This week, Cybersecurity Awareness Month focuses on cybersecurity careers and jobs in the industry, with a simple tagline: Explore. Experience. Share. Check out NIST’s workshops and toolkits for Career Week.

For cybersecurity and IT workers, if you want to position yourself well, do some exploring. Get to know new territory outside of cybersecurity. The reason? Simple: share your insights on the industry. Perhaps more importantly, learn about what matters to others to find some common ground.

Can You Talk Business When it Comes to Cybersecurity Jobs?

Cybersecurity and IT workers: up your game and learn the language of business. The information and data security function is much more integral to keeping a business going than it was even as recently as five years ago. No longer just a side issue, digital safety is a core issue. Learn to tell the C-suite that.

Regardless of job role, all teams understand dollars and cents. That’s your common ground. You can bridge the gap, and if becoming a chief information security officer (CISO) is your plan, you are putting yourself in a good position for the job. Cybersecurity careers being all about tech is so 2020. Go out of your comfort zone. Learn about the business and teach other stakeholders about your duties while you learn about theirs.

Cybersecurity Careers: Generalist or Specialist?

Regardless of where you are in your cybersecurity career, you’re going to have to make a decision. So I want to be a generalist or specialist? Each has its pros and cons.

  • Generalist: This career path can be bumpy. You’ll face entry-level positions where specific skills, tasks and abilities to use software platforms and tools are required. If you are too theoretical with no prior hands-on work, you may struggle to break into the industry. But if you are further into your career and expand beyond tech and specific skills, you open yourself up to greater opportunities that may be more business-, risk- and privacy-focused.
  • Specialist: This path likely helps you break into the industry, but the longer you stay as a specialist, the more likely you pigeonhole yourself for the future. Cybersecurity careers rapidly change as technology does. Remember, what is good today may not be good tomorrow, especially if new tech, like orchestration and artificial intelligence, starts to take over tasks. Also, being a specialist may get you the CISO job, but without building out your skill stack, don’t expect to keep the CISO job.

Don’t Let Certifications Hold You Back

Let’s be real: the industry is in desperate need of talent. If you have skills but are missing the certification, still seek a position that could continue your career. Employers can help encourage people into cybersecurity careers, too. Perhaps your future employer can pay for your training and exam costs if the certification is really that important. Show that you can walk the walk and the rest will fall into place.

A note to employers, HR departments and those seeking talent: no more job listings that look like a check box exercise. I’m going full Dee Hock here:

“Hire and promote first on the basis of integrity; second motivation; third capacity; fourth understanding; fifth knowledge; and last and least, experience. Without integrity, motivation is dangerous; without motivation, capacity is impotent; without capacity, understanding is limited; without understanding, knowledge is meaningless; without knowledge, experience is blind.”

The check box route is an exercise in looking for unicorns. You will almost always end up with the wrong person in the position, or worse, somebody who is there for the ride to get a resume boost and will jump ship. People are looking for work in cybersecurity careers right now. Listen to Dee Hock: find them, train them and they’ll appreciate that, especially nowadays.

Final Note to Employers: It’s On You to Hold On to Staff

People normally depart a job because they are burnt out, are in a bad workplace environment or because they have been pushed out. You are never going to build that culture of cybersecurity with high turnover.

In closing: if you are losing for cybersecurity careers in 2021, chances are it’s because you are letting them get away, not because they are doing a bad job. And that word will spread, which will make it only harder for you to replace that talent. Be wise about talent retention decisions. You may be feeding the competition without even realizing it and you may never get that talent back.

Next week, we close off this series with the Cybersecurity First theme.

More from CISO

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…