For over a decade, I worked in watch and jewelry repair, carefully solving problems and developing my attention to detail. Little did I know that these skills would one day serve as the backbone for a successful transition into cybersecurity. My journey began when my friend, recognizing my talent for problem-solving, encouraged me to explore cybersecurity.
I didn’t even own a laptop, so I purchased one for $200 and started a learning journey that would completely change my life. Despite financial constraints and some early bad advice — like being told I’d never make it in IT or that I needed to start at the help desk and accumulate expensive certifications — I remained undeterred. Traditional paths were neither financially practical nor aligned with my learning style, and I found them to be boring and uninspiring.
Fortunately, I discovered an innovative platform that made learning cybersecurity engaging and relatable. This platform transformed cybersecurity into an exciting and immersive experience, motivating me to learn and grow in the field.
Today, I am very proud to say I’ve landed a job with Microsoft on a threat-hunting team, a role that leverages the skills and passion I developed through this unique learning experience. My journey demonstrates that with dedication, creativity, and the right mindset, breaking into cybersecurity is not only possible but can also be incredibly fun.
One of the most pervasive myths is that you need a background in IT or industry-standard certifications to get started in cybersecurity. My journey proves otherwise. Transitioning from a career in watch and jewelry repair to cybersecurity in just over a year without formal IT experience, education, or certifications might seem improbable, but it is entirely possible with the right approach.
It's just a game!
I attribute my success to a platform called KC7, a security analysis game that teaches job-ready skills in a fun and immersive environment. In the KC7 game, you learn how to investigate cyber intrusions by answering a series of CTF-style questions. This innovative platform allowed me to immediately dive into practical, hands-on learning from day one, unlike traditional educational paths that often start with theory and excessive particulars. By assuming the role of a cyber detective, I developed an investigative mindset, honed my analytical skills, and learned to connect the dots in complex scenarios.
KC7 gave me a head start by allowing me to see the big picture first and learn the specifics as my skill set grew. This method of learning helped me understand the fundamentals quickly and effectively. Instead of passively absorbing information, I actively engaged with the material, reconstructing intrusions and solving problems in real-time. This accelerated my learning.
The platform emphasized critical skills such as asking the right questions, documenting findings, and storytelling. These abilities are crucial in real-world cybersecurity roles where clear communication and detailed documentation can make or break an investigation. During interviews, these skills set me apart as I could clearly explain my thought process and demonstrate my problem-solving capabilities.
Uh, how many of these things do I need again?
Most people begin their cybersecurity journey by collecting a series of certifications. The traditional belief is that coursework, study material, exams, and earning multiple certifications will provide them with the foundational knowledge needed to begin their career. However, I argue that this approach often sets individuals up for failure and disillusionment. These certifications are expensive and do not necessarily provide the hands-on skills needed to succeed on the job from day one. Many individuals become disillusioned because they are led to believe that certifications will lead directly to a job, but employers still prioritize experience. Without practical experience, certifications are often not as valuable as they are portrayed.
Throughout my journey, I saw many people with multiple certifications who struggled to get jobs or even interviews. The overwhelming advice they received was to obtain yet another certification, creating a never-ending cycle of chasing credentials. In contrast, I consistently landed interviews despite lacking any certifications because I could demonstrate my ability to do the job.
Platforms like KC7 prepare you for the real-world tasks you’ll face in a cybersecurity role, rather than just enabling you to talk about them. KC7 gives you the opportunity to see normally abstract concepts come to life. For instance, seeing something like a password spray represented in data helps you develop a much deeper understanding of it. By witnessing it actually happen, you not only learn what it is but also understand how it fits within the greater context of a full cyberattack. This provides a much richer and more practical learning experience.
It’s important to recognize that individuals should follow their own paths. If pursuing certifications aligns with your learning style and goals, then that is perfectly valid. However, I believe there are more effective ways to learn and invest your money, especially if you are looking to land your first job in cybersecurity.
It’s also important to recognize that many online communities, including LinkedIn and forums like Reddit, often echo the idea that breaking into cybersecurity is nearly impossible without following traditional paths. The prevalent advice online suggests that you need prior IT experience and multiple certifications to enter the cybersecurity field. If I had listened to this advice, I wouldn’t have made it. It’s important to critically evaluate the advice you receive and trust in your ability to make your own path.
Transitioning from a help desk or systems administrator role to a security position can be just as challenging as entering the field from a completely different industry. The belief that skipping these steps means you won’t be prepared for a successful career in cybersecurity is also untrue. Many people who did not follow this path have found success in the field.
That's me. I'm jibba!
While KC7 is primarily a security analysis platform, the skills I learned there are directly applicable across various cybersecurity disciplines including:
- Digital Forensics
- Malware Analysis and Reverse Engineering
- Penetration Testing
The investigative mindset and analytical reasoning I developed through KC7 have been highly valuable in these areas.
I was able to test these skills on another gamified training platform I discovered called the Antisyphon Training Cyber Range. By applying the investigative approach I learned at KC7, I quickly rose to the top 10 on the leaderboard, surpassing many individuals who had many more years of experience than me.
One of the key takeaways from KC7 is that knowing where to look for evidence is more important than mastering any specific tool or query language. This approach allows you to adapt to and effectively use any tool to conduct thorough investigations. It also prepares you to solve novel problems, an essential skill in the continually evolving field of cybersecurity.
The cybersecurity industry needs diverse talents and perspectives. Unconventional paths like mine bring fresh viewpoints and problem-solving approaches. It’s important to challenge the belief that only traditional routes lead to success in cybersecurity. With dedication, practical learning, and the right mindset, breaking into the field is possible.
People that paint a pessimistic picture of the cybersecurity job market often overlook the success stories of those like myself who took unconventional paths. While the journey to a cybersecurity career is challenging, it’s not impossible. Platforms like KC7 provide an alternative hands-on approach to learning that can fast-track your journey into this field. It gave me a competitive edge by demonstrating my immediate job-readiness to potential employers.
Don’t be discouraged by cynics. If you have a passion for cybersecurity and are willing to put in the effort, you can succeed. My journey from watch repair to cybersecurity is proof that with the right mindset, you can break into this industry too.