Diagnostics to Disassembly: My Unconventional Path in Cybersecurity

Hey everyone! I wanted to share something a bit more personal today about my journey in cybersecurity. Unlike many tech bloggers, I'm writing from a somewhat unconventional position – balancing my passion for security with my long-term career as a Maintenance Mechanic at the United States Postal Service.

• My Brief Experience in Professional Security Work
• The Academic Journey: Pursuing Security While Working Full-Time
• Transferable Skills: The Unexpected Overlap
• The Challenge of Transition
• Developing a Security Mindset
• Advice for Fellow Career Transitioners
• Looking Forward

My Current Reality: Technical Troubleshooting by Day, Security Researcher by Night

Since 2016, I've worked as a Maintenance Mechanic MPE (Mail Processing Equipment) at USPS in Tucson, Arizona. For over 9 years, my role has involved maintaining critical mail processing systems, troubleshooting complex technical issues, and implementing solutions while ensuring operational continuity.

This work has honed my analytical thinking, systematic troubleshooting, and ability to understand complex system interactions – skills that have surprising parallels to cybersecurity work. The methodical approach needed to diagnose mechanical and electrical issues isn't too different from tracing through malicious code or understanding exploit chains.

Despite these transferable skills, I often find myself questioning whether I truly belong in cybersecurity conversations. When I'm in online forums discussing advanced exploitation techniques, that voice in my head occasionally whispers, "You're just a mail equipment mechanic – what do you really know about memory corruption vulnerabilities?"

My Brief Experience in Professional Security Work

Before starting at USPS, I had a 7-month stint in IT security across two roles, where I gained valuable hands-on experience:

As an IT Security specialist and later as Lead IT Security, I managed WordPress security, developed security awareness training, monitored for potential security incidents, and eventually led a small team handling web security initiatives.

While brief, this experience confirmed my interest in security work and gave me practical insight into the operational side of the field. Though short, this experience serves as an important reminder when impostor syndrome hits – I've successfully applied security principles in a professional environment before, even if it was years ago.

The Academic Journey: Pursuing Security While Working Full-Time

My cybersecurity education began at Dakota State University, where I earned my BS in Cyber Operations in 2018 while continuing my work at USPS. Balancing full-time work with online studies was challenging, often requiring late nights and careful time management.

Some of the most impactful courses at DSU included:

• Assembly Language (CSC 314), which fundamentally changed how I understand computer systems
• Malware Analysis (CSC 432), which sparked my passion for understanding malicious code
• Reverse Engineering (CSC 444), which built on my analytical skills from both my coursework and my day job

After graduation, I continued at USPS while applying my security knowledge where possible and continuously learning through online resources and platforms like HackTheBox and BlueTeamLabs Online.

In 2022, I took another major step by enrolling in NYU's online MS in Cybersecurity program while maintaining my postal service work. The program's flexibility made this possible, though it required significant sacrifice and dedication.

At NYU, my interests expanded further, especially during my final semester when I took "Introduction to Offensive Security" (CS-GY 9223). This course ignited a passion for exploit development that I've continued to nurture in my home lab.

Logging into that first offensive security virtual classroom at NYU, seeing the professional backgrounds of my classmates in tech companies and security firms in the introduction forum, was when impostor syndrome hit me hardest. Posting my own introduction as a postal worker felt like announcing I didn't belong in this space. But throughout that semester, as I worked through increasingly complex exploits and security challenges alongside my classmates, I discovered that in this field, practical skills and determination often speak louder than job titles.

Transferable Skills: The Unexpected Overlap

One of the most interesting aspects of my journey has been discovering how many skills transfer between my seemingly disparate worlds:

1. Systematic Troubleshooting: The methodical approach I use to diagnose equipment failures applies directly to malware analysis and exploit development.

2. Technical Documentation Analysis: Years of interpreting schematics and technical manuals has made parsing through assembly instructions and technical specifications second nature.

3. Root Cause Analysis: Finding the fundamental issue in a complex mechanical system isn't unlike tracing through a program to locate a vulnerability.

4. System Interaction Understanding: Recognizing how components interact in complex machinery translates to understanding how different parts of a computer system interact in ways that can be exploited.

5. Critical Thinking: The analytical methodology required to solve complex technical problems is directly applicable to security research.

The Challenge of Transition

Geographic limitations, family responsibilities, and financial considerations have all influenced my timeline for transitioning fully into cybersecurity. Tucson's limited specialized security opportunities combined with the stability and benefits of my established USPS position create a practical reality that many career changers face.

Despite these challenges, I continue to advance my security knowledge:

• Recently earning my GREM certification validated my malware analysis skills
• Currently studying for OSCP with plans to continue to OSED, OSCE³, and eventually OSEE
• Maintaining dedicated lab environments for hands-on practice
• Building connections in the security community through online forums and virtual events

I'll admit that part of my certification pursuit stems from that persistent feeling that I need to "prove myself" due to my non-traditional background. When you don't have "security analyst" or "penetration tester" on your resume, those certification letters after your name help quiet the impostor syndrome, even if just temporarily.

Developing a Security Mindset

Perhaps the most unexpected benefit of straddling these two technical worlds has been developing what security professionals call a "security mindset"—a perspective that automatically questions how systems might fail or be deliberately compromised. While maintaining mail processing equipment, I'm constantly thinking about failure modes, interdependencies, and unexpected edge cases—the exact same thought patterns that make for effective security research, just applied to different systems.

Advice for Fellow Career Transitioners

For others balancing established careers with cybersecurity aspirations:

1. Find the connections: Look for ways your current skills transfer to security—they often exist in unexpected places.

2. Be patient but persistent: Career transitions rarely happen overnight, especially when family and financial considerations are in play.

3. Create tangible demonstrations of skill: Whether through certifications, personal projects, or contributions to open-source tools, build evidence of your capabilities.

4. Leverage your unique perspective: Your non-traditional background may actually provide valuable insights and approaches that those with conventional paths might miss.

5. Build security into your current role: Find ways to incorporate security principles into your existing work, even in small ways.

6. Accept that impostor syndrome is normal: Almost everyone in this field experiences it, especially those of us coming from non-traditional backgrounds. Use it as motivation rather than letting it paralyze you.

Looking Forward

Though I haven't made the full career transition yet, I'm actively building toward that goal while appreciating how my current position has shaped my approach to security. The analytical mindset, systematic troubleshooting skills, and attention to detail required in maintaining critical systems have all contributed to my effectiveness in security research and analysis.

In upcoming posts, I'll be sharing technical content from my studies and home lab experiments, including a detailed analysis of binaries and malware samples and my preparation process towards many of the certifications I currently hold and those I'm continually pursuing.

I'd love to hear from others navigating similar transitions or who have successfully pivoted from technical fields outside of IT into cybersecurity roles. What unexpected skills from your previous work have proven valuable in security? And how do you handle those moments of self-doubt along the way?

Until next time,