How to Switch Careers and Land a Cyber Security Role at a Fortune 100 Company

Clover Twombley Event Analyst, Target Corporation

How did you learn about SANS?

My first experience with SANS was, amazingly, connected to my wedding. My fiancé, Keith, had recently transitioned into his first cybersecurity role and was asked to complete SEC503: Intrusion Detection In-Depth at SANS Network Security 2012 in Las Vegas. We decided to use the opportunity to tie the knot in Las Vegas! Elvis officiated, it was live-streamed, and if not for that SANS training event, I probably would've had a much-less exciting wedding!

What inspired you to change your career from accounting to cybersecurity?

I was good at my job in accounting, but my career felt stagnant and I was interested in learning something new. I had a natural curiosity about Keith’s work, so we would discuss interesting articles on privacy and cybersecurity, which I would research further. Then I’d ask him about the systems and technology working behind the scenes. I've always been detail-oriented and enjoyed learning about how things work, so the dynamic nature of the cybersecurity field really appealed to me.

Soon, I started researching ways to transition into information security myself, specifically through SANS because I could see that Keith was gaining current and top-quality knowledge through his SANS training and GIAC Certification studies.

I found a page on the SANS website about a Women's Immersion Academy, which stated that the program was for women who had not previously worked in InfoSec and were looking to make a career transition. I signed up to get email updates, and in January 2017 received notification that they were opening up the application process. I immediately applied and was on my way!

What were your concerns about this career transition and how did you overcome them?

There were more than 300 applicants for the Women’s Academy, and only 24 women would be accepted into the program. I was concerned that my lack of technical skills would cause me to perform poorly on the aptitude test and prevent me from getting in. But I found one of the best resources to prepare for the test – the SANS Cyber Aces free learning program – and I made it through.

Balancing work and study was not an issue because I had already left my position in accounting, but I also have six children at home! So I knew that completing three courses and three GIAC certifications in six months would be an overwhelming task, even with a lot of support.

There were a few key factors that got me through the challenge. A Slack channel was set up for students in the Women's Immersion Academy, and I found that priceless as I went through the courses. We had weekly calls with our cohort, and sometimes we shared calls with a special speaker who would join to give us more insight into a specific area of the industry. Most of the other women were attempting to balance their training with work, family, and other responsibilities, so it was helpful to commiserate with others who understood the demands I was facing. We cheered each other on, shared resources to help each other get through the materials and exams, and shared résumé and job-hunting tips. As the final course began, we reorganized from cohorts into groups based on the elective course we had chosen. The Slack channels still exist, and many of us keep in touch and continue to support one another.

How did you find your first cybersecurity job?

Towards the end of my time in the Academy, a hiring manager from the Target Computer Security Incident Response Team (CSIRT) saw my Twitter response to a job search tweet from another member of the Academy and reached out to request my résumé and schedule an interview. This was my first technical job interview and I was nervous, but after passing three GIAC exams in six months, I wasn't going to throw away the opportunity. I made it through the process and was offered a job as an Event Analyst on Target’s Incident Response team, which I gladly accepted. Target has been a wonderful place to grow my career; the company stresses the importance of ongoing training and values passion for the field as well as curiosity, which is a perfect fit for me.

What would your advice be for others looking to start or advance a career in cybersecurity?

My advice for anyone in a SANS Immersion Academy, or thinking about enrolling in one, would be to prioritize yourself and your training. Especially when using SANS OnDemand courses, it's important to have dedicated time to learn the materials away from distractions, so make sure that you have buy-in from your support system so that you can put in the work necessary. Do all the labs, do them again if possible, and create a complete index from all your study materials (Lesley Carhart @hacks4pancakes has a great indexing method outlined in her blog.) Recognize that you are accelerating your learning and allocate that time and focus accordingly. It's going to be overwhelming, but your goals are achievable. Your passion will get you into the Academy, or has already gotten you there, and that same passion can get you through the program. If you need support, there are others out there who've been where you are and are willing to offer advice. Don’t be afraid to reach out.

How will you carry this experience with you into your future?

Many of the women in the Immersion Academy have continued to work with SANS, which says more about the organization than I ever could. Some women have become subject-matter experts for SANS online training, some are continuing their education through the master's degree program, and some, like me, have participated in the work-study program. We are lifelong SANS evangelists, and we’re changing the face of information security worldwide.

Completed SANS Courses

GIAC Certifications