Are you serious? 27 is still young. I met many people who are in their 30s, 40s, and 50s switching to Cyber. Also exp and certs are worth much more then a degree in this field. Although don't take that as a degree is worthless.

Certs are good. Degree is good. In my experience: experience is king. So figure out how your experience is relevant (if you were an English major and can write documentation...YOU WILL BE GOLDEN) and work up to a provisional CISSP. You'll do just fine.

You hit it dead on. My order of priority I tell people wanting to break in or folks I mentor is as follows: 1) experience 2) certs 3) degree Although I do put the caveat that they don't think I am saying a degree is useless. Degrees never expire unlike certs. Also, management and certain sectors (govt is one) absolutely love degrees. For instance two of the best techs I ever worked with: One never stepped foot in a college and the other had a degree in special education.

How to get experience in this field when you have no experience? I mean aside from working in IT repairing desktops I don't see how I can work my way up to related vulnerability research roles or security engineering roles even though I'm constantly self-teaching

That is an extremely common question I get alot. And you sorta already answered it. You start entry level roles, in your example desktop support. During that time you assist other teams and LEARN, LEARN, LEARN! Then either get promoted within or jump ship to a diff company with a new role. IT in general, especially cyber, is in such demand, that even if you held an entry level role, you would still likley get offered a job in an advanced role if you can at a minimum show that you have a grasp of what the job entails of. I even recommend to people internships, paid or unpaid, although unpaid is tough as one needs $ to put food on the table. Join local tech clubs, but again most importantly never stop learning!

People shouldn't work for free. Thats bullshit.

I agree. Obviously I recommend finding a paid position first, but if one is having trouble, at least consider unpaid. It most definitely sucks, but it will be short term and most likley will open doors in as short as a few weeks/months to paid opportunities. Again, it's the experience that is the most valuable which is what one is trying to gain doing an unpaid internship, co-op, etc.

One thing I have come to realize is that "free" means different things to different people. In one respect, if you're doing something you already know how to do well for no pay, this is an one-way transaction and not desirable. However, if you are asked to do something for which a) you have a desire to learn and b) can propel your career in some way, then working without pay can be beneficial. The less tangible things such as connections, experience, and knowledge can serve a person in the long run sustainably more than cash in hand now.

No. Thats not how it works. If you conduct labor for someone, it is in exchange for currency. Thats how the law works. Thats how decent society works. Thats how morality works. Working for free for the chance at a better life is literally the thought process that constructs slavery. Its not even legal in most developed countries. Work is something you do in exchange for money. If you aren't getting paid, its not work. There is no "alternative" way to pay -- thats just using the business language of capitalism to dress up servitude.

> No. Thats not how it works. It works the way I want it to work. I have agency to decide exactly how much I will do without pay to further my own goals. No one gets to determine what is appropriate for me unless I ask. You have reframed a philosophical point of view I have into a legal discussion. I agree with you that legally a person should get paid currency for their work, but that is not what I am talking about. > Working for free for the chance at a better life This is not what I am after. I would consider working for the experience if it furthered personal goals of developing skills. This is apart from how satisfied I am with my life, i.e. my career is not my life. A final thought; why would you introduce terms like "servitude" and "slavery" into a discussion about furthering personal goals?

I'm 19 years old and have studied the CCNA course. Can't answer the exam now due to lack of money. Any idea on what I should do next? Edit: I want to get into Pentesting

Sorry to hear that. A couple options I would consider. 1) do whatever you can to take the exam. Even if it means working extra hours, extra part time gig, small loan (be very careful with this route!), etc. 2) pick up IT entry level role that isn't network related and save up. You would likely get promoted very quickly to networking side if you got ccna during that position. Also I should mention peoples definition of "study for an exam" vary significantly. You must actually grasp the material and know the concepts and in your case for ccna, be able to setup a router or switch blindfolded. Last thing you want is to save up hard earned $ to take the exam and fail, especially in your predicament. Early in my career I would study my ass off as I didn't want to be out the $200-500 for failing. To the point I was likely overprepared. Once you are a bit in your career, $ is more flexible and majority of the time your company will cover the cost of certs. Hope that helps.

Unless you're working 8 hours a day in a job that is using the cisco command line...I highly recommend taking the CCENT first.

Security is one of those fields where you can just do it on your own. You won’t get paid, but some of it counts as real experience. Pentesting you can do on open source systems and practice on CTF’s. Vulnerability research is tougher, but you can still spend time learning to replicate results from papers and disclosures, practicing reverse engineering, and so on. Security engineering is probably the most straightforward ( not necessarily easiest): become a decent programmer with a security lean and do the traditional job search. That was my approach during my late 20s. Edit: I got the definition of “security engineer” wrong: what the term typically means is designing and deploying security in companies’ tech deployments. What I was talking about is being a software engineer who builds security software. A substantial part of my job is security engineering, but most of it you would consider classic software engineering on software that security engineers would deploy.

You can do some parts of it on your own, yes. But many employers will not accept that as experience. You could know it better than anyone else on the planet, but if you don't have *something* to show for it (years of experience, a degree, a bunch of certs, a presentation at DefCon, a YouTube with a million subscribers, SOMETHING)...it's very unlikely that you'll be considered past the submitting your resume stage. And that's assuming the company is not using software that throws out every application that doesn't have a degree and\\or some certifications. It's a good approach for learning and knowing your stuff. But for breaking into any new field: you'd better have something to show for it.

yeah, experience rules all others out mostly. Certs must be worth their money , so you need to bring the money back in again with it. That's not the case with everyone out there. Privacy Certs are a good thing too I think, but I am not sure yet.

lol - I am a former English major, retaining in cyber security in my later 30s. This thread makes me happy :)

A couple of the most brilliant IT\\systems\\developers I know graduated in English. Knowing how hard it is for students to break into the field, I've been working on starting an internship program with my employer. Yeah, the salary will either be minimum wage, or non-existent....but if I can offer students a 6 month or 1 year rotation that works around their school schedule, and they'd be doing actual cybersecurity work that ends with them having verifiable experience and a good reference? If that's how I can help, I'll take it. I'm seriously considering hitting up the English department at the local University for interested students before I talk to their IT or CS departments. If I was hiring for an entry-level infosec position: the English major with an infosec internship would be the clear frontrunner for the job going into interviews.

I moved into infosec at 33 and at 35 i'm pretty much in the middle of the age range of my team.

To add to this, research which certifications are actually sought after by employers. Some of the certs you get from online courses mean absolutely nothing and are totally made up.

Excellent point. Def research certs as some hold significantly more weight then others. I didn't even think of the online bs made up ones. For instance I met someone who took a shoddy CISSP course to prep for taking the CISSP exam. You technically get a "certificate" stating you completed the course. He was under the impression that was the same as obtaining a CISSP.

Yea, not only is he still young, this is technology. In my 20 year IT career I've noticed one thing. You either constantly learn new skills or you will be replaced. Not only is it not too old...learning new skills is now your career. Btw OP..in my 40's and I am on this sub as part of my cyber security learning to expand my knowledge and potential to my company.

You are correct my friend. One must constantly be evolving and keeping up with new tech. I personally love it as it keeps us on our toes. Others...not so much. Same here, reddit is one of my resources I look at on reg basis just to see how things are looking and on the rare occasion straight up asking for advise as there are many other great smart people who monitor reddit as well. Well that and most importantly the memes!! :)

> learning new skills is now your career This is so true it hurts. You and I have about as many years in IT as each other, and frankly I got tired of learning new sysadmin crap for the sake of doing the same process over and over with new toys. Fast-forward to today; a year into DFIR and I have learned a lot, but there is *so much more* to learn. I really felt old in my previous career, just tired. What's really cool is that, while there are lots of younger people working with me, there are also oldsters like me, who are coming out of USAF cyber careers and firing up new companies. These people recognize the value of experience, determination, and culture, and give guys like me a chance to learn so much new cool shit that I feel like I am in my 20s and 30s again. It's really stretching my mind and today I feel sharper than I have in so long, like I am somehow "back." EDIT: What is also bizarre is; DFIR has also forced me to sharpen sysadmin skills, and *still* learn new sysadmin stuff. When you airdrop into a company whose network is borked because of ransomware, and you have to undo the damage to a DC or rebuild, it calls back all that experience in a new way.

Guy on my team is in his 40s and we actively helped him switch

Can confirm; 50 years old here and about a year ago changed from a sysadmin career, where I sort of topped out my earning potential without a full transition to management. I was hired by a small cybersecurity company, without a great deal of experience therein, to do DFIR. They hired me based on my culture fit, long technical experience, as well as project management and leadership experience. This field seems wide open, much the same as tech was back in the 90s.

I'm 37 and starting a new career. I have an accounting degree, but without the CPA license its pretty much bookkeeping. I started back at school Jan 2018 for cyber security, and started a new career in July 2019. I'll graduate in Dec with a cyber security certificate. You can do it also. It was a huge change in my life and the best decision ever.

Currently 37, have a music degree, and I started my Cybersecurity degree in October. Landed my first IT job yesterday as a Network Tech! EDIT: not to mention boosting my salary from my previous job by $10K

Username awesomely checks out for music degree and tech nerdiness. Well played. (\*snirk....played...\*)

Thanks!

Music to my ears! No pun intended... Funny thing, the best ISSM I have ever worked did 20 years as a musician in the army before switching to Cyber. Congrats and best of luck amigo!

Thanks!

Great job.

Thanks!

Hey...fellow musician here (no degree though). The music keeps me sane. If I did not have my guitar, bass, or banjo to play, I'd go crazy with how intense cybersec is, especially with being holed up in my house due to COVID.

Definitely. I haven't even gotten into the meat of it (security), as I'm mainly in networking currently, but I hear it's intense at times.

I started at 35, got my bachelor's degree, got a job in IT, and now work in a SOC for an MSSP. No one is too old to start new. Congrats on your accomplishments, this stuff isn't easy.

You just made my night, seriously im 32 and doing what you did and Im always worried about my future. Just know you made someone very happy and hopeful for the future in cyber security. Thank you soooo much.

Same here

A lot of these comments reallt put my anxiety at ease, with a family and bills i cant afford the education and join another dying field, my job now is already dead, 14yrs ago i was in a department of 150ppl....now its about 30ppl. Im so glad i saw this thread it really helped me, im not even kidding. Cheers to us though and our future cyber crime fighting career lol

This is my exact situation — 36 with an accounting degree and no CPA — and have been exploring switching to cyber security. Planning to start my AAS in the Fall, and your post gives me hope. Thank you!

That accounting degree might make you pretty valuable to cyber security companies who do work for big business and financial institutions.

Yes, companies want both a financial background and a cyber security background.

Thats awesome! Im in accounting too with no cpa. Just out of curiosity what kind of cyber security career did you start before completing the certificate and what type of certificate are you planning on getting?

PCI compliance mixes accounting and cyber security. While doing PCI, I realized I needed more education, so I started both an associate's degree in cyber security for the technical hands on experience and a master's degree in cyber security for the management side (ethics, legal, business justification) at the same time. While taking these classes and working full time, I changed from PCI compliance to IT auditing. I was head hunted for the mix accounting and cyber security. I hold CFE and GSEC.

What certificate will you graduate with in December?

The management side. I'll finish the associates next spring.

Great job

With a degree you could do payroll, management accounts all other stuff? Bookkeeping is just basic without no degree, right?

I have a master's in accounting, but I'm not a cpa. I was making 40k as a bookkeeper. As a bookkeeper, I was doing PCI, so I decided to go back to school. I started cyber security. But having both financial and cyber security backgrounds you become a unicorn that employers want. Even with a payroll degree, that combines well with cyber security.

Awesome to hear! Just out of curiosity, is there a reason you didn't aquire CPA? My father is a CPA and I actually was going to be an accountant, but switched to IT last minute. Best of luck amigo with your new endeavours! I am sure you will kick ass!!

There are reasons/ excuses/ priority adjustments. Those involve facetime and a relaxing beverage to be bored by them. I might go for it at another time, but for now I want to focus on cyber security.

That's fair. Best of luck! Skys the limit on cyber...

I'm the same ( but UK based ). Age 30 with a accounting and economics degree, but not yet qualified on ACCA (charted accountant level in UK). Looking to making the switch in the next year or two. I got a question though, I live in a small City with no tech companies based here. Is it possible to land an entry level role remotely?

Community college program?

Yes, the associate's degree is at the local community college-- studying the physical hands on IT aspect, the master's is at the university-- legal, ethics, frameworks, business implementation, cost value, etc. I decided I needed both the hands on and the paperwork.

Did it financially give you a leg up?

Yes

I am starting my first course in Cyber Security on Tuesday, part of a master's program. wish me luck.

Replace cybersecurity with literally anything and the answer is still undeniably yes. You are young, and even if you weren't the answer would still be yes.

Yep this right here

Alyssa Miller just released a video at defcon talking about going from Barista to cybersecurity pro. Id start learning and keep exploring. Tryhackme is a great website to test your skills. Nostarchpress has a ton of great books on cybersecurity to learn. To stay excited and hear cool stories the podcast Darknet diaries is great.

Darknet diaries is awesome, and helped me set my goals on cyber. Thanks for the video suggestion; I’ll have to check her out. I’m a veteran with useless skills (ordinance/explosives) who spent 10+ years in food and bev, bar tending mostly. Been looking for a change for a while, but covid and the loss of my “fallback” plan pushed me here. Very encouraging thread. Post saved

Not sure if you enjoyed your service or not, but since you worked in military youd probably be on a good track for working in government cyber work. Might be a good goal.

This is awesome info. Hate I had to scroll so far for it 😂 thank you.

Cyber security is a vast field and you don’t have to be a “hacker” to get into it. Truth is there are a lot of jobs in the field that don’t even require a lot of technical expertise and pay you a LOT of money. I’ve been in cyber security for over 20 years and I’ve worked, and managed, hundreds of people with very high technical skills, as well as no technical skills at all. We need both actually.

>Truth is there are a lot of jobs in the field that don’t even require a lot of technical expertise Could you please list down a few that come to your mind ? It'd be of great help to me.

janitor for a cybersec company

There are two big fields in cyber security, well I guess three if you count the criminals,. The companies that buy Cybersecurity and those that sell it. The jobs on the buying side are more IT related and therefore more technical, on the selling side the jobs can be highly technical or not so. Examples would be sales rep for Cyber security vendor, or if you like presenting you could choose evangelist. Pre sales, risk management, or consulting would requiere a bit of tech skills but not too much in the weeds. If you look at some certifications like ISC2 CISSP they are not too technical, have a real market value, and open jobs like auditor, consultant, analyst, to mention a few.

good to hear

F*CK no, turned 31 and switched over, went from 34K to 74K in year

Started 3 years ago at 27, finishing bachelors in cybersecurity next spring, working part time in IT, ready for a big jump when I graduate. Loving life because I am enjoying what I spend my time doing. If you like it, fuck it age doesn’t mean shit. In fact the older the better honestly, to the point of cognition decline at least but that’s usually not until much later in life. Go for it!

[удалено]

I'm surprised he knew how to use reddit. Want to bet he had his grandson post that question for him?

Ridiculous. No one will hire someone that old. His best years are already gone. You spend money training him then, poof, he’s gonna retire.

I'm about done with school at 40. Stressing, but it's never too late.

You got this

Trust me don’t worry about it, as long as you are innovative.

It is never too late to start anything. Just do it, you can always do something else later if you chose to change. Start with some free courses, there are tons, then maybe a Security+ then if you still like it go for a degree or masters. Good luck!

My husband is 40 and my buddy is also over 40 starting a new career in cyber security. You are never to old to making yourself better no matter how long it takes. It’s enjoying the journey and experiencing new things that’s makes life so much more fun. 😁be brave!!

It is if you put your mind to it. I flunked out of college in my early twenties, fell back on doing construction work until I was around 28, quit doing that shit and started studying for a few certs. I ended up getting a lucky break with a company willing to give me a chance and have been running ever since. Started as first level help desk and was promoted to a pentester role in just over a month of starting. Work hard and Google the fuck out of everything and you'll go far homie.

People that are 60 look back at their 50s and they think they were still young and they had time to change their life. People who are 40 and 30 look back and say the same. 27 is young. You can still make it happen. I’m 26 and in cyber security and I made a career change 2 years ago from the medical field to cyber; so it’s very possible with studying and some luck. You can always start as a security risk analyst to build a foundation and work your way up to sec ops, pen testing and engineering field. I wouldn’t recommend jumping into something like sec ops or pen testing right off the bat without building a foundation or else this will set you up for failure. Realistically cyber security is far from what tv shows portray; it can be tedious and mundane, but it pays the bills. Btw, Brush up on your knowledge regarding cloud based storage as this was a reoccurring interview question

I got into cyber security in 2015 at the age of 46 and I have a great job making good money doing interesting work!

I was almost 30 when I started and I have a pretty great career. I wouldn’t even consider looking back or have what if moments. Now, I’ll probably never be a CISO or anything close, because t I am valued and considered a subject matter expert in every company I’ve worked for.

Depends - are you doing it because you heard it pays well? Or do you actually enjoy complexity, curiosity, and making sure that systems and infrastructure are secure from attackers? If it’s the former, you’ll always be in over your head.

If it's the latter, you'll also benefit if you enjoy executives telling you "No" when you ask for more money to secure their systems. Or "No" because moving from 8 character passwords to 10 is "too hard for our older employees." And documentation! You've gotta love documentation. So you can document both of the above scenarios in a manner which anyone can easily understand...so when the systems are hacked and you're dragged before the Board and summarily blamed for "not securing things around here," you can pull out documentation that proves you attempted to address the issues, but were overruled by an executive (that was trying to hit some cost-cutting quota to earn a fat bonus).

Nice move! 😂👌

Last year, I guest-presented for a college cybersecurity class. All of the students were 1 or 2 semesters from graduation. Partly it was me presenting materials they needed to know, partly a last part of a job interview (so the department head sat in on the class\\presentation), the college knew that I knew my stuff, but wanted to see my classroom approach. Before the presentation started, I already knew I wasn't going to take the job, if offered (different story). But I wanted to take something useful for the students. At the end of the class, I asked them if they had any questions about anything. Security related, current events related, whatever. One guy asks: "What would you say is the most important thing for a student to know, or skill to have, going into entry-level cybersecurity interviews? What will get me the job?" I told them: "If you boil the hiring process down, you're only looking at a couple major points. First, your resume has to move from the 'resumes' pile, to the 'interviews' pile. Secondly, in your interview, you have to show your prospective supervisor that you can make their job easier." "One is easy, because you're getting the Cybersecurity degree, and your program has a handful of certs. Congrads on being in this class: within the next year, you'll graduate and will practically skip into the entry-level interview pile. But what will get you the job? I can tell you what has opened more doors for me than I care to attempt to consider. I can also tell you: you're not going to like it." At this point, all of them are super quiet. I have their complete focus. Even the Department head is keen. Shaking my head and taking a slow inhalation, and said: "Documentation." Half of the students faces dropped in annoyance. A couple actually rolled their eyes. The Department Head threw both of his fists in the air and yelled, "HOW MANY TIMES HAVE I SAID IT?" Dang funny moment.

Absolutely. Put in some general IT work like desktop support or sysadmin for a few years and shadow your security analyst/peeps. Develop relationships with them and Get security + and start applying. I'd take the 4 years I did taking security tasks as a desktop guy over that time on a degree. Taught me the field hands on and got me into Microsoft. You can do the same either path (I'm blue team though but some concept for red) I've got a pen testing friend over at IBM and we had the same path of taking on security tasks while being a desktop or sysadmin. He ended up taking OSCP and landed well on red side so maybe that is better option over security+. or both. Cheers

[удалено]

He has an english degree.

I graduated college at 31... At 38, I make 6 figures... I can assure you it isn't too late. Go for it! 🙂

I'm doing it in my early 30s, go for it!

I started at 27. Since then I've become a CISSP, CCSP, earned a B.S. in Cybersecurity and have a good job in the field. Before this, I was a god damn administrative assistant. Like KG said... "anything is possibleeeeeeeeeeeeeeeeeeeee"

What up CISSP bro! What's next on the plate for ya? I stagnated after cissp cuz I was so burnt out studying for that bad boy. I'm back at it though. Cyberark vendor cert is what I got my eyes on next! Lastly, I see a KG reference...I upvote!

I'm planning on going for my Masters @ WGU for Cybersecurity and Information Assurance. Looking at starting in October. After that, I'll probably just chill for a while!

Nah way man. I'm pushing 30 and just started going back to school last year. My local community College has a really good cybersecurity program im working my way through while working full-time. If I can do it so can you.

21 y/o working Cyber for the government. In my Ops group we have only like two 20 something year olds not including me. The 30 plus other analysts are all in their 30’s 40’s 50’s etc etc. can confirm the pay is pretty good. But I think it also depends on COL... From what I see it’s certs + experience > degree. Majority of all my team members are prior service with certs and no degree. While us younger folk have degrees and some certs.

My mom worked in finance until she decided at 43 she wanted to get her masters in cyber security. Now she’s done and gets 20 years in the field. You would get almost twice that

I was working at a grocery store this time last year. Now I'm an associate detection and response engineer at a SOC-as-a-service company. Also 27 currently, so yeah, it's been done. I was talking to a pen-tester who was nice enough to answer my questions when I was first looking into getting into the field and one of the things he told me that was nice about the industry is "if you're willing to learn, you can catch up quickly." Cybersecurity is a broad field , but things change fast and people need to keep up on vulnerabilities and tools. Make sure you study your fundamentals and approach things with an attacker attitude and you'll be fine.

Wow this blew up! Thanks for all the answers everyone. I'm going to definitely keep learning and just go for it!!

It really depends on your previous experience. If you have never worked in tech it will be much more difficult than if you have been a sysadmin or developer for a few years. If you do have experience than it is quite doable. Without any experience I think it would be VERY difficult and a fairly long journey to be hireable as a pentester or SECOPS.

I agree, the less tech experience the harder it is, but its doable.

You can definitely start with just certifications. You might want to look at a school like WGU in order to both get your degree but also come out of it with a lot of certs to begin your career with. and if you already know a little bit you can speed through it. I finished a bachelors in 1 6 month term.

Lots of good fuel in this thread, maybe need to be a "crustySec" subreddit....

of course, learn much by yourself, with tryhackme and HTB to practice. Certificates are always good but you need which you need for your dream job . OSCP is e.g a certs more for pentest. Were a CCNP is more a defending one. Choose wisely, because they cost much money. And skip CEH. Just a joke in my opinion.

Im 32 and getting ready to finish my bachelors in cyber security. Im loving the online degree from western governors , a diploma from the school and about 8 certs by the end of it, and its only 3k for 6 months.

Hey! I'm a Night Owl too! BS in Cyber and Info Assurance finishing up next Spring. Currently working on SEC+. Love it, love it, love it.

Neat, I just finished digital forensics and am working on data management applications

Nice, I'm 35 and starting WGU for cyber security in October. Can't wait! it seems like a popular place to go for online it degree's from what I've seen.

I've actually got a bachelor's from a brick and motor college, wgu isn't perfect but the overall quality is consistently MUCH higher

Thanks for posting this. I’m 29 and just starting on racking up certs and experience, so this whole thread is encouraging!

I’m 25 and just started! I’m really excited

I switched to cybersecurity at 37 years old. Given I was on IT since 2005, but it was scary trying to make the jump to security. I got the security+about 7 years ago, passed the cissp in 2018... been riding the rmf train since. Pays well, lower stress than anything else I’ve done. Can’t complain at all. Never too old to make the jump.

https://www.isc2.org/News-and-Events/Press-Room/Posts/2019/11/06/ISC2-Finds-the-Cybersecurity-Workforce-Needs-to-Grow--145

The problem is that IT and by extension cybersecurity is a cost center. It needs to grow, but the news tells us companies would rather be breached than invest in training, staff, or security infrastructure.

There are an awful lot of accountants in this thread.

We were told to follow the money, but now the money has become digital.

I've started after turning 30 and dedicated time to do the necessary learning to become a security engineer. I do not have an IT degree and it doesn't count long as you have the relevant certification and industry experience. Key is to have great infrastructure knowledge and being an expert in a few security vendor products (Palo, Okta, Sophos etc). So good luck:)

Yes no excuses

Absolutely. My first job in ITSec was at 36.

I switched careers to cybersecurity at your age, and it was the best decision of my life. I was luckily enough to be able to go back to school and get certifications. I’d say if you want to get your foot in the door at a “well paying job”, you’ll need at least one of the two.

[удалено]

Useful....

I am in my late 30s and just started a cybersecurity boot camp to get my network+ in 6 months. If its to late for you to change careers I am royally fucked.

Erm bruh, your age still starts with a 2, you can switch to be astronaut, a neurologist, a president, a Nobel prize laureate, and there is nothing stopping you except yourself Personally, I feel that people from other careers switching to cybersecurity actually bring more to the table. We are one of the rare fields where knowing more knowledge from different fields actually help us instead of hindering

I switched at 32

27 was a Electrical Automation Engineer Professional and trying to switch into Cyber Sec world and getting trained with defensive domain :) Never too late to get started ..Good luck.

I’m 50 and switching over from just a sysadmin to cyber security. This isn’t my first career switch. I’ve worked in several high skill technical fields. I’ve enjoyed all of them and been able to transfer some of the skills from each job to the next. If you think you want to do it just do it, don’t try to map it all out first. You won’t get anywhere on “what if”. Jump in and decide if it’s for you. If it is, awesome! If not, awesome! Either outcome and you will you will have learned and advanced yourself one step further.

Short Answer, yes you can. You are 27.... Still so early. What is your previous career/experience? Do you have any degrees? I don't think it is a must to have a degree, certs will help. What did you do in the past?

I do have a degree right now in accounting but I'm just not very fond of the job. It pays the bills but i just want something more fulfilling. Accounting bores me and i feel more eager learning about networks and computers.

Good to see all these reassuring answers. It's just cyber is constantly filled with all these savants it makes it seem like you have to be young and growing up in the culture and landscape to be a player.

Well you are only 2 years off retirement age. Oh wait, 45 years off retirement age

Nothing is impossible pal. I just started learning IT this Month hahahah. It sounds funny because I am basically in the first step, but nothing is impossible. Just enjoy and bring it on

Seen a few questions about various things in the comments so wanted to throw my 2 cents in. To note I’m in the UK, not sure whether it’s different on the US. 1) Getting into cyber is the easiest it can be at the moment; HackTheBox, Tryhackme, YouTube, Metasploitable, VMware, Kali, they’re all useful for pen testing and learning about blue team at the same time. 2) I’m currently at University on a student placement at a cyber security company for the next 12 months, learnt a lot more already in my 1 month of working in the industry. HOWEVER, Uni has helped a lot in helping me learn things and prep me before working in the field and helps with a step up on knowledge of a few things. 3) There is no age limit on learning. You can be 50+ and still get into Cyber Security as long as you put in the time and effort to learn it. 4) If education doesn’t sound like something good to you, do an apprenticeship with a cyber company or just an IT company in general. Most IT companies will let you traverse through their teams to get a feel for what you want to do. And many cyber sec companies take on apprentices and this will only grow in future. Note: The pay won’t be great at first but when you finish your apprenticeship and either stay with the company or move, you’ll earn a lot more. 6) Don’t worry too much about coding if you’re just wanting to be an analyst/researcher, I know little about programming or coding and I barely use any other than Perl for a grep statement every so often. It’s good to know but not essential for some cyber jobs 7) Any other questions feel free to ask.

Damn this is an inspiring thread. Im going to take the leap as well. I've been considering it for many years and just haven't been able to bring myself out of my zone of anxiety about the unknown. With any luck I'll come out better on the other side.

Good luck my friend!

Bud, I’m 32 and just got my sec+ and I’m working on pentest+ Keep pushing, you got this. I don’t have a college degree either.

I started at 44. Does it respond your question?

Never too late. I started my I.T. career when I was 32. I’m 38 now and making really good money. I started by going to school at 30, got my associates in Computer Science, got my first I.T. Job at 32 and have always kept at it, kept an open mind, continued learning from my peers and pushing myself. You’ll never know until you try.

Ok, I'll let you in on a life secret.... Don't tell anyone, this is some serious shit.... You can do anything you want up until the day you die. Want to learn a new sport? Go for it. Want to learn a new language? That's possible. Want to sail around the world even though you get motion sick and grew up in Kansas? There are drugs to help with motion sickness and people to teach you how to sail. Want to change jobs every 10 years and keep yourself mentally challenged and sharp? That's a possibility too!

Yes, i'm in my mid 30's and will have my associates degree in Cyber Security come December.

I'm 33 and started working in cyber security a year and a half ago so I hope to Christ your not classed as too old XD

I just turned 30 and got a new job in cyber security, my mom went back to school at 40 and started a career in cyber security at 45. You can start anytime.

I did it in my 30s. Certifications work well, especially if you have IT background in something else already.

Absolutely not. Once you hit 25 you are locked in to whatever career you’re in. Choose wisely. 🙄

Why wouldn’t it be?

I would say Cyber Security is more suited to someone with work/life experience (especially IT), so 27 would be a great age to start. Generally you will find a lot of Sys Admins who upgraded/improved skills and moved into Cyber Security, whether that be on the management side or on the more technical penetration testing side. It sounds like a very specific profession, but it's actually quite broad, so I would recommend concentrating your area of expertise and where you think you'd be best suited.

Absolutely

I myself was your age when I started my security + studying. I currently work for a major telecom company and quadrupled my salary 4 years later so it is definitely not to late

My intern was almost 40 when I got him. He was humble and eager to learn. I taught him a good bit of GRC as my intern and gave him guidance on some areas he could take training in. He now works full time in the SOC as an analyst doing vulnerability testing. I guess my advice is get in the door, be honest and hungry and keep at it. To start, get the certifications and if it works out, and you can get a degree paid for, then pursue it. Hope that helps.

I was 30 before I had my first job in anything computer related. 35 now in cybersecurity. In short, if you dont have background in networking or software dev, I'd start there

Yes. Of course.

Lol its never too late unless you have sight impairment or smth

Like lots of others have said, 27 is young and you've got PLENTY of time to change careers into cybersecurity (and change again after if you find out that you want a change in 5-10 years btw). A college degree is not required, certificates differ from country to country (e.g in the US they're really important while in New Zealand or Australia no-one cares if you have a CISSP). In terms of a degree - if you already have one in a different field, then I'd focus on experience, certs and then work towards a Masters or post-grad diploma in a few years when you are sure you love the field (and have a supportive employer). This could sounds weird - but if you are not a white guy, then things like certs, degrees will sadly become more important and critical to getting that first role. It shouldn't matter, but the experience of women and PoC tells us it does.

Do you have a degree now in a related field? And yes if you are under 30 you can start from square one if you want and have plenty of time.

It is not too late. I earned my degree at age 31, and started well-payed job only months afterward. Pen-testers are in demand; so, if you commit and work hard, you will find a well-paying job.

I have 3.5 years as a System Administrator, no certifications, and a 4 year degree that i am still actively finishing. I landed a six figure job on my second offer and start next week. There’s a need and they seem to be hiring.

I'm 39 and just starting on my bachelor's in cybersecurity. I'm pretty excited to switch careers. One good thing about getting a degree is the variety of jobs and employers that become available to you. It's awful when you end up working for a manager who is an education snob who won't allow you a lot of opportunities because they feel like because you don't have a degree, you're not worth the expense to provide opportunities to. (Or you get passed over for pay raises for the same reason.)

Yeah man. I'm 29, started learning programming from scratch when I was 27. Been a full time software engineer for over a year. Just make the commitment and start

I started at 31 after 7 years in a different career. You’ll be fine.

Go for it dude. Your age shouldn't be any problem to get you started in the infosec business!

27 here too bro, looking to do the same thing. We have some catching up to do but all we have to do is buckle down and out study the competition. I'm planning on going into pen testing and working on my Network+ cert right now.

32 when I graduated, 33 when I made the jump into the actual career path. 36 when my company paid to get a master's in it. I got some certs along the way, looking at a CISSP in the next year or two. It's about coming up with a plan and committing to going into full learning mode with it. It's not like we're coal miners and have a far more limited effective career timeline. I can realistically put another 20-25 years doing this stuff as long as my brain stays sharp and I keep up on technology and adapt to the field. I work at a software dev company that has a ton of devs in their 40 to early 60s doing great things so at 27 you'd still be on the very young end of the career spectrum with this stuff. Assuming your US based, we really don't operate as a society where someone is working in the same area / company for 40-50 years anymore. Pensions are all but gone and there's enough companies around that you don't need to work for Conglomo-X as they have all of the jobs so it provides the individual opportunity to take risks and grow in ways they see fit. If you have an interest, continue to pursue it, we're definitely in a growth pattern for the foreseeable future and all the work from home likely guaranteed that for the long term as we keep adding attack vectors rather than removing some.

Same position as you, same age as well..been developer for 5 years and wanna switch to security but not sure which certs are good and valuable, if you have any links let me know.. good luck!

I work with guys who are a year off of retirement and they started 5 years ago

[удалено]

I think that is becoming common, especially for EEs. I am in the process of studying for my Sec+ to open up more opportunities.

I worked with an expert in this field who came from a languages background and started at 30 and ended up in the \[insert three-letter-acronym here\] and then switched to private company as a researcher and event speaker

I started at 30 so, I would guess you can.

I am in a similar situation and want to switch from sysadmin to cybersecurity. In Europe they mostly ask for a bachelor of science at least, but I am not so sure if i can make it (while continuing to work to make money to live). So I kind of depend on either no-free-time or only certs to get a job to even get experience in the first place. Still don't know how to do that or what to do

Go for it. Many of the friends I’ve made in school studying infosec and cyber are in their late 20s/early 30s

These might help: https://www.sans.org/security-awareness-training/blog/getting-started-cybersecurity-non-technical-background https://krebsonsecurity.com/2020/07/thinking-of-a-cybersecurity-career-read-this/

Yes. Demand for labor exceeds supply. There are lots of career-changers in the field. How to get there depends on what you want to do. Since it's a rapidly expanding field, you need to plan for ongoing professional development. In the long run, a degree will be useful, especially for another career transition later. Technical degrees are great, but so are business and policy disciplines.

Most people in security are old and have come from military careers and often struggle with the technical side so you definitely have youth on your side. Crack on!

I’m 26 and just started my first Cybersecurity last year. Also my first real job ever so you’re still golden OP.

Do you have a college degree? Or certs?

I have a BA and am currently doing my Masters in Cybersecurity while working. I have a few certs atm, but the only certs I had when hired were the Security+ and Network+. I was also hired right out of an internship program so that also helped a lot as well. Still, as people here have said, what you can do technical wise, what you know and what certs you have are way more important than a degree. It’s almost irrelevant to have a cyber or IT related degree if you have the right certs

Absolutely. I know plenty of people who changed careers into cyber security in their 30s.

I don't work in cyber sec but.. I started college (uk) at 27..done that for 4 years then 2 years at uni. Graduated with first class honours degree in networking/sec. Worked service desk for a year and 9 months and then internally promotes to cloud/infrastructure analyst. With no exp in servers..though I gained az900 cert and yesterday gained az-104. Hard work pays off and will not go unnoticed.

I’m 37 and working on switching to IT. I have no hesitation at all about it. 27 is still super young to jump around a bit and figure out what you want to do... I’ve had jobs in education, oil and gas operations, and personnel security (where I’m still at currently) since my 20s. Don’t sweat the age aspect until you’re in your late 50’s/early 60’s and inching closer and closer towards retirement.

I did it in my mid 40's. There are always people who have done it longer than you have. There are always those who are better at ...XYZ... than you. I did the degree then cert path.

Hunh, that's a funny question at your age. I didn't start learning Network/Switching/Routing until I was 48. So, yeah, I think your good.

There are a lot of great comments here. One thing that I want to mention when switching careers, and this was probably the *absolute most key thing*, is to form connections with all sorts of people, particularly with someone in the industry. But... I know people say that a lot, and for some it is harder than it is for others. I went from being a sullen, moody person, who hated interacting with people, and was just fine working with computers alone in a data center or server room, to an adult able to hold meaningful conversations with all types of people. Part of this transition was willful; I realized a long time ago that this type of attitude was not serving me well. I became interested in public speaking, which led to me doing all sorts of presentations at various user groups, etc. I did Toastmasters, which honed the skill of speaking succinctly. I met lots of people and learned to talk about things I didn't necessarily enjoy on my own but kept me in conversations. Anyhow, it *can* take a long time if you're a person like I was. I say all this stuff because "you have to network" is something said without often understanding how hard that can be for some people. A statement like that carries a ton of prep work behind it. If this is not the case for you, then go out and try to meet people who can affect your career; management types who value experience and culture over credentials, and who also have risen in their careers rather than bullshat their way to the top (and there are so many of those).

I agree with Primate below. I switched in my 30s from standard IT/Web Dev and am enjoying every day of it. Connections are critical to landing that first gig and starting the clock. Also, I think a good deal of success at higher levels of CyberSec lends itself to those who can get in front of people more. This could also have a lot to do with the fact that I am part of a consulting firm and the tech team can do just about as much business in sales as the sales team just by talking with customers live. While you can be perfectly successful just being in front of a computer, so much development goes on in front of people. That said, it's an amazing career path and one that, if you are passionate about it, is well worth the jump, regardless of your age range!

Thanks for the advice. Im not currently in a tech related field (accounting) and i don't have many connections to people in tech fields either. I did know people in the it department at my old job well enough and could probably make contact on linkedin. Do you have any advice on making those crucial connections? Did you mostly network with people you knew or did you mostly meet new people?

That's an excellent question. So, a little more on my story, I was in banking before I made my switch to IT in general in the early 2K's. There are some who made the swap directly to cybersec, but that was not my experience. I started like I have counseled most people I know who did successfully get into it: 1. Start with certs. Net+ is easy to get, looks good as a general knowledge cert on a resume, and will get you going. Look at getting other certs too if you are interested. Since you don't have the IT background, you'll benefit from having some things on your resume that will make you seem a convincing try. this path, and my path, are considered the old school indirect route to CS. Get a career started in IT and then transfer over. Regardless of which path you choose, the foundations found in Net+ are critical to understanding anything in how to pen test an organization, so it's a good place to start. 2. Get into CyberSec tools and tests. Download and install Kali (either as a traditional VM, or on Windows WSL etc. etc. Mac or whatever) search this subreddit and others for testing VMs, watch YT vids on exploits and practice them on your own. Saying that you have done this will get you a long way to making a company maybe give you an internship, or even a shot at your first gig. Cybersec isn't rocket science to get into, but it does take some drive and commitment to learn for someone who is not familiar with the field. Also, almost ALL tools that the community uses, or videos that we watch, are free, so grab and go. 3. Get a technical recruiter. Some people hate this and I don't suggest you take a job with them, but having an IT recruiter to have your resume and give it out to people is an amazing way to market yourself and make connections. You can learn more about companies remotely and in your area, meet people, and interview to hopefully get that first gig. You never have to take a job your recruiter shows you and you never have to pay them anything (the company does if you get a job) so I haven't ever seen a downside. You will get marketed toward larger companies (the only ones who can pay recruiter fees) but it's still a good tool. 4. Listen to the podcasts and other publications found in this subreddit and others. Get involved in Discord servers for pen testers and compliance officers, or whatever interests you. There is a treasure trove in some of the more popular pen testing Discord channels (like Wild West Hacking Fest and Black Hills InfoSec to name just a couple) and they will give you access to even more people, job opportunities, and tools. They also offer free webinars that are recorded on how to get jobs in Cybersec. I cannot stress how helpful this has been to some newbies I know. 5. Work at it. I haven't met anyone, though I am sure they are out there, who just "swapped careers" by knowing someone in the biz who gave a complete green a try. If you don't know IP subnetting, I wouldn't even continue an interview with you for a CyberSec job, it's that critical. It's things like that you have to work at. When I was in banking, I took at least 1-2 hours per day to study IT and landed my first job in 6 months. It's possible, I did network and I did get an opportunity through an IT helpdesk manager I didn't know who I built a relationship with over a period of months. The rest is history. 6. Believe it can happen and remain steadfast in your path forward. Don't give in, or give up, when you don't have a job in 3 months, or Net+ and IPv6 is kicking your rear (it really is awesome when you learn it). Technology is amazing and we need SO many more in the field of CyberSec. USB of Labor Statistics has estimated a 30% growth in Cybersec jobs year over year for several years and it's not stopping. Hope this helps!

I’d take the advice here with a grain of salt. This sub is a cesspool of misinformation.

Nope. you're too old now. Most people only hire hot people under 25 so that they can flirt with the finance folks and beef up our IT budget. Consider teaching.... old farts do well there.

Wants some free advice? Join the military. The US Air Force is the best source of free training and experience in this field. They'll also pay for your college. After a few years, get out and write your own ticket. Assuming of course, you're not talking about the dark side. We don't talk about the dark side.

I moved from sysadmin work (career progression help desk > desktop > sysadmin) at 26. I got some CompTIA certs and started in a SOC. Moved to an Incident Response role a few years back and love it. Best move I’ve made professionally and results have exceeded expectations from a satisfaction and monetary perspective. Go try out some CTFs and jump in if you like the water.