Starting cyber security with 12 years of software development background.

Hi

I know there are many experts here in cyber security and can help me in diving to cyber security ocean. I have 12 years of software development background. From past 4 years I am working on getting FIPS, JITC certification to my software applications. With the knowledge of software libraries and TLS protocol, etc, I am interested to move into cyber security area. Request to provide more knowledge on is that a good decision to move from development to cyber security with 12 years of experience. Which certifications shall I plan to complete to land in a good job in the cyber security with my previous experience.

Thanks in advance for your suggestions.

Nvntn

Find more posts tagged with

CERTIFICATION

specific skills needed in cyber

cyber security skills gap

CEH

Accepted answers

All comments

Nvntn

Also wanted to know the area in cyber security where my previous skills of software development would help for my future career in cyber security.

odomscd

I would like to know the answer to this as well1. I hope someone gives you an answer soon. LOL. I will keep checking back.

iBrokeIT

DevSecOps is the latest buzz you could jump on to...

odomscd

iBrokeIT: I just looked up what DevSecOps is. Can you recommend a site or a course to learn more about this? Thanks

odomscd

I found DevSecOps.org

iBrokeIT

You could also search that term on youtube for some great talks

Infosec_Sam

@JDMurray might have a good answer for you! I know he had a software development background before getting into cybersecurity.

the_Grinch

I'd say any of the normal cybersecurity certifications should work for you (CISSP, Security+, etc). The big question is what aspect of cybersecurity are you trying to break into? Your software development background would help you in any of the cybersecurity realms, but to really answer your question we'd need to know where you'd like to end up. Pentesting? Auditing? Network Security? System security? All great paths, but all require a different road.

JDMurray

The good thing about a cybersecurity professional having a software background is that they understand how the technology works on the inside with respect to how data processing and logical decisions are performed. Knowing how software actually controls hardware is necessary too. All hardware is useless without some sort of software/firmware/microcode to tell it how to process data. You also understand first-hand things like what a patch is and how networking really works from a software perspective.

The bad thing about being a software security professional is that 99.9% of the problems you will work on are about software engineering and not information security. Many people volunteer to work on OpenSource security software projects and end up learning nothing about security from it. (For example, learning how to write a Malware scanner will teach you almost nothing about Malware itself.) You will need to move away from working in software as your primary responsibility in order to become a practiced InfoSec professional.

odomscd

Now that I have been studying the different paths and certs, I think that the DOD does a good job of lining up the certs to different career paths. Some of the certs appear to be multi-functional. Take a look at the DOD baseline chart "https://public.cyber.mil/cwmp/dod-approved-8570-baseline-certifications/". I think it will give you a good start to understanding what to select. I keep referring to it.
It also has a table that lists the Certification Providers associated with each approved certification.