Ask HN: How can I realistically change careers?
While I’ve found the work rewarding, I feel it’s time for a significant career change—potentially outside of this domain entirely.
I’m seeking advice from others who have made mid-career transitions:
• How did you pinpoint new directions that matched your skills and interests?
• What were the most effective ways to reposition your experience in a new field?
• Are there any resources or strategies you’d recommend for upskilling or building networks?
I've often thought about cybersecurity as something I'd like to specialise in, but it seems like bootcamps and the like aren't worth the money they charge (most advice has been starting at the bottom as an IT helpdesk worker and going from there, but I'm no spring chicken anymore. But I'm not against starting at the very bottom and working my way up).
I realise this is quite a broad ask, and apologies for the throwaway. I’d appreciate any insights, especially from those who’ve shifted from established careers to something entirely different. Thanks in advance!
171 comments
[ 3.9 ms ] story [ 196 ms ] threadI had always enjoyed reading psychology books and decided to attend night college and train as a counsellor.
For the first 2 years this was 1 evening of 3 hours each week, then 2 evenings each week for the final 2 years until I qualified as a therapeutic counsellor. I worked full time in my regular job during this period.
Once I had qualifed I realised I had absolutely no experience working in the care sector so I worked as a full time volunteer in the substance misuse field for a whole year gaining the experience and knowledge to allow me to get a paid job in the field. During this period the company provided an extensive traning package. I was after all giving my free time.
I also enroled in a psychotherapy masters degree. Now qualified as a counsellor I had all the core knowledge in place. The masters degree was one weekend each month for 2 years, so very doable.
After a year I applied for my first job as a keyworker then over the next few years I slowly worked my way up the ladder to care-coordinator, methadone dispenser, trained as a auricular acupuncturist etc etc.
six years later, aged 41, a master degree in hand and my new life ahead of me.
My friend did a similar thing and he became an architect.
The work can be rewarding but it can also be emotionally demanding and the pay and benefits can be quite shit, frankly. The mental health system (assuming USA) is designed to be exploitive to someone; either it’s going to exploit you, your clients, or both.
You can get an administrative job that pays a bit better and has better benefits but your work life balance will be poor and you’ll still generally struggle to make what tech workers make in equivalent roles. You can work outpatient but you’ll make less unless you charge a lot but then you’re excluding a large segment of the population who have a high need for services. Depending on where you live this may not be feasible even if you’re open to it. It’s dependent on your ability to keep a stream of somewhat affluent individuals coming in, obviously
Or you work with insurance but then you open yourself up to a great deal of red tape and financial liability that you either eat or pass on to clients, thus creating financial burden and worsening their mental health. It’s not your fault but it can feel really awkward and shitty to charge a client $800 when their insurance claws back 6 sessions worth of appointments. Alternatively you eat the loss, which can be something that inherently happens because (rarely) they’ll claw back appointments from 12+ months ago. This can also be challenging from an obtaining clients perspective. I run a private practice and contract with a group and right now I have 0 people coming in with no wait list. This isn’t common but it does happen and it means my income dries up a bit. It’s not the end of the world because the holiday season was a heavy period and it will likely pick up again soon but even people with insurance struggle to afford therapy now. More and more people have high deductible health plans with sizable deductibles so they end up paying $70-150 a visit, pretty considerable weekly/biweekly expense. Around summer I start getting a strong uptick because the high deductible people start meeting their deductibles (although young healthy ones often never do)
Sometimes it’s hard to leave work at work with this job. That’s any job of course but with this job you can hear some real heavy shit sometimes. That’s generally not the norm though; most people are just not doing so hot or having relationship troubles or whatever. But every once in a while you’ll get a person that has had some truly awful experience that sticks with you for a bit. Or a person that is manipulative, constantly tests your boundaries, and sticks with you in a bad way.
There’s a lot of positives to it too of course. I set my own hours, I don’t have dumb staff meetings, I set my boundaries with people so if a client goes too far or is outside my scope I can cut things off, etc. I earn 100% of my money minus minimal overheads (telehealth practice is really light on overheads). There are tedious clients of course but many clients are interesting and challenging in an intriguing way. But I feel like people don’t advertise the ugly side really
https://www.seattletimes.com/entertainment/pagliacci-classic...
supervision in counseling is odd. it's ethically obligated but not enforced. continuing education in many areas is loosely enforced too. this leads to other critiques about the field becoming, for lack of a better term, crappier. there are and (hopefully) always will be inspired, ethical, and passionate clinicians but there are also a lot of lazy ones who just burn through the checkpoints so they can bill insurance or clients $130/hr. Once they get licensed no one will check to make sure they do CEUs (depending on state), no one will check to make sure they consult with supervision for outside feedback, etc
it's one of those "we will self regulate" things but I don't know how well the field self regulates
The problem now is the cost of college. I would be working on this same path right now but I can't justify the terrible relative investment that is college in 2025. It is just night and day different compared to the 80s/90s.
The time would be no issue at all for me. I am bored and would love something to do like going to class again.
It is criminal I can't get a psychology degree online for a fraction of a state school price at this point. To have the same degree cost much more than before the internet is just completely insane.
We can figure out as a society how to ban Tiktok but not how to have dirt cheap education like we could. I can't imagine the price we pay in GDP growth for this between the student loan debt and the sub-optimal work force configuration.
For me, the transition also took a number of years. I did a Masters degree in security, and started to get more experience in security in my non security role. Then I found a small software company willing to give me a chance as their security guy. I guess for me it took about 4 to 5 years to really complete the transition.
Because to me, cybersecurity reads like "more digital" than "strategy, user research", not less, I'm not sure if I know enough about the poster's motives to help.
But what I can suggest is that the late Ross Andersons' book Security Engineering is a great starting point to get into system security.
BTW, I have enormous respect for people who are transitioning between professional areas, and while it consumes energy it probably will be the source of more energy, best of success for everyone!
Well I think these kind of thoughts are quite common. IMO it is helpful to realize that your thinking (rather dreaming) about doing cybersecurity may have very little to do with what it would actually feel like to acquire the necessary skills and find a gig (or some gigs).
Your choices are rather simple:
1. Dive straight in headfirst. Quit or change your job to part-time and commit to intense training in cybersecurity (e.g. enrolling in structured training program of some kind).
2. Find time, energy and motivation to learn/practice without changing your life radically or committing to anything. If you are seriously interested in something you'd be naturally drawn to do this thing. After a few months of doing so you will have a much better idea what switching careers would feel like.
3. Keep doing whatever your doing realizing your ideas and feelings are completely normal and valid but may have little to do with cybersecurity or your career. Try to understand what is actually missing in your life and how you can address the root cause.
Ageism is real in the industry. But it’s more nuanced. If you have experience commensurate with your age, a strong resume, and a network, the world is your oyster.
If you have none of those or your experience is with outdated tech, you’re screwed.
1) look up people who claim to be in cybersecurity on some site like LinkedIn - see what their titles are, where they work, and so on.
2) see if you can find their resumes or any detailed cybersecurity resume - you are looking for keywords, application software, languages they claim to know, etc
3) look up job interview questions that relate to those skills, e.g. glassdoor has a fun feature where people have shared the actual questions they were asked during an interview
4) find free or cheap online resources, classes, demo/free versions of apps, set up a home lab, so you can become familiar with those skills, languages, tools. etc as much as possible and for as little as possible.
5) read a site like "stack overflow" with a focus on the skills/apps that cyber security researchers are likely to use, and see what questions the tend to ask, etc.
6) Develop some study cards on Anki with the interview questions you are likely to get and answers that might fly. Don't be complacent, expand on this as you go along, adding more and improving what you have.
7) See if you can find one-off "cybersecurity" gigs on craigslist or fiverr, etc. where you can be paid something - anything - to do something security related. Not only might this improve your confidence, it will generate a little bit of money instead of you paying money. You can also check out the competition and see what they are doing, for how much, etc.
8) Read up on "cybersecurity" related topics, people, trends, books, movies, etc. Get a feel for things as they are, were, or might be.
Good luck.
Every time I made the change within the company I worked for. One I resigned, but was asked to fill another role, next I said I was bored, last I was about to be fired. My experience was employers can be more flexible than you imagine. But maybe I was lucky.
My career stagnated as a JavaScript developer. Most of my peers were afraid to write original software which made it really challenging to do anything until I was finally laid off from worst of it. Everything had to be little more than copy/paste from some enormous framework into an enormous mono…monster of stupidity. If you ever proposed sanity people would get irate because it threatens to expose that nobody has idea what they are doing.
Simultaneously, though, I have a part time job in the military. In the military I learned networking (routers and switches), operations, security, management, and more. I still maintain my security certs and have a clearance.
Last year a recruiter reached out to me about a work from home job writing enterprise APIs. I passed the interview using my knowledge of data structures and the inner mechanics of WebSockets from years of writing personal software. For most of my career as a JavaScript developer it seemed the only way I could program at all was to do it on my own outside of work.
Since then they promoted to lead operations and at the same time to be a team lead in a different organization.
How does a person get such a job? They join the military.
When I joined cyber wasn't a thing, because I am old. I joined the first cyber organization shortly after it formed and was a member for about a decade. I was promoted out of that organization and shortly thereafter a formal cyber organization was created, not just a few units. By that point I had become an officer doing more generic systems integration and physical communication infrastructure things.
The biggest difference between the military side versus the corporate developer side is that military tends to run towards problems. The goal is have everything working so that you reach steady state and don't have to do high visibility work. High visibility is bad, because it suggests you are failing something important. Corporate developers, on the other hand, tend to be either trend chasers that want high visibility yet low effort work until things fall apart and then they run away or are long term employees that want boring steady constant employment.
Though that is my understanding of how you make a big career change. Do your current job in a company that does what you want to do. Then change roles rather than jump to the role you want straight. Kind of beat the chicken and egg problem, of needing experience to get a job and can't get experience without a job. A job that is adjacent to the one you want is "second hand" experience.
There are actually very few people above around age 45 or so that write code for a majority of their day (percentage-wise), and that includes people who still consider themselves in "individual contributor" roles. E.g. even a principal engineer is going to be spending a majority of their time reviewing code, doing systems and architecture work, mentoring more junior developers, organizing more junior developers, etc. When I was a principal engineer a huge part of my job was "project management" as you put it.
That is like saying “doctor” as you put it. It’s super cliche for people in software to title themselves as principal or expert or famed ninja grand wizard and yet simultaneously not know how the real world works. Project management is actually a real thing, seriously. It’s not just some imaginary invocation like lawyer or teacher. People actually do that for a job and get paid real money. Unlike software where developers pretend to be qualified against their own imagined baseline there is actually a license/cert from a universally recognized governance body.
This kind of nonsense is why so many developers that don’t have imposter syndrome want out.
If you want to see what real project managers do then peer into construction where they manage billions of dollars in assets with critical timelines that have multimillion liabilities.
In the grand scheme of things, project management is about making sure projects are done on time, on budget and meets requirements.
It’s about managing dependencies, from a software development methodology, it’s creating a directed acyclic graph but with people instead of computers.
It’s also dealing with managing stakeholders, contributors, blockers, budgets, scheduling meetings, keeping the higher up informed, etc.
If you put a gun to my head, I can be a competent project manager. As a “staff” software architect half of my job managing cloud projects as a tech lead with the other half being more of a solution architect when we first sign a customer and designing an implementation plan with work streams and epics.
Usually I end up splitting the project management part up with a real project manager.
It’s not because of a lack of competence. It’s bandwidth.
But just like you can’t be a good tech lead if you don’t have some level of competence technically, you have to be decent at project management.
I certainly didn't mean to denigrate the job of project management. But I do agree with the other response - project management is just about ensuring a job is done on time/budget by tracking and managing a complex set of dependencies. I will say, at least in my experience, that really great official software project managers (I mean that was their job title) are worth their weight in gold, but they happen to be quite rare (again, emphasis on "in my experience"). Too often I worked with project managers whose thought their role was scheduling meetings and constantly asking all the engineers if the Jira board was up to date. But I think this because, when done correctly, the project management role is a challenging one that takes an unusual combination of attention to detail, communication skills, and ability to stay motivated on what can feel like boring tasks in the moment.
Take the strategy, user research and frameworks you do to drive better CX, and apply that to something you have a deep interest in away from the usual mainstream. It could be a hobby, it could be the cyber stuff you're interested in.
On that, you're more likely to enjoy getting into cybersecurity by joining a company doing that today as a CX expert and getting more technical over time and looking for a horizontal move, than you are from starting from scratch and working on an IT help desk and trying to work your way up.
I'd also suggest starting a blog or producing open source content in the field you want to move into. I'm starting to do this, because it can highlight my knowledge/skills while my CV is in a completely different field, in order to gently build traction and attention in my "target" industry.
One last thought: don't underestimate that you're stressed, burned out and just need a decent period of slow work to recover. I think most people looking for major changes in their career are just tired and fed up. I know I am. They say a change is as good as a rest, but a rest is as good as a rest as well.
I usually think about a career in sales engineering because of this.
Move on to the more intermediate certifications if you want to/keep learning.
Currently trying to become a wild beekeeper dropping hives anywhere anyone will let me while coding on side projects at the same time.
I recommend beekeeping. Go on a course somewhere, learn a little, get a hive, make mistakes, learn, scale, profit.
I'm assuming no-touch hives are designed differently than honey-extractive hives.
https://www.beekeepingnaturally.com.au/natural-beekeeping/th...
(Just a little joke, based the meme of developers quitting their jobs to start a goat farm.)
Also, I'm allergic to bees.
[0] https://web.bluebeansoftware.com/whats-all-the-buzz-with-sma...
Too cool! Might give it a try.
Oooof, I don't... maybe you know the secret, but being an amateur beekeeper and watching what the pros do, it looks darn hard to reach scale.
He casually drops that he has 250 hives, and that he's not that into it...
I'd take careful stock of your support network behind you, and of who you're supporting. But keep in mind, there's no "wrong answer". Live your life out loud and you do you. If your situation makes that untenable, do some soul searching and find peace without the shakeup. Lots of good advice on this thread, but you know you better than anyone (and if not, start there).
Know the risks though. My wife and I have changed our religious and political beliefs over the past decade or so and as a result have lost contact/intimacy with much of our families/friends. Losing community takes a much steeper toll than I would ever have guessed.
e.g., Learn enough to be useful, then talk to the security guys at your company. Prove you're useful and trustworthy; see if there's any tasks you can do for them without violating policy. If a spot opens up, see about changing roles within your company.
Or, join a smaller company, where your role and some security responsibilities overlap.
The short version is when people can ease sideways to a completely new role at their current employer. The longer version involves getting a new job doing the same thing, but at a company that does a lot more of the thing you want to do. Initially you do the thing you were doing before, but there's more opportunity to shift sideways when you get a good rep.
You would be better off going into consulting or sales in a related industry.
People like to give you warm and fuzzies and tell you that “you are never too old”. Honestly, that’s not true.
As you grow older, you have more responsibilities and you need higher pay.
But the best way to transition is to slowly do it internally at a company you already work at.
(I’m 50 by the way)
I meant “they’ll never hire as many security people as they should have on staff and OP would be wading into low-demand territory”.
The tradeoff is that you have to not mind:
1) relocating to the greater Washington DC metro area, and
2) getting a US security clearance,
Though this website really makes it seem like cybersecurity is all about the world of web apps and commercial tech companies, I would actually posit that the US DOD / Intelligence community is the largest customer of cybersecurity research in the US. (It’s dispersed through a big web of contracting firms, but the end client of most of these firms is one of a handful of agencies or military intelligence divisions.)
I say this as someone who works in the field: if you can code, and you can get cleared, you can probably find someone in the cybersecurity field who wants to hire you. The field is hungry for experienced talent. The fact that you’ve previously forward developed web apps is not a drawback - if anything, it’s an asset. Knowing how developers think is a great asset that most pentesters and reverse engineering focused people in the field lack.
Your focus in UX, user research, and design is a huge asset. There are tons of dogshit web apps that government agencies use for important national security purposes. Trust me on this.
Edit: expanding on the note about the "big web of contracting firms" - there are a ton of little DARPA / pentest / cyber research companies in the DC metro area that would kill for an experienced programmer with an interest in cybersecurity research. They don't pay nearly as much as FAANG, but there's also substantially less competition for those jobs, and (in NoVA/southern MD, anyway) tons of opportunities to jump ship to different teams with different work and better cultural fit, if you're interested.
I think the level of scrutiny would be much higher if you were a dual citizen with a nation the US perceives as an adversary - i.e. Russia, China, Iran, North Korea.
I'd happily tell you what I make personally as an EE with ~15 years experience if you were to contact me privately, but I don't really feel like posting that on the internet.
The biggest variable to me is if you can justify taking money out of the market to pay for college. For me, it is a non-starter. A completely laughable idea.
Pushing 50, I need one more re-invention. Starting over in something like cybersecurity, I would just be getting beat out by the 25 year younger version of myself. I need an AI hedge basically. Something highly creative, non-standard, not something everyone else is already is doing. The process of trying to figure this out is what I think will lead me there.
My AI hedge is that I don't want to start trying to do this if I find myself completely unemployable with my previous experience and skills pushing 60.
It seems like we either get AGI and I am not employable in 10 years or we don't get AGI and we have such massive malinvestment that the job cutbacks also make me unemployable on my current path.
It’s a huge conviction, that means every dollar you earn during this phase has to be leveraged into this build out because at the end there won’t be any jobs left.
When this happens at scale, and everyone is on social security, the government will inevitably cut/tax your social security income, which is going to be insane for the retired crowd who will literally have no recourse in the economy. Foreign nations already want to de-dollarize, so a situation in 20 years can easily arise where America cannot raise debt because no one wants to buy it (aged highly-taxed population, no jobs due to automation, and no creditors. Fall of an empire, we’re crying wolf again but this time it feels real).
The only way the American demographic will be able to maintain its lifestyle is to do the opposite of what we are doing now. We’d need mass immigration, to fill a underclass that we can tax to maintain the QoL of the retired American class (or in simpler terms, saturating the bottom of the pyramid to pay into social security, everyone else is old or out of a job). This might cause civil unrest.
It’s best to prepare. America has UBI via SS, it just hasn’t been stress tested. What if we put everyone on it for life? It’s going to cause so many moral hazard issues. Why should I pay into supporting people who don’t do anything? Well, what are they supposed to do? There’s nothing to do. Should they not eat then?
What do you want to live for?
Who can answer that for you?
This limits what success looks like for your switch. Are you looking for a different work life balance? Learn something new? That can work.
Becoming the face of security in an organization? Not likely.
For me my greatest motivation was that I wanted to work with people individually, money be damned. I had a supportive spouse and we already lived frugally so I could build a business without (overwhelming) fear of failure.
If you can still stomach office work become an accountant. You’ll use all your analytic skills in a role that is useful to every sized company but your pace of work will be much more constant. Your ability to write small programs and debug excel will make you valuable.
You can go to industry and climb the ladder and make good money with less crazy workload.
I know a chief accounting officer at a public company and she earns 7 figures. She works a lot but also goes on vacations and has free time.
Then there's "doing accounting work for a company as part of an accounting department" which is much more likely to be 40h weeks, punch-the-clock type of work. However there can still be crunch time there as the deadlines are real deadlines not VP-pulled-out-of-a-hat deadlines (e.g. tax filing deadlines, SEC reporting deadlines).
So, I bought an old Dell server and started teaching myself Networking, Linux, VMware, KVM, Databases, Websites and anything else I could get my hands on. I built a portfolio of my best projects and started applying for jobs. It took countless applications, but I eventually got a QA position at a local startup. The rest is history as they say.
My portfolio is what sealed the deal, and I got a job offer from the only interview I had. Unless you are getting into a trade like lineman or trucking where they will train you, a portfolio is the best way to set yourself apart without experience. I took a 50% reduction in pay. But I was never really money focused, I learned that if you enjoy doing something, the money will follow.
Short answer - work for a small startup where you wear many hats. Scale, sell or fail - rinse and repeat.
Started as a mechanic, went back to get an engineering degree which got me into a auto manufacture. I found engineering cool but moved to slow and salary growth was very slow. During dot com days things were booming and I had an opportunity to jump to a marketing startup which helped me break out of my engineering shell(such a different world).
I found operations was a very good fit for me - complex machine you have to engineer to work efficiently as the world is on fire. I happen to make a career out of it working with several startups in numerous industries. My job was always started with - fixing stuff young startups get wrong to help them keep up with growth. Basically put business processes in place and be an interpreter between technical and business people so they stop making stupid technical decision that cause long term problems.
It was a great ride and learned a ton about business that you will rarely learn at a big company. I was responsible for various aspects of technical and non technical operations so always had a seat at the table.