How I Lost My Sanity Becoming a Cybersecurity Analyst (with little technical background)- AND SO CAN YOU.

Written By Megan Ludwa

If I were to time travel to break the news to my 15-year-old self that I would end up landing a technical career in cybersecurity, my adolescent self would likely laugh in my face. The same girl who proudly earned a C grade in Keyboarding (that’s right, kids, a class on how to type on a keyboard), because she was too busy mastering the art of minesweeper, would end up performing an unexpected backflip career switch at age 35 to become a cybersecurity analyst. Not only that, but I did this all with very little technical knowledge or background.

OKAY, BUT HOW? Great question, thank you for asking.

I should start with the disclaimer that my journey was, in retrospect, a bit unorthodox compared to how others join (or trip and stumble into) the industry. I didn’t have a degree in computer science or programming (what’s up fellow Asian Studies and History majors!), and only had enough technical knowledge to navigate my computer for playing video games, drowning myself on the internet, and using Microsoft Office Suite. I was a sweet summer child basking in the warm comfort of technical ignorance.

TIP #1: ANALYSIS AND LEARNING

Despite my technical shortcomings, I had a deep love of analysis. I learned to love analysis in my history classes, which graduated to intelligence analysis with the US Army Reserves. The experience led me to landing a role as an anti-money laundering analyst after college. The common thread? Data and pattern analysis. I loved it. Put me in front of a computer with an analysis objective and I can get lost for hours. A secondary skill that comes with analysis is constantly learning new concepts and ideas. If you’re stuck in one mindset or perspective, you’re not a very good analyst.

Summary: Starting with a foundational love for analysis and consistent learning will get you shockingly far in almost everything.

TIP #2: DIVE IN, BE TENACIOUS, AND PUT YOURSELF OUT THERE

I made the decision to pivot to cybersecurity in late 2018 after spending a few years in anti-money laundering. My wife and I were living in Germany at the time and I found myself unemployed with nothing to do (and if I’m being honest, insanely stir-crazy). By that time I’d been exposed to some cybersecurity concepts from my previous job and figured there was no better time to capitalize on my new interests than to literally dive into it.

So, I just… did it. I was extremely lucky in the fact that my wife worked full-time and supported me as I dove into teaching myself the basics of coding and enrolled in a Cybersecurity Technology graduate certificate. I was also lucky in the fact that we didn’t have any children at the time and could fully dedicate my time to my classes. I later landed a job in the area and completed classes between my work hours, but it was like I flipped a switch in my brain telling me “YEP, WE’RE DOING THIS NOW” and there was no looking back or doubting my decision. I would come home from work and immediately hop onto my computer to research and type 20+ page papers for my classes, and I earned a pretty piece of paper as a result. It was exhausting and at times extremely frustrating, but I just… did it.

I discovered the SANS VetSuccess Academy while earning my graduate certificate (thank you, Bridget), a scholarship program that includes three SANS courses and corresponding GIAC certifications. It is the holy grail of training opportunities for veterans who want to branch out into cybersecurity/information security, and I WANTED IT SO BAD. So for three years, I submitted application after application. And, for two years, received polite rejection after polite rejection. BUT TENACITY WON IN THE END, and to my extreme excitement (and horror), I got accepted after the third year.

“Why horror”, you ask?

These courses are… difficult, especially without much technical experience (my grad cert was 90% writing papers and not getting in the weeds with hands-on training). Absorbing that volume of material is like trying to safely sip from a high-powered firehose, and ho boy did I suffer… I tabbed out every single book, completed each technical lab multiple times, completed (and cried through) practice exams, and kicked down the door of my final exams with as much feigned confidence as I could muster.

I began the program in February 2021 and, after a lot of tears, frustration, and hard work completed my third and final GIAC exam in August 2021. I closed the scholarship with the GIAC Security Essentials Certification (GSEC), GIAC Certified Incident Handler (GCIH), and the GIAC Certified Enterprise Defender (GCED). GCIH nearly killed me and there is a part of my soul that will despise the Volatility forensic tool until the day I die (and maybe even beyond that into the afterlife).

Summary: Decide to do it and commit, even if it starts with self-study and teaching yourself. Don’t let self-doubt drown you. Keep your eyes open for training scholarships and opportunities, and apply for them even if it scares you and you feel far too underqualified. It may take years, but it’s worth it in the end.

proof I'm not making this shit up.

Proof that I’m not making this shit up.

TIP #3: LOOK FOR OPPORTUNITIES AROUND YOU

I hate networking. I cannot stress this enough- I hate networking to the very core of my bone marrow. With that being said, at least some networking is necessary if you want to put yourself out there and find training or job opportunities. It’s a necessary evil, but it truly does wonders.

It was networking through my SANS VetSuccess Academy that I stumbled upon a Women’s Veteran’s Cyber Apprenticeship. If anyone has done a rudimentary entry-level cybersecurity job search, it is clear that landing these jobs can be extremely difficult if you only have academic experience. So, I saw this apprenticeship and pounced immediately. I applied, tested, interviewed, and landed a spot in the cohort where I would receive additional training and, if I passed the selection process, be placed with one of the company’s clients. This all included receiving on-the-job training once placed, which was HUGE for me, and my crippling self-doubt over performing well as a baby analyst (yes I know, I told you to ignore self-doubt earlier in this post but it is something I regrettably continuously struggle with).

I completed the apprenticeship while still taking my SANS courses, which was extremely challenging, but equally rewarding once it was all said and done. I got additional training that included CISCO analyst coursework, Linux, and a capstone event working with a live Security Operations Center (SOC) team to analyze activity/trends and write reports (by far my favorite training period).

Then finally, in November 2021, I officially started my career as a cybersecurity analyst after being placed with an amazing company. I’ve since spent my time digesting how the company’s systems and monitoring tools work, learning their rhythm, and seeking additional training to keep improving.

Summary: There is a shocking amount of opportunity around you if you’re willing to look and dedicate the time.

TIP #4: ALWAYS KEEP LEARNING

I personally have loved using Pluralsight and TryHackMe to continue my education even after getting hired. There are countless resources available online, including free content, to sharpen your skills and make you a better analyst. ALSO- YouTube has an impressive volume of informative courses, walkthroughs, and explanations of programming and cybersecurity concepts! Regardless of what discipline you’re leaning towards or programming language you want to focus on, there is a treasure trove out there for free waiting for you to consume.

ALSO- digest content discussing new and emerging concepts/trends in the field on a weekly basis (at a minimum!). I have a few of my favorite sources listed below, and they’re free! Keep updated on what’s going on in the world of cybersecurity and information security, because it’s extremely easy to fall behind if you aren’t paying attention.

Summary: Your journey as a cybersecurity/information security student never ends. Malicious actors are clever at finding new, exciting ways to make things terrible.

I gotta end by saying that as difficult, exhausting, and emotionally straining this entire process was, having a supportive pillar to lean against was paramount. I couldn’t have done any of this if it wasn’t for my amazing wife, family, and friends who encouraged me daily.  So I guess my fifth and final tip would be:

TIP #5: APPRECIATE YOUR LOVED ONES AND MAYBE GIVE THEM A HUG.

Summary: Seriously. Do it.

TRAINING RESOURCES:

https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content

25 Free Cybersecurity Resources, Courses, and Tools | Springboard Blog

TryHackMe | Cyber Security Training

Pluralsight | The tech workforce development company

Home | Hacker101

Infosec Training & Penetration Testing | Offensive Security (offensive-security.com)

 

WEBSITES/PODCASTS I LOVE:

Your Cybersecurity News Connection - Cyber News | CyberWire

Threatpost | The first stop for security news

Cyber Security News Today | Articles on Cyber Security, Malware Attack updates | Cyware

Megan Ludwa