Multi-part response, first on the cybersecurity specialization, do you have any real interest in the computer security field? At least from the suggestion, it seems like a vague idea, without a large amount of actual awareness of what's involved in the field.

Sounds kind of hiring manager cliche, yet does detecting, identifying, monitoring, evaluating, responding, resolving, and future mitigating these types of ideas sound enjoyable? Do these terms even mean very much?

- Malware, scareware, spyware, warez, trojans, worms, viruses, (IP, msg/email, address, router, network, certificate, biometric) spoofing, phishing, tampering, script smuggling, privilege escalation, bootloaders/bootkits, configurators, shredders, (hardware/software) backdoors, eavesdropping/wiretapping/sniffing/snooping, scraping, (access, keystroke, activity) loggers, logic bombs, locators/tracers, system bricks, botnets

For the rather serious security crowd, any interest in attending:

- DEF CON, Black Hat, (C3) Chaos Communication Congress, IEEE S&P, ACM CCS, USENIX, NDSS, or Supercomputing?

Not trying to sound: input.replace(/[let]/g, c => ({l: ['1', '|_', '|'], e: ['3', '&', '£', '€', '[-', '[=-'], t: ['7', '+', '-|-', '][|][', '†', '«|»', '~|~']}[c][Math.random() * ({l:3,e:6,t:8}[c])|0]));

Just at the same time, a lot of the actual work in computer security is not especially glamorous work, that often involves sitting in a room, typing on a keyboard, dealing with annoying computer issues, picking through problems in software to find attack vectors, and people who's idea of cool is reverse engineering attacks.

Lot of script kiddies, C-suites/generals/execs who use "123" as their login, far away companies you have little ability to motivate, and frustratingly simplistic exploits.

There was an article that came through a while back on UNIX, and a huge percent of the vulnerabilities all involved invoking "sh </dev/tty >/dev/tty" as about the only one-trick strategy. Except ... enormous number of available methods.

That dissuading stuff aside, there's definitely jobs in "cyber" and "security" that involve "user research, frameworks, customer experiences (ostensibly UX I suppose)". Somebody writes this kind of stuff for companies like Cisco [1]

[1] ThousandEyes, https://www.thousandeyes.com/outages/

---

Second portion of response, direct questions asked.

Background: started out in acoustics / optics, and then moved to government fluid dynamics and supercomputing (NASA MSFC)

- How did you pinpoint new directions that matched your skills and interests?

  - Personal route, go on a job website, look at what's available in terms of jobs in related fields, select several a day you have an interest in, treat the process just like a job you're working, prepare an individualized / customized resume for each of the jobs you have an interest in, selecting skills and backgrounds as appropriate, and then repeat each day with a different selection of jobs.  Attempt to submit several a day just like you're doing "cold call" sales work with multiple leads constantly running.

  - Start with a relatively small window of "degrees of separation" on how far from your core field you're going to wander.  Practice writing resumes and skill ideas for the core field and then add in possibilities for other nearby job fields that actually sound interesting.  Investigate what's available and with each day consider how far you're willing to move from your core skills and interests and what you would still be able to viably defend to somebody at an interview in those "how are you a positive fit for this job", "what will you bring to this organization", ect.. type questions.

  - Not so much "pinpointing" and knowing exactly where you're going to go beforehand, so much as viewing what's available and then evaluating where amoung the possible targets that appear to be hiring seem like reasonable possibilities.  May want to do a couple days of simply surveying the job market and the offerings available across a range of different locations (job websites, organizations you respect, desirement or "ideaL" job fit locations) to see what's even there.

  - Sounds a bit like an HR rep wrote this question.  However, much like the answer above, take what you've done, examine what's available in the actual job market of the now, try to write something you could actually defend to an interviewer about how your skills are somehow a match for the job, and then try again (since many of the leads will likely not actually work out)

  - Taking your example, not sure what the background skills are, yet jobs available with UX or security related searches have stuff like [2][3][4][5][6].

[3] Apple: WebKit Engine Security Engineer: https://jobs.apple.com/en-us/details/200583193/webkit-engine...

[4] FBI: Network Engineer, GS 12/13, Communications Technologies Unit: https://apply.fbijobs.gov/psc/ps/EMPLOYEE/HRMS/c/HRS_HRAM_FL...

[5] Microsoft, Security Assurance IC3: https://jobs.careers.microsoft.com/global/en/job/1800220/Sec...

[6] Cisco: Software Development Manager, Networking & UX/UI: https://jobs.cisco.com/jobs/ProjectDetail/Senior-Software-De...

  - Each provides lists of the types of skills they're looking for, possible suggestions on skills that may exist in your prior background that "might" apply, and possible "repositioning" of your background for different opportunities.  Just rather difficult to specifically state a strategy, since each is rather different (Cloud, Webkit UI Security, Network Comm Security, Network UX/UI) with rather different routes about what might have to be shifted or accentuated.  And most likely require a rather different type of experience shifting then engineering acoustics over to governmental computation.