Starting cyber security with 12 years of software development background.

NvntnNvntn Member Posts: 2 ■■□□□□□□□□
Hi

I know there are many experts here in cyber security and can help me in diving to cyber security ocean.  I have 12 years of software development background. From past 4 years I am working on getting FIPS,  JITC certification to my software applications.  With the knowledge of software libraries and TLS protocol,  etc,  I am interested to move into cyber security area.  Request to provide more knowledge on is that a good  decision to move from development to cyber security with 12 years of experience.  Which certifications shall I plan to complete to land in a good job in the cyber security with my previous experience.  

Thanks in advance for your suggestions. 

Nvntn

Answers

  • NvntnNvntn Member Posts: 2 ■■□□□□□□□□
    Also wanted to know the area in cyber security where my previous skills of software development would help for my future career in cyber security. 
  • odomscdodomscd Member Posts: 19 ■■■□□□□□□□
    I would like to know the answer to this as well1. I hope someone gives you an answer soon.  LOL.  I will keep checking back.
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    DevSecOps is the latest buzz you could jump on to...
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • odomscdodomscd Member Posts: 19 ■■■□□□□□□□
    iBrokeIT:  I just looked up what DevSecOps is.  Can you recommend a site or a course to learn more about this?  Thanks
  • odomscdodomscd Member Posts: 19 ■■■□□□□□□□
    I found DevSecOps.org
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    You could also search that term on youtube for some great talks
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • Infosec_SamInfosec_Sam Admin Posts: 527 Admin
    @JDMurray might have a good answer for you! I know he had a software development background before getting into cybersecurity.
    Community Manager at Infosec!
    Who we are | What we do
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I'd say any of the normal cybersecurity certifications should work for you (CISSP, Security+, etc).  The big question is what aspect of cybersecurity are you trying to break into?  Your software development background would help you in any of the cybersecurity realms, but to really answer your question we'd need to know where you'd like to end up.  Pentesting?  Auditing?  Network Security?  System security?  All great paths, but all require a different road.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    The good thing about a cybersecurity professional having a software background is that they understand how the technology works on the inside with respect to how data processing and logical decisions are performed. Knowing how software actually controls hardware is necessary too. All hardware is useless without some sort of software/firmware/microcode to tell it how to process data. You also understand first-hand things like what a patch is and how networking really works from a software perspective.

    The bad thing about being a software security professional is that 99.9% of the problems you will work on are about software engineering and not information security. Many people volunteer to work on OpenSource security software projects and end up learning nothing about security from it. (For example, learning how to write a Malware scanner will teach you almost nothing about Malware itself.) You will need to move away from working in software as your primary responsibility in order to become a practiced InfoSec professional.
  • odomscdodomscd Member Posts: 19 ■■■□□□□□□□
    Now that I have been studying the different paths and certs, I think that the DOD does a good job of lining up the certs to different career paths.  Some of the certs appear to be multi-functional.  Take a look at the DOD baseline chart "https://public.cyber.mil/cwmp/dod-approved-8570-baseline-certifications/".   I think it will give you a good start to understanding what to select.  I keep referring to it.  
    It also has a table that lists the Certification Providers associated with each approved certification.  
Sign In or Register to comment.