TTech

How this cybersecurity engineer made the move from system administration

  • bytady
  • April 25, 2025
  • 5 minute read
How this cybersecurity engineer made the move from system administration
0
Shares
0
0
0
0

Fidelity Investments’ John Donohoe discusses the challenges and benefits of moving into a cybersecurity role.

John Donohoe, a senior cybersecurity engineer at financial services firm Fidelity Investments, started out in system administration, before looking for a change in direction. Specifically, he aimed to move into the cybersecurity space, which he accomplished by joining Fidelity’s ECS identity and access management team in 2020.

“As part of this team, I learned a lot about cloud technologies as I worked on implementing IAM tools and solutions using cloud technologies. I also learned a lot about the governance and audit of access management and how this all fits together to provide security for Fidelity.

“I moved from identity and access management (IAM) to application security as I wanted to expand my experience in software development. As part of this new role, I greatly improved my technical skills by learning about the tools used in the software development lifecycle and how security is integrated at each stage of the development process.”

Tell us about your background in system administration.

I’ve always enjoyed the problem-solving aspect of my work. As a system administrator, I was managing software patching, operating system deployments and software application deployments for thousands of computers across the entire company. There was always some new software to deploy, hardware to install or issues to investigate.

Automation was a big part of the work, and I really liked figuring out how to script deployments for a variety of software and hardware.  

What prompted your decision to seek a career in cybersecurity? 

The opportunity to learn is always a draw for me. I like a new challenge, and I was drawn into cybersecurity by the opportunity to learn about a whole new area of IT.

I had exposure to some cybersecurity work as a system administrator as I would often be responsible for deploying out configuration changes or new software to IT systems including the endpoint protection software. I’d often work with the cybersecurity teams on fixes for security vulnerabilities and my interest grew out of that.    

How did you go about making that move and did you receive support?

I found out that Fidelity Ireland was hiring for cybersecurity roles through a friend and applied for one of the system engineering positions in identity and access management.

As a system administrator, I had experience with access controls and managing a critical IT system. This lined up well with the new role at Fidelity. I did have to learn a lot about cybersecurity in general and the concepts, processes and tools in IAM. Fidelity helped a lot with that as they provide access to internal and external training resources and provide dedicated learning days which allowed me to have the time to upskill.   

What were the biggest challenges you encountered when changing careers? 

I think the biggest challenge for me was the change in mindset from system administration to cybersecurity. In system administration, you think about technical problems, their solutions and how to implement them. In cybersecurity, you think about problems, their solutions but also the risks. The risks associated with both the problems and their solutions and how those risks can be mitigated. It makes you think about IT systems in a different way and it took me some time to adjust to that way of thinking.  

Tell us about your next move into application security.

I decided to move to application security as I wanted to expand my experience in different areas of cybersecurity and get more involved with software development. I find the role quite interesting as it is quite varied. We implement tools and processes that automatically analyse applications at different stages of the development lifecycle. For this, you need to understand software development practices, build tools, DevOps platforms and how the security tools fit into the picture.   

Is there anything you wish you knew when starting out your career pivot? 

I think a better understanding of DevOps and software development processes would have helped me a lot when transitioning. It’s not something that I had a lot of exposure to as a system administrator and it was quite a steep learning curve at the start. I had some experience of writing automation scripts that would execute on a remote system, so this helped me learn the DevOps tools quite quickly. I am still learning about software development. I know a lot more about it now than I did two years ago but there is always more to learn.

What do you enjoy most about your job now and working in cybersecurity in general? 

I still enjoy problem-solving and the variety of the work that we do. I get to spend more time writing code and working with different cloud technologies as part of my role which I really like.

The most enjoyable aspect of working in cybersecurity is the opportunity to learn new skills and technologies. It’s a requirement of the job to keep up with the latest changes and it’s what keeps the work interesting.   

What advice would you give to others considering a move into the cybersecurity space, especially those from other careers? 

My advice would be to spend some time understanding the different areas of cybersecurity. There’s much more to it than penetration testing and ethical hacking. Many technical skills from other areas of IT transfer quite well. It’s a rapidly evolving space and it offers a great opportunity to learn new skills and technologies. If there is a specific area of cybersecurity that is of interest to you, spend some time familiarising yourself with the processes and tools in that area. 

What are the most important skills in this industry in your opinion and how might people upskill?

There’s a big shift towards AI so it’d be beneficial learning how to use AI tools and how they are being leveraged in cybersecurity. It’s also good to have an understanding of cloud technologies and the cybersecurity tools available there. In more technical roles, I’d suggest learning a scripting language like python and shell scripting is always useful. Once you understand the area and type of role you’d like to work in, spend some time learning about the common problems, solutions and tools in that space.  

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

0 Shares:
Share 0
Tweet 0
Pin it 0

Leave a Reply

Your email address will not be published. Required fields are marked *

— Previous article

From "For Fun" to Loss of Trust

Next article —

World Kinect Corporation (WKC) Q1 2025 Earnings Call Transcript

You May Also Like