Changing careers may seem daunting, especially if it seems like a complete field change. However, transitioning into a cybersecurity career from another profession has been the choice for many in our sector, as delegates at ISC2 Security Congress discovered.

Samantha Snellen, CCHave you ever wondered what it takes to switch careers and enter the field of cybersecurity? Meet Samantha “Sam” Snellen, CC, a former healthcare professional who became a board member and founder of a non-profit data privacy awareness initiative, and landed her first role in cybersecurity all in just 20 months.

At ISC2 Security Congress in Las Vegas, in conjunction with the ISC2 Career Center, Snellen discussed her career change in her talk Career Transitioners: A Valuable Asset for Cybersecurity Innovation. Now a Cybersecurity Compliance Analyst at Algonquin/Liberty Utilities, Snellen offered a guidebook to people who either wish to or are already shifting into a cybersecurity career.

Looking Past the Obvious

Snellen asked the audience to spot the difference between two photos of a man. After allowing us to struggle a bit, she pointed out that the faces were identical, but the background was blurred on one photo, something very few people had noticed. This led her into the main theme of her presentation; that hiring managers sometimes focus too much on candidates from IT, when they should be expanding their scope to include people outside of the profession who possess the desirable traits they’re seeking. Any previous job, inside or outside of cybersecurity, can inform future ones.

Key Nontechnical Traits

People who are curious, organized, resilient and adaptable make valuable additions to any cybersecurity team. Key skills Snellen pointed out are the abilities to prioritize human safety, communicate clearly, creatively solve problems, handle schedules and workloads. She pointed out that emergency responders can be successful in cybersecurity as they’re trained and experienced in handling dynamic, high-stress situations. There are lessons to be learned in every work experience and there’s value if you look for it.

The most important thing that Snellen stressed for anyone interested in transitioning into a cyber career (or any career, for that matter) is to always maintain a continuous learning mindset. Especially in cyber, where technology, risks and threats are constantly changing, it’s crucial to stay up to date. “If you’re not willing to do this,” Snellen emphasized, “consider whether cyber is a good fit for you.”

The Importance of Empathy

A throughline within this year’s Security Congress was “empathy,” and it was a key message in this session, too. Empathy builds trust among team members and between cybersecurity practitioners and those they serve. It’s not enough to provide a technical solution; cybersecurity teams can benefit greatly by including people in their teams who are able to empathize, to let people know they’ve been seen and heard and that their problems are being taken seriously. Empathetic people help cybersecurity teams to develop a fully comprehensive view of the problems they need to solve, helping the team to remember that actual people are being affected, not just systems.

Finding and Attracting Career Transitioners

The first step enabling nontraditional pathways into cyber is to assume decision making power and being willing to have those conversations with HR, who often aren’t aware of the real needs of a cybersecurity team.

We need to stop the process of résumé screening based on the lack of typical cybersecurity terms, since the cybersecurity professionals are the experts who should have the ability to determine who should be on their teams. And we should foster inclusivity by advocating for at least one person that would ordinarily not be considered and find a way to get them a screening interview.

Effecting this kind of cultural shift is not possible if there’s only one proactive person in the organization. It takes many people to bring about this kind of change.

What Does Support Look Like?

Responsibilities must be clearly defined and communicated to new hires to set them up for success. Snellen advocates using the RASCI method – which designates who’s Responsible, Accountable, Supportive, to be Consulted and to be Informed – to avoid ambiguity when solving problems or working on projects.

Treating the knowledge transfer process like a mini project, including objectives and milestones, can codify it and ensure it’s done. The person responsible for transferring knowledge should take a mentor/teacher approach and share the recipient’s working style. At the end of the process, the recipient demonstrates their new knowledge by fully documenting what they have learned, which can reveal any gaps that might need addressing.

Having a mentorship system in place is a great way to support career transitioners. “Not everyone is meant to be a mentor,” Snellen said, “And that’s OK.” Find people in the organization who are ready, willing and able to serve as mentors.

The rewards of these support systems are many, including increasing long-term trust, promoting inclusion, providing consistency and letting the recipient know that they are heard and valued. The increased comfort level means that new hires will be much more willing to share innovative ideas more often. As Snellen said, “Curiosity should never be discouraged. Nurture it when you notice it.”

Advice for Career Transitioners

Snellen shared some of the things that allowed her to successfully transition into a cyber career:

  • Always be learning
  • Don’t focus on creating a large network. Instead, build a strong one
  • Leverage the skills you learned and practiced in previous jobs
  • Consider starting as an intern to gain valuable skills and increase your network
  • Develop a clearly defined cybersecurity identity on LinkedIn
  • Join an ISC2 chapter to meet other cybersecurity professionals, learn more, and become a part of a larger cyber network

Key Takeaways

Overall, Snellen shared solid, actionable advice for cybersecurity hiring managers and career transitioners alike. People who have the traits we’re looking for in a cybersecurity professional – empathy, curiosity, willingness to learn, resilience, and adaptability – aren’t necessarily in IT. Those who take a nontraditional path to a cybersecurity career bring with them a wealth of experience that can benefit their organizations in ways we don’t always expect. Career transitioners must grow their cybersecurity networks by developing their own cyber brand and meeting with cyber professionals. They also should be open to accepting internships rather than full-time employment to get a start in the profession, acquire new skills and build their networks.