Advice Request Leaving years of web development and getting into cybersecurity in my 30s

[immapressit]

I've always been drawn to hacking and cybersecurity in general, but few years ago I seriously got interested in, and involved myself with, cryptocurrencies in various ways, which raised my awareness for privacy and anonymity much higher than usual, so I had to get involved in this field more seriously now.

I am 33 years old computer science college dropout and I have 7+ years of professional experience as frontend developer. When I was 4 exams away from graduation, two business opportunities presented themselves within the span of couple of weeks. The first offer was system administrator at the national library in the capital city of a country I live in. The second one was remote work as frontend developer. Both of these are my passions, but I chose frontend development back then and that was my first official job in IT. After a month it was clear to me that I'm either gonna have to leave work and finish college, which I was only 4 exams away from graduation, or irrationally drop out from college and continue working. I dropped out and never looked back at my formal education ever again.

Fast forward, here I am today. A 33 years old frontend developer with no wife and kids, and with a good salary. However, a day does not go by without thinking about that first gig offer as system administrator and what would my life be like if I chose that path. I think that gig was pretty much rigged in my favor back at the time, since my friend already worked there and he had some experience already. I was just a Linux enthusiast and it seemed to me that my friend was ready to drag me along with him through work until I get all the ropes, because I sure as hell wasn't qualified as system administrator back then by skills and expertise (I'm still not).

However, after all these years, I just can't let go of this other passion of mine, which is cybersecurity. I have to try. Here's my starter roadmap:

• Acquire Network+, Security+, Linux+
• Leave frontend development behind me, along with my senior position and good salary
• Get a job as system administrator or network administrator, along with junior position and lower salary
• Acquire CCNA, CySA+
• Get a job for entry level cybersecurity role of any kind

Starter roadmap should be cleared in up to 5 years. I'm not sure how I'd like to progress after that at this point, but further progression may look something like this: CASP+, SSCP, GSEC, OSCP...

I am willing to:

• Leave frontend development, my second ongoing passion, behind me
• Leave my current senior position
• Leave my current good salary
• Leave my current location

I am not willing to:

• Work second or third shift, but I am willing to appear at work at any time of day or night if an incident occurs
• Work as help desk

On work days, I am usually able to steal 2-3 hours of corporate time and learn for certification at work, plus additional 2-3 hours when I get back home after work. On weekends, I usually have around 20 hours of time to learn. Would it be considered as drawback if I look for a job for junior system/network administrator when I'm 33/34 years old? Would you jump into trial by fire if you were in my position right now? Am I being real here?

I am kindly asking cybersecurity community of MalwareTips to share their thoughts with me on this topic considering my situation and, if possible, to provide their own most probable version of starter roadmap, where the last item on that map would be 'Get a job for entry level cybersecurity role of any kind'.

Thank you

 

[polishpatriot]

A cybersecurity employer is unlikely to consider your prior experience unless it includes Java programming.

If you don't have the certifications that you list, then you are going to derail your career. You will make a lot more money as a Java programmer than a cybersecurity pro.

I think you're crazy.

 

[ForgottenSeer 823865]

I was working in the marketing department of a well-know security vendor, what i can say is that the turnover is quite active, people come and go, especially when they can find higher salaries elsewhere which isn't uncommon.

Cybersecurity is a field lacking of experienced workers. Salaries are high if you have the proper skills.

SysAdmin doesn't forcibly mean you will be deep in cybersecurity, you may end very disappointed, ending up fixing printers and user mistakes while being restrained about the security strategy you wan't to adopt (cost, time, idiot CEO, etc...).

Learn about pentesting (how to discover vulnerabilities), programming (Java, etc...), malware research, etc.... Those are the root of cybersecurity.

You aren't too old , you previous experience as dev is still usable to security companies, it could be a bridge (keep working as front end dev and acquiring cybersecurity skills in the meantime then switch or doing both , why not).
But if you decide to totally quit your previous expertise on a whim for a past dream, you may heavily regret it.

Personally, no way i will risk a good salary position in a field i'm experienced, to one i barely know; unless i have all the skillset and contacts/relations to ensure me at least 5+ years of safe employment.

 

[polishpatriot]

I was working in the marketing department of a well-know security vendor, what i can say is that the turnover is quite active, people come and go, especially when they can find higher salaries elsewhere which isn't uncommon.

Cybersecurity is a field lacking of experienced workers. Salaries are high if you have the proper skills.

SysAdmin doesn't forcibly mean you will be deep in cybersecurity, you may end very disappointed, ending up fixing printers and user mistakes while being restrained about the security strategy you wan't to adopt (cost, time, idiot CEO, etc...).

Learn about pentesting (how to discover vulnerabilities), programming (Java, etc...), malware research, etc.... Those are the root of cybersecurity.

You aren't too old , you previous experience as dev is still usable to security companies, it could be a bridge (keep working as front end dev and acquiring cybersecurity skills in the meantime then switch or doing both , why not).
But if you decide to totally quit your previous expertise on a whim for a past dream, you may heavily regret it.

Personally, no way i will risk a good salary position in a field i'm experienced, to one i barely know; unless i have all the skillset and contacts/relations to ensure me at least 5+ years of safe employment.

sysadmin is not a secure position; it takes a lot more than merely knowing a few tricks... one has to be really good at it at the enterprise level... and i don't mean some 50 to 100 person company. i'm talking about Google or Apple level enterprise. One has to be constantly on-top of the technology.

cybersecurity is only a thing at the largest companies; one really can't make a career of it at SMB with less than 1000 employees

walking away for a position with years of programming experience... i wouldn't do it. it will definitely result in a career regression and significant pay cut.

and just a FYI... a CCNA with zero work experience as a network engineer qualifies you for help desk. So if you have the impression that the CCNA is the golden ticket, then you are wrong. You will go from earning $80K as a developer down to $45K with just certs because certs qualify you for one thing - as a trainee.

 

[ForgottenSeer 823865]

I've always been drawn to hacking and cybersecurity in general

Experienced Front End dev, interest for hacking... i think i may have found a particular field for you...

 

[polishpatriot]

Experienced Front End dev, interest for hacking... i think i may have found a particular field for you...

pen-testing is not cybersecurtity

related, but not the same

long road to getting on top of pen-testing as a pro and making loot

heck, you don't even need a single cert if you can get someone in the developer-security community to say "yeah, dude is good"

 

[ForgottenSeer 823865]

pen-testing is not cybersecurtity

related, but not the same

long road to getting on top of pen-testing as a pro and making loot

heck, you don't even need a single cert if you can get someone in the developer-security community to say "yeah, dude is good"

i was not talking about pentesting hahaha
There is more lucrative ways if you have those skillset and some balls (see what im talking about? )

 

[polishpatriot]

i was not talking about pentesting hahaha
There is more lucrative ways if you have those skillset and some balls (see what im talking about? )

hey ! ~ don't u piss-ant on meh ! ow ! that frickin hurt !

i saw what you meant

i just pointed out that pen-testing web applications, network and other areas is not the same as hardening a device (server, workstation, router, switch, firewall appliance, etc), OS, application done by a sysadmin or "security professional"

dude is crazy for leaving a high-pay programming position to start essentially from zero

 

[mellowtones242]

Cybersecurity is a hot topic today and in high demand but many are looking for experience. I wouldn’t jump ship from a good paying job at the moment for a low level Cybersecurity role but if you do continue to go down this road work on your certs. Cybersecurity Career Pathway.

 

[immapressit]

if you do continue to go down this road work on your certs. Cybersecurity Career Pathway.

According to that, it seems that my little starter roadmap is just about on the right track.

Btw, I didn't mention in my original post that I have no wife and kids for no reason. I mentioned that because it's a big factor at my age, among other things, in deciding for having a smaller salary while breaking through this new field. I can live with less money for a few years, and that is fine. Now, if everyone here could simply forget about the money and tell me what would your roadmap be to get into sys or net admin work?

Thank you

 

[polishpatriot]

According to that, it seems that my little starter roadmap is just about on the right track.

Btw, I didn't mention in my original post that I have no wife and kids for no reason. I mentioned that because it's a big factor at my age, among other things, in deciding for having a smaller salary while breaking through this new field. I can live with less money for a few years, and that is fine. Now, if everyone here could simply forget about the money and tell me what would your roadmap be to get into sys or net admin work?

Thank you

You would benefit from talking to cybersecurity experts with years of experience (think SANS Institute or GIAC). MT ain't the place to get that kind of career guidance or feeback.

 

[mellowtones242]

According to that, it seems that my little starter roadmap is just about on the right track.

Btw, I didn't mention in my original post that I have no wife and kids for no reason. I mentioned that because it's a big factor at my age, among other things, in deciding for having a smaller salary while breaking through this new field. I can live with less money for a few years, and that is fine. Now, if everyone here could simply forget about the money and tell me what would your roadmap be to get into sys or net admin work?

Thank you

Check out comptia A+ N+ and Security + from there move into Microsoft and Cisco Certs AWS certs are also big.

 

[Vitali Ortzi]

Trust me unless you got high salary and don't allow overdue hours then go Sys admin .
There is actually a really good sub Reddit for sysadmin on Reddit check it out.