I've been a web developer for about 2.5 years, primarily working with PHP and Laravel. Honestly, I'm finding it pretty stale. The tasks have become repetitive, and I feel like I'm not really growing. I've been building the same CRUD-style applications without much opportunity for creativity or system design, which has led me to expand my skill set. I've picked up Java, Spring Boot, and the MERN stack, and have worked on real projects that are now in production. This experience has helped me realize that I enjoy backend logic and architecture, rather than just cranking out templates. However, I'm not a fan of PHP and find myself at a crossroads: I could either continue to improve as a developer or make the leap into cybersecurity, a field I loved back in college, where I was fascinated by breaking systems and understanding vulnerabilities. I'm looking for honest opinions from those who have experience in either web development or cybersecurity. Is a transition realistic with my background? How tough is it to learn cybersecurity from a backend development standpoint? Is this field as exciting as it seems, or do entry-level roles get monotonous like my current position? And also, am I genuinely interested in cybersecurity, or am I just feeling burnt out with PHP? Any insights would be greatly appreciated!
3 Answers
It sounds like you're not just bored with PHP; you want more ownership and creative challenges! Transitioning to cybersecurity is definitely doable from your background, but entry-level work can sometimes be repetitive, like triaging alerts. Before you make a big leap, I suggest trying platforms like TryHackMe or HackTheBox for a few weeks to see if that’s the excitement you’re looking for. If it’s a burn out from PHP, you might also find a modern backend role or a cloud-focused position more fulfilling without having to start from scratch.
Don't rush into pure cybersecurity just yet. You might want to look into Application Security or cloud security while still leveraging your backend skills. Entry-level cyber roles often involve SOC tasks that can be pretty dry, while roles like AppSec let you work closer to the development side. If you shift your tech stack to something like Java, Node, or Go, and take on security-related responsibilities, you can scratch that itch for security without a hard pivot.
I think it's great that you’re considering your options seriously! From my experience, building a career can be flexible, and your web development background can definitely help in cybersecurity. I’d suggest you keep improving your web dev skills while gradually introducing cybersecurity topics. Once you feel comfortable, you could dive deeper into that field.
Definitely make sure to explore those cybersecurity labs first! You'll get a feel for it without the commitment of a full pivot.