This week, Cybersecurity Awareness Month focuses on cybersecurity careers and jobs in the industry, with a simple tagline: Explore. Experience. Share. Check out NIST’s workshops and toolkits for Career Week.

For cybersecurity and IT workers, if you want to position yourself well, do some exploring. Get to know new territory outside of cybersecurity. The reason? Simple: share your insights on the industry. Perhaps more importantly, learn about what matters to others to find some common ground.

Can You Talk Business When it Comes to Cybersecurity Jobs?

Cybersecurity and IT workers: up your game and learn the language of business. The information and data security function is much more integral to keeping a business going than it was even as recently as five years ago. No longer just a side issue, digital safety is a core issue. Learn to tell the C-suite that.

Regardless of job role, all teams understand dollars and cents. That’s your common ground. You can bridge the gap, and if becoming a chief information security officer (CISO) is your plan, you are putting yourself in a good position for the job. Cybersecurity careers being all about tech is so 2020. Go out of your comfort zone. Learn about the business and teach other stakeholders about your duties while you learn about theirs.

Cybersecurity Careers: Generalist or Specialist?

Regardless of where you are in your cybersecurity career, you’re going to have to make a decision. So I want to be a generalist or specialist? Each has its pros and cons.

  • Generalist: This career path can be bumpy. You’ll face entry-level positions where specific skills, tasks and abilities to use software platforms and tools are required. If you are too theoretical with no prior hands-on work, you may struggle to break into the industry. But if you are further into your career and expand beyond tech and specific skills, you open yourself up to greater opportunities that may be more business-, risk- and privacy-focused.
  • Specialist: This path likely helps you break into the industry, but the longer you stay as a specialist, the more likely you pigeonhole yourself for the future. Cybersecurity careers rapidly change as technology does. Remember, what is good today may not be good tomorrow, especially if new tech, like orchestration and artificial intelligence, starts to take over tasks. Also, being a specialist may get you the CISO job, but without building out your skill stack, don’t expect to keep the CISO job.

Don’t Let Certifications Hold You Back

Let’s be real: the industry is in desperate need of talent. If you have skills but are missing the certification, still seek a position that could continue your career. Employers can help encourage people into cybersecurity careers, too. Perhaps your future employer can pay for your training and exam costs if the certification is really that important. Show that you can walk the walk and the rest will fall into place.

A note to employers, HR departments and those seeking talent: no more job listings that look like a check box exercise. I’m going full Dee Hock here:

“Hire and promote first on the basis of integrity; second motivation; third capacity; fourth understanding; fifth knowledge; and last and least, experience. Without integrity, motivation is dangerous; without motivation, capacity is impotent; without capacity, understanding is limited; without understanding, knowledge is meaningless; without knowledge, experience is blind.”

The check box route is an exercise in looking for unicorns. You will almost always end up with the wrong person in the position, or worse, somebody who is there for the ride to get a resume boost and will jump ship. People are looking for work in cybersecurity careers right now. Listen to Dee Hock: find them, train them and they’ll appreciate that, especially nowadays.

Final Note to Employers: It’s On You to Hold On to Staff

People normally depart a job because they are burnt out, are in a bad workplace environment or because they have been pushed out. You are never going to build that culture of cybersecurity with high turnover.

In closing: if you are losing for cybersecurity careers in 2021, chances are it’s because you are letting them get away, not because they are doing a bad job. And that word will spread, which will make it only harder for you to replace that talent. Be wise about talent retention decisions. You may be feeding the competition without even realizing it and you may never get that talent back.

Next week, we close off this series with the Cybersecurity First theme.

More from CISO

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

How the Talent Shortage Impacts Cybersecurity Leadership

4 min read - The lack of a skilled cybersecurity workforce stalls the effectiveness of any organization’s security program. Yes, automated tools and technologies like artificial intelligence (AI) and machine learning (ML) offer a layer of support, and bringing in a managed security service provider (MSSP) provides expertise that isn’t available in-house. But it isn’t enough, especially for the medium-sized businesses that would most benefit from an internal security team. However, the talent shortage doesn’t just impact present-day security concerns. The lack of a…

4 min read