Switching career to information security

haribol

I am currently a Sr IT program Manager in one of top Software company. I have approx. 21 years of working experience in product development and IT program management. I am trying to switch to information security field and started online Masters in Cybersecurity from UTICA college, which is expected to finish in late 2017. The Program is good but it can not be a substitute of real world experience. I tried few internal jobs within my organization but considering my current level in the organization, they require more experience in the security field. It is a chicken and egg situation. I am bit hesitant in trying security job in outside market because i will face a similar situation. Sametime joining lower position is not feasible due to personal constraints. Please share your experience if you had faced a similar situation. What other skills i should acquire in parallel to my degree.

Danielm7

This is a difficult situation because of how far you are in your management career and not wanting to take a lower position at the same time. Now, are you planning on the MS program to go to a management role in infosec, or planning on going straight technical? I went from a systems engineer to a security role, and even then I went in as an analyst and them moved up.

What makes you want to change to security after 21 years in management?

636-555-3226

What are your weaknesses? Most master's programs won't teach you the real-world skills like Nessus, Splunk, Snort, Metasploit, OWASP ZAP, etc.

What do you want to do? Are you looking to run a program or be in the trenches? Large companies have more segregation of duties, small- to mid- you'll be doing a mixture of both.

devilbones

From your perspective, how do you think it should work? With all of your years of experience how do you translate that into the security side of the house? If you were to transfer over what level do you think you should come in at? I know it would be really hard for me to take a pay cut and my company wouldnt even let me take an entry level position. I kind of feel like I am being cornered into a PM position soon and I am curious to know what it is like going the other way.

TechGuru80

Have you looked at smaller companies that would force you to have InfoSec responsibilities? Not necessarily you doing the work but having oversight. You would start being responsible for compliance, InfoSec tool capabilities, and other stuff...while still managing stuff you are familiar with. I would think that type of situation would allow you a better shot because large organizations don't want you to have never performed any kind of compliance audit and in a a manager role. I would also look into manager level certifications like CISSP, CISM, CRISC because you will probably have some of the technical knowledge and can pick up more manager based InfoSec knowledge.

If you don't want to be a manager, you would have a tough time because you have to get hands on with the tools and that basically would force you into a lower position.

Mike7

Unless you are very hands-on, you are probably better off going for a management type position. Since you mention software, secure software development is another possibility.


This may be useful. So, you want to be a security pro? Read this first | Network World

The_Expert

I would stick to your Management career, unless you absolutely want to start over again... For me, I was in Management at one point and decided to change careers. I'm now doing Security, but had to start at an Analyst level due to the lack of experience in that area.

I was also tired of managing people and wanted to do more technical / hands-on type of work again. So, most days I'm okay with what I am doing - but sometimes wish I could still make decisions like I used to be able to. Now, I take orders and can only offer suggestions to Management.