October 18, 2021 By George Platsis 3 min read

This week, Cybersecurity Awareness Month focuses on cybersecurity careers and jobs in the industry, with a simple tagline: Explore. Experience. Share. Check out NIST’s workshops and toolkits for Career Week.

For cybersecurity and IT workers, if you want to position yourself well, do some exploring. Get to know new territory outside of cybersecurity. The reason? Simple: share your insights on the industry. Perhaps more importantly, learn about what matters to others to find some common ground.

Can You Talk Business When it Comes to Cybersecurity Jobs?

Cybersecurity and IT workers: up your game and learn the language of business. The information and data security function is much more integral to keeping a business going than it was even as recently as five years ago. No longer just a side issue, digital safety is a core issue. Learn to tell the C-suite that.

Regardless of job role, all teams understand dollars and cents. That’s your common ground. You can bridge the gap, and if becoming a chief information security officer (CISO) is your plan, you are putting yourself in a good position for the job. Cybersecurity careers being all about tech is so 2020. Go out of your comfort zone. Learn about the business and teach other stakeholders about your duties while you learn about theirs.

Cybersecurity Careers: Generalist or Specialist?

Regardless of where you are in your cybersecurity career, you’re going to have to make a decision. So I want to be a generalist or specialist? Each has its pros and cons.

  • Generalist: This career path can be bumpy. You’ll face entry-level positions where specific skills, tasks and abilities to use software platforms and tools are required. If you are too theoretical with no prior hands-on work, you may struggle to break into the industry. But if you are further into your career and expand beyond tech and specific skills, you open yourself up to greater opportunities that may be more business-, risk- and privacy-focused.
  • Specialist: This path likely helps you break into the industry, but the longer you stay as a specialist, the more likely you pigeonhole yourself for the future. Cybersecurity careers rapidly change as technology does. Remember, what is good today may not be good tomorrow, especially if new tech, like orchestration and artificial intelligence, starts to take over tasks. Also, being a specialist may get you the CISO job, but without building out your skill stack, don’t expect to keep the CISO job.

Don’t Let Certifications Hold You Back

Let’s be real: the industry is in desperate need of talent. If you have skills but are missing the certification, still seek a position that could continue your career. Employers can help encourage people into cybersecurity careers, too. Perhaps your future employer can pay for your training and exam costs if the certification is really that important. Show that you can walk the walk and the rest will fall into place.

A note to employers, HR departments and those seeking talent: no more job listings that look like a check box exercise. I’m going full Dee Hock here:

“Hire and promote first on the basis of integrity; second motivation; third capacity; fourth understanding; fifth knowledge; and last and least, experience. Without integrity, motivation is dangerous; without motivation, capacity is impotent; without capacity, understanding is limited; without understanding, knowledge is meaningless; without knowledge, experience is blind.”

The check box route is an exercise in looking for unicorns. You will almost always end up with the wrong person in the position, or worse, somebody who is there for the ride to get a resume boost and will jump ship. People are looking for work in cybersecurity careers right now. Listen to Dee Hock: find them, train them and they’ll appreciate that, especially nowadays.

Final Note to Employers: It’s On You to Hold On to Staff

People normally depart a job because they are burnt out, are in a bad workplace environment or because they have been pushed out. You are never going to build that culture of cybersecurity with high turnover.

In closing: if you are losing for cybersecurity careers in 2021, chances are it’s because you are letting them get away, not because they are doing a bad job. And that word will spread, which will make it only harder for you to replace that talent. Be wise about talent retention decisions. You may be feeding the competition without even realizing it and you may never get that talent back.

Next week, we close off this series with the Cybersecurity First theme.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today