Let go & prosper: Find your true interest and go for it

This post will slightly differ from what you may expect from a "How to get your start in cybersecurity" type blog entry. It isn't intended to be a how-to article but rather an "I did not initially intend to be a professional hacker but after some self-growth decided to become one." Well, "professional hacker" is pushing it at this point of my career, but one day there will be no double quotes.

I've always had an interest in computers. During my teens, as a hobby, I learned and became quite successful at SEO and web development. I was especially good at creating accessible, easy-to-use, and fast-loading websites that ranked extremely well on any search engine. However, I did not have an entrepreneur side at that point and lacked the confidence to pursue it, or any other IT-related field, as a possible career for a naive reason: I thought all IT jobs would soon be outsourced to a few tech hot spots. So I kept tinkering by myself and helped my family and friends.

Fast forward a bit; during high school, I hadn't really given any real deep thought to the topic of what I would like to do for work. I knew I wanted to help people, and partly inspired by another family member going into a particular field, I decided to pursue the same path, career x as well. The entrance exam for this field was grueling, and despite multiple attempts, I did not have the self-discipline to push through during those years of my life. I wasn't mature enough and lacked self-motivation. I did come extremely close to succeeding twice, and if I had gotten an extra 0.75 points or so, my day-to-day life would probably look very different now. During my last attempts, I finally decided to do some self-reflection and came to a conclusion: I didn't actually want to work in this field; I simply wanted to succeed in the exam and finish a looong "project". And at that point, I allowed myself to pursue my genuine interest: IT and more specifically, cybersecurity.

By accident, I found a university in another country that offered a BSc degree that was a mix of computer science and cybersecurity. So naturally, I jumped on the chance and never looked back. Since the first day of university, I have not had a single thought of "maybe I should have given career x one more try".

I felt a lot of embarrassment about having spent years trying to succeed in the entrance exams and then quitting. I felt this embarrassment for years until I decided to do some self-reflection again: I enjoyed what I was studying, got perfect grades, and made many new friends. And best of all, I could still do what I initially wanted: help people. And having observed my family member during their studies and now in their work, I can honestly say I would not have enjoyed that path. At all.

During university, I made a decision that you can have different opinions on: I chose to skip internships and do summer studies instead so I would graduate a year in advance. I took a calculated risk, and it worked out well in the end. Of course, I could have tried to do both, but I chose to put focus on my studies in and outside of class and then spend the rest of my free time with friends and exploring new places. The hiring culture in my home country is also slightly different compared to many other places and doesn't put as much emphasis on whether an entry-level employee has or doesn't have internships under their belt. Of course, internships will give an edge, but I had trust that completing my degree a year faster with excellent marks showed I was ambitious and eager to work in the sector.

I only needed to apply to around ten jobs and got an offer from one of them for an internal junior penetration testing position. Most of the other companies rejected me outright or did not reply. I was a bit choosy about the positions I applied to, so this was to be expected. In my interview, it was clear that the hiring and technical team had looked at my technical reports and the whole interviewing experience was great despite me being very nervous. I was asked truly entry-level questions and the expectations from their side were realistic. Now, after approximately two years, I'm still with the same company and got promoted to mid-level around the 1.5-year mark.

So, what if I had never had a stupid thought like the one that initially steered me away from IT? If I decided to pursue cybersecurity from the get-go, I would be much further into my career by now. But I highly doubt that at that point in my life, I would have had the courage to move abroad for the opportunity in the first place and missed that whole experience. The university curriculum was also unrefined at that point, and I would have never met the people I met now. And I still have several decades left to work.

That's my story. The point? If you feel you aren't happy or content with what you currently do, don't be embarrassed to do what you think is best for you. Even if it means abandoning something you have been doing for a long time or if you think, "Am I too old to start fresh doing something completely different." Letting go of my initial career plans and going into cyber was the best move I ever made up to that point. I wake up happy, enjoy my work and have the opportunity for lifelong learning in the ever-evolving field of security. And I don't feel embarrassed about myself anymore.