April 8, 2021

Is my Cybersecurity Career Development Plan Viable?


Over the past two years I’ve been schooling/certifying/working towards a career in cybersecurity. As of right now I have a AAS degree in Network Administration and am currently still in school for Cyber Operations Engineering with a certificate in Computer Forensics. I have also worked part-time as an IT lead for a financial services company and currently work part-time as an MSP technician. My career goal is to get into a purple team environment as I love aspects of both offensive and defensive security. However, I also love working on systems administration and infrastructure/engineering.

I spend a great deal of my free time labbing and working towards certifications. I have a physical lab environment consisting of several servers, routers, switches, firewalls, wireless stuff, etc. However, I haven’t really been working towards anything security specific. I have been doing some CTF-style learning on the side (TryHackMe), and work on fundamental programming with C, Python, PowerShell, and Assembly. Most of the time I work on infrastructure stuff. I spent all of last year certifying for the MCSA 2016 (Windows Server) and will be taking my CCNA exam very soon this year. After this I plan to continue learning up on firewalls and wireless security. Towards the end of this year I want to transition from networking to Linux, specifically, certifying for RHCSA and getting a grip on BASH and SELinux. After that I’d like to move onto the cloud; playing around with Azure, AWS, and VMware. Then somewhere down the line I want to really get into the cybersec stuff: pentesting, threat hunting, forensics, etc.

All of this is going to take **at least** two more years just to get a fundamental understanding in these areas. My current philosophy is that one has to understand core technological fundamentals before being able to apply security. As an example, I have several classmates in a network security course who do not understand fundamental routing or switching concepts, hence their ability for an overall understanding in network security is limited. I suppose my main concern is whether I am going about my career goals the right way. Am I making good use of my time to develop my skills to where I want them to be? I have a decent foundation in fundamental infrastructure such as networking or Windows Domain environments; but have almost no experience with security analysis, threat hunting, malware analysis, pentesting, or vulnerability assessing (all the security heavy stuff).

Based on your guys’ experiences, should I slow down my crusade for broadened IT knowledge and instead focus and develop one area of skills such as pentesting? I feel conflicted about what to do. I really do enjoy many aspects of IT and would like to have work experience in different areas. On the other side, I feel like I have to be realistic and develop a skill well enough to the point where I can market myself as an expert in something instead of attempting a jack-of-all-trades type of deal.


TLDR: Conflicted about how to properly transition into cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.