October 18, 2021 By George Platsis 3 min read

This week, Cybersecurity Awareness Month focuses on cybersecurity careers and jobs in the industry, with a simple tagline: Explore. Experience. Share. Check out NIST’s workshops and toolkits for Career Week.

For cybersecurity and IT workers, if you want to position yourself well, do some exploring. Get to know new territory outside of cybersecurity. The reason? Simple: share your insights on the industry. Perhaps more importantly, learn about what matters to others to find some common ground.

Can You Talk Business When it Comes to Cybersecurity Jobs?

Cybersecurity and IT workers: up your game and learn the language of business. The information and data security function is much more integral to keeping a business going than it was even as recently as five years ago. No longer just a side issue, digital safety is a core issue. Learn to tell the C-suite that.

Regardless of job role, all teams understand dollars and cents. That’s your common ground. You can bridge the gap, and if becoming a chief information security officer (CISO) is your plan, you are putting yourself in a good position for the job. Cybersecurity careers being all about tech is so 2020. Go out of your comfort zone. Learn about the business and teach other stakeholders about your duties while you learn about theirs.

Cybersecurity Careers: Generalist or Specialist?

Regardless of where you are in your cybersecurity career, you’re going to have to make a decision. So I want to be a generalist or specialist? Each has its pros and cons.

  • Generalist: This career path can be bumpy. You’ll face entry-level positions where specific skills, tasks and abilities to use software platforms and tools are required. If you are too theoretical with no prior hands-on work, you may struggle to break into the industry. But if you are further into your career and expand beyond tech and specific skills, you open yourself up to greater opportunities that may be more business-, risk- and privacy-focused.
  • Specialist: This path likely helps you break into the industry, but the longer you stay as a specialist, the more likely you pigeonhole yourself for the future. Cybersecurity careers rapidly change as technology does. Remember, what is good today may not be good tomorrow, especially if new tech, like orchestration and artificial intelligence, starts to take over tasks. Also, being a specialist may get you the CISO job, but without building out your skill stack, don’t expect to keep the CISO job.

Don’t Let Certifications Hold You Back

Let’s be real: the industry is in desperate need of talent. If you have skills but are missing the certification, still seek a position that could continue your career. Employers can help encourage people into cybersecurity careers, too. Perhaps your future employer can pay for your training and exam costs if the certification is really that important. Show that you can walk the walk and the rest will fall into place.

A note to employers, HR departments and those seeking talent: no more job listings that look like a check box exercise. I’m going full Dee Hock here:

“Hire and promote first on the basis of integrity; second motivation; third capacity; fourth understanding; fifth knowledge; and last and least, experience. Without integrity, motivation is dangerous; without motivation, capacity is impotent; without capacity, understanding is limited; without understanding, knowledge is meaningless; without knowledge, experience is blind.”

The check box route is an exercise in looking for unicorns. You will almost always end up with the wrong person in the position, or worse, somebody who is there for the ride to get a resume boost and will jump ship. People are looking for work in cybersecurity careers right now. Listen to Dee Hock: find them, train them and they’ll appreciate that, especially nowadays.

Final Note to Employers: It’s On You to Hold On to Staff

People normally depart a job because they are burnt out, are in a bad workplace environment or because they have been pushed out. You are never going to build that culture of cybersecurity with high turnover.

In closing: if you are losing for cybersecurity careers in 2021, chances are it’s because you are letting them get away, not because they are doing a bad job. And that word will spread, which will make it only harder for you to replace that talent. Be wise about talent retention decisions. You may be feeding the competition without even realizing it and you may never get that talent back.

Next week, we close off this series with the Cybersecurity First theme.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today