Moving from Agile Delivery to Cybersecurity?

Hi all,

My first post, so a quick intro. 25+ years in IT and software engineering, started as a C++ programmer and then Java. Software engineering for around 10+ years then naturally started leading software delivery teams and moved into agile delivery management / head of delivery roles on large programs with multiple Scrum and Kanban teams under scaled agile frameworks (SAFe, LeSS, Nexus, etc).

I’m 49yrs old in a few months and have concluded after much deliberation that I really miss the more technical/hands-on side of IT and have ‘always’ had an interest in information security and cybersecurity. As such, I’m looking to work the latter part of my career (next 15 yrs) in cybersecurity, if possible. I know there are ‘a lot’ of different roles ranging from hands-on pen tester type roles, through to consultants, forensics, etc. but I’d like to start back at the basics with entry level certifications to help me decide my chosen path.

I’m thinking compTIA is a good starting point, perhaps pursuing Network+, then Security+ and perhaps later tackling CISSP and CISM depending on progress, opportunities and the role(s) I gravitate towards. Does this sound like a natural certification path into Cybersecurity?

Note, I have a BSc and MSc in Computing and a lot of certifications in the delivery management (e.g. Scrum Master, Product Owner, Scaled agile, ITIL, MoP, MoR, Prince2, etc) but no certifications in security.

Any thoughts / advice gratefully received.

Thanks, Ant

Hey Ant,

Welcome to the community!

First off, you are coming in with heck ton of transitive experience that would apply straight-off to a lot of mid senior to senior positions. A background in software engineering and IT and eventually in delivery management would make you a really attractive “resource” based on the underlying universal requirements of most cybersecurity roles.

You are pretty on point for a generic cybersecurity certification pathway.

I just have a couple of suggestions:

  1. You could theoretically skip taking the actual exams and just study for the certifications instead. This way you are not spending money on something that may or may not get you a role. A better way would be to include it(whatever you are studying for) on the resume and add an indication that you don’t have the certification itself. In the potential recruiter call, you can always attest that you would be able to appear for the exam within 30 days of joining, if it’s an absolute requirement of the position.
    This ensures that you don’t end up spending money on something that isn’t absolute. This works much better for vendor specific certifications like AWS or GCP or even for stuff like Splunk, Fortinet and other technologies.

  2. If you have made up your mind to still earn one of the certificates, that’s absolutely fine. I would recommend doing a market analysis though. Start with a generic research about the kind of roles in your area, or the areas that you are open to relocate to. Then look for other people who are already in those roles and try establishing a connection with them. Ideally you would want to be able to understand from them, what exactly helps in a successful hire!

  3. Finally once you are done with either 1 or 2, dig into your plan and build a robust process for the hunt itself. Getting the certificate is the easy part(even for the bigger ones like CISSP and CISM), its the job hunt that’s grueling. Find yourself a mentor (or two), schedule regular calls so that you remain on point and remain motivated, attend conferences and events to ensure you are getting up to speed with jargon and latest trends, buzzwords and problems. You will find your perspective and unique background will often present a view that the others might not perceive. Go out and give talks, presentations. If you feel intimidated, start off with co-hosting or co-authoring and then move into solo ones. A tonne of conferences focus on first-time speakers.

And reach out to me if you want to schedule a call!

Best of luck!

2 Likes

Brilliant advice - thank you very much for taking the time to respond :slight_smile:

As such, I’m going to look into the Network+ then Security+. I’ve also got a potential opportunity to lead a security programme (as a delivery lead, not as a security expert), so if I get the position, it will hopefully support my development.

Thanks again!

You already have a lot of knowledge.
I think you will soon become a great Cybersecurity professional/expert.
Good luck with your studies!

1 Like