The cybersecurity journey of Anastasia Kim, CC, didn’t start with a computer science degree, a dream to become a hacker, or even much knowledge of technology. How did her starting point help set the path towards a cybersecurity career?
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
My cybersecurity journey started in the most ordinary of ways: retail jobs, office roles, English teacher, small business owner and, eventually, Microsoft 365 end user trainer. In other words, I was a jack of all trades and master of none – or so I thought.
I was raised on the belief that education was the path to stability. I made it to college – but without guidance or direction, graduating unsure of who I was or where I fitted. I bounced between jobs, searching for meaning, trying to find my lane.
Eventually, I found a role as a technical trainer with the help of a friend’s referral. I didn’t know much about the Microsoft tools I was teaching yet… but I did understand people. I knew how to explain concepts and how to help someone go from confusion to confidence. Those soft skills became my unexpected bridge into cybersecurity.
An Encounter with Compliance
While working as a trainer, a former colleague introduced me to compliance work. Something clicked and I just knew. The compliance work itself never really took off as I left the company shortly during the COVID-19 pandemic. However, I never forgot the feeling that compliance gave me while working there. I moved to a technology solutions company and serendipitously discovered the Governance, Risk, and Compliance (GRC) team there. I felt like I had found my tribeand I was home.
Although I had zero experience, I asked if I could join. The answer was no… until a year later, when the answer became yes. However, even then there was one condition: I needed an entry-level cybersecurity certification. I invested time and effort in myself and studied for the ISC2 CC certification. I thought that I had failed the exam and was mentally preparing to take it again – but I had passed.
Certification Opened Pathways
Like magic, the door opened. Yet – and let me be honest: I felt like an imposter from day one. Every meeting felt like a test and every acronym felt like a pop quiz. Every new task felt like someone might discover I didn’t “belong.” Nevertheless, day by day, project by project, conversation by conversation, my imposter syndrome softened as my experience, confidence and skills grew. This is because cybersecurity isn’t a field where everyone starts from the same place. It’s a field built by people who arrived from everywhere.
Experiencing ISC2 Security Congress
I had the opportunity to attend ISC2’s Security Congress in 2023 and it was more than I could have imagined. I found the sessions and programming to be exceptional and well organized. Given the positive impact of the event, I decided to apply for a highly sought-after volunteer position the following year, recognizing the value and opportunity such a role would provide.
Fast forward to Security Congress 2024, while waiting in line for a book signing, I met a former paramedic, a former construction worker and a former personal trainer. All of us had taken wildly different roads, yet somehow ended up in the same room, in the same field, doing meaningful work.
Advice for New Professionals
I realized at that point: cybersecurity is not a destination reserved for a chosen few. It’s a place with many entrances. If you’re thinking about entering the field, here are four things I want you to know:
- Your background, whatever it is, has value here
- You don’t need to know everything to get started
- Imposter syndrome doesn’t mean you don’t belong
- The path may be messy, nonlinear or surprising, but it’s absolutely worth it
Take a class. Shadow a cybersecurity colleague. Volunteer for that small project. Get the foundational certification. Say ‘yes’ before you feel ready. That’s how I got here. If my winding, imperfect, unexpected path can lead to cybersecurity, yours can too.
Anastasia Kim, CC, has spent over 20 years working across government, retail, healthcare, manufacturing, utilities, SaaS, dental and enterprise organizations. She has held a range of business, management and training roles throughout her career. She works currently as a cybersecurity consultant, specializing in security program reviews, compliance assessments and security control validation.
