A sports injury set Owen John, CISSP, CCSP, on a new and very different career path that led him into IT, then into cybersecurity. Here he explains why he made the move from sport into security and how a chance conversation started his journey towards becoming a cybersecurity professional.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
My path into IT differed from what many would consider to be a typical route and so far it has been successful. Everyone takes different paths and there is no definitive right or wrong way.
After a career-ending injury concluded a promising rugby career, I transitioned into IT during my rehabilitation and training. My squash partner had recently resigned from his role. His employer happened to be present when I inquired about taking over his position. Consequently, in 1999, I began as a trainee IT technician working on the organization’s Y2K project. With a monthly income of £733, there was a need to enhance my earning potential to enter the property market, prompting me to pursue certifications. Over the following years, I obtained various Microsoft certifications. After eight years with the initial company, I joined a global manufacturing firm, where I remained for 15 years, eventually advancing to Senior Enterprise Architect for Cybersecurity while continuing to acquire vendor certificates from VMWare, Cisco, etc.
From IT to Cybersecurity
My transition from infrastructure and operations to cybersecurity occurred when I was promoted to Enterprise Architect for Infrastructure in 2015. During that time, I increasingly focused on securing infrastructure and working with cybersecurity on mergers and acquisitions. Recognizing an opportunity, I shifted my career towards cybersecurity, however I initially faced challenges in establishing credibility given my 16-year background in IT operations, infrastructure, networking and telephony.
This was my introduction to ISC2. My previous security work contributed to the experience required for the CISSP certification; however, I felt I needed more in-depth knowledge to fully understand the cybersecurity domain and to speak authoritatively and with credibility.
Engaging with ISC2 also introduced me to its valuable community. Prior to tackling the CISSP, I read books to ground myself in the subject. Hacking Exposed 7 was a fascinating start and really opened my eyes, next was the CEH v12 Certified Ethical Hacker Study Guide. After a year in cybersecurity, I started to study the ISC2 CISSP Study Guide. 90% of my certifications were achieved through self-study rather than formal courses. This approach worked for me due to the skills developed in my university education and subsequent studies, enabling me to learn, retain and most importantly, apply knowledge.
Sitting the CISSP Exam
After six months of study and three months of practice tests, I took my CISSP exam, which was an adaptive test. The exam concluded at question 100 and was very challenging so I thought I had failed; but no – I passed! This certification required a significant commitment. It marked the beginning of a lifelong learning journey in cybersecurity necessary to maintain the certification.
After a two-month break I began studying for the CCSP and passed the exam.
I now work as Head of Cyber Architecture for a FTSE 30 company in the U.K.
Volunteering and Contributing to the Cybersecurity Community
I am honoured to serve on ISC2’s U.K. Advisory Council and was recently appointed co-chair with Heather Lowrey, CISSP. This role allows me to advise on strategic initiatives to advance the industry. Additionally, I contribute to exam development for the CISSP and CCSP certifications. I feel privileged to give back to the industry that has provided me with a fulfilling career.
One of my passions is helping aspiring cybersecurity professionals enter the field. While we discuss a skills gap, few entry-level jobs exist, with many requiring unrealistically high qualifications. It frustrates me when "entry-level" positions demand five years of experience and a CISSP.
A satisfying way that I give back is by mentoring. I mentor four great young people. Two have recently secured their first cybersecurity jobs after months of unsuccessful attempts. We focused on improving CVs, interview skills, presentation abilities and more. I take great satisfaction in knowing my experience and guidance might have contributed a little to their success.
Being involved with ISC2 has been so rewarding in many ways and I look forward to getting more involved in the future.
Owen John, CISSP, CCSP, has 25 years of experience in large and complex global IT environments, with the last 15 years working in cybersecurity. A varied career in IT has given him a unique perspective and wide range of knowledge over multiple technology arenas from M&A to security strategy and architecture. An active member of ISC2, he devotes time to mentoring, exam development and to the ISC2 UK Advisory Council.
Related Insights