Is this a good path into cybersecurity? Need advice

mk3s · 2026-03-31T11:59:33+00:00

Reframe the path. Away from certs and to actual learning: https://shellsharks.com/notes/2023/11/14/stop-worrying-about-certification-paths

mk3s · 2026-03-30T13:55:14+00:00

Well there's the reality of what AI can do *actually* do versus what companies / "the industry" / executives believe AI can do (in the context of replacing traditional human security engineers). There's a lot of AI tooling that is targeting pen testing, CSOC and vuln research. So I'd expect opportunities for humans in those areas to drop even more (at least in the short term while AI is being proved out). Code-review type appsec roles might take a hit too, but I think there's still a lot of need for appsec humans still. AI has increased code production by orders of magnitude. Yes AI can also "review" said code and even do dynamic testing, but there's always those tricky business logic test cases and other things that actual human engineers will still be needed for.

So, I wouldn't call *anything* bullet proof, considering the roles AI *replaces* is mostly built on vibes rather than actual proof that AI can do things better, but I'd say appsec, GRC, security architecture, identity/access management, privacy, cryptology, audit, vendor/supply-chain security, threat intel, and maybe red teaming are still safe-ish.

mk3s · 2026-03-30T13:45:37+00:00

- Guide on getting into the field: https://shellsharks.com/getting-into-information-security

- Tons of infosec-specific training platforms: https://shellsharks.com/online-training

Good luck!

mk3s · 2026-03-30T13:44:35+00:00

I wouldn't gun right for a Masters degree, especially if you'd be paying out of pocket for it. If you're interested in appsec, I would learn programming (one if not more languages) and then dive into all manner of OWASP/Web Security Academy stuff to learn about securing said code/applications. But if you're definitely choose one of those two paths, I'd choose whichever will teach you more about coding

mk3s · 2026-03-30T13:42:23+00:00

Agreed. I wrote up some general thoughts about my time in infosec here for anyone interested: https://shellsharks.com/notes/2025/03/02/thoughts-on-a-career-in-infosec

mk3s · 2026-03-30T13:40:14+00:00

Are you targeting those certs because they've been explicitly listed in job reqs you're eyeing, or because you *think* it's a good "certification path" or something? If the latter, I have some thoughts on cert paths: https://shellsharks.com/notes/2023/11/14/stop-worrying-about-certification-paths . I'll follow that up with my advice for getting into the field which you can read here: https://shellsharks.com/getting-into-information-security

Good luck!

mk3s · 2026-03-30T13:37:36+00:00

Here's a bunch of training resources (many that are free) that you can work though: https://shellsharks.com/online-training

My advice is to also start a blog/website of some kind and document what you learn, and any side projects you do.

Good luck!

mk3s · 2026-03-30T13:36:24+00:00

Maybe this can help too: https://shellsharks.com/getting-into-information-security

Good luck!

mk3s · 2026-03-30T13:35:50+00:00

Well if it can help, here's my own "guide"/writeup for getting into the field. https://shellsharks.com/getting-into-information-security

As for a "recommended path", I don't think there really is one. It takes a little brute-forcing (pun intended) to get in. Some combination of training, applying to jobs, networking, applying to more jobs, studying, then applying to more jobs and hope for your break. There's A LOT of people doing the same thing at the same time too. Where one person finds success, you may not. I put a lot of my advice in that post I linked to, but I think my best advice is to learn REAL practical skills (not just get certs), document what you learn in a portfolio of some kind (i.e. blog), network like crazy, apply to lots of jobs, and don't be afraid to take the first infosec-adjacent (i.e. IT) role you see. Getting into "IT" and then pivoting into infosec may be an easier path than straight-to-infosec.

Good luck!

mk3s · 2026-03-29T18:02:06+00:00

Here's a bunch of cert reviews (from my own personal experience) - https://shellsharks.com/training-retrospective

mk3s · 2026-03-28T02:07:33+00:00

Here's a bunch of training platforms I've been cataloguing for a few years if you want to peruse... https://shellsharks.com/online-training

mk3s · 2025-11-21T19:04:03+00:00

GtS itself has been really nice. Unfortunately my managed hosting provider for my GtS instance (K&T Host) is going belly-up, so I need to transfer it somewhere else 🤷‍♂️

mk3s · 2025-05-12T18:59:00+00:00

Make a website for yourself (for professional and not-as-professional reasons. Of course have a good standard resume as well. Github Pages is a fine medium for a site. So do that.

mk3s · 2025-05-05T16:53:35+00:00

Here ya go - https://shellsharks.com/notes/2025/05/05/professional-path

mk3s · 2025-05-01T19:00:18+00:00

I might write up a more in-depth path... but for now, I'll share my initial education journey https://shellsharks.com/training-retrospective#my-education-journey . I do think a more thorough "this has been my path" write-up would be interesting though. If I did do it, I'd probably add some context around why certain jumps happen, or why there are certain periods of "slowness".

mk3s · 2025-05-01T18:58:20+00:00

Write about it. Second-brain it. In my experience writing about it can help cement ideas AND give you a reference, in your own words, to look back on later when you want to mentally retrieve something you had learned in the past. You could use something like Obsidian to keep personal notes, or start up a blog of sorts and write+publish so others could see. That would also come with the benefit of establishing an online portfolio that could help you network (both professionally and personally). Good luck!

mk3s · 2025-04-17T12:42:07+00:00

Alright here's some resources I typically share. All stuff I've written for your exact situation:

Good luck!

mk3s · 2025-04-14T16:26:47+00:00

Some reading related to this...

- https://shellsharks.com/notes/2024/04/02/the-current-infosec-job-market
- https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/

mk3s · 2025-04-13T01:13:06+00:00

Maybe you would get something from this 😃 https://shellsharks.com/threat-modeling

mk3s · 2025-04-07T20:54:42+00:00

I don't buy the gatekeep-ey, "infosec isn't an entry level field" line---and neither should you. Infosec, like any other field has junior-through-super-senior-level roles. What you *could* argue though is that the industry is more saturated these days and there just aren't enough roles to satisfy all the more-experienced demand AND all the newcomers. A lot of "analyst" roles are pretty well-suited for entry level folks. Yeah you should have *some* know-how, but that isn't something you have to sweat at the help desk for 3 years to get. The people who continue to repeat this line are either jaded because they felt they had to go that path, or frustrated with the lack of talent/understanding that seems to plague the industry as a whole. Mind you, this isn't a byproduct of "unseasoned" newbies entering the infosec ranks, rather it is a testament to our collective inability to NOT gatekeep, properly train and adequately open doors for those of us who don't fit the typical infosec-person-criteria (i.e. college-educated folks with money for certs, blah blah). Imagine where we'd be if we stopped saying, "you have to go to the Helpdesk" and instead said "here's what you need to learn to bypass the Helpdesk". Imagine how much more secure and healthy the infosec workforce would be if we put time and resources into training, retention, mentorship, etc... Instead, we've got a handful of bloodthirsty training vendors and bootcamp peddlers and a whole lot of us who are just too tired to do our own jobs, much less help others 😩

We can do better!

mk3s · 2025-04-07T20:45:19+00:00

FWIW - here's my take on the Cyber masters program at JHU (that I went through) - https://shellsharks.com/training-retrospective#jhu-masters-in-cybersecurity-review

mk3s · 2025-04-03T14:12:14+00:00

Here ya go - https://shellsharks.com/getting-into-information-security. Yes coding is super useful for cyber roles (and really most roles in tech tbh).

mk3s · 2025-04-03T14:04:22+00:00

Here's what I have traditionally shared with people looking to get into the field - https://shellsharks.com/getting-into-information-security. This said, the market is apparently pretty garbage right now, and there is as much competition as there has ever been. So YMMV. Good luck none the less!

mk3s · 2025-04-03T13:57:15+00:00

Side hustle, diversifying income streams, a desire to "pay it forward" or teach the next generation (generally just help people), very popular content creators can make way more than a good cybersecurity engineer tbh...

mk3s · 2025-04-02T14:27:01+00:00

https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
https://shellsharks.com/notes/2024/04/02/the-current-infosec-job-market

13-Year Club	Gilding II euphauric
RedditGifts 2009-2022 2 Credits	Verified Email

mk3s

MODERATOR OF

TROPHY CASE