Have I wasted 30 years of my life?

bhoops

TLDR: Bitter old JOAT without a degree thinks the grass is greener in Infosec, has one more chance.

When I was a teenager in the 80s, computers where my hobby. In the late 80s, I dropped out of college and got a warehouse jobs, so I could focus on martial-arts. Within a year I was working as a JR Programer. All the MIS people were mainframe programmers, and I was the PC programmer. Over the next 10 years, PC/LANs exploded in popularity, and I rode that wave, though I never got a degree. Met a girl who wanted to lived somewhere else, and I started a 10 year trek across America, always being the "new guy". This was not easy since I didn't have degree, but the economy was in a bubble. Then the tech bubble collapsed, and it was like the music stopped, and I've since changed jobs very few times. Years added up, broke up with girl, spent my time testing out new technologies because work was boring. Couldn't move on or up, for lack of degree. Never got involved with Infosec because I felt like I had missed that chance.

Now I'm almost 50, no degree, hard to change jobs, doing devops, and JOAT work. My coworkers, who have Masters, and are very good, long ago locked up the more interesting things to work on. I'm bored out of my mind, programming for other people is no longer fun, and have been passing the time trying various get-rich-ideas (iOS apps, websites, etc). I do still like playing with technology. Seeing the grass is always greener on the other side, have been thinking about trying to get in to Infosec. I do like helping people, and I do like the cat-and-mouse aspect of some of the jobs. In the spirit of Office Space, I asked myself what I would be doing if I had millions, and I thought Infosec would be the most interesting work, considering I like helping people, and going after bad guys.

Tried a few B&M colleges long ago, and some online ones recently. My favorite, on paper, was NAU, but I quickly got tired of writing essays. I had tried WGU but was too much of a perfectionist, and would not take the tests until I would get a 100. It took me 3 months per class, would graduate at 62. At my day job, they like me, and want me to stay, and will allow me to work on things. So I'm considering creating an "Infosec Initiative" in the area I do most of my work. I am also considering going back and trying to get some certs (A+ first), and see if I like it better doing it on my own (non-WGU). If I got enough certs, I could go back to WGU and skip most of the classes. If I played all my cards right, I could get certs, degree, and work experience, all over the next 3-5 years.

Or, I could just get some certs and work experience, start applying for Infosec jobs. But I still would not have a degree.

What not having a degree has taught me, is: I can only get jobs where someone already knows me. They will offer me 20%-30% less. I will never work in management. I will get less non-salary perks. They will expect to me to be better than the people with degrees. They will expect me to work longer than people with degrees. In my experience, people without a BS make 25% less than those that do, and people with Masters make 25% more, on average. The ceilings are also much higher, the higher your education is. Anyway, I am jaded, and getting old. I can probably make one more major change in my career, that can be built on over the next 15 years, so I'm trying to think carefully.

Techytach

"I like helping people, and going after bad guys."

Not in infosec but I did my own research and it is not what a lot of people think. First you aren't catching any bad guys (far as I know.) You're either patching security exploits, doing crap tons of paper work, monitoring networks, or seeing things you'd never want to see AND mountains of paper work(digital forensics.)

There will be way better people that can answer in better detail, but my general impression is that people do infosec for money, not fun.

Ertaz

@=bhoops;

From one old JOAT to another: You have a good plan. You have to finish what you start. Start progressing toward a high end cert. Set deadlines for yourself and meet them.

NetworkNewb

bhoops wrote: »

I thought Infosec would be the most interesting work, considering I like helping people, and going after bad guys.

Sounds like being a cop would be a lot better fit than infosec. Not sure in infosec you would get much of chance to do those kind of things. At least from my experience in it.

Danielm7

I'm pro education, but you have 30 years of experience, it's not a degree that's holding you back at this point, it's either your employer or you. There are still companies that won't hire without a BS, I totally get that, but if you're doing the same job as someone with an MS and they're getting 50% more than you then you either work at a really goofy company or you're letting them lowball you because you're insecure about not having a degree.

If you're going to pick a path and are currently in devops, why would you start with the A+? Is that only because it'll knock it out if you go back to WGU?

As for creating an infosec initiative at your current company, that's a decent option for now. If you can do that, pick up some security related cert or two, then look elsewhere having experience building up an entire security department from scratch. That would bypass the "no security job experience" wall a lot of people seem to hit when coming from other concentrations.

Also, as others said, you really might just be feeling the "grass is always greener" syndrome. You're almost never going to catch a bad guy. You're likely going to get frustrated trying to push people to do security correctly and frequently having to compromise. Don't get me wrong, I really enjoy the security field, but it's nothing like the movies.

docrice

Infosec can be quite frustrating and the grass isn't necessarily greener. However, this is very dependent on the organization you work for as some are more compliant-oriented than anything else, and there are always business priorities which override the need to do security properly. It's just the way the world works and infosec can be a constant catch-up game and often you might feel like not much is getting done other than clean-up work and ticking a checkbox for management.

I think this attitude is slowly changing though given the heightened sense of business risk in our current climate. Lots more attention being paid by stakeholders. But if you really want to get into security, you must have your own initiative to dive in, constantly read/keep up/experiment/adapt. The area does pay decently well, but is also high maintenance and this all requires mental stamina and resilience. It's not for everybody.

Having a generalist background is a good thing as it helps you holistically see the picture of the environment at once. If you really want to be in infosec, now's the time to figure out which specific areas and invest yourself. Certs are fine, but don't become the paper tiger for the sake of it because many security practitioners don't bother giving them too much credit. Think about depth-of-knowledge in your domains of interest.

evarney

@=bhoops
0. It sounds like you probably know more than most people with degrees but will have difficulty proving it. I really feel for you and I respect the initiative you have and the desire to survive. The problem is when people look at resumes they don't care what someone did more than 7 years ago in our field. I think the one exception to that might be in programming languages like C++, cobol or something like that.

a. Look at defense contractor positions. There are plenty of jobs that you can take if you are willing to assume the risk of being jobless when the option years are cut.

b. don't let that stop you from applying for federal jobs.

On certs:

1. Many certifications are on their way to being worthless. Even the gold standard valuable ones that Cisco created aren't required to work for Cisco; with the exception of TAC. that's the first clue...that said, you may only have a max 10 years of work ahead of you if you plan to retire at a reasonable age. We need to be thinking ROI here.

2. Just because I said certs aren't what the are cracked up to be, doesn't mean you shouldn't have them. But I am getting disgusted with COMPTIA; the pricing is outrageous for what they are. $250.00 USD for the security+ is pricey....be discerning. If I spent my last 250.00 on a cert, I'd make sure it was something that would get me a job interview and the job.

3. Knowing someone isn't a bad thing. I think of a college degree as just a expensive recommendation letter.

Someone, somewhere both knows you, possibly was helped by you, and may even owe you a favor. Somewhere in life you fixed something that was messed up and someone saw it. Even if it means working for someone who once fetched your coffee, it's not a bad thing. Hopefully you treated him or her well and they want to return the favor and teach you to fish. A lot of people would love to work with someone who is hungry and will help them complete tedious tasks that they would otherwise do on their own.

4. On degrees; paying out of pocket at this point is not a good idea because we need to be thinking retirement. See if you can find an employer that will pay your way through school. There are on-line schools out there that are less shady. WGU seems okay; but i would definitely see if you can't get through that in one term if that is on your own dime. Realize that you are essentially buying the accreditation of the degree and earning your certifications.

5. Management sucks. That said; if you get a degree; you might be able to get a job doing it and leverage your relevant (but not applicable) experience of mainframes and the tech of yesteryear to guide young people.

6. Reduce your personal costs. I hear you saying your going to spend money throughout this entire post.

7. Good luck. I hope you get where you need to be, not necessarily where you think you want to be.

scaredoftests

Stop that thought process..NOW.

mikeybinec

Actually, I envy you.. I have the degress and a cert and can't even volunteer anywhere. I'm blaming the economy

byron66

@=mikeybinec;

It might location for you.

docrice

I forgot to comment on the issue of obtaining a degree. Some places absolutely require it, other places will consider equivalent work experience. After 30 years in IT, that should more than make-up for the lack of a degree at many places.

As others have mentioned, your location matters a lot in terms of employability in regards to this. At your age, I'd likely skip the degree (or run through WGU while still working) and get into infosec. But you have to be very aware of the many paths within security that you want to specialize in while at the same time ensuring that your foundations are sound.

I assume you've already combed through the many, many threads on breaking into infosec on this forum and have at least an idea what area(s) interest you.

bhoops

Techytac: "my general impression is that people do infosec for money, not fun"

When I know that people ("bad guys") are actively trying to penetrate and exploit systems that I have been entrusted with, there is a very real challenge to defend the system. Maybe it's more of a "duty" than "fun", but the few times I have done it, it was challenging. It also utilized a lot of my skills. For example, I worked at a place that got hacked, and I had to help the Windows Admin with a bunch of open source infosec tools to figure out what happened.

Ersatz: "From one old JOAT to another: You have a good plan. You have to finish what you start."

Thanks. 90% of the jobs I see require a college degree. I've actually been flown out to interviews, only to have them realize I didn't have a degree, and turn me down because of that. After the Applications manager told me he planned to make me an offer. Having said that, I currently have two job prospects that both know I don't have a degree, but the hiring managers know me well. I've never got far in a hiring process with someone who didn't know me, and I am hoping the degree will help solve that problem.

Danielm7: ""it's either your employer or you"

It's both. I usually only look for a new job when my current employer goes out of business, which is not very frequently. Companies usually lowball candidates that are unemployed, and candidates that are degree-less. I could have structured my career better, to give it more direction.

"why would you start with the A+"

Because it's part of the COMPTIA bundle that almost every WGU degree requires. Plus, I wouldn't mind learning this stuff officially. Most of A+ I already know, so I thought I could do it quick, and get a good start.

"it's nothing like the movies."

How about TV, is it like Mr Robot?

networker050184

Hate to break it to you, but it's much likely it's your skill set holding you back not your degree. Go after the education sure, but there are likely a lot more things you can do in the interim to help yourself. You're resume likely looks very unappealing to employers right now. Thirty years in the field, haven't moved into an advanced position and no education or certifications. With all those years on your resume A+ isn't going tyo do anything for you. Start looking into more advanced certifications. The lack of degree is probably the least of things holding you back right now.

tmtex

I am mid to late 40's, was laid off last year, had/have a real hard time finding a job. I have 2 Associates but I think my problem from getting a job is the interview. I am terrible at it. Many places including entry level helpdesk will require Degrees that pay 15 an Hr. Then again Many don't or do the degree with experience thing. Certs also can over power a degree depending on what your doing. Seem like today every one wants ITIL

Chinook

@OP

Sounds like what you need is short term, mid term and long term goals. Here's what I would recommend (and I'm an old timer)

1. Develop a goal of where you intend to be. Write that goal down on paper and set reasonable targets.
2. Take a course in communication and learn how to write a cover letter & resume
3. Develop your interpersonal skills. There are classes for this stuff. Work on this until talking to people becomes so routine you don't think about it. Find that confidence and you'll walk into any interview & blow them away.
4. Work on personal appearance. If you're not going to a gym, join one and go.
5. Work on dress. Find someone who understands color matching and dress & go shopping. I don't mean spending $2000 on suits. I mean dressing sharp. For example, I wear a suit jacket, good shirt and jeans.
6. So you're over 50? Stop seeing it as an albatross and see it as beneficial. I'm 47 years old myself. Age has brought forth some things that can't be learned like patience, conceptual thinking & maturity. Focus on those positives.

As for education, we could debate the the merits of a University degree. I know a whole bunch of guys who have no degree but excel in life. All of them share one common trait. They are focused on their career. Be that person and you shall thrive.

Don't be afraid of personal improvement either. Humans are funny. They will spend thousands on courses to be an accountant or a doctor but spend nothing on learning how to improve their communication skills or interpersonal skills. Take those classes, join those groups, get out and do that stuff. Along the way you'll meet some cool people. And you won't have to chase the girls around the country, they might just chase you.

Good luck.

Savyk

Hi

My two cents worth - have you wasted 30 years of your life...No.

You have gained 30 years of experience in your respective field/s. Degrees are great and yes they are a prerequisite for many jobs and to circumvent HR filters but I think most here will attest that IT is such a broad field that a degree cannot hope to cover all areas.

Reflect on your strengths and build off that. Smash it brother, 3 feet from gold, always remember that.

Savyk

Mishra

Your question is have you wasted your life and likely the answer is no. I have friends who work warehouse jobs and play video games all day. If that keeps them happy, then they are leading the more rewarding life possible. Happiness is key, keep working toward that goal.

I'm assuming you are also looking for opinions on your approach? I would suggest reading some stories on other ways people found what keeps them going. For example, teaching could be something that keeps you rewarded for the next 10-20 years. Focusing on a specific area in IT may be a little too narrow for you at the moment. Easy to be wrong here though.

TheFORCE

bhoops wrote: »

Tried a few B&M colleges long ago, and some online ones recently. My favorite, on paper, was NAU, but I quickly got tired of writing essays. I had tried WGU but was too much of a perfectionist, and would not take the tests until I would get a 100. It took me 3 months per class, would graduate at 62.

As others have mentioned, it might be your approach more than not having a degree. My previous CISO had no degree but he had experience and some ISACA certifications and he made it very far. You might be too harsh on yourself especially at 50 you should have life experiences that should help you manage things, instead you are not finishing them.
I will say 2 things regarding the quote above. We live in an imperfect world so trying to be a perfectionist is a losing battle from the start and only bound to drive you crazy. Second, the world of IT is a fast pace, rapid change and fast evolving world, you can't expect to be perfect with everything when the tech is moving so fast. Unless your goal is to work for a company that values degrees then a degree is a just a degree no matter what GPA or grade you had at the end. Finish WGU and see if things will chance, my opinion, you need to work on your soft skills also though.