December 9, 2019 By Lysa Myers 4 min read

Cybersecurity career paths can feel a bit unclear, as our field is a relatively new one. The longer I’m in this industry, the more people ask me how to navigate their way into cybersecurity. This always fills me with trepidation, as “cybersecurity” isn’t so much one job as it is hundreds of different types of jobs, comprising dozens of different specializations.

My answer to those looking to start a cybersecurity career is usually to underscore the importance of getting to know people already in the industry and establishing your trustworthiness. Beyond that, it’s important to get a sense of what specialties interest you, as the best way to get into penetration testing isn’t necessarily the best way to get into a governance and compliance role.

Every Cybersecurity Career Path Is Different

My own career voyage might be best described as what happens when you’re blown about by the winds of fate. I found my first job at a security company because a friend told me about a people-oriented position she thought would suit me; they chose me because I’m a fast typist and I know how to find my way around Microsoft Office programs — not exactly the traditional path into this industry!

The rest of my career progression has been about exploring what aspects of security intrigued me. I discovered there were some topics that were a lot of fun and some I’d rather have my toenails pulled off than revisit.

My total lack of traditional job experience and any kind of purposeful career planning made my journey much slower than average, but a meteoric rise up the career ladder has never been something that appealed to me. This scenic route has taught me lessons and a breadth of skills that might not be gained with a more direct trajectory. I took my time to learn as much as I could, which was something that has served me well in the long term. Pursuing a nontraditional path can be a good way to go, but you’ll need to allow yourself extra time to explore.

If you want to figure out how to start career planning, it’s a good idea to get as much information as possible about where you would like that journey to lead you. If you’re just starting your career, the best way to do this may just be to explore by doing. But you can also help narrow down your search by asking yourself some questions about the way you work.

Reflect on What Really Moves You

I once interviewed someone for a malware analyst role within an emergency response team who gushed about how he loves digging into a tricky problem and pointing to a product on a store shelf to show off the results of his labors. Emergency situations don’t really allow for deep dives, and there would be nothing tangible for him to share with his loved ones. Once we talked about this, we agreed that he would likely find the job unsatisfying.

What he did in this interview is something I would advise more people to do: Ask people already established in a specialty that seems interesting to you what their job is like, and tell people what really makes you tick. Here are some key questions to consider:

What Brings You Job Satisfaction?

There are many things we can find satisfying about a job well done. Some like hearing from people they’ve helped. Others may find it fulfilling to express themselves through a creative outlet, such as writing or designing. Those of us who like playing with puzzles may have a fondness for solving difficult problems. You might find it satisfying to bring order to messy situations. Many of us like making a difference by helping people learn and grow. Or, you might find it motivating to explore new topics or learn about different types of security technology.

What Job and Life Factors Are Important to You?

Not everyone likes the same working conditions. Some people need the face-to-face interaction that’s offered in an office, while some find they’re more efficient working from home. Some people like to be able to move between groups or departments within a big company, while others like the opportunity to wear a lot of hats within a smaller company.
You may prefer having a stable, predictable source of income, but another person might like the chance to gamble on the possibility of a bigger payoff with a startup.

If you want to live in a particular locale, your options may be different from those of someone who would prefer the possibility of moving around. Some people like to be slow and thorough with their work, while others function better moving quickly from one topic to the next.

What Are Your Job Deal-Breakers?

The more specific you can get with your preferences, the more likely you are to find something ideally suited to you. It’s also important to realize that this is a journey, and you may choose to take roles that are slightly less than ideal to gain the experience that will help you get where you want to be. But there are also limitations to what we can stand that we all must put in place to preserve our happiness and sanity. It’s also important to get clear about which factors are “nice to have” versus “must-have.”

For instance, some people may not like to move locations for different jobs but might be able to put up with it temporarily, whereas others might find this truly intolerable. If some factor is truly important to you, that restriction could add time to your journey, but respecting your own needs makes it less likely that you’ll burn out before you get where you want to go.

There’s a Cybersecurity Job Out There for You

Whether you’re already 100 percent clear on what moves you in life or you need to drift around for a bit to see what floats your boat, there are plenty of cybersecurity career paths for all kinds of people. By taking the time to think about what truly moves you before making a job decision, you can enjoy calmer seas as you set off on your career journey.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today