Ask HN: How can I realistically change careers?

I moved from software dev to IT management. I took specifics I already new (I was always the guy responsible for understanding the hardware/implementation side, preventing/mitigating performance impacts, generating hardware requirements/recommendations, etc, creating the network portions of our troubleshooting guides) to sell myself. If I can be the remote/high level IT for all of my customers whom they go to when they can't figure things out as a random side port of my job, I can do it as my main focus for a single company easily.

Off the top of my head you could look into business process consulting, specifically ERP/MRP implementations/reimplementation/improvements along with custom report creation. I'd build skills generally via consulting (much lower bar to get into because the consulting company provides the 'domain competence' proof versus companies looking at your previous work history as proof), then key in on an area of interest and/or what industries where you live is a hub for (pharma, auto manufacturing, aerospace manufacturing, service centers) and apply for an individual position.

Maybe you could go a similar route for cybersecurity. When I was writing PCI compliant software the PCI validation people were idiot consultants working under the 'social proof' umbrella of the testing company (again you leverage the consulting company to satisfy the customer while you build up the personal credibility). That might be an easy space to get entry into that would also look good transitioning to something more 'real'. "I did security audits for VISA with oversite over customers totalling <X million> financial transactions annually, highlighting areas of risk/potential improvements" might sound impressive to a rando looking for a security person.

Edit: Not sure how to phrase this. This may be harder if you are a woman. I have found getting in the door is social engineering + confidence but sadly I'm not sure my 'confidence' part would work the same if I was female. I played center at football. I'm used to stepping in and taking control. I'm large and physically strong. I do not outwardly show stress. Eh, I don't know how to express this. But I think good looks/presentation/outward expressed masculinity/ability to project leadership has helped me walk onto random roles more easily as much as anything. Whereas a woman that stepped in the same way might be judged differently at some places.

As someone that did the whole burn the boats and force the change thing several times in my life.... That is exactly what I don't recommend.

Everyone here has great advice. But my #1 advice is to take all their advice and use it to get a new job.... Before quiting yours. Do not quit your job first. Sure it works for some people. But those that it doesn't work for end up wasting a lot of time and a lot of money.

If your dream of a career change isn't enough for you to give up nights and weekends to help facilitate it, then odds are you don't want it bad enough imo to really pull it off.

Multi-part response, first on the cybersecurity specialization, do you have any real interest in the computer security field? At least from the suggestion, it seems like a vague idea, without a large amount of actual awareness of what's involved in the field.

Sounds kind of hiring manager cliche, yet does detecting, identifying, monitoring, evaluating, responding, resolving, and future mitigating these types of ideas sound enjoyable? Do these terms even mean very much?

- Malware, scareware, spyware, warez, trojans, worms, viruses, (IP, msg/email, address, router, network, certificate, biometric) spoofing, phishing, tampering, script smuggling, privilege escalation, bootloaders/bootkits, configurators, shredders, (hardware/software) backdoors, eavesdropping/wiretapping/sniffing/snooping, scraping, (access, keystroke, activity) loggers, logic bombs, locators/tracers, system bricks, botnets

For the rather serious security crowd, any interest in attending:

- DEF CON, Black Hat, (C3) Chaos Communication Congress, IEEE S&P, ACM CCS, USENIX, NDSS, or Supercomputing?

Not trying to sound: input.replace(/[let]/g, c => ({l: ['1', '|_', '|'], e: ['3', '&', '£', '€', '[-', '[=-'], t: ['7', '+', '-|-', '][|][', '†', '«|»', '~|~']}[c][Math.random() * ({l:3,e:6,t:8}[c])|0]));

Just at the same time, a lot of the actual work in computer security is not especially glamorous work, that often involves sitting in a room, typing on a keyboard, dealing with annoying computer issues, picking through problems in software to find attack vectors, and people who's idea of cool is reverse engineering attacks.

Lot of script kiddies, C-suites/generals/execs who use "123" as their login, far away companies you have little ability to motivate, and frustratingly simplistic exploits.

There was an article that came through a while back on UNIX, and a huge percent of the vulnerabilities all involved invoking "sh </dev/tty >/dev/tty" as about the only one-trick strategy. Except ... enormous number of available methods.

That dissuading stuff aside, there's definitely jobs in "cyber" and "security" that involve "user research, frameworks, customer experiences (ostensibly UX I suppose)". Somebody writes this kind of stuff for companies like Cisco [1]

[1] ThousandEyes, https://www.thousandeyes.com/outages/

---

Second portion of response, direct questions asked.

Background: started out in acoustics / optics, and then moved to government fluid dynamics and supercomputing (NASA MSFC)

- How did you pinpoint new directions that matched your skills and interests?

  - Personal route, go on a job website, look at what's available in terms of jobs in related fields, select several a day you have an interest in, treat the process just like a job you're working, prepare an individualized / customized resume for each of the jobs you have an interest in, selecting skills and backgrounds as appropriate, and then repeat each day with a different selection of jobs.  Attempt to submit several a day just like you're doing "cold call" sales work with multiple leads constantly running.

  - Start with a relatively small window of "degrees of separation" on how far from your core field you're going to wander.  Practice writing resumes and skill ideas for the core field and then add in possibilities for other nearby job fields that actually sound interesting.  Investigate what's available and with each day consider how far you're willing to move from your core skills and interests and what you would still be able to viably defend to somebody at an interview in those "how are you a positive fit for this job", "what will you bring to this organization", ect.. type questions.

  - Not so much "pinpointing" and knowing exactly where you're going to go beforehand, so much as viewing what's available and then evaluating where amoung the possible targets that appear to be hiring seem like reasonable possibilities.  May want to do a couple days of simply surveying the job market and the offerings available across a range of different locations (job websites, organizations you respect, desirement or "ideaL" job fit locations) to see what's even there.

  - Sounds a bit like an HR rep wrote this question.  However, much like the answer above, take what you've done, examine what's available in the actual job market of the now, try to write something you could actually defend to an interviewer about how your skills are somehow a match for the job, and then try again (since many of the leads will likely not actually work out)

  - Taking your example, not sure what the background skills are, yet jobs available with UX or security related searches have stuff like [2][3][4][5][6].

[3] Apple: WebKit Engine Security Engineer: https://jobs.apple.com/en-us/details/200583193/webkit-engine...

[4] FBI: Network Engineer, GS 12/13, Communications Technologies Unit: https://apply.fbijobs.gov/psc/ps/EMPLOYEE/HRMS/c/HRS_HRAM_FL...

[5] Microsoft, Security Assurance IC3: https://jobs.careers.microsoft.com/global/en/job/1800220/Sec...

[6] Cisco: Software Development Manager, Networking & UX/UI: https://jobs.cisco.com/jobs/ProjectDetail/Senior-Software-De...

  - Each provides lists of the types of skills they're looking for, possible suggestions on skills that may exist in your prior background that "might" apply, and possible "repositioning" of your background for different opportunities.  Just rather difficult to specifically state a strategy, since each is rather different (Cloud, Webkit UI Security, Network Comm Security, Network UX/UI) with rather different routes about what might have to be shifted or accentuated.  And most likely require a rather different type of experience shifting then engineering acoustics over to governmental computation.

As a more concrete input - go through tools that help you understand your current skills and competencies, and the explore the transferability of those to other areas as on.

You may be able to even initiate some of this exploration with LLMs making sure to paste in everything about you, the entire linkedin profile, your resume(s), projects, all of it, and let it see what can come out.

i did this at age 30 https://hackernoon.com/no-zero-days-my-path-from-code-newbie...

good luck

Start doing the work. Buy books and read them, watch conference talks, start hacking at home. Realize you have to start from close to the bottom and work your way up, and start applying to internships or entry level positions. Learn on the job and devote yourself heavily to career development to catch up.

If this doesn't sound appealing, then changing careers probably isn't for you and you will probably have challenges succeeding at it.

To your questions

> How did you pinpoint new directions that matched your skills and interests?

I found my pivot while working in my prior role, and worked actively to change paths at that company. I'd say if the overlap is close enough, try to get on-the-job tastes of the new direction. If not, see if volunteer or charity opportunities are available. Sometimes the reality of a change doesn't match up to expectations.

> What were the most effective ways to reposition your experience in a new field?

Some experience in the field will let you know what is valued and how to parse a resume. You should seek out someone in that field to be a mentor through this process. It is probably better to ask them this question.

> Are there any resources or strategies you’d recommend for upskilling or building networks?

It is not a great sign for you that you are asking this here. This is a hard process. You should look in your own personal network for contacts you can ask about the new field. Failing that, you should look for local professional organizations, meetups, conferences, or colleges with relevant departments and reach out to them. They will have the best advice. In terms of upskilling, there is no substitue for on-the-job training in any field. You just need to understand if there are any credentials, qualifications, or certifications you need in order to get your foot in the door.

I moved two-steps-to-the-diagonally (two steps right, one step up)

Tech Support --> Sys Admin --> Audit/IT Audit --> Project Assurance --> IT Sec PM --> GRC --> GRC PM --> (back to) Audit --> ThirdPartySecMgmt --> GRC.

I am a firm believer that "you should apply to any/all jobs where your CV/exp matched "70% or more".

If you want to do a big jump (e.g. someone wrote about wife going from Chemist-to-Marketing), ask from ChatGPT to reword your CV to a generic version (as lubujackson's example is).

[dead]

[dead]

Is cybersecurity a real industry? I thought it was mostly a racket? https://news.ycombinator.com/item?id=32039828

Your post doesn't say what career you want or even that you want a particular career. Until you make that decision, I'm not sure it's possible to strategize, plan or brainstorm effectively.

I wrote the following on the assumption, which may be wrong, that you're interested in programming and want to do it professionally.

> How did you pinpoint new directions that matched your skills and interests?

I just chose to do what I enjoy, and I happen to enjoy solving problems and working with computers.

> What were the most effective ways to reposition your experience in a new field?

I didn't. Other people did that for me.

> Are there any resources or strategies you’d recommend for upskilling or building networks?

To be skeptical of anybody who tells you they know how to do this.

Bootcamps can be valuable -- or may have been some years ago. Not sure. The people I knew who did bootcamp courses had the outcomes I'd expect, namely that the smart, organized ones who were likable and devoid of personality disorders did well.

Be willing to take a bad job temporarily, or work as a contractor, just to get your foot in the door of the field.

> most advice has been starting at the bottom as an IT helpdesk worker and going from there

Be skeptical of anybody who tells you this, too. It may have been a viable path into the field in the 90s and 2000s. It may still be today, too, but I haven't seen any evidence that it is. I've never met anyone who has made this particular 'jump.' 99% of my team have CS degrees.