IT is one of the many perfect positions to transition into Security from. In my last 3 IT positions before accepting a full-time security position, my role was specifically IT, yet because I worked at startups that were, all hands on deck, I was either given or took on security responsibilities.
Being heavily part of the implementation and auditing process for ISO 27001. I went beyond implementing what was specific to IT and checking boxes for auditing purposes, and took the time to learn all 114 controls and how to implementing them all.
I had to thoroughly learn about GDPR to readily answer GDPR tickets, provide employee training, and educate stakeholders on how it affected their respective teams.
💿 Data Security
My experience with ISO 27001 meant understanding how to work with the engineering team on strategies and solutions to secure customer data at transit and rest and incorporate this strategy into the information security policy.
🔐Identity and Access Management
A large part of IT roles are managing users and accounts using software such as Onelogin and Okta. As we move towards SASE, SSO, and automating provisioning, I learned IAM.
☁️ Cloud Infrastructure
While working as a cloud infrastructure engineer, I gained hands-on experience architecting a remote secure cloud infrastructure on AWS and Azure, configuration automation and management, and managing VDI's.
🧑🏾💼 Business Operations
Over the years, I have taken the time to understand all company departments. I met with folks to understand their workday and took courses to understand each core department of a business. I then paired this knowledge with how their work correlates with IT and Security.