Chuck Gaughf has been an employee of ISC2 since 2011. He joined the team as information security officer and now heads up professional development technical content efforts for the association.

While Gaughf got his start in general IT, he sensed early in his professional journey that security was a hot and burgeoning career path, so he took action to get certified and pursue the opportunities in the field.

Below he shares his experience with transitioning from IT into a security-focused role, and how the knowledge gained through Systems Security Certified Practitioner (SSCP) certification was key to making the move.

Why did you decide to pursue the SSCP certification?
As someone who already had a background in IT, I was looking for the perfect cert that would help me augment my technical skills with security practices. The SSCP was balanced in that it was foundational but also technical. It allowed me to prove a technical understanding without having to seek a more entry-level certification. I was much like Goldilocks looking for just the right credential, and the SSCP filled the bill.

How has the SSCP helped with your transition into security?
The SSCP certification helped me gain that strong technical foundation in security. Security is a very broad field of study, but the SSCP spoke to me as a technical practitioner. It helped bridge the gap between my technical knowledge and security knowledge. It also helped me understand how to layer security into the work I was already doing.

Was it difficult to make the transition from IT to a more security-focused role?
Not at all. Once you have gained the knowledge and put it into practice, it is just a matter of changing perspective. Whether you work on the networking team or the help desk, your job is to make things work and make sure they work efficiently. When someone jumps into a security role, the mindset has to change from “let's make this work” to “let's make sure this is working safely.” Once technicians gain the skills and are open to the change of mindset, security becomes infinitely easier. 

What have you learned since you moved into security?
People who are looking to move into security should expect to be constantly challenged and to never stop learning. Technology moves fast, but security has to move faster to keep up. I was excited to learn so many new and interesting things, but it came as a bit of a surprise that I have not stopped learning new things every day since my first security position.

What advice would you give to others who want to move from general IT into a security-focused career track?
Don’t wait. Convergence is happening. DevSecOps is happening, and many companies are adopting this type of workflow. Your seat on the team no longer matters; you must have an understanding across disciplines. I need to understand how to talk to developers, and operations teams need to be able to talk with me about concerns so we can work together quickly to come up with solutions. Also, sometimes security may seem intimidating, but there is a place in security for all types, whether it’s the highly technical people or people who love to solve puzzles.

What do you like most about being an ISC2 member?
The community. ISC2 members are some of the most passionate people I have ever met. I have yet to run across another member, whether at a conference or chapter meeting, who wouldn’t take time to mentor, teach and share their passions. The community is amazing and very welcoming. It is almost like having a huge extended family and support structure. If you have a problem or you are struggling, ISC2 members will form a line to help and make sure you succeed. 


If you’re looking for a new career challenge and passionate support on your journey, consider SSCP certification.

Download the Ultimate Guide to the SSCP  to learn more.