Ask HN: How can I realistically change careers?

The domain (digital) might be less important than the role.

As a contributor, you have to be an expert, but you're really not on the hook.

As a decider, you can be a generalist, but you're on the hook.

The traditional mid-life transition is from contributor to decider, into management or starting your own company.

In my lifetime, the value of contributors has diminished while the value of deciders has exploded, largely due to the pace of change and the leverage of capital. Contributor skills get stale fast, but deciders making the right decision at the right time is a gold mine, waiting to be tapped by capital leveraging the latest tech/policy.

Also, I think people mature more as deciders. It grows confidence and effectiveness. Contributors grow to become defensive and stuck, i.e., dependent on being specifically useful.

It's tempting to look for nearby opportunities, but it may be more transformative to ask what kind of person you want to be in 10 years (and what will the world be like). If you operate from that perspective, you're leveraging world change and relatively immune to personal difficulty. People respect that, and you can be proud of making your way instead of just fitting in.

Becoming a principal rather than an agent is something (like meditation) that applies at all fractal scales of life, so you can re-orient while in current roles.

And don't worry too much about realistic. Focus more on delivering value, and the principle of least action will arrange things for you.

The most interesting jobs I've seen are where people bring two specializations together, into a single role.

Take the strategy, user research and frameworks you do to drive better CX, and apply that to something you have a deep interest in away from the usual mainstream. It could be a hobby, it could be the cyber stuff you're interested in.

On that, you're more likely to enjoy getting into cybersecurity by joining a company doing that today as a CX expert and getting more technical over time and looking for a horizontal move, than you are from starting from scratch and working on an IT help desk and trying to work your way up.

I'd also suggest starting a blog or producing open source content in the field you want to move into. I'm starting to do this, because it can highlight my knowledge/skills while my CV is in a completely different field, in order to gently build traction and attention in my "target" industry.

One last thought: don't underestimate that you're stressed, burned out and just need a decent period of slow work to recover. I think most people looking for major changes in their career are just tired and fed up. I know I am. They say a change is as good as a rest, but a rest is as good as a rest as well.

I'm not quite where you are yet, but I can feel this approaching... I started my career in IT tech support, became a systems & networks engineer, dabbled in IT management, data center construction management, software technical program management, ending up managing compute resources for a large-ish product with 1B+ MAU. But I think I might be done with tech.

I can't shake off the feeling of impending doom for roles like mine in the current market and the constant push for AI solutions.

So I am seriously thinking of moving and opening a coffee shop or wine bar, or even a coffee truck to be honest. Meeting people, making their day a little better, rather than staring at the computer all day every day.

I would encourage you to read up on Ikigai[0] to figure out what makes you tick and can give you the income you need. Not all passion projects pay the bills but some do.

[0] https://stevelegler.com/2019/02/16/ikigai-a-four-circle-mode...

I was a 15 year JavaScript developer. Now I run operations for an enterprise API system at a large organization.

My career stagnated as a JavaScript developer. Most of my peers were afraid to write original software which made it really challenging to do anything until I was finally laid off from worst of it. Everything had to be little more than copy/paste from some enormous framework into an enormous mono…monster of stupidity. If you ever proposed sanity people would get irate because it threatens to expose that nobody has idea what they are doing.

Simultaneously, though, I have a part time job in the military. In the military I learned networking (routers and switches), operations, security, management, and more. I still maintain my security certs and have a clearance.

Last year a recruiter reached out to me about a work from home job writing enterprise APIs. I passed the interview using my knowledge of data structures and the inner mechanics of WebSockets from years of writing personal software. For most of my career as a JavaScript developer it seemed the only way I could program at all was to do it on my own outside of work.

Since then they promoted to lead operations and at the same time to be a team lead in a different organization.

My wife transitioned from chemist to marketing manager. The key insight was to break down her resume tasks into transferrable skills.

So "Wrote SOPs for spectrum analysis using CV480 machines" became "Analyzed processes.and wrote detailed plans to spread domain knowledge across team".

The most important thing is to decide as specifically as possible what new role you want to take on and angle everyrhing in that direction. You can't just be open to whoever will take you - make your transition seem inevitable.

Broad advice I've seen for already-employed people looking for a change: Switch employers and roles at different times.

e.g., Learn enough to be useful, then talk to the security guys at your company. Prove you're useful and trustworthy; see if there's any tasks you can do for them without violating policy. If a spot opens up, see about changing roles within your company.

Or, join a smaller company, where your role and some security responsibilities overlap.

I became a massage therapist by going to school and doing the thing. It took me realistically two years of taking factory work and bartending to (a) figure out where I wanted to fit in the world and (b) to stop identifying as a tech dropout.

For me my greatest motivation was that I wanted to work with people individually, money be damned. I had a supportive spouse and we already lived frugally so I could build a business without (overwhelming) fear of failure.

If you can still stomach office work become an accountant. You’ll use all your analytic skills in a role that is useful to every sized company but your pace of work will be much more constant. Your ability to write small programs and debug excel will make you valuable.

I went from a Full Stack Software Engineer -> Lead -> Eng Man -> Burnout -> Wild Mushroom Exporter in Zambia.

Currently trying to become a wild beekeeper dropping hives anywhere anyone will let me while coding on side projects at the same time.

I recommend beekeeping. Go on a course somewhere, learn a little, get a hive, make mistakes, learn, scale, profit.

Once upon a time, I was a machinist. I did this for about 10 years. I enjoyed working with metal, and I still do, but the repetitive nature of running production parts wore me out mentally.

So, I bought an old Dell server and started teaching myself Networking, Linux, VMware, KVM, Databases, Websites and anything else I could get my hands on. I built a portfolio of my best projects and started applying for jobs. It took countless applications, but I eventually got a QA position at a local startup. The rest is history as they say.

My portfolio is what sealed the deal, and I got a job offer from the only interview I had. Unless you are getting into a trade like lineman or trucking where they will train you, a portfolio is the best way to set yourself apart without experience. I took a 50% reduction in pay. But I was never really money focused, I learned that if you enjoy doing something, the money will follow.

Why Cybersecurity? Every single “IT job” is saturated and the barrier to entry is low meaning you are competing with everyone else doing boot camps and getting a few certifications

You would be better off going into consulting or sales in a related industry.

People like to give you warm and fuzzies and tell you that “you are never too old”. Honestly, that’s not true.

As you grow older, you have more responsibilities and you need higher pay.

But the best way to transition is to slowly do it internally at a company you already work at.

(I’m 50 by the way)

Forget about networking, divining your calling, identifying your superpowers, marketing your past experience and all that...

Read Cal Newport's So Good They Can't Ignore You ( nice video summary: https://www.youtube.com/watch?v=dE-wvWdM6jY ).

Choose something that is likely to work out for you and put a lot more effort than anyone else does for long enough to make it happen.

The hardest thing is understanding why you want to make this change. What are you looking to get out of it? What currently in your life is pushing you towards this? What do you really want to do? These may seem like trivial questions, but admittedly I personally really struggled with them, after coming to a conclusion that I needed to switch career paths. Someone here mentioned Ikigai, and the Surgeon General recently touched on something similar in their "Parting Prescription". (https://www.hhs.gov/sites/default/files/my-parting-prescript...)

You're probably looking to change paths because you know you don't feel satisfied, and their advice is to look for what fulfills your relationships, what allows you to perform service to the community (big or small), and what gives you purpose. Sitting down and asking myself, how well do you meet those needs now, and how can you better meet them, was what solidified my effort to truly shift from tech into fire fighting.

I have changed my "career" several times and luck played a big role.

Short answer - work for a small startup where you wear many hats. Scale, sell or fail - rinse and repeat.

Started as a mechanic, went back to get an engineering degree which got me into a auto manufacture. I found engineering cool but moved to slow and salary growth was very slow. During dot com days things were booming and I had an opportunity to jump to a marketing startup which helped me break out of my engineering shell(such a different world).

I found operations was a very good fit for me - complex machine you have to engineer to work efficiently as the world is on fire. I happen to make a career out of it working with several startups in numerous industries. My job was always started with - fixing stuff young startups get wrong to help them keep up with growth. Basically put business processes in place and be an interpreter between technical and business people so they stop making stupid technical decision that cause long term problems.

It was a great ride and learned a ton about business that you will rarely learn at a big company. I was responsible for various aspects of technical and non technical operations so always had a seat at the table.

An example from one of "those who've shifted from established careers to something entirely different"

I used to be a software developer, now I cut up meat at an abattoir (combination choice/circumstance.) In one sense, I traded "work at a desk, go to the gym in my spare time" with "workout for work, sit at a desk in my spare time."

Upsides? Fitness, don't take your work home, redundancy less likely. Downsides? Less pay. Samesides? RSI in both jobs.

Doing the same thing every day is relative.

As someone who switched careers, from working as a mechanical engineer to(at first) coding JS web to Java engineer later on - do not strategize too much upfront.

Building connections in domains of interest is something one should always pursuit and intensifying this might be the best immediate action to take.

Some other aspects:

- Keep your domain options as open as possible. Do not commit to a new career before securing it. This is vague advice, I know - but focusing on for ex. cybersecurity over general DevOps/cloud engineering with the security vector would be narrowing one's options.

- If you are not prepared financially, be very cautions.

- Manage your expectations, the major factor in a career switching is(IMO) luck and opportunity - over which you have no control but can sorta manage somewhat(ergo the networking).

Changing careers is a very general and realistic goal. Keep the way you go about it the same way.

I've found it very challenging, difficult and frustrating. Wouldn't do it again but glad I did it the first time.

Best of luck!

At thirty I quite my job as an industrial painter and sandblaster and started as a temp data entry clerk at a local government for $8/hour. Worked hard at what I did, made connections, and moved into field-work, then GIS. From there I moved to the private sector in Civil Engineering, still doing GIS. I then made a tangential career change into geospatial software development after moving to DC, as I spent a lot of time learning programming on the job as a GIS Analyst. Now I do DevOps. I think the key for me was to put myself into an environment where I could get the opportunities that I wanted, and working hard towards those goals.

My story (also not spring chicken):

-Had a very demanding IT job up until 2 years ago (12-hour days, stress...) -Asked for a demotion and moved to a more relaxed position -Used the extra time to go back to grad school -40% complete in Fine Art program (drawing/painting). It was an easy choice, visual art was a life-long passion, but math/physics took over early on and then I had to make money as the kids started to arrive...

If you’re already a skilled programmer, I actually think cybersecurity is a pretty straightforward field to get in to.

The tradeoff is that you have to not mind:

1) relocating to the greater Washington DC metro area, and

2) getting a US security clearance,

Though this website really makes it seem like cybersecurity is all about the world of web apps and commercial tech companies, I would actually posit that the US DOD / Intelligence community is the largest customer of cybersecurity research in the US. (It’s dispersed through a big web of contracting firms, but the end client of most of these firms is one of a handful of agencies or military intelligence divisions.)

I say this as someone who works in the field: if you can code, and you can get cleared, you can probably find someone in the cybersecurity field who wants to hire you. The field is hungry for experienced talent. The fact that you’ve previously forward developed web apps is not a drawback - if anything, it’s an asset. Knowing how developers think is a great asset that most pentesters and reverse engineering focused people in the field lack.

Your focus in UX, user research, and design is a huge asset. There are tons of dogshit web apps that government agencies use for important national security purposes. Trust me on this.

Edit: expanding on the note about the "big web of contracting firms" - there are a ton of little DARPA / pentest / cyber research companies in the DC metro area that would kill for an experienced programmer with an interest in cybersecurity research. They don't pay nearly as much as FAANG, but there's also substantially less competition for those jobs, and (in NoVA/southern MD, anyway) tons of opportunities to jump ship to different teams with different work and better cultural fit, if you're interested.

> I’ve spent almost two decades in digital-focused roles ... I've often thought about cybersecurity as something I'd like to specialise in

Because to me, cybersecurity reads like "more digital" than "strategy, user research", not less, I'm not sure if I know enough about the poster's motives to help.

But what I can suggest is that the late Ross Andersons' book Security Engineering is a great starting point to get into system security.

BTW, I have enormous respect for people who are transitioning between professional areas, and while it consumes energy it probably will be the source of more energy, best of success for everyone!

> I've often thought about cybersecurity as something I'd like to specialise in

Well I think these kind of thoughts are quite common. IMO it is helpful to realize that your thinking (rather dreaming) about doing cybersecurity may have very little to do with what it would actually feel like to acquire the necessary skills and find a gig (or some gigs).

Your choices are rather simple:

1. Dive straight in headfirst. Quit or change your job to part-time and commit to intense training in cybersecurity (e.g. enrolling in structured training program of some kind).

2. Find time, energy and motivation to learn/practice without changing your life radically or committing to anything. If you are seriously interested in something you'd be naturally drawn to do this thing. After a few months of doing so you will have a much better idea what switching careers would feel like.

3. Keep doing whatever your doing realizing your ideas and feelings are completely normal and valid but may have little to do with cybersecurity or your career. Try to understand what is actually missing in your life and how you can address the root cause.

I transitioned to being a software engineer after 8 years in investment banking. Some people mention capitalizing on existing skillset and trying to find opportunities on your skills intersection. While this is certainly an attractive strategy, imo this only works if you still love at least some parts of your existing career.

In my case, I absolutely hated investment banking and this career and my Finance degree were wrong choices that I just didn’t want to admit to myself.

I started thinking what I used to enjoy doing before university and I realized that I always loved computers and even programmed a good amount of Visual Basic and Pascal back in days.

As for the transitioning process, I took the radical approach. I first combined learning to code (again) with my job but it was very difficult. So I saved 6 month living expenses, quit my job and locked myself in my apartment for studying. Ran out of funds before getting enough knowledge to land an actual job. Took side hustles from my previous career for about 2 years to continue learning. Eventually managed to land a job paying 25% of my past salary. But once I got into the industry, I grew rather quickly because of how motivated I was compared to my previous career.

The moral of the story is, if you feel like there’s something that is much better suited to your personality, it’s okay to start from scratch. It will be painful for sure, but the pain is temporary compared to a lifelong feeling of being miserable on a wrong path.

> most advice has been starting at the bottom as an IT helpdesk worker

I've been in infosec for about 10 years. It's a very broad field. Opinions vary but it's generally not considered an entry tech field. This advice is broadly applicable to most technical roles (SOC, pentest, security engineering). You are going to need to know what a current IT or devops engineer knows and then some for those.

For appsec you will need to know what a developer knows and then some. Languages may vary but the webdev languages are always in demand.

For GRC roles (governance, risk, compliance) you may not need to be that technical. These are policy / paperwork / audit type roles. Unfortunately supply and demand being what they are, they're also generally the lowest paid and (in my opinion) least interesting roles.

The catch here will be that the job market is very poor right now in security as in every other technical field due to layoffs and AI, and (speaking as a 48 year old) ageism is real.

Your question is grounded in your desire for a money (or in nicer terms, a livelihood). A mid life change should be grounded in something more sound. Money and your career are mostly practical matters, not issues of the soul. You need to know the answer here believe it or not, and the hard advice is it’s going to take personal reflection.

What do you want to live for?

Who can answer that for you?

I transitioned to security after working in development. I didn't have to reset back to being on the helpdesk, but any career reset probably won't have you enter at the same level you were at before. I went from being chief technical architect type roles in development to being a security architect.

For me, the transition also took a number of years. I did a Masters degree in security, and started to get more experience in security in my non security role. Then I found a small software company willing to give me a chance as their security guy. I guess for me it took about 4 to 5 years to really complete the transition.

All that is needed is a willingness to be broke. The only reason I can't change careers is because it might take years until I get to the point where I could make enough money to pay my mortgage, but that bill comes due every month.

Have you considered academia?

I wrote code for a digital agency for a while and it was cool but making stuff for huge corporations wasn't exactly inspiring to me.

So I got a job doing basically the same for a university library. Now I wake up every morning knowing that I'm working to make information available to the public for free. And my work is basically an answer to "What would you do with code if it didn't have to be monetarily profitable in any way?" every single day.

You could probably find a position doing something very similar to what you've been doing (if you want) but in a very different environment.

I jumped the other way round aged 40 from non-tech into tech. I went from being a UK merchant ship captain to working as a software developer. I did it over a couple of years by increasing my knowledge in my spare time as a hobbyist until I felt I was at least good enough to be employed in a dev role. I should mention that this was back around the millennium, when web dev was still a wide-open and rapidly changing field.

The obvious big issue is maintaining roughly the same salary level, but you’d be surprised how much you can tighten your belt if a making a big jump down. A non-obvious negative is getting used to loss of status. That hurt a bit initially, but I soon found that the novelty of re-inventing myself in a new domain was massively invigorating, plus I was suddenly working with very different (and much younger) colleagues. So I decided to shut up about the old job from day one and never mentioned it unless asked (no-one cared anyway).

But be aware of turning a hobby into a job though. I got into dev as just a hobby initially. Then it became a paying part-time gig when on leave, which eventually lead to a job offer via someone I knew in the business. You’ll soon find that doing your hobby for a living cools your enthusiasm for your hobby, especially when dealing with difficult customers, bosses, or ridiculous deadlines. That said, I’m really pleased I made the jump and don’t ever have to wonder “what if?”.

After experiencing some disillusionment, I was able to re-kindle my love for software by switching to information security with no prior background.

I've posted this here before, but:

I did the OSCP, a 3-month course + exam that teaches an overview/the basics of infosec and more specifically pentesting

It’s a fairly well-regarded certification (and a tough 24-hr exam), and got me interviews for Senior Security Consultant roles at firms like NCC Group with no prior security background

I think a typical progression is something like Security Consultant/Pentesting at a consultancy and then transitioning to Security Engineer/Security Researcher at a more specialized firm

I was actually able to bypass this and somehow land my dream job (binary/IoT reverse engineer) immediately after seeing them post on the r/reverseengineering subreddit and just going for it (they didn't care about the OSCP cert, but the things I learned and tools I used/was able to put on my resume helped a lot I think)

Besides the OSCP, what helped me land the role was playing microcorruption CTF

That job was one of the best I've ever had and made a lot of lifelong friends from it

Changing a career could often mean being a junior in a new field at an age where you should not.

Most folks who I know who made a large career change did one of two things:

- Hard shift: quit their job, went to grad school, and started over.

- Soft shift: got an adjacent job w/ a company w/ many roles (consulting, big tech, etc.), slowly got good at the adjacent role, and then title change.

I don't know what's best for you. Option 2 is safer. Could look like:

- Get a job doing UX in/around tech services/consulting/cybersecurity (eg IBM, Palo Alto Networks).

- Get on a team with cybersecurity engineers (eg, GTM for a "new cyber offering")

- Slowly build up your PM or technical skills (eg, start by learning SQL & doing reporting)

- When you're actually useful in the new area, ask about a role change

Keep in mind this is a lot of work.

- You're gonna need to go from No knowledge -> Junior -> Mid-Level -> Senior.

- Your opportunity cost is 1-3 promos in your current track, which would probably radically change your day-to-day anyway.

Good luck!

I went from Law to Software Development after 30. I was a lawyer for roughly 10 years before the change and even was a partner in a small law firm.

For me the key was just to see this huge change as a series of small steps instead of a big "flip the switch and change" move.

Before I changed, I took courses in programming to see if I'd like it, I build projects in my own time to see if I would actually pursue it.

Even once I decided to change careers, I still kept my old things ready in case I needed a fallback plan (this happened over 10 years ago but I still pay my Bar fees every year).

For me, doing it slowly, with a plan, and a backup, removed a lot of the pressure and risk of the change and it worked fine.

I haven't done anything in Law in over 10 years now and am fully "converted" to development.

My advice for you: buy some Cybersecurity courses on Udemy. They might not be perfect, but they are usually cheap (always wait for sales) and see if you will like it. You can take dozens of courses for 9-12 USD there to see if that is the path before committing to something more serious and expensive.

This is just to see if this is really the area you want. The day to day of most careers tend to be heavily romanticized from the outside.

Once you've done that, try to see if you can find some education with a Co-Op component. I found it is much easier to get your foot on the door of a new career as a Co-Op in a course, though that is not required.

Switch from Sales & Sales Management to Software. First couple years were painful. To answer your questions:

> How did you pinpoint new directions that matched your skills and interests?

I fell into it. I tried to start a business that required developers, and the developers didn't complete the work for the clients... so I did it. Zero experience, zero background, just me and youtube trying to make deadlines.

> What were the most effective ways to reposition your experience in a new field?

I built the plane in the air, so I don't have a great answer for this.

> Are there any resources or strategies you’d recommend for upskilling or building networks?

Start now. Try learning things, then reach out to your network for people that might be able to augment your learning. People are really great about that stuff when they see that you are interested in the same stuff they are it creates a bond.

It’s time to reach out to people in areas of your interest.

Ask them out for coffee, beers, a phone call, whatever and collect as much info from them as possible. Get them to dive into how they got there, and what steps they’d recommend you take to get started.

Zoom in on one you feel most confident you’d want to pursue and try and find someone willing to mentor you through the process of getting started. This can be very casual, it doesn’t have to be some formal “meet every month and talk” thing.

I left tech this year and am back in grad school for an area I’ve found a lot of passion in through the above (clinical mental health, for anyone curious).

It took a few years of seeking out a new career but I am very excited for the transition.

The absolute key for me was finding someone practicing in a speciality I wanted to pursue and having them guide me through the steps necessary to get there.

Most people are going to be willing to help.

I agree entirely with this statement:

>As a contributor, you have to be an expert, but you're really not on the hook.

>As a decider, you can be a generalist, but you're on the hook.

My transition was from a decider at smaller companies to a contributor, working from home, at a large company. The deciders at my large company spend 30+ hours a week in meetings. I spend less than 5 hours a week in "meetings" though I may collaborate 1:1 or 1:small group much more from time to time.

Decide how you want your work to look in 5-10 years: on the hook, or not really?

I'm anesthesiologist but now I work full time as senior software engineer at a radar company. I wanted to get into medtech (still want to) but this works well with the family. Work life balance was the main reason I took this path. I also wanted more intellectually challenging work.

I went from being an anthropologist (post doc) to being a programmer. I'd done a lot of Monte Carlo simulation as part of my thesis, and new programming was a possibility. In my case, we were wandering through a University library for old-times sake when my then wife and I noticed an ad for programmer trainees on a computer screen...

So, I'm not sure how replicable that was, other than keep your eyes out and be willing to take a chance.

I think the first thing is to imagine, broadly, what it is you want to do, and then look at the entry paths for that.

Careers aside, even JavaScript engineers with experience in framework A having hard time getting jobs at companies where framework B is used.

I switched to being a professional shooter for 3 years. I came back because the pay was awful and it's really hard work. And despite all the downsides, I make more impact with my programming (and it pays a LOT more).

You always have time to re-skill if you commit serious blocks of time , but your personal identity won’t be malleable in the way a 20 year old is when selecting a degree and career.

This limits what success looks like for your switch. Are you looking for a different work life balance? Learn something new? That can work.

Becoming the face of security in an organization? Not likely.

I actually just finished my second career pivot. I was in hardware, then in software, now I'm in government.

I'd take careful stock of your support network behind you, and of who you're supporting. But keep in mind, there's no "wrong answer". Live your life out loud and you do you. If your situation makes that untenable, do some soul searching and find peace without the shakeup. Lots of good advice on this thread, but you know you better than anyone (and if not, start there).

Know the risks though. My wife and I have changed our religious and political beliefs over the past decade or so and as a result have lost contact/intimacy with much of our families/friends. Losing community takes a much steeper toll than I would ever have guessed.

Are there plenty of cybersecurity jobs in your area of the world? Look for the technologies the recruiters ask for and learn them. Then ignore experience requirements and apply anyway. Every time I have been recruiting I get candidates that don't match the spec at all put through to me. Specs are aspirations in recruitment. You may well get a shot.

You need to in a focused and meticulous way with strategic thinking, likely over some long-ish period of time, venn your skills fully. Use your research and planning to make the center point some highly valuable combination you suspect will be useful to future people to solve big problems that will be presented in society. As I think you've gathered, to do it right, you don't change careers, you change yourself and a career shift naturally happens, your job is to steer yourself to where you think one of the may pucks in flight are going.

For me, I am just always learning something new. I have a list of 12 books to read this year and already knocked out two.

The biggest variable to me is if you can justify taking money out of the market to pay for college. For me, it is a non-starter. A completely laughable idea.

Pushing 50, I need one more re-invention. Starting over in something like cybersecurity, I would just be getting beat out by the 25 year younger version of myself. I need an AI hedge basically. Something highly creative, non-standard, not something everyone else is already is doing. The process of trying to figure this out is what I think will lead me there.

My AI hedge is that I don't want to start trying to do this if I find myself completely unemployable with my previous experience and skills pushing 60.

It seems like we either get AGI and I am not employable in 10 years or we don't get AGI and we have such massive malinvestment that the job cutbacks also make me unemployable on my current path.

If you want to go into cybersecurity here's an idea (I haven't tried it, so ymmv)

1) look up people who claim to be in cybersecurity on some site like LinkedIn - see what their titles are, where they work, and so on.

2) see if you can find their resumes or any detailed cybersecurity resume - you are looking for keywords, application software, languages they claim to know, etc

3) look up job interview questions that relate to those skills, e.g. glassdoor has a fun feature where people have shared the actual questions they were asked during an interview

4) find free or cheap online resources, classes, demo/free versions of apps, set up a home lab, so you can become familiar with those skills, languages, tools. etc as much as possible and for as little as possible.

5) read a site like "stack overflow" with a focus on the skills/apps that cyber security researchers are likely to use, and see what questions the tend to ask, etc.

6) Develop some study cards on Anki with the interview questions you are likely to get and answers that might fly. Don't be complacent, expand on this as you go along, adding more and improving what you have.

7) See if you can find one-off "cybersecurity" gigs on craigslist or fiverr, etc. where you can be paid something - anything - to do something security related. Not only might this improve your confidence, it will generate a little bit of money instead of you paying money. You can also check out the competition and see what they are doing, for how much, etc.

8) Read up on "cybersecurity" related topics, people, trends, books, movies, etc. Get a feel for things as they are, were, or might be.

Good luck.

I can only of course share my own experiences, but I’d recommend taking a government cyber role - especially something hands-on. This allowed me to pivot from software development (which I still love and do but just for myself) to cyber.

Back in the early 90's when I was 35 years old I hated my job but I had family commitments and mortgage to attend to.

I had always enjoyed reading psychology books and decided to attend night college and train as a counsellor.

For the first 2 years this was 1 evening of 3 hours each week, then 2 evenings each week for the final 2 years until I qualified as a therapeutic counsellor. I worked full time in my regular job during this period.

Once I had qualifed I realised I had absolutely no experience working in the care sector so I worked as a full time volunteer in the substance misuse field for a whole year gaining the experience and knowledge to allow me to get a paid job in the field. During this period the company provided an extensive traning package. I was after all giving my free time.

I also enroled in a psychotherapy masters degree. Now qualified as a counsellor I had all the core knowledge in place. The masters degree was one weekend each month for 2 years, so very doable.

After a year I applied for my first job as a keyworker then over the next few years I slowly worked my way up the ladder to care-coordinator, methadone dispenser, trained as a auricular acupuncturist etc etc.

six years later, aged 41, a master degree in hand and my new life ahead of me.

My friend did a similar thing and he became an architect.

In my career I changed jobs 3 times. I ended my career back as a happy coder, but never regretted the changes.

Every time I made the change within the company I worked for. One I resigned, but was asked to fill another role, next I said I was bored, last I was about to be fired. My experience was employers can be more flexible than you imagine. But maybe I was lucky.

For cybersecurity, look at the entry certifications and do one of them, then start applying for entry level jobs.

Move on to the more intermediate certifications if you want to/keep learning.

I moved from software dev to IT management. I took specifics I already new (I was always the guy responsible for understanding the hardware/implementation side, preventing/mitigating performance impacts, generating hardware requirements/recommendations, etc, creating the network portions of our troubleshooting guides) to sell myself. If I can be the remote/high level IT for all of my customers whom they go to when they can't figure things out as a random side port of my job, I can do it as my main focus for a single company easily.

Off the top of my head you could look into business process consulting, specifically ERP/MRP implementations/reimplementation/improvements along with custom report creation. I'd build skills generally via consulting (much lower bar to get into because the consulting company provides the 'domain competence' proof versus companies looking at your previous work history as proof), then key in on an area of interest and/or what industries where you live is a hub for (pharma, auto manufacturing, aerospace manufacturing, service centers) and apply for an individual position.

Maybe you could go a similar route for cybersecurity. When I was writing PCI compliant software the PCI validation people were idiot consultants working under the 'social proof' umbrella of the testing company (again you leverage the consulting company to satisfy the customer while you build up the personal credibility). That might be an easy space to get entry into that would also look good transitioning to something more 'real'. "I did security audits for VISA with oversite over customers totalling <X million> financial transactions annually, highlighting areas of risk/potential improvements" might sound impressive to a rando looking for a security person.

Edit: Not sure how to phrase this. This may be harder if you are a woman. I have found getting in the door is social engineering + confidence but sadly I'm not sure my 'confidence' part would work the same if I was female. I played center at football. I'm used to stepping in and taking control. I'm large and physically strong. I do not outwardly show stress. Eh, I don't know how to express this. But I think good looks/presentation/outward expressed masculinity/ability to project leadership has helped me walk onto random roles more easily as much as anything. Whereas a woman that stepped in the same way might be judged differently at some places.