Wan spent years as a desktop engineer before making the switch into cybersecurity. Today he works as a penetration tester at a healthcare technology organisation in Singapore. His path was not a straight line — it took curiosity, a willingness to start from scratch, and a deliberate commitment to keep learning. Here, he shares the mindset shifts and practical habits that made the difference.
Build a genuine learning mindset before anything else
The single thing Wan credits most is his approach to learning — not the tools he picked up, but the habit of seeking to understand rather than memorise.
What pushed him to make the move was noticing how the industry around him was changing. Security regulations were tightening, and IT and cybersecurity were becoming more clearly separated. “There were more rules in place, and more regulations to follow,” he recalls. Rather than feeling burdened by this, he saw an opportunity.
Cybersecurity is a fast-moving discipline. Threat actors change their techniques constantly, and the tools used to defend against them evolve alongside them. Professionals who treat learning as a one-off event quickly find themselves behind. Those who stay ahead make continuous learning a habit — not a chore.
If you are considering a switch, the question to ask yourself is not “do I know enough already?” but “am I genuinely curious about how systems break and how to fix them?”
Let hands-on experience answer the ‘is this for me?’ question
Wan points to CFCI’s Cybersecurity Experiential Workshop (CEW) as the turning point in his decision. “Throughout the seven hours, we’re given insights into what cybersecurity is, learn the required skills and even have a hands-on session,” he says.
That structure — insight, skills, and practice in a single day — matters because it replicates the actual texture of cybersecurity work. You are not reading about concepts in the abstract; you are applying them. That is a more honest test of fit than any information session or article can provide.
For Wan, the hands-on element confirmed that this was work he could engage with for the long term. For some people it surfaces doubts, which is equally valuable — better to know before committing to a full programme than halfway through.
Do not overcomplicate the technical fundamentals
A common misconception among career switchers is that cybersecurity requires mastering an enormous toolkit before you can contribute meaningfully. Wan’s experience points in the opposite direction.
“It is important to understand how to safely navigate risk or complexity,” he explains — and that navigating often means simplifying. Knowing how a system is supposed to work, understanding the basic logic of a network, and being able to reason clearly about cause and effect will take you further than collecting technical knowledge without a framework to apply it.
This does not mean the technical skills do not matter — they do. But the professionals who grow fastest in this field tend to be those who build solid foundations and then add tools on top, rather than those who accumulate tools without a foundation beneath them.
Develop your ability to communicate across audiences
Penetration testers, SOC analysts, and security consultants all spend a significant part of their working day communicating — to clients, to internal teams, to management. The ability to switch fluently between technical terminology and plain language is not a soft skill afterthought; it is central to the job.
Wan is direct about this: “Being able to communicate with cybersecurity terms and simplified terms together is critical to get a good career in cybersecurity.”
In a job interview, this shows up as the ability to explain what you did in a lab exercise without assuming the interviewer knows the jargon. In a role, it shows up as writing a clear incident report that a non-technical manager can act on.
One practical way to build this skill before you are in the job: when you complete a lab exercise or study a concept, try explaining it out loud to someone who has no background in technology. If you cannot, you have found a gap to fill.
Be honest about what you do not yet know
Wan’s advice for interviews is refreshingly straightforward. Know your fundamentals well. And when you reach the edge of your knowledge, say so clearly rather than bluffing.
This matters more in cybersecurity than in many other fields, because the stakes of a security professional overstating their capability are high. Interviewers in this industry are often technical themselves and will notice quickly. Honesty about your knowledge gaps, paired with a clear explanation of how you approach learning, is a far stronger signal than a confident-sounding answer you cannot back up.
The same principle applies in the role itself. Cybersecurity is collaborative. Knowing when to escalate, when to ask for a second opinion, and when to admit uncertainty is not a weakness — it is what good security practice looks like.
What Wan’s story illustrates for Singapore career switchers
Wan’s move from desktop engineering to penetration testing is not unusual in the current Singapore market. 75% of graduates who secured cyber roles had no prior IT background — the shift he made reflects a path many others have taken.
What distinguishes those who make it through is less about prior technical knowledge and more about attitude: approaching the programme with genuine engagement, doing the work in the labs rather than just watching, and treating the career support available to them as a resource rather than an optional extra.
80% of graduates who completed the full programme and career services secured cybersecurity employment (as of early 2026). Those numbers are built on the habits Wan describes: curiosity, honesty, and continuous learning.
For a broader look at how career switchers navigate this transition — including what to expect at each stage — see our complete guide to mid-career switching into cybersecurity in Singapore.
Thinking about making the switch?
The lowest-risk starting point is a free info session, followed by the Cybersecurity Experiential Workshop — the same seven-hour hands-on taster Wan credits with confirming his decision. From there, the CCK+ Career Kickstart programme takes you through the full curriculum, with career services support through to your first role.
No prior IT background is required. If you are curious, that is enough to start.
Frequently Asked Questions
Do I need an IT background to start a cybersecurity career in Singapore?
No. 75% of graduates who secured cyber roles had no prior IT background. Cybersecurity rewards curiosity, structured thinking, and a willingness to keep learning — qualities that transfer from many earlier careers.
What is the best first step towards a cybersecurity career in Singapore?
Start with a free taster. CFCI's Cybersecurity Experiential Workshop (CEW) is a seven-hour hands-on session that gives you a genuine feel for the work before you commit to a full programme.
How important is communication in a cybersecurity role?
Very. Cybersecurity professionals routinely brief non-technical stakeholders — from operations teams to senior management. Being able to translate technical findings into plain language is one of the most valued skills in the field.
What career support does CFCI provide after graduation?
CFCI provides career services including CV and résumé preparation, interview coaching, and portfolio guidance. Graduates also benefit from ad-hoc employer referrals through CFCI's network.