Skip to main content

Learning · 7 min read ·

From IT Support to Senior InfoSec Engineer: My 15+ Year Journey

Navigate IT support to senior InfoSec engineer path—learn from 15+ years securing federal systems with practical career transition advice.

learning professional-development security

The Beginning

Twenty years ago, I was that IT guy. Printer jammed, email stopped working, computer made “that weird noise”—I showed up. I started as an independent IT consultant in 2005, fixing computers for local businesses.

My toolkit: USB drive full of antivirus tools, patient smile, endless “let me Google that for you” searches. I loved it. Every problem was a puzzle, every fixed computer a small victory, every grateful client taught me something new about technology and people.

The Accidental Security Engineer

Security wasn’t part of the plan. It found me.

During consulting years (2005-2010), I noticed patterns. Same 3-4 clients kept getting infected with malware every 2-3 months. Small businesses were losing data to ransomware before ransomware was cool. I started implementing basic security measures on around 50 endpoints across 12 clients: centralized antivirus, backup strategies, user training.

One client said something that changed my trajectory: “You’re not just fixing our computers, you’re protecting our business.”

That clicked. Security wasn’t about technology. It was about enabling people to work safely and confidently. Protection, not restriction.

The Enterprise Leap: From Small Business to Big Systems

In 2014, I transitioned to enterprise IT, handling asset management with a security focus. Suddenly, I wasn’t just dealing with a few computers. I was working with 800+ devices across 4 locations, ensuring NIST-compliant processes. The scale was overwhelming at first.

Key lesson: Enterprise IT is a different beast. It’s not about knowing everything. It’s about:

  • Understanding processes and compliance
  • Building repeatable solutions
  • Documenting everything (seriously, everything)
  • Learning to work within frameworks, not against them

The Federal Years

Years ago, I transitioned into federal cybersecurity work. IT generalist became security specialist. Starting as Service Desk Lead, I gradually took on broader security responsibilities:

  • Managing endpoints in regulated environments
  • Implementing security controls for sensitive operations
  • Leading teams through security incidents
  • Translating between technical staff and compliance auditors

The progression was intense:

Service Desk Lead: Security at scale requires automation.

Security Engineer: Understanding frameworks like NIST SP 800-53.

Lead Security Engineer: Leadership is about enabling others.

Vulnerability Management: Large-scale systems taught me metrics matter.

Biggest revelation: Security isn’t about saying “no.” It’s about finding secure ways to say “yes.”

The Plot Twist: HPC and Research Computing

In recent years, I worked with High-Performance Computing environments. Suddenly, I was securing GPU clusters with 100+ NVIDIA A100/H100 GPUs running complex computational workloads. Talk about imposter syndrome!

But here’s what I learned: Security principles are universal. Whether you’re protecting a small business network or a supercomputer running research calculations, the fundamentals remain:

  • Understand what you’re protecting and why
  • Know your threat landscape
  • Build defense in depth
  • Monitor, respond, iterate

Practical Impact Example: When we implemented proper SLURM accounting and GPU isolation, it became clear how quickly untracked compute costs can spiral in HPC environments. Security controls that provide visibility into resource consumption aren’t just about security — they save real money. My experience with GPU power monitoring in homelab ML environments taught me how easily computational costs can spiral out of control, while learning continuous cybersecurity education strategies helped me keep pace with rapidly evolving threats in these complex environments.

The Present: Cloud Security and Beyond

Today, I work in cloud security, which represents the culmination of everything I’ve learned:

  • The troubleshooting skills from IT support days
  • The process knowledge from enterprise IT
  • The security frameworks from federal work
  • The scale challenges from vulnerability management
  • The performance considerations from HPC

But most importantly, I still approach every day with that same curiosity from my consulting days.

Mistakes I Made (So You Don’t Have To)

1. Thinking Certifications Were Everything

I collected certifications like Pokémon cards. Over 5 years: CompTIA A+ (2006), Network+ (2007), Security+ (2008), Linux+ (2009). Valuable, but real learning happened when applying knowledge. Certifications open doors, experience gets you through them.

2. Avoiding What I Didn’t Know

Early on, I’d dodge unfamiliar technologies. Bad move. Biggest growth came from jumping into the deep end: SLURM for HPC management, eBPF for kernel-level monitoring.

3. Forgetting the Human Element

I once over-engineered an authentication flow with too many steps. It didn’t take long to see people working around it — which taught me that security people won’t use isn’t security, it’s theater.

4. Not Building a Network

For years, I thought networking was just TCP/IP (dad joke intended). Building relationships with other professionals has been invaluable for learning, opportunities, sanity checks.

Lessons That Shaped My Career

Start Where You Are

You don’t need to know everything about security to start. My IT support background gave me:

  • Troubleshooting skills that translate directly to incident response
  • Customer service experience crucial for stakeholder management
  • Broad technical knowledge for understanding attack surfaces

Embrace the Imposter Syndrome

That feeling of “I don’t belong here”? Your brain recognizing you’re growing. I felt it moving from:

  • Small business to enterprise
  • IT support to security
  • Private sector to federal
  • Traditional IT to cloud and HPC

Each time, it meant I was learning.

Find Your Why

For me, it’s protection and enablement. Whether protecting a small business from ransomware or securing research that might cure diseases, knowing your “why” sustains you through challenging times.

Never Stop Learning

Technology evolves faster than any of us can keep up. Not a bug—it’s a feature. My current learning list:

  • AI/ML security (LLMs aren’t going away)
  • Quantum-resistant cryptography (the future is coming)
  • Privacy-preserving technologies (security without privacy is incomplete)

Advice for Aspiring Security Professionals

1. Start Building Now

  • Set up a homelab (it doesn’t need to be fancy)
  • Contribute to open-source security projects
  • Write about what you learn (blogging clarifies thinking)
  • Break things responsibly (emphasis on responsibly)

2. Develop Soft Skills

Technical skills get you hired, but soft skills get you promoted:

  • Communication: Can you explain security to non-technical stakeholders?
  • Empathy: Can you understand why users do insecure things?
  • Leadership: Can you influence without authority?
  • Patience: Can you handle the 500th “I got a suspicious email” ticket?

3. Choose Your Path (But Stay Flexible)

Security is vast. You might gravitate toward:

  • Offensive security (pentesting, red teaming)
  • Defensive security (SOC, incident response)
  • Governance and compliance (frameworks, auditing)
  • Security engineering (building secure systems)
  • Security research (finding new vulnerabilities)

I thought I’d be in offensive security but found my passion in security engineering and architecture. Stay open to where your interests lead. Building a secure homelab gave me a safe environment to explore different specializations before committing to a career path.

4. Remember It’s a Marathon

Burnout is real in security. We deal with:

  • Constant threats and alerts
  • High-stakes decisions
  • Rapid technology changes
  • Often being seen as the “Department of No”

Build sustainable practices:

  • Have hobbies unrelated to tech
  • Set boundaries (the incidents will still be there tomorrow)
  • Celebrate wins, even small ones
  • Remember why you started

The Journey Continues

Fifteen years in, I still feel like I’m just getting started. The kid excited about fixing computers is now excited about Zero-Trust architectures and AI security. The tools changed, scale changed, but the core remains: solving problems, protecting people, enabling progress.

To those starting their journey: the path isn’t straight, the learning never stops, and yes, you belong here. Whether you’re in help desk, development, networking, or any other IT role, security needs your perspective.

Every expert was once a beginner who refused to give up.

One Final Thought

Last week, my son asked me what I do at work. I told him, “I help keep the internet safe for people like you.” He said, “That sounds boring.”

Then I showed him my homelab, explained how I catch bad guys trying to break into computers, and let him help me write a Python script to monitor our network.

His response? “Okay, that’s actually pretty cool. Can you teach me more?”

That’s the real measure of success – inspiring the next generation to take up the shield.

Related