How I Made the Leap to IT Security

Fifteen years ago, the landscape of IT was so fluid you could almost pick your specialty and start working. The need for computer engineers was so great, that anyone with some ambition could go far reasonably fast.

Document services specialists—who type for a living—were moving into application deployment. A night security guard who spent his time studying Novell became a certified Novell administrator. I worked in a copy center in a small law firm and became their network administrator literally just by asking.

Check out the latest security jobs.

Today, roles are far more static. An employee in a copy center could not reasonably expect to get a job working with computers just because he or she wants one. And someone who has studied Novell (or something more contemporary like Windows deployment) is less likely to find a job, thanks to competition with too many experienced people.

But it’s also static in another way: The jobs are changing or disappearing altogether. What happens to the engineer whose primary responsibility is mounting servers when the server room moves to the cloud? Likewise, it’s nearly impossible for that highly qualified desktop applications engineer to get a job in the promising field of network security.

As career coach Donna Shannon said: “A big mistake that candidates often make is thinking that ‘I can do this job, if only they would give me a chance!’ Companies are not thinking of your career goals; they are concerned about their needs. When you merge your desires with the company’s needs, that’s when the magic happens.”

Thanks to exactly those reasons, I successfully moved from desktop applications to IT security. Here’s how.

My company’s desktop manager retired, and they chose not to replace him. Our workload became greater, which of course is a good thing. But my concern was for the bigger picture: How long will the desktop be around? As demonstrated by the engineer mounting servers who loses his job to the cloud, the rate of change within the IT industry has increased rapidly over the past 15 years; I couldn’t reasonably count on the desktop existing for another 15 years, at least as we know it.

So I wrote a letter to my new manager detailing my other experience and abilities. I had recently gone back to school to get a degree in project management. I am a blogger; I was even a comedian a long time ago. If he needed any help outside the desktop, I wrote, feel free to tap me.

And he did. He gave me odd tasks that had nothing to do with the skill set on my resume. I happily took them and completed them quickly.

As Ask The Headhunter’s Nick Corcodilos said last year, when I wrote the letter: “I think it’s key to wander around, ask for advice, offer to help ‘on the side,’ using some of your skills, and gradually work your way into a new team.” He refers to it as “JHBWA,” or “Job Hunting By Wandering Around.”

Meanwhile our CIO was looking for someone to help with his workload, specifically the Security Awareness program. (This is a job in itself!) As with many CIOs right now, his workload had increased; there was no way for him to implement the program. So six months after I wrote the letter and helped with odd projects, the manager took me into his office and proposed the shift to security.

This was exactly what I wanted. I have some security background, having locked down the desktop with group policy, PrivilegeGuard, WSUS, Shavlik, and Symantec EP. But there’s more to security than the desktop, which made the new task a leap—a big leap.

Or as Lisa Yanni, a technical recruiter at Career Management Associates in New York, put it: “I think it is common for people to transition roles in IT, but going from desktop applications to security engineer is a pretty big jump and I don’t think a jump this drastic is very common, at least not that I have witnessed.”

So how do you do it?  Well, first you have to ask.

“Any time we are trying to convince a company that they need a new role, we are actually pitching the job,” Shannon said. “This is very different than just applying to open positions, as you not only have to convince the company to hire (or move) you, but also that the job is necessary in the first place.”

Yanni added: “Tailor your resume to reflect all relevant experience for the role you are applying to even if it seems beyond where you are now… Companies love ambition… Think of all the reasons why they could say ‘no’ and come up with reasons to say ‘yes.’”

As for me, I’m sort of back to where I was 15 years ago… and cracking a whole new set of books.

Upload Your ResumeEmployers want candidates like you. Upload your resume. Show them you’re awesome.

Related Articles

Image: Sergey Nivens/

2 Responses to “How I Made the Leap to IT Security”

  1. I love it when an article both informs and offers some “how to” steps. The author almost made me want to stop being self-employed, and re-join an old law firm just to see if I could become their go-to IT person. The sticking point is that I would probably be stuck in a cubicle rather than an office, and I hate cubicles.

  2. There are so many advices on what sorts of knowledge, skills, excellent communications, experience across industries…
    In reality every company wants you to do the job really cost effectively. If it means minimum talk/e-mails with colleagues – so be it. You are paid to be a cost-effective IT person.
    Hope to find some articles from managers who have failed on real IT projects with real budgets and learned from it.
    Not from people who have great presentations skills… I am not a native English speaker, I’ll never excel at presentations/communication.