I’m a cybersecurity enthusiast and a total newbie in the field. Currently working as a PHP Developer and my gut is telling me to pursue a career path in cybersecurity instead, do you think it would be worth the risk thinking that I have to start from scratch? Or should I stay as a developer? I’m also thinking of taking courses like the C|ND to somehow catch up with the knowledge that I lack? I’m lost and I have no idea where to start or whether to start at all. Please feed me insights and I’ll greatly appreciate it. Thanks!
I got into the industry through interest in computing, finally did a degree and then got into the industry and I have had tons of fun in this industry and worked from a smaller infosec organisation and jumped to a much larger comapny. There are a lot of people I have talked to that would have loved to have a developer transition to infosec than try to train someone that doesn’t have any or little coding ability. It depends on the kind of salary you are on right now I think. There are a lots of companies that value experience over certs, for example my current place sat me down infront of one of their training boxes and told me to work through a box as the interview! There is so much in this industry that you should never get stagnant or bored and having a coding background would only work in your favour in my opinion.
I’m in the same boat, though for the past six months I’ve been in a full stack role working closely with our internal infosec team to remediate a decade’s worth of vulnerabilities and refactoring really poorly written PHP.
Given your background in development it will aid your transition into infosec, though it might not be a clean cut-over. Given the vacuum of talent in the industry, it’s kind of a seller’s market right now. As Th3R3dP1ll said, depending on your current salary scale, it might even be a positive financial move.
As for acquiring skills – just start knocking out challenges. If you have something you’re interested in, read about it and see if you can replicate it. There are tons of VMs you can run locally to get your sea legs underneath you, then you can transition to “real world” scenarios as in much of what is offered here. For instance, check out DVWA and metasploitable. Maybe a couple courses on udacity would be in order to get familiar with the tools of the trade.
Feel free to reach out if you have any questions. I’m still learning but have been into web app hacking for over a decade, so I like to help those that are still starting out.
Also why not both? Depending on the size of the company they might be happy to provide you with opportunities in the infosec space that start small and can grow into something cool. I have a software engineering background as well and 3 years ago I decided to learn about data science and machine learning (actually I’m mostly here to gather domain knowledge on cybersecurity and transition my ML skills onto that domain, but that’s a different story…). I ended up doing 2 courses, 1 online, 1 in-person bootcamp to get my feet wet, and talked to my boss about my interest. These days I’m in a 50/50% technical architect / hands-on data scientist role building data pipelines and models, with absolutely no paycut. #geeklifeisbestlife