The domain (digital) might be less important than the role.
As a contributor, you have to be an expert, but you're really not on the hook.
As a decider, you can be a generalist, but you're on the hook.
The traditional mid-life transition is from contributor to decider, into management or starting your own company.
In my lifetime, the value of contributors has diminished while the value of deciders has exploded, largely due to the pace of change and the leverage of capital. Contributor skills get stale fast, but deciders making the right decision at the right time is a gold mine, waiting to be tapped by capital leveraging the latest tech/policy.
Also, I think people mature more as deciders. It grows confidence and effectiveness. Contributors grow to become defensive and stuck, i.e., dependent on being specifically useful.
It's tempting to look for nearby opportunities, but it may be more transformative to ask what kind of person you want to be in 10 years (and what will the world be like). If you operate from that perspective, you're leveraging world change and relatively immune to personal difficulty. People respect that, and you can be proud of making your way instead of just fitting in.
Becoming a principal rather than an agent is something (like meditation) that applies at all fractal scales of life, so you can re-orient while in current roles.
And don't worry too much about realistic. Focus more on delivering value, and the principle of least action will arrange things for you.
While I’m sure it doesn’t apply to all cases, I really enjoyed your way of framing the transition. Well put.
Thank you for writing this, I really needed to hear this perspective.
The hardest thing is understanding why you want to make this change. What are you looking to get out of it? What currently in your life is pushing you towards this? What do you really want to do? These may seem like trivial questions, but admittedly I personally really struggled with them, after coming to a conclusion that I needed to switch career paths. Someone here mentioned Ikigai, and the Surgeon General recently touched on something similar in their "Parting Prescription". (https://www.hhs.gov/sites/default/files/my-parting-prescript...)
You're probably looking to change paths because you know you don't feel satisfied, and their advice is to look for what fulfills your relationships, what allows you to perform service to the community (big or small), and what gives you purpose. Sitting down and asking myself, how well do you meet those needs now, and how can you better meet them, was what solidified my effort to truly shift from tech into fire fighting.
I'm not quite where you are yet, but I can feel this approaching... I started my career in IT tech support, became a systems & networks engineer, dabbled in IT management, data center construction management, software technical program management, ending up managing compute resources for a large-ish product with 1B+ MAU. But I think I might be done with tech.
I can't shake off the feeling of impending doom for roles like mine in the current market and the constant push for AI solutions.
So I am seriously thinking of moving and opening a coffee shop or wine bar, or even a coffee truck to be honest. Meeting people, making their day a little better, rather than staring at the computer all day every day.
I would encourage you to read up on Ikigai[0] to figure out what makes you tick and can give you the income you need. Not all passion projects pay the bills but some do.
[0] https://stevelegler.com/2019/02/16/ikigai-a-four-circle-mode...
The most interesting jobs I've seen are where people bring two specializations together, into a single role.
Take the strategy, user research and frameworks you do to drive better CX, and apply that to something you have a deep interest in away from the usual mainstream. It could be a hobby, it could be the cyber stuff you're interested in.
On that, you're more likely to enjoy getting into cybersecurity by joining a company doing that today as a CX expert and getting more technical over time and looking for a horizontal move, than you are from starting from scratch and working on an IT help desk and trying to work your way up.
I'd also suggest starting a blog or producing open source content in the field you want to move into. I'm starting to do this, because it can highlight my knowledge/skills while my CV is in a completely different field, in order to gently build traction and attention in my "target" industry.
One last thought: don't underestimate that you're stressed, burned out and just need a decent period of slow work to recover. I think most people looking for major changes in their career are just tired and fed up. I know I am. They say a change is as good as a rest, but a rest is as good as a rest as well.
> The most interesting jobs I've seen are where people bring two specializations together, into a single role
I usually think about a career in sales engineering because of this.
My wife transitioned from chemist to marketing manager. The key insight was to break down her resume tasks into transferrable skills.
So "Wrote SOPs for spectrum analysis using CV480 machines" became "Analyzed processes.and wrote detailed plans to spread domain knowledge across team".
The most important thing is to decide as specifically as possible what new role you want to take on and angle everyrhing in that direction. You can't just be open to whoever will take you - make your transition seem inevitable.
I was a 15 year JavaScript developer. Now I run operations for an enterprise API system at a large organization.
My career stagnated as a JavaScript developer. Most of my peers were afraid to write original software which made it really challenging to do anything until I was finally laid off from worst of it. Everything had to be little more than copy/paste from some enormous framework into an enormous mono…monster of stupidity. If you ever proposed sanity people would get irate because it threatens to expose that nobody has idea what they are doing.
Simultaneously, though, I have a part time job in the military. In the military I learned networking (routers and switches), operations, security, management, and more. I still maintain my security certs and have a clearance.
Last year a recruiter reached out to me about a work from home job writing enterprise APIs. I passed the interview using my knowledge of data structures and the inner mechanics of WebSockets from years of writing personal software. For most of my career as a JavaScript developer it seemed the only way I could program at all was to do it on my own outside of work.
Since then they promoted to lead operations and at the same time to be a team lead in a different organization.
You’re still doing software development. That’s not a major transition.
Not really. Operations is, at best, 5% software and more like 90+% project management. It is handy being able to write original applications on the fly to automate some of the insanity because there are multiple things happening simultaneously and many things to account for.
But in reality that's just a natural career progression for like 90% of people as they move up the ladder.
There are actually very few people above around age 45 or so that write code for a majority of their day (percentage-wise), and that includes people who still consider themselves in "individual contributor" roles. E.g. even a principal engineer is going to be spending a majority of their time reviewing code, doing systems and architecture work, mentoring more junior developers, organizing more junior developers, etc. When I was a principal engineer a huge part of my job was "project management" as you put it.
What an I missing? You said you were writing “enterprise APIs”.
OP said he "Runs operations for an enterprise API". My guess is that they are running a team that manages an infrastructure platform which developers in their org target. My guess is that this involves a team which manages deployments to multiple clouds / regions / data centers, some load balancing configuration, etc. using some software like Akana or some IBM product.
He could be clearer about what he does. He did say "Last year a recruiter reached out to me about a work from home job writing enterprise APIs." He doesn't mention going from writing APIs to operations management. Which seems to be where the confusion is coming from.
Though that is my understanding of how you make a big career change. Do your current job in a company that does what you want to do. Then change roles rather than jump to the role you want straight. Kind of beat the chicken and egg problem, of needing experience to get a job and can't get experience without a job. A job that is adjacent to the one you want is "second hand" experience.
Curious about the military job (and other services including Police Departments). Are you eligible for pension/benefits as a presumably civilian subject matter expert? How does one get such a cyber gig?
Its Army Reserves. Yes, I am already locked in for a pension. I am not a civilian. I am completely interchangeable with full time military, evidenced by my 5 military deployments.
How does a person get such a job? They join the military.
When I joined cyber wasn't a thing, because I am old. I joined the first cyber organization shortly after it formed and was a member for about a decade. I was promoted out of that organization and shortly thereafter a formal cyber organization was created, not just a few units. By that point I had become an officer doing more generic systems integration and physical communication infrastructure things.
The biggest difference between the military side versus the corporate developer side is that military tends to run towards problems. The goal is have everything working so that you reach steady state and don't have to do high visibility work. High visibility is bad, because it suggests you are failing something important. Corporate developers, on the other hand, tend to be either trend chasers that want high visibility yet low effort work until things fall apart and then they run away or are long term employees that want boring steady constant employment.
Sounds like a reserves position, probably in S6/Signal Corps given the description of dealing with IT.
That's it. I have been an acting/deputy brigade S6 on and off for years. Its more people and expectation management at that point than anything directly technical, but you are still expected to be an expert, like being a corporate associate director. I just promoted out of that and am looking for the next thing.
I became a massage therapist by going to school and doing the thing. It took me realistically two years of taking factory work and bartending to (a) figure out where I wanted to fit in the world and (b) to stop identifying as a tech dropout.
For me my greatest motivation was that I wanted to work with people individually, money be damned. I had a supportive spouse and we already lived frugally so I could build a business without (overwhelming) fear of failure.
If you can still stomach office work become an accountant. You’ll use all your analytic skills in a role that is useful to every sized company but your pace of work will be much more constant. Your ability to write small programs and debug excel will make you valuable.
My small sample size has always said accountant's work CRAZY hours for much less pay. Clearly you have a different sample. What are you hearing?
I live near some accountants for the city government, so maybe my viewpoint is skewed by the pace of public work. Then again, a lot of jobs can have long hours and most jobs have lower pay than tech.
Early years in Big4 as an auditor yes. As you climb the ladder it gets better and you make good money. Once you become partner you can earn high six figures or more in big cities and the pensions are extremely generous.
You can go to industry and climb the ladder and make good money with less crazy workload.
I know a chief accounting officer at a public company and she earns 7 figures. She works a lot but also goes on vacations and has free time.
There's "doing accounting work for clients as part of a contract" which is not that dissimilar to being an independent contractor on the software side except for 1/3 the pay or less. The work is "easier" but less intellectually stimulating as you're doing the same thing over and over again with different numbers.
Then there's "doing accounting work for a company as part of an accounting department" which is much more likely to be 40h weeks, punch-the-clock type of work. However there can still be crunch time there as the deadlines are real deadlines not VP-pulled-out-of-a-hat deadlines (e.g. tax filing deadlines, SEC reporting deadlines).
Broad advice I've seen for already-employed people looking for a change: Switch employers and roles at different times.
e.g., Learn enough to be useful, then talk to the security guys at your company. Prove you're useful and trustworthy; see if there's any tasks you can do for them without violating policy. If a spot opens up, see about changing roles within your company.
Or, join a smaller company, where your role and some security responsibilities overlap.
This is great advice and I've seen it work for a few people. (Not specifically for cybersecurity.)
The short version is when people can ease sideways to a completely new role at their current employer. The longer version involves getting a new job doing the same thing, but at a company that does a lot more of the thing you want to do. Initially you do the thing you were doing before, but there's more opportunity to shift sideways when you get a good rep.
This is some of the best advice!
My story (also not spring chicken):
-Had a very demanding IT job up until 2 years ago (12-hour days, stress...) -Asked for a demotion and moved to a more relaxed position -Used the extra time to go back to grad school -40% complete in Fine Art program (drawing/painting). It was an easy choice, visual art was a life-long passion, but math/physics took over early on and then I had to make money as the kids started to arrive...
Forget about networking, divining your calling, identifying your superpowers, marketing your past experience and all that...
Read Cal Newport's So Good They Can't Ignore You ( nice video summary: https://www.youtube.com/watch?v=dE-wvWdM6jY ).
Choose something that is likely to work out for you and put a lot more effort than anyone else does for long enough to make it happen.
I went from a Full Stack Software Engineer -> Lead -> Eng Man -> Burnout -> Wild Mushroom Exporter in Zambia.
Currently trying to become a wild beekeeper dropping hives anywhere anyone will let me while coding on side projects at the same time.
I recommend beekeeping. Go on a course somewhere, learn a little, get a hive, make mistakes, learn, scale, profit.
A friend in South Africa does bee tech[0]!
[0] https://web.bluebeansoftware.com/whats-all-the-buzz-with-sma...
What, was goat farming too pedestrian for you??
(Just a little joke, based the meme of developers quitting their jobs to start a goat farm.)
Also, I'm allergic to bees.
I thought the meme was woodworking or metalworking
Curious! What do the hives you drop look like?
I'm assuming no-touch hives are designed differently than honey-extractive hives.
Can you elaborate?
Yes, please do, I've been considering changing careers as well. (Currently software engineer)
After experiencing some disillusionment, I was able to re-kindle my love for software by switching to information security with no prior background.
I've posted this here before, but:
I did the OSCP, a 3-month course + exam that teaches an overview/the basics of infosec and more specifically pentesting
It’s a fairly well-regarded certification (and a tough 24-hr exam), and got me interviews for Senior Security Consultant roles at firms like NCC Group with no prior security background
I think a typical progression is something like Security Consultant/Pentesting at a consultancy and then transitioning to Security Engineer/Security Researcher at a more specialized firm
I was actually able to bypass this and somehow land my dream job (binary/IoT reverse engineer) immediately after seeing them post on the r/reverseengineering subreddit and just going for it (they didn't care about the OSCP cert, but the things I learned and tools I used/was able to put on my resume helped a lot I think)
Besides the OSCP, what helped me land the role was playing microcorruption CTF
That job was one of the best I've ever had and made a lot of lifelong friends from it
Once upon a time, I was a machinist. I did this for about 10 years. I enjoyed working with metal, and I still do, but the repetitive nature of running production parts wore me out mentally.
So, I bought an old Dell server and started teaching myself Networking, Linux, VMware, KVM, Databases, Websites and anything else I could get my hands on. I built a portfolio of my best projects and started applying for jobs. It took countless applications, but I eventually got a QA position at a local startup. The rest is history as they say.
My portfolio is what sealed the deal, and I got a job offer from the only interview I had. Unless you are getting into a trade like lineman or trucking where they will train you, a portfolio is the best way to set yourself apart without experience. I took a 50% reduction in pay. But I was never really money focused, I learned that if you enjoy doing something, the money will follow.
Why Cybersecurity? Every single “IT job” is saturated and the barrier to entry is low meaning you are competing with everyone else doing boot camps and getting a few certifications
You would be better off going into consulting or sales in a related industry.
People like to give you warm and fuzzies and tell you that “you are never too old”. Honestly, that’s not true.
As you grow older, you have more responsibilities and you need higher pay.
But the best way to transition is to slowly do it internally at a company you already work at.
(I’m 50 by the way)
Cybersecurity is not for beginners. There are almost no jobs for juniors anymore.
It's also chronically understaffed.
That might be true. But the answer isn’t hiring someone with no real world experience. I would hire an entry level developer before I would hire an entry level security person.
I agree with this post. Capitalize on the experience you have in a different way.
I have changed my "career" several times and luck played a big role.
Short answer - work for a small startup where you wear many hats. Scale, sell or fail - rinse and repeat.
Started as a mechanic, went back to get an engineering degree which got me into a auto manufacture. I found engineering cool but moved to slow and salary growth was very slow. During dot com days things were booming and I had an opportunity to jump to a marketing startup which helped me break out of my engineering shell(such a different world).
I found operations was a very good fit for me - complex machine you have to engineer to work efficiently as the world is on fire. I happen to make a career out of it working with several startups in numerous industries. My job was always started with - fixing stuff young startups get wrong to help them keep up with growth. Basically put business processes in place and be an interpreter between technical and business people so they stop making stupid technical decision that cause long term problems.
It was a great ride and learned a ton about business that you will rarely learn at a big company. I was responsible for various aspects of technical and non technical operations so always had a seat at the table.
Most folks who I know who made a large career change did one of two things:
- Hard shift: quit their job, went to grad school, and started over.
- Soft shift: got an adjacent job w/ a company w/ many roles (consulting, big tech, etc.), slowly got good at the adjacent role, and then title change.
I don't know what's best for you. Option 2 is safer. Could look like:
- Get a job doing UX in/around tech services/consulting/cybersecurity (eg IBM, Palo Alto Networks).
- Get on a team with cybersecurity engineers (eg, GTM for a "new cyber offering")
- Slowly build up your PM or technical skills (eg, start by learning SQL & doing reporting)
- When you're actually useful in the new area, ask about a role change
Keep in mind this is a lot of work.
- You're gonna need to go from No knowledge -> Junior -> Mid-Level -> Senior.
- Your opportunity cost is 1-3 promos in your current track, which would probably radically change your day-to-day anyway.
Good luck!
I might suggest a third option, which I pursued. Found a job at a public university system in my pre software development role. Received tuition remission and worked full-time while also going to school part time (online) -- my job would cover six credits a semester. And since I already had a bachelors, I was able to get a bachelors in computer science with 42 or 45 credits, and graduate in about 2.5 years (including summer courses).
I went from being an anthropologist (post doc) to being a programmer. I'd done a lot of Monte Carlo simulation as part of my thesis, and new programming was a possibility. In my case, we were wandering through a University library for old-times sake when my then wife and I noticed an ad for programmer trainees on a computer screen...
So, I'm not sure how replicable that was, other than keep your eyes out and be willing to take a chance.
I think the first thing is to imagine, broadly, what it is you want to do, and then look at the entry paths for that.
As someone who switched careers, from working as a mechanical engineer to(at first) coding JS web to Java engineer later on - do not strategize too much upfront.
Building connections in domains of interest is something one should always pursuit and intensifying this might be the best immediate action to take.
Some other aspects:
- Keep your domain options as open as possible. Do not commit to a new career before securing it. This is vague advice, I know - but focusing on for ex. cybersecurity over general DevOps/cloud engineering with the security vector would be narrowing one's options.
- If you are not prepared financially, be very cautions.
- Manage your expectations, the major factor in a career switching is(IMO) luck and opportunity - over which you have no control but can sorta manage somewhat(ergo the networking).
Changing careers is a very general and realistic goal. Keep the way you go about it the same way.
I've found it very challenging, difficult and frustrating. Wouldn't do it again but glad I did it the first time.
Best of luck!
> clout engineering
Back in my day they used to call this "resume-driven development"
(Sorry had to)
Back in your day, did resume-driven development help at switching careers?
> most advice has been starting at the bottom as an IT helpdesk worker
I've been in infosec for about 10 years. It's a very broad field. Opinions vary but it's generally not considered an entry tech field. This advice is broadly applicable to most technical roles (SOC, pentest, security engineering). You are going to need to know what a current IT or devops engineer knows and then some for those.
For appsec you will need to know what a developer knows and then some. Languages may vary but the webdev languages are always in demand.
For GRC roles (governance, risk, compliance) you may not need to be that technical. These are policy / paperwork / audit type roles. Unfortunately supply and demand being what they are, they're also generally the lowest paid and (in my opinion) least interesting roles.
The catch here will be that the job market is very poor right now in security as in every other technical field due to layoffs and AI, and (speaking as a 48 year old) ageism is real.
At thirty I quite my job as an industrial painter and sandblaster and started as a temp data entry clerk at a local government for $8/hour. Worked hard at what I did, made connections, and moved into field-work, then GIS. From there I moved to the private sector in Civil Engineering, still doing GIS. I then made a tangential career change into geospatial software development after moving to DC, as I spent a lot of time learning programming on the job as a GIS Analyst. Now I do DevOps. I think the key for me was to put myself into an environment where I could get the opportunities that I wanted, and working hard towards those goals.
An example from one of "those who've shifted from established careers to something entirely different"
I used to be a software developer, now I cut up meat at an abattoir (combination choice/circumstance.) In one sense, I traded "work at a desk, go to the gym in my spare time" with "workout for work, sit at a desk in my spare time."
Upsides? Fitness, don't take your work home, redundancy less likely. Downsides? Less pay. Samesides? RSI in both jobs.
Doing the same thing every day is relative.
Switch from Sales & Sales Management to Software. First couple years were painful. To answer your questions:
> How did you pinpoint new directions that matched your skills and interests?
I fell into it. I tried to start a business that required developers, and the developers didn't complete the work for the clients... so I did it. Zero experience, zero background, just me and youtube trying to make deadlines.
> What were the most effective ways to reposition your experience in a new field?
I built the plane in the air, so I don't have a great answer for this.
> Are there any resources or strategies you’d recommend for upskilling or building networks?
Start now. Try learning things, then reach out to your network for people that might be able to augment your learning. People are really great about that stuff when they see that you are interested in the same stuff they are it creates a bond.
I jumped the other way round aged 40 from non-tech into tech. I went from being a UK merchant ship captain to working as a software developer. I did it over a couple of years by increasing my knowledge in my spare time as a hobbyist until I felt I was at least good enough to be employed in a dev role. I should mention that this was back around the millennium, when web dev was still a wide-open and rapidly changing field.
The obvious big issue is maintaining roughly the same salary level, but you’d be surprised how much you can tighten your belt if a making a big jump down. A non-obvious negative is getting used to loss of status. That hurt a bit initially, but I soon found that the novelty of re-inventing myself in a new domain was massively invigorating, plus I was suddenly working with very different (and much younger) colleagues. So I decided to shut up about the old job from day one and never mentioned it unless asked (no-one cared anyway).
But be aware of turning a hobby into a job though. I got into dev as just a hobby initially. Then it became a paying part-time gig when on leave, which eventually lead to a job offer via someone I knew in the business. You’ll soon find that doing your hobby for a living cools your enthusiasm for your hobby, especially when dealing with difficult customers, bosses, or ridiculous deadlines. That said, I’m really pleased I made the jump and don’t ever have to wonder “what if?”.
Great story!
> You’ll soon find that doing your hobby for a living cools your enthusiasm for your hobby
I think a lot of software developers are in that situations. I suspect for a lot of us, programming started as a hobby.
> A non-obvious negative is getting used to loss of status
I can imagine. I never had a great status, it can sound very vain but I sometimes I wish I had one :) Ironically, working in a big tech company can send you to the very top of the salary range but nobody knows, you're just a "programmer" which isn't super prestigious.
> I went from being a UK merchant ship captain to working as a software developer.
That's one hell of a story. How did you end up in the trade to begin with? How long it take for you get promoted to captain? What kind of cargo did you typically carry? How big was your crew? What was the largest ship you captained? What are farthest points you've sailed to in all cardinal directions? Were you still you still operating with paper maps and sextants by the time of your captaincy or was GPS common on ships by that point?
I went to sea with BP Tankers as a deck cadet in 1976 trading worldwide, largely to escape my small village life. When I qualified as 2nd mate, I moved to mediterranean trade small bulk carriers, then oil rig supply ships on the North Sea. Got my first command at 32 on the rig boats, so around 14 years at sea by then. Ended up on local ferries when I became a father in order to do shorter trips away from home (I had to drop two ranks, but it was worth it). The biggest crew I captained was around 40 when working on a short-lived cross channel ferry service from Weymouth to Cherbourg. Rig boats typically only had about 12 crew though. My last seagoing job was a harbour pilot for a couple of years which gave me the spare time to learn software dev.
And yes, I was probably one of the last generations of seafarers who used celestial nav and paper charts on deep sea trips before GPS became universal. We used Decca Navigator for coastal nav, now also long gone and forgotten. So electronic charts were way after my time! I lost count after 40+ countries visited, but it's really not the flex you might think because there was very rarely time to go ashore.
However the experience and confidence gained at sea helped enormously when (say) presenting a software proposal to CEOs and the like, most of whom were the same age as me. They tended to assume I was much more senior than I really was! I never regretted the jump though. If you can make the money work, then I’d recommend career changing to anyone for the new lease of life it gives you. Especially if feel you have gone as far as you can in the old career.
Changing a career could often mean being a junior in a new field at an age where you should not.
It’s time to reach out to people in areas of your interest.
Ask them out for coffee, beers, a phone call, whatever and collect as much info from them as possible. Get them to dive into how they got there, and what steps they’d recommend you take to get started.
Zoom in on one you feel most confident you’d want to pursue and try and find someone willing to mentor you through the process of getting started. This can be very casual, it doesn’t have to be some formal “meet every month and talk” thing.
I left tech this year and am back in grad school for an area I’ve found a lot of passion in through the above (clinical mental health, for anyone curious).
It took a few years of seeking out a new career but I am very excited for the transition.
The absolute key for me was finding someone practicing in a speciality I wanted to pursue and having them guide me through the steps necessary to get there.
Most people are going to be willing to help.
Have you considered academia?
I wrote code for a digital agency for a while and it was cool but making stuff for huge corporations wasn't exactly inspiring to me.
So I got a job doing basically the same for a university library. Now I wake up every morning knowing that I'm working to make information available to the public for free. And my work is basically an answer to "What would you do with code if it didn't have to be monetarily profitable in any way?" every single day.
You could probably find a position doing something very similar to what you've been doing (if you want) but in a very different environment.
My first job out of college (1990s) was as a programmer in a university research lab. It didn't pay as well as industry, but it was enormously rewarding in so many other ways. I had a ton of autonomy; I got to speak face-to-face with my users and solve their problems; I got to talk to interesting smart people every day; I got a close up view of some super interesting research that I would have known nothing about, etc.
I don't know how this kind of job works today. My salary was somewhat less than I would've made in industry at the time (pre-dot-com), but now it seems that universities would likely pay much less than industry.
Oh yeah, you're definitely not getting rich on the salary. Low 6 figures isn't too bad in a small town though. Also, I really like vacation.
If you’re already a skilled programmer, I actually think cybersecurity is a pretty straightforward field to get in to.
The tradeoff is that you have to not mind:
1) relocating to the greater Washington DC metro area, and
2) getting a US security clearance,
Though this website really makes it seem like cybersecurity is all about the world of web apps and commercial tech companies, I would actually posit that the US DOD / Intelligence community is the largest customer of cybersecurity research in the US. (It’s dispersed through a big web of contracting firms, but the end client of most of these firms is one of a handful of agencies or military intelligence divisions.)
I say this as someone who works in the field: if you can code, and you can get cleared, you can probably find someone in the cybersecurity field who wants to hire you. The field is hungry for experienced talent. The fact that you’ve previously forward developed web apps is not a drawback - if anything, it’s an asset. Knowing how developers think is a great asset that most pentesters and reverse engineering focused people in the field lack.
Your focus in UX, user research, and design is a huge asset. There are tons of dogshit web apps that government agencies use for important national security purposes. Trust me on this.
Edit: expanding on the note about the "big web of contracting firms" - there are a ton of little DARPA / pentest / cyber research companies in the DC metro area that would kill for an experienced programmer with an interest in cybersecurity research. They don't pay nearly as much as FAANG, but there's also substantially less competition for those jobs, and (in NoVA/southern MD, anyway) tons of opportunities to jump ship to different teams with different work and better cultural fit, if you're interested.
If you don't want to move to the Washington DC metro area and alterantive weould be the Hampton Roads area in southeast VA which encompasses Va. Beach, Norfolk, Newport News, Hampton, and Chesapeake. There are multiple military installations, and more DoD and DoD adjacent jobs than you can shake a stick at.
Out of curiosity: Would someone with dual US/EU citizenship with, say, Sweden be able to get such a clearance without giving it up, or is that a dealbreaker?
You have to be a US citizen and not a citizen or permanent resident of any country that is embargoed for the project. The DOD embargoes run by project (at least where my wife works they manage it that way). You also have to file for permission to travel outside the US. It’s usually not an issue but will be denied if you are traveling to a country that is on the embargo list for the project you’re on.
It is a dealbreaker, I have dual citizenship and have been unable to get clearance even before I renewed my non US passport. For the USAF or companies doing private work. It's up to some fat fuck somewhere, his value system, his white knight ideology. Probably sitting at a desk deciding whether you can get paid or not. Maybe it is case by case basis depending on what intel they have on you. They will look underneath your socks too.
Meanwhile, most of the popular leaker cases have been US born US citizens. I wonder can they hire H1B's into these roles. I would be curious to find out.
I don't believe it would be a dealbreaker, but I don't know, as I am only a US citizen.
I think the level of scrutiny would be much higher if you were a dual citizen with a nation the US perceives as an adversary - i.e. Russia, China, Iran, North Korea.
not a deal breaker
What does cybersecurity pay for a novice ( but experienced programmer)? what about experienced personals?
Writing code in cybersecurity contexts is usually market competitive, with either a bump or penalty if you're working in sensitive contexts (Government contractors tend to have a bimodal distribution because they need some people desperately and also abuse people's patriotism to skimp on wages)
I have no idea what novice pay is like.
I'd happily tell you what I make personally as an EE with ~15 years experience if you were to contact me privately, but I don't really feel like posting that on the internet.
I’m a dual citizen and I could get rid of it if I need a clearance, but all the jobs I see require that you have one already
I'm anesthesiologist but now I work full time as senior software engineer at a radar company. I wanted to get into medtech (still want to) but this works well with the family. Work life balance was the main reason I took this path. I also wanted more intellectually challenging work.
Do you think you'll ever go back to medicine? one issue I see with tech is ageism. Past 50-55, it can be harder to get a job while we're still far for retirement. Seems doctors can work for as long as they want.
Your question is grounded in your desire for a money (or in nicer terms, a livelihood). A mid life change should be grounded in something more sound. Money and your career are mostly practical matters, not issues of the soul. You need to know the answer here believe it or not, and the hard advice is it’s going to take personal reflection.
What do you want to live for?
Who can answer that for you?
> I’ve spent almost two decades in digital-focused roles ... I've often thought about cybersecurity as something I'd like to specialise in
Because to me, cybersecurity reads like "more digital" than "strategy, user research", not less, I'm not sure if I know enough about the poster's motives to help.
But what I can suggest is that the late Ross Andersons' book Security Engineering is a great starting point to get into system security.
BTW, I have enormous respect for people who are transitioning between professional areas, and while it consumes energy it probably will be the source of more energy, best of success for everyone!
Another +1 for Ross Anderson's book Security Engineering. I bought it a few months ahead of starting a Cybersecurity MSc, so I could try to get my head in the right place in advance. My first thought was "it's £$*&in huge" but then I read the whole thing in about 3 months. A real page-turner!
100% to Security Engineering. That book was what actually made me seriously consider working in security for the first time.
> I've often thought about cybersecurity as something I'd like to specialise in
Well I think these kind of thoughts are quite common. IMO it is helpful to realize that your thinking (rather dreaming) about doing cybersecurity may have very little to do with what it would actually feel like to acquire the necessary skills and find a gig (or some gigs).
Your choices are rather simple:
1. Dive straight in headfirst. Quit or change your job to part-time and commit to intense training in cybersecurity (e.g. enrolling in structured training program of some kind).
2. Find time, energy and motivation to learn/practice without changing your life radically or committing to anything. If you are seriously interested in something you'd be naturally drawn to do this thing. After a few months of doing so you will have a much better idea what switching careers would feel like.
3. Keep doing whatever your doing realizing your ideas and feelings are completely normal and valid but may have little to do with cybersecurity or your career. Try to understand what is actually missing in your life and how you can address the root cause.
And even if he does 1 and 2 , why would anyone even interview him let alone hire him with no experience?
Ageism is real in the industry. But it’s more nuanced. If you have experience commensurate with your age, a strong resume, and a network, the world is your oyster.
If you have none of those or your experience is with outdated tech, you’re screwed.
I went from Law to Software Development after 30. I was a lawyer for roughly 10 years before the change and even was a partner in a small law firm.
For me the key was just to see this huge change as a series of small steps instead of a big "flip the switch and change" move.
Before I changed, I took courses in programming to see if I'd like it, I build projects in my own time to see if I would actually pursue it.
Even once I decided to change careers, I still kept my old things ready in case I needed a fallback plan (this happened over 10 years ago but I still pay my Bar fees every year).
For me, doing it slowly, with a plan, and a backup, removed a lot of the pressure and risk of the change and it worked fine.
I haven't done anything in Law in over 10 years now and am fully "converted" to development.
My advice for you: buy some Cybersecurity courses on Udemy. They might not be perfect, but they are usually cheap (always wait for sales) and see if you will like it. You can take dozens of courses for 9-12 USD there to see if that is the path before committing to something more serious and expensive.
This is just to see if this is really the area you want. The day to day of most careers tend to be heavily romanticized from the outside.
Once you've done that, try to see if you can find some education with a Co-Op component. I found it is much easier to get your foot on the door of a new career as a Co-Op in a course, though that is not required.
I'm in my mid thirties and have often considering moving from software to law. My software path tops out at around $200-250k so the upside on law seems better if you look at the big opportunity cost and lower wage periods with some rose colored glasses ;)
I’ve got bad news for you if you think the average lawyer makes more.
Unlike the normal distribution in your link, earnings in the legal profession follow a bimodal distribution. The mean/median earnings of everyone from public defenders and law firm associates isn't typically representative of actual incomes.
As does software development. What are the chances that he ends up in the FAANG equivalent in law?
All that is needed is a willingness to be broke. The only reason I can't change careers is because it might take years until I get to the point where I could make enough money to pay my mortgage, but that bill comes due every month.
But there were planes to catch, and bills to pay
He learned to walk while I was away
When you coming home, dad? I don't know when
But we'll get together then
You know we'll have a good time thenI transitioned to security after working in development. I didn't have to reset back to being on the helpdesk, but any career reset probably won't have you enter at the same level you were at before. I went from being chief technical architect type roles in development to being a security architect.
For me, the transition also took a number of years. I did a Masters degree in security, and started to get more experience in security in my non security role. Then I found a small software company willing to give me a chance as their security guy. I guess for me it took about 4 to 5 years to really complete the transition.
To add, one somewhat neglected area of security is usability. So you may be able to leverage your existing experience there.
You always have time to re-skill if you commit serious blocks of time , but your personal identity won’t be malleable in the way a 20 year old is when selecting a degree and career.
This limits what success looks like for your switch. Are you looking for a different work life balance? Learn something new? That can work.
Becoming the face of security in an organization? Not likely.
You need to in a focused and meticulous way with strategic thinking, likely over some long-ish period of time, venn your skills fully. Use your research and planning to make the center point some highly valuable combination you suspect will be useful to future people to solve big problems that will be presented in society. As I think you've gathered, to do it right, you don't change careers, you change yourself and a career shift naturally happens, your job is to steer yourself to where you think one of the may pucks in flight are going.
I actually just finished my second career pivot. I was in hardware, then in software, now I'm in government.
I'd take careful stock of your support network behind you, and of who you're supporting. But keep in mind, there's no "wrong answer". Live your life out loud and you do you. If your situation makes that untenable, do some soul searching and find peace without the shakeup. Lots of good advice on this thread, but you know you better than anyone (and if not, start there).
Know the risks though. My wife and I have changed our religious and political beliefs over the past decade or so and as a result have lost contact/intimacy with much of our families/friends. Losing community takes a much steeper toll than I would ever have guessed.
I switched to being a professional shooter for 3 years. I came back because the pay was awful and it's really hard work. And despite all the downsides, I make more impact with my programming (and it pays a LOT more).
photography? firearms?
Or cue sports, like billiards, snooker or pool?
I'm hoping aircraft carrier steam catapult launches.
Basketball ?
Counter strike?
Assassination?
Craps?
Crips?
bartender
Are there plenty of cybersecurity jobs in your area of the world? Look for the technologies the recruiters ask for and learn them. Then ignore experience requirements and apply anyway. Every time I have been recruiting I get candidates that don't match the spec at all put through to me. Specs are aspirations in recruitment. You may well get a shot.
I can only of course share my own experiences, but I’d recommend taking a government cyber role - especially something hands-on. This allowed me to pivot from software development (which I still love and do but just for myself) to cyber.
For me, I am just always learning something new. I have a list of 12 books to read this year and already knocked out two.
The biggest variable to me is if you can justify taking money out of the market to pay for college. For me, it is a non-starter. A completely laughable idea.
Pushing 50, I need one more re-invention. Starting over in something like cybersecurity, I would just be getting beat out by the 25 year younger version of myself. I need an AI hedge basically. Something highly creative, non-standard, not something everyone else is already is doing. The process of trying to figure this out is what I think will lead me there.
My AI hedge is that I don't want to start trying to do this if I find myself completely unemployable with my previous experience and skills pushing 60.
It seems like we either get AGI and I am not employable in 10 years or we don't get AGI and we have such massive malinvestment that the job cutbacks also make me unemployable on my current path.
I think the only way to play this is to be heavily invested (if possible) on the AI buildout. If we get AI at this rate, then these investments as of today truly will be a meal ticket.
It’s a huge conviction, that means every dollar you earn during this phase has to be leveraged into this build out because at the end there won’t be any jobs left.
When this happens at scale, and everyone is on social security, the government will inevitably cut/tax your social security income, which is going to be insane for the retired crowd who will literally have no recourse in the economy. Foreign nations already want to de-dollarize, so a situation in 20 years can easily arise where America cannot raise debt because no one wants to buy it (aged highly-taxed population, no jobs due to automation, and no creditors. Fall of an empire, we’re crying wolf again but this time it feels real).
The only way the American demographic will be able to maintain its lifestyle is to do the opposite of what we are doing now. We’d need mass immigration, to fill a underclass that we can tax to maintain the QoL of the retired American class (or in simpler terms, saturating the bottom of the pyramid to pay into social security, everyone else is old or out of a job). This might cause civil unrest.
It’s best to prepare. America has UBI via SS, it just hasn’t been stress tested. What if we put everyone on it for life? It’s going to cause so many moral hazard issues. Why should I pay into supporting people who don’t do anything? Well, what are they supposed to do? There’s nothing to do. Should they not eat then?
As someone that did the whole burn the boats and force the change thing several times in my life.... That is exactly what I don't recommend.
Everyone here has great advice. But my #1 advice is to take all their advice and use it to get a new job.... Before quiting yours. Do not quit your job first. Sure it works for some people. But those that it doesn't work for end up wasting a lot of time and a lot of money.
If your dream of a career change isn't enough for you to give up nights and weekends to help facilitate it, then odds are you don't want it bad enough imo to really pull it off.
If you want to go into cybersecurity here's an idea (I haven't tried it, so ymmv)
1) look up people who claim to be in cybersecurity on some site like LinkedIn - see what their titles are, where they work, and so on.
2) see if you can find their resumes or any detailed cybersecurity resume - you are looking for keywords, application software, languages they claim to know, etc
3) look up job interview questions that relate to those skills, e.g. glassdoor has a fun feature where people have shared the actual questions they were asked during an interview
4) find free or cheap online resources, classes, demo/free versions of apps, set up a home lab, so you can become familiar with those skills, languages, tools. etc as much as possible and for as little as possible.
5) read a site like "stack overflow" with a focus on the skills/apps that cyber security researchers are likely to use, and see what questions the tend to ask, etc.
6) Develop some study cards on Anki with the interview questions you are likely to get and answers that might fly. Don't be complacent, expand on this as you go along, adding more and improving what you have.
7) See if you can find one-off "cybersecurity" gigs on craigslist or fiverr, etc. where you can be paid something - anything - to do something security related. Not only might this improve your confidence, it will generate a little bit of money instead of you paying money. You can also check out the competition and see what they are doing, for how much, etc.
8) Read up on "cybersecurity" related topics, people, trends, books, movies, etc. Get a feel for things as they are, were, or might be.
Good luck.
Back in the early 90's when I was 35 years old I hated my job but I had family commitments and mortgage to attend to.
I had always enjoyed reading psychology books and decided to attend night college and train as a counsellor.
For the first 2 years this was 1 evening of 3 hours each week, then 2 evenings each week for the final 2 years until I qualified as a therapeutic counsellor. I worked full time in my regular job during this period.
Once I had qualifed I realised I had absolutely no experience working in the care sector so I worked as a full time volunteer in the substance misuse field for a whole year gaining the experience and knowledge to allow me to get a paid job in the field. During this period the company provided an extensive traning package. I was after all giving my free time.
I also enroled in a psychotherapy masters degree. Now qualified as a counsellor I had all the core knowledge in place. The masters degree was one weekend each month for 2 years, so very doable.
After a year I applied for my first job as a keyworker then over the next few years I slowly worked my way up the ladder to care-coordinator, methadone dispenser, trained as a auricular acupuncturist etc etc.
six years later, aged 41, a master degree in hand and my new life ahead of me.
My friend did a similar thing and he became an architect.
Thank you for sharing this. Are you feeling more fulfilled in life now? I have been struggling with hating tech for a while and am considering getting out.
For what it’s worth I’m on the other side of this. I’ve been a licensed counselor for 13 years and working in behavioral health for 17-18 years and I’m itching to change careers. Basically the opposite of the post above.
The work can be rewarding but it can also be emotionally demanding and the pay and benefits can be quite shit, frankly. The mental health system (assuming USA) is designed to be exploitive to someone; either it’s going to exploit you, your clients, or both.
You can get an administrative job that pays a bit better and has better benefits but your work life balance will be poor and you’ll still generally struggle to make what tech workers make in equivalent roles. You can work outpatient but you’ll make less unless you charge a lot but then you’re excluding a large segment of the population who have a high need for services. Depending on where you live this may not be feasible even if you’re open to it. It’s dependent on your ability to keep a stream of somewhat affluent individuals coming in, obviously
Or you work with insurance but then you open yourself up to a great deal of red tape and financial liability that you either eat or pass on to clients, thus creating financial burden and worsening their mental health. It’s not your fault but it can feel really awkward and shitty to charge a client $800 when their insurance claws back 6 sessions worth of appointments. Alternatively you eat the loss, which can be something that inherently happens because (rarely) they’ll claw back appointments from 12+ months ago. This can also be challenging from an obtaining clients perspective. I run a private practice and contract with a group and right now I have 0 people coming in with no wait list. This isn’t common but it does happen and it means my income dries up a bit. It’s not the end of the world because the holiday season was a heavy period and it will likely pick up again soon but even people with insurance struggle to afford therapy now. More and more people have high deductible health plans with sizable deductibles so they end up paying $70-150 a visit, pretty considerable weekly/biweekly expense. Around summer I start getting a strong uptick because the high deductible people start meeting their deductibles (although young healthy ones often never do)
Sometimes it’s hard to leave work at work with this job. That’s any job of course but with this job you can hear some real heavy shit sometimes. That’s generally not the norm though; most people are just not doing so hot or having relationship troubles or whatever. But every once in a while you’ll get a person that has had some truly awful experience that sticks with you for a bit. Or a person that is manipulative, constantly tests your boundaries, and sticks with you in a bad way.
There’s a lot of positives to it too of course. I set my own hours, I don’t have dumb staff meetings, I set my boundaries with people so if a client goes too far or is outside my scope I can cut things off, etc. I earn 100% of my money minus minimal overheads (telehealth practice is really light on overheads). There are tedious clients of course but many clients are interesting and challenging in an intriguing way. But I feel like people don’t advertise the ugly side really
I always wonder who do counselors go to for counseling. And then, recursively, who do the meta counselors go to for counseling... where does it end? Or are we just adding emotional stress to an overtaxed system with no relief?
The great clown Pagliacci is in town, that should cheer you up
Not the answer I wanted but the answer I needed. I am culturally enriched, thank you.
https://www.seattletimes.com/entertainment/pagliacci-classic...
That is great.
The problem now is the cost of college. I would be working on this same path right now but I can't justify the terrible relative investment that is college in 2025. It is just night and day different compared to the 80s/90s.
The time would be no issue at all for me. I am bored and would love something to do like going to class again.
It is criminal I can't get a psychology degree online for a fraction of a state school price at this point. To have the same degree cost much more than before the internet is just completely insane.
We can figure out as a society how to ban Tiktok but not how to have dirt cheap education like we could. I can't imagine the price we pay in GDP growth for this between the student loan debt and the sub-optimal work force configuration.
In my career I changed jobs 3 times. I ended my career back as a happy coder, but never regretted the changes.
Every time I made the change within the company I worked for. One I resigned, but was asked to fill another role, next I said I was bored, last I was about to be fired. My experience was employers can be more flexible than you imagine. But maybe I was lucky.
For cybersecurity, look at the entry certifications and do one of them, then start applying for entry level jobs.
Move on to the more intermediate certifications if you want to/keep learning.
Start doing the work. Buy books and read them, watch conference talks, start hacking at home. Realize you have to start from close to the bottom and work your way up, and start applying to internships or entry level positions. Learn on the job and devote yourself heavily to career development to catch up.
If this doesn't sound appealing, then changing careers probably isn't for you and you will probably have challenges succeeding at it.
To your questions
> How did you pinpoint new directions that matched your skills and interests?
I found my pivot while working in my prior role, and worked actively to change paths at that company. I'd say if the overlap is close enough, try to get on-the-job tastes of the new direction. If not, see if volunteer or charity opportunities are available. Sometimes the reality of a change doesn't match up to expectations.
> What were the most effective ways to reposition your experience in a new field?
Some experience in the field will let you know what is valued and how to parse a resume. You should seek out someone in that field to be a mentor through this process. It is probably better to ask them this question.
> Are there any resources or strategies you’d recommend for upskilling or building networks?
It is not a great sign for you that you are asking this here. This is a hard process. You should look in your own personal network for contacts you can ask about the new field. Failing that, you should look for local professional organizations, meetups, conferences, or colleges with relevant departments and reach out to them. They will have the best advice. In terms of upskilling, there is no substitue for on-the-job training in any field. You just need to understand if there are any credentials, qualifications, or certifications you need in order to get your foot in the door.
i did this at age 30 https://hackernoon.com/no-zero-days-my-path-from-code-newbie...
good luck
I moved two-steps-to-the-diagonally (two steps right, one step up)
Tech Support --> Sys Admin --> Audit/IT Audit --> Project Assurance --> IT Sec PM --> GRC --> GRC PM --> (back to) Audit --> ThirdPartySecMgmt --> GRC.
I am a firm believer that "you should apply to any/all jobs where your CV/exp matched "70% or more".
If you want to do a big jump (e.g. someone wrote about wife going from Chemist-to-Marketing), ask from ChatGPT to reword your CV to a generic version (as lubujackson's example is).
Your post doesn't say what career you want or even that you want a particular career. Until you make that decision, I'm not sure it's possible to strategize, plan or brainstorm effectively.
I wrote the following on the assumption, which may be wrong, that you're interested in programming and want to do it professionally.
> How did you pinpoint new directions that matched your skills and interests?
I just chose to do what I enjoy, and I happen to enjoy solving problems and working with computers.
> What were the most effective ways to reposition your experience in a new field?
I didn't. Other people did that for me.
> Are there any resources or strategies you’d recommend for upskilling or building networks?
To be skeptical of anybody who tells you they know how to do this.
Bootcamps can be valuable -- or may have been some years ago. Not sure. The people I knew who did bootcamp courses had the outcomes I'd expect, namely that the smart, organized ones who were likable and devoid of personality disorders did well.
Be willing to take a bad job temporarily, or work as a contractor, just to get your foot in the door of the field.
> most advice has been starting at the bottom as an IT helpdesk worker and going from there
Be skeptical of anybody who tells you this, too. It may have been a viable path into the field in the 90s and 2000s. It may still be today, too, but I haven't seen any evidence that it is. I've never met anyone who has made this particular 'jump.' 99% of my team have CS degrees.