debt because no one wants to buy it (aged highly-taxed population, no jobs due to automation, and no creditors. Fall of an empire, we’re crying wolf again but this time it feels real).
The only way the American demographic will be able to maintain its lifestyle is to do the opposite of what we are doing now. We’d need mass immigration, to fill a underclass that we can tax to maintain the QoL of the retired American class (or in simpler terms, saturating the bottom of the pyramid to pay into social security, everyone else is old or out of a job). This might cause civil unrest.
It’s best to prepare. America has UBI via SS, it just hasn’t been stress tested. What if we put everyone on it for life? It’s going to cause so many moral hazard issues. Why should I pay into supporting people who don’t do anything? Well, what are they supposed to do? There’s nothing to do. Should they not eat then?
I had always enjoyed reading psychology books and decided to attend night college and train as a counsellor.
For the first 2 years this was 1 evening of 3 hours each week, then 2 evenings each week for the final 2 years until I qualified as a therapeutic counsellor. I worked full time in my regular job during this period.
Once I had qualifed I realised I had absolutely no experience working in the care sector so I worked as a full time volunteer in the substance misuse field for a whole year gaining the experience and knowledge to allow me to get a paid job in the field. During this period the company provided an extensive traning package. I was after all giving my free time.
I also enroled in a psychotherapy masters degree. Now qualified as a counsellor I had all the core knowledge in place. The masters degree was one weekend each month for 2 years, so very doable.
After a year I applied for my first job as a keyworker then over the next few years I slowly worked my way up the ladder to care-coordinator, methadone dispenser, trained as a auricular acupuncturist etc etc.
six years later, aged 41, a master degree in hand and my new life ahead of me.
My friend did a similar thing and he became an architect.
The work can be rewarding but it can also be emotionally demanding and the pay and benefits can be quite shit, frankly. The mental health system (assuming USA) is designed to be exploitive to someone; either it’s going to exploit you, your clients, or both.
You can get an administrative job that pays a bit better and has better benefits but your work life balance will be poor and you’ll still generally struggle to make what tech workers make in equivalent roles. You can work outpatient but you’ll make less unless you charge a lot but then you’re excluding a large segment of the population who have a high need for services. Depending on where you live this may not be feasible even if you’re open to it. It’s dependent on your ability to keep a stream of somewhat affluent individuals coming in, obviously
Or you work with insurance but then you open yourself up to a great deal of red tape and financial liability that you either eat or pass on to clients, thus creating financial burden and worsening their mental health. It’s not your fault but it can feel really awkward and shitty to charge a client $800 when their insurance claws back 6 sessions worth of appointments. Alternatively you eat the loss, which can be something that inherently happens because (rarely) they’ll claw back appointments from 12+ months ago. This can also be challenging from an obtaining clients perspective. I run a private practice and contract with a group and right now I have 0 people coming in with no wait list. This isn’t common but it does happen and it means my income dries up a bit. It’s not the end of the world because the holiday season was a heavy period and it will likely pick up again soon but even people with insurance struggle to afford therapy now. More and more people have high deductible health plans with sizable deductibles so they end up paying $70-150 a visit, pretty considerable weekly/biweekly expense. Around summer I start getting a strong uptick because the high deductible people start meeting their deductibles (although young healthy ones often never do)
Sometimes it’s hard to leave work at work with this job. That’s any job of course but with this job you can hear some real heavy shit sometimes. That’s generally not the norm though; most people are just not doing so hot or having relationship troubles or whatever. But every once in a while you’ll get a person that has had some truly awful experience that sticks with you for a bit. Or a person that is manipulative, constantly tests your boundaries, and sticks with you in a bad way.
There’s a lot of positives to it too of course. I set my own hours, I don’t have dumb staff meetings, I set my boundaries with people so if a client goes too far or is outside my scope I can cut things off, etc. I earn 100% of my money minus minimal overheads (telehealth practice is really light on overheads). There are tedious clients of course but many clients are interesting and challenging in an intriguing way. But I feel like people don’t advertise the ugly side really
https://www.seattletimes.com/entertainment/pagliacci-classic...
supervision in counseling is odd. it's ethically obligated but not enforced. continuing education in many areas is loosely enforced too. this leads to other critiques about the field becoming, for lack of a better term, crappier. there are and (hopefully) always will be inspired, ethical, and passionate clinicians but there are also a lot of lazy ones who just burn through the checkpoints so they can bill insurance or clients $130/hr. Once they get licensed no one will check to make sure they do CEUs (depending on state), no one will check to make sure they consult with supervision for outside feedback, etc
it's one of those "we will self regulate" things but I don't know how well the field self regulates
The problem now is the cost of college. I would be working on this same path right now but I can't justify the terrible relative investment that is college in 2025. It is just night and day different compared to the 80s/90s.
The time would be no issue at all for me. I am bored and would love something to do like going to class again.
It is criminal I can't get a psychology degree online for a fraction of a state school price at this point. To have the same degree cost much more than before the internet is just completely insane.
We can figure out as a society how to ban Tiktok but not how to have dirt cheap education like we could. I can't imagine the price we pay in GDP growth for this between the student loan debt and the sub-optimal work force configuration.
1) look up people who claim to be in cybersecurity on some site like LinkedIn - see what their titles are, where they work, and so on.
2) see if you can find their resumes or any detailed cybersecurity resume - you are looking for keywords, application software, languages they claim to know, etc
3) look up job interview questions that relate to those skills, e.g. glassdoor has a fun feature where people have shared the actual questions they were asked during an interview
4) find free or cheap online resources, classes, demo/free versions of apps, set up a home lab, so you can become familiar with those skills, languages, tools. etc as much as possible and for as little as possible.
5) read a site like "stack overflow" with a focus on the skills/apps that cyber security researchers are likely to use, and see what questions the tend to ask, etc.
6) Develop some study cards on Anki with the interview questions you are likely to get and answers that might fly. Don't be complacent, expand on this as you go along, adding more and improving what you have.
7) See if you can find one-off "cybersecurity" gigs on craigslist or fiverr, etc. where you can be paid something - anything - to do something security related. Not only might this improve your confidence, it will generate a little bit of money instead of you paying money. You can also check out the competition and see what they are doing, for how much, etc.
8) Read up on "cybersecurity" related topics, people, trends, books, movies, etc. Get a feel for things as they are, were, or might be.
Good luck.
Every time I made the change within the company I worked for. One I resigned, but was asked to fill another role, next I said I was bored, last I was about to be fired. My experience was employers can be more flexible than you imagine. But maybe I was lucky.
Move on to the more intermediate certifications if you want to/keep learning.
Off the top of my head you could look into business process consulting, specifically ERP/MRP implementations/reimplementation/improvements along with custom report creation. I'd build skills generally via consulting (much lower bar to get into because the consulting company provides the 'domain competence' proof versus companies looking at your previous work history as proof), then key in on an area of interest and/or what industries where you live is a hub for (pharma, auto manufacturing, aerospace manufacturing, service centers) and apply for an individual position.
Maybe you could go a similar route for cybersecurity. When I was writing PCI compliant software the PCI validation people were idiot consultants working under the 'social proof' umbrella of the testing company (again you leverage the consulting company to satisfy the customer while you build up the personal credibility). That might be an easy space to get entry into that would also look good transitioning to something more 'real'. "I did security audits for VISA with oversite over customers totalling <X million> financial transactions annually, highlighting areas of risk/potential improvements" might sound impressive to a rando looking for a security person.
Edit: Not sure how to phrase this. This may be harder if you are a woman. I have found getting in the door is social engineering + confidence but sadly I'm not sure my 'confidence' part would work the same if I was female. I played center at football. I'm used to stepping in and taking control. I'm large and physically strong. I do not outwardly show stress. Eh, I don't know how to express this. But I think good looks/presentation/outward expressed masculinity/ability to project leadership has helped me walk onto random roles more easily as much as anything. Whereas a woman that stepped in the same way might be judged differently at some places.
Everyone here has great advice. But my #1 advice is to take all their advice and use it to get a new job.... Before quiting yours. Do not quit your job first. Sure it works for some people. But those that it doesn't work for end up wasting a lot of time and a lot of money.
If your dream of a career change isn't enough for you to give up nights and weekends to help facilitate it, then odds are you don't want it bad enough imo to really pull it off.
Sounds kind of hiring manager cliche, yet does detecting, identifying, monitoring, evaluating, responding, resolving, and future mitigating these types of ideas sound enjoyable? Do these terms even mean very much?
- Malware, scareware, spyware, warez, trojans, worms, viruses, (IP, msg/email, address, router, network, certificate, biometric) spoofing, phishing, tampering, script smuggling, privilege escalation, bootloaders/bootkits, configurators, shredders, (hardware/software) backdoors, eavesdropping/wiretapping/sniffing/snooping, scraping, (access, keystroke, activity) loggers, logic bombs, locators/tracers, system bricks, botnets
For the rather serious security crowd, any interest in attending:
- DEF CON, Black Hat, (C3) Chaos Communication Congress, IEEE S&P, ACM CCS, USENIX, NDSS, or Supercomputing?
Not trying to sound: input.replace(/[let]/g, c => ({l: ['1', '|_', '|'], e: ['3', '&', '£', '€', '[-', '[=-'], t: ['7', '+', '-|-', '][|][', '†', '«|»', '~|~']}[c][Math.random() * ({l:3,e:6,t:8}[c])|0]));
Just at the same time, a lot of the actual work in computer security is not especially glamorous work, that often involves sitting in a room, typing on a keyboard, dealing with annoying computer issues, picking through problems in software to find attack vectors, and people who's idea of cool is reverse engineering attacks.
Lot of script kiddies, C-suites/generals/execs who use "123" as their login, far away companies you have little ability to motivate, and frustratingly simplistic exploits.
There was an article that came through a while back on UNIX, and a huge percent of the vulnerabilities all involved invoking "sh </dev/tty >/dev/tty" as about the only one-trick strategy. Except ... enormous number of available methods.
That dissuading stuff aside, there's definitely jobs in "cyber" and "security" that involve "user research, frameworks, customer experiences (ostensibly UX I suppose)". Somebody writes this kind of stuff for companies like Cisco [1]
[1] ThousandEyes, https://www.thousandeyes.com/outages/
---
Second portion of response, direct questions asked.
Background: started out in acoustics / optics, and then moved to government fluid dynamics and supercomputing (NASA MSFC)
- How did you pinpoint new directions that matched your skills and interests?
- What were the most effective ways to reposition your experience in a new field? [2] Google: Quantitative UX Researcher, Cloud Security: https://www.google.com/about/careers/applications/jobs/resul...[3] Apple: WebKit Engine Security Engineer: https://jobs.apple.com/en-us/details/200583193/webkit-engine...
[4] FBI: Network Engineer, GS 12/13, Communications Technologies Unit: https://apply.fbijobs.gov/psc/ps/EMPLOYEE/HRMS/c/HRS_HRAM_FL...
[5] Microsoft, Security Assurance IC3: https://jobs.careers.microsoft.com/global/en/job/1800220/Sec...
[6] Cisco: Software Development Manager, Networking & UX/UI: https://jobs.cisco.com/jobs/ProjectDetail/Senior-Software-De...
You may be able to even initiate some of this exploration with LLMs making sure to paste in everything about you, the entire linkedin profile, your resume(s), projects, all of it, and let it see what can come out.
good luck
If this doesn't sound appealing, then changing careers probably isn't for you and you will probably have challenges succeeding at it.
To your questions
> How did you pinpoint new directions that matched your skills and interests?
I found my pivot while working in my prior role, and worked actively to change paths at that company. I'd say if the overlap is close enough, try to get on-the-job tastes of the new direction. If not, see if volunteer or charity opportunities are available. Sometimes the reality of a change doesn't match up to expectations.
> What were the most effective ways to reposition your experience in a new field?
Some experience in the field will let you know what is valued and how to parse a resume. You should seek out someone in that field to be a mentor through this process. It is probably better to ask them this question.
> Are there any resources or strategies you’d recommend for upskilling or building networks?
It is not a great sign for you that you are asking this here. This is a hard process. You should look in your own personal network for contacts you can ask about the new field. Failing that, you should look for local professional organizations, meetups, conferences, or colleges with relevant departments and reach out to them. They will have the best advice. In terms of upskilling, there is no substitue for on-the-job training in any field. You just need to understand if there are any credentials, qualifications, or certifications you need in order to get your foot in the door.
Tech Support --> Sys Admin --> Audit/IT Audit --> Project Assurance --> IT Sec PM --> GRC --> GRC PM --> (back to) Audit --> ThirdPartySecMgmt --> GRC.
I am a firm believer that "you should apply to any/all jobs where your CV/exp matched "70% or more".
If you want to do a big jump (e.g. someone wrote about wife going from Chemist-to-Marketing), ask from ChatGPT to reword your CV to a generic version (as lubujackson's example is).
I wrote the following on the assumption, which may be wrong, that you're interested in programming and want to do it professionally.
> How did you pinpoint new directions that matched your skills and interests?
I just chose to do what I enjoy, and I happen to enjoy solving problems and working with computers.
> What were the most effective ways to reposition your experience in a new field?
I didn't. Other people did that for me.
> Are there any resources or strategies you’d recommend for upskilling or building networks?
To be skeptical of anybody who tells you they know how to do this.
Bootcamps can be valuable -- or may have been some years ago. Not sure. The people I knew who did bootcamp courses had the outcomes I'd expect, namely that the smart, organized ones who were likable and devoid of personality disorders did well.
Be willing to take a bad job temporarily, or work as a contractor, just to get your foot in the door of the field.
> most advice has been starting at the bottom as an IT helpdesk worker and going from there
Be skeptical of anybody who tells you this, too. It may have been a viable path into the field in the 90s and 2000s. It may still be today, too, but I haven't seen any evidence that it is. I've never met anyone who has made this particular 'jump.' 99% of my team have CS degrees.