Making The Change To Cyber Security

Background

Before I go into the details of this post, I thought it would be useful to share a bit of background about myself:

I have always had an interest in technology, from a young age I spent a significant amount of time figuring out how computers work and identifying ways in which you could circumvent controls (I spent a lot of my evenings creating scripts to send to friends on MSN to open their CD drive or shut down their computer).

For many individuals from a South Asian background, there was always an emphasis on obtaining a career in finance or a health-related industry (Doctor, Dentist, Pharmacy, Accountant etc). I won't go into the details but I believe this was due to the job security, reward and social status within Asian communities. From what I have seen, over the past few years, this view has changed due to the success of individuals working within the technology & other sectors.

Whilst I was at school there were few opportunities to develop skills in this area and most of my 'IT' lessons comprised of creating databases in Microsoft Access or learning how to format a word document. I am pleased to see that the curriculum has changed and students are learning computer science from both school and websites such as Youtube, which have significantly increased access to knowledge. On top of this change, advancements in technology & how it's viewed has made it something that is 'cool' for kids to know rather than 'nerdy' - A good example of this are the recent Spiderman movies (yes I am a Marvel fan) where all the kids are into technology. I've noticed this a lot with my nephew who has started to learn to program in school.

University life

Due to the factors listed above, I ended up joining The University of Manchester to obtain a degree in Pharmacy.

By the time I was in the second year of my degree, I considered leaving multiple times to see what other opportunities/degrees I could go for, however, I was nearly two years in and didn't want to explain to people (my parents) that I had 'wasted' two years by taking a degree I had doubts about in the first place. (For students that may be in a similar position, I would encourage you to not think in the short term as I did but focus on the long term. I also want to point out that if you are getting close to the end of your degree and want to look at other career options, a lot of graduate scheme do not care about what subject your degree is in.)

During this time I discovered backtrack (now known as Kali Linux) and started spending more time learning about the features of the Metasploit framework, WI-FI cracking, social engineering and identifying web application vulnerabilities. Once I got to the point where I was sitting at the back of the lecture hall and learning about cybersecurity rather than the actual lecture, I knew this was the career path I wanted to go down.

Looking for a job in Cyber Security

I applied for a few jobs during my 3rd year in Pharmacy (Pharmacy in the UK is by default a Masters Course so you can leave after 3 years and obtain a degree in Pharmaceutical Sciences), however, most of my applications were unsuccessful due to a lack of experience.

I completed my degree in Pharmacy and my training year (pre-registration) before I started the job hunt again. Unfortunately, I was still unsuccessful, mainly due to my lack of understanding of the job market.

Fortunately, at this point I expanded my network and made a few friends working in consulting and software development - they recommended I look for graduate schemes where there were no requirements to have a technology-related degree or professional experience.

The hunt started and after several applications to consulting firms offering graduate training, I secured my first job in Cyber!

How I have found the change?

Firstly, I want to say, looking back, I do not regret continuing my Pharmacy degree and obtaining my registration as a Pharmacist. I've had a lot of good things happen by continuing down this path and I still managed to obtain a career in Cyber Security. I have also retained my registration as a Pharmacist and still keep up to date on what is going on in the sector.

One of the hardest parts for me when moving career was the 'imposter syndrome' I felt. With a lack of 'professional' experience, part of me felt that any minute now someone would turn around and say "you shouldn't be here". This feeling made me less confident in answering questions or participating in calls in case I said something wrong. I had never heard the term 'imposter syndrome' until I started reading about people talking about it on social media. Listening to other people speak about it made it easier to overcome and build my confidence.

Based on my experience there I have listed a few (cyber and non-cyber) points I want to share with people looking to make a career change :

1. You have a lot of transferrable skills which will benefit you regardless of the switch you make, e.g. my experience communicating with patients has made me more confident when on calls with clients.
2. Whilst you are younger and have fewer responsibilities, being in a career you enjoy and feel you can progress in is more important than having a job that pays you more. For transparency, the switch almost halved the income I was getting, but I know that within a few years I will be on the same salary if not more. I understand that for some people that this may not be feasible.
3. Being in a career you enjoy improves your mental health - you suffer from less frustration, stress and anxiety, especially when thinking about the long term.
4. Until you take the plunge and try something else out, you will never know if you've made the right choice or not. If you have a career where you can easily come back (such as Pharmacy), it's worth taking the risk.
5. Cyber isn't just red-teaming/pen-testing - Having this belief was one of the reasons I found it difficult to find a job.
6. Following on from the point above - Cyber isn't just for individuals with 'hands on' technical experience.
7. Enjoying what you do leads you to be more successful, as you are more likely to put in the extra effort to learn and develop.

Future Plans

By this September I will have been working in Cyber Security for as long I was working as a full-time Pharmacist, I have absolutely no regrets and cannot see myself going back to Pharmacy. I will retain my registration as a Pharmacist until I reach a point where I can no longer keep up with the changes in this sector.

As you may be able to tell from my previous posts, as part of my career I have obtained experience in cloud security. This is an exciting and rapidly changing area and I hope to focus on this for the foreseeable future, however as I mentioned earlier in my post, there will be a requirement for me to up-skill as technology evolves.

Final points

1. Rather than staying in a career you are not happy with for the next 30 years constantly look for opportunities, it may take a day, week or a year but when you do make the change into a career you enjoy you will not regret it.
2. My dad always said to me "With this current technological revolution you will constantly need to upskill or reskill" – Getting into a habit of taking some time out to either do some self-learning or development may help you achieve your goals, whether that is a career change or something else
3. Network, network, network – This may not help you find a job but it broadens your perspective on what is available. I use Linkedin for professional networking but Twitter is also great to see what other people within the community are working on and you can connect more informally.

If you want to reach out to me or have any questions send me a message on Twitter: