“So, I heard back from the team. They really liked you, but I had no idea that you’ve just been promoted. The policy is that if you’ve been promoted, you have to wait a full year before you can change departments. I’m so sorry. If I knew, I wouldn’t have put you through all of this.”
My heart sank. Are you freaking serious, I thought. “But this wasn’t a position promotion. It was just a salary increase and a title change. Nothing about my role has changed. Why would I need to work a full year doing the same exact thing before I can move into security?”
“I’m sorry, that’s the policy. You’re welcome to take it up with HR…” And just like that, I was back at square one. Dejected, I closed the messaging window, locked my computer and went on “break” to cool down. I was livid. I was disappointed. I was dumbfounded. But mostly? I was lost. For four years, I had tried (and failed…miserably) to get an entry-level security job. Up until this point, I hadn’t even gotten close.
Catch Steph in a Free Webinar on Tues June 30 @ 1:00 EDT
As you read last time, my first taste of security came when I changed my major from Print Journalism to Computer Science with a concentration in Digital Forensics/Information Assurance. About a year and a half into the program, I got my first tech job as a support tech for a web hosting company. Within the first month, I heard about the Security department and prepared to work my way up to a Security Administrator. What that entailed, for this particular company, was a promotion to a Level 2 followed by a rigorous Linux test and boot camp before being promoted to an Internal Support agent, then, Linux Administrator, and then, a promotion to the Security Administrator role.
It would be no easy feat. I was warned multiple times by multiple guys that it would be a big challenge, because everyone was so hell-bent on making things harder than they needed to be. But Young Steph was up for the challenge. I sat with Linux experts, begging them to teach me their ways. I practiced on the clock and a little off the clock. I learned a lot. And then…an email was sent out that stated that there would be no more part-time positions. Everyone had to convert to full time by the end of May or turn in their resignation. As a full-time student, this wasn’t going to work. So, all the progress I made and all the things I learned? Officially useless. I had to quit two months later.
My next role was one I took out of desperation and curiosity. I had never worked a Help Desk job before, and everyone made it seem like it was some rite of passage. So, I took the job… and officially died of boredom. Replacing hard drives, re-imaging thin clients, cable management and so much more ruled my days. It took me three months to learn as much as I cared to. The rest of the time was spent studying and hating my existence.
Around this time, I was beginning to realize something. Nothing I learned in school could be used in those roles. Not only that, I had unmanaged ADHD that was rearing its ugly head at this time, making it difficult to keep my attention trained on school for four full months. Plus, I was also spending thousands on tuition. Things were not lining up as they should. If I am spending over $4,000 a semester on school, shouldn’t some of the things I do at work make sense? Instead, I needed to study for work and study for my job, which was very discouraging. So, I decided to take a break from school and move back to Houston.
Since I could work full-time now with no school to compete with (and since I hated Help Desk), I decided to go back to my first job. Things had changed dramatically. The promotion path was different. But, I still had all of my Linux knowledge under my belt, so I decided to try anyway. I made it to Linux Admin, passing a really challenging entry exam, a three-week bootcamp and yet another exam after that. I was proud of myself. Things were finally looking up. And then, they outsourced the security department. Thwarted, again!
I didn’t give up. I changed to a security company in hopes of getting into the security department. After one long year of studying and learning on my own time, I applied and interviewed for the security position. Twice. And the second time, I got the message above and fully decided to give up on my dream of being in security. It wasn’t fair. I had tried so many times, learned so many different things, improved time and time again, tried to position myself properly and all for nothing. I didn’t even truly know if this was what I wanted to do. I didn’t know for sure that a career in security was going to make me happy. I just wanted to learn and do cool things, but my attempts at getting into the industry had ripped me clear away from all of that.
So, for a brief moment, I considered a career in psychology. I became a volunteer for a crisis hotline, and I applied to be a research assistant in a couple of clinics. However, a question kept nagging me: have you tried everything you possibly can? How could I truly turn my back on this field if I didn’t say yes in response to that question? But what was I to do? I played the game: I learned, I studied, I applied. The only thing left was to find a mentor.
It couldn’t be just any mentor, though. She had to be like me, a black woman. She had to be in a position of leadership. And I needed to be able to speak to her. So, I searched for a few months and found Keirsten Brager. I connected with her on LinkedIn and after an exchange of messages, she offered her phone number and a time-slot on Sunday to really talk. That conversation changed my life in more ways than one. She showed me a different route, one filled with community and resources. She told me to start a blog and join Twitter. Ultimately, she validated my experience, because it mirrored her own. And for the first time in a long time, I didn’t feel so alone.
After that phone call, I went on to learn and publish what I’d learned on my blog. I made plans to attend conferences and expose myself to different topics. I joined several online communities. I created my own online study group. I got my Network+ and Security+. I re-enrolled in university. And later that year, I started my first full-time security role as a security team of one for a retail company.
Of course, there were obstacles along the way. It wasn’t easy, and it still took time. But I wasn’t alone, which made the journey far sweeter. I got back to just being a nerd again, learning new things and focusing on how much I loved learning about security.
The moral of this story isn’t that you’ll get into security after you find a mentor. That was my journey, but it doesn’t mean it is yours. The moral of this story is to keep trying and keep going even when things look bleak. Take a break if you need to, but don’t quit until you’ve tried everything. Reach out to people along the way. Isolate when you need to get things done. Study, study, study. Most importantly, do not base your self-worth on whether or not you can get a security job. Instead, base your self-worth on your resilience, your persistence and your thirst for learning. Eventually, you get what you need.
Missed the first article? Check it out: BBP: My Path to the CISO Chair
Stephanie Ihezukwu has been working in the tech industry for almost 7 years. She has a pretty diverse background at this point having worked in web hosting/server management for two years, worked in help desk for a year, currently working in security. Her ultimate goal? To have a successful career in the Cyber Security sector and eventually becoming a CISO. She will be documenting her attempts at achieving this goal, and listing what she is doing in order to get to where she wants to be. Follow her @StephandSec and check out her blog.
She is currently working on completing her Bachelor’s, being a delegate for Security Field Day 2, being a lead for the WISP DEFCON Scholars, chapter Lead for WoSEC Houston, co-hosting a weekly podcast and speaking at various conferences. In her spare time, she likes to read up on pop culture, watch trash TV, hang out with friends and loved ones, and talk tech with friends. She also loves to travel, and hope to one day adopt a dog.
All articles by StephTags: blue team career ciso highlight mentor steph