In this episode of Resilient Cyber, I sit down with longtime Cyber practitioners and leaders Helen Patton and Josiah Dykstra to dive into their latest book, "Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career".
The book aims to help mid-career professionals pivot into the cyber career field and navigate finding their cyber niche, bridging skill gaps and conquering tech intimidation among more.
We often see and hear a ton of guidance for new career entrants about breaking into cyber, but what about mid-career professionals? That’s why I was so excited to chat with Helen and Josiah about their new book that focuses on precisely this topic!
Prefer to Listen?
The “why now” for mid-career switchers: The cybersecurity talent shortage has been discussed for years, yet barriers to entry remain high for career changers. What made you feel this was the right moment to write a guide specifically for mid-career professionals, and has something fundamentally shifted in how the industry welcomes non-traditional entrants?
Transferable skills and the experience advantage: The book emphasizes that existing professional and life experience is an asset, not a liability. Can you share an example — from your own careers or from someone you’ve mentored — where a mid-career switcher’s prior domain expertise gave them an edge that a traditional cybersecurity hire wouldn’t have had?
The certification debate: There’s an ongoing tension in cybersecurity between certifications, formal education, and hands-on experience. How do you advise a 40-year-old career changer to think about where to invest their limited time and money when the cert landscape feels overwhelming and sometimes gatekeep-y?
Tech intimidation as a real barrier: You talk about conquering tech intimidation, which is something most cybersecurity career guides gloss over. What are the most common misconceptions mid-career professionals have about the technical depth actually required for various cyber roles, and how do you help reframe that?
The hiring side of the equation: A lot of career guidance focuses on what candidates should do, but hiring managers and job descriptions are often part of the problem — requiring 5 years of experience for “entry-level” roles or listing every certification under the sun. What’s your message to hiring managers and CISOs about how they need to evolve to actually absorb this mid-career talent?
Navigating the breadth of cybersecurity: The field spans everything from GRC and policy to red teaming and malware analysis. How do you help someone who’s brand new to the field avoid “paralysis by analysis” when trying to pick a niche, and what signals should they pay attention to when mapping their background to a cyber specialization?
The role of community and networking: You describe the book as more than a guide — it’s a community of support. For someone who doesn’t already have a network in cybersecurity, what’s the most effective (and least awkward) way to start building genuine relationships in this industry, especially when you feel like an outsider?
The evolving landscape and AI’s impact: The cybersecurity field is being reshaped by AI — both as a threat vector and as a tool for defenders. How do you think the rise of AI and automation changes the calculus for someone entering cyber mid-career today versus even two or three years ago? Does it make the transition easier, harder, or just different?
