December 9, 2019 By Lysa Myers 4 min read

Cybersecurity career paths can feel a bit unclear, as our field is a relatively new one. The longer I’m in this industry, the more people ask me how to navigate their way into cybersecurity. This always fills me with trepidation, as “cybersecurity” isn’t so much one job as it is hundreds of different types of jobs, comprising dozens of different specializations.

My answer to those looking to start a cybersecurity career is usually to underscore the importance of getting to know people already in the industry and establishing your trustworthiness. Beyond that, it’s important to get a sense of what specialties interest you, as the best way to get into penetration testing isn’t necessarily the best way to get into a governance and compliance role.

Every Cybersecurity Career Path Is Different

My own career voyage might be best described as what happens when you’re blown about by the winds of fate. I found my first job at a security company because a friend told me about a people-oriented position she thought would suit me; they chose me because I’m a fast typist and I know how to find my way around Microsoft Office programs — not exactly the traditional path into this industry!

The rest of my career progression has been about exploring what aspects of security intrigued me. I discovered there were some topics that were a lot of fun and some I’d rather have my toenails pulled off than revisit.

My total lack of traditional job experience and any kind of purposeful career planning made my journey much slower than average, but a meteoric rise up the career ladder has never been something that appealed to me. This scenic route has taught me lessons and a breadth of skills that might not be gained with a more direct trajectory. I took my time to learn as much as I could, which was something that has served me well in the long term. Pursuing a nontraditional path can be a good way to go, but you’ll need to allow yourself extra time to explore.

If you want to figure out how to start career planning, it’s a good idea to get as much information as possible about where you would like that journey to lead you. If you’re just starting your career, the best way to do this may just be to explore by doing. But you can also help narrow down your search by asking yourself some questions about the way you work.

Reflect on What Really Moves You

I once interviewed someone for a malware analyst role within an emergency response team who gushed about how he loves digging into a tricky problem and pointing to a product on a store shelf to show off the results of his labors. Emergency situations don’t really allow for deep dives, and there would be nothing tangible for him to share with his loved ones. Once we talked about this, we agreed that he would likely find the job unsatisfying.

What he did in this interview is something I would advise more people to do: Ask people already established in a specialty that seems interesting to you what their job is like, and tell people what really makes you tick. Here are some key questions to consider:

What Brings You Job Satisfaction?

There are many things we can find satisfying about a job well done. Some like hearing from people they’ve helped. Others may find it fulfilling to express themselves through a creative outlet, such as writing or designing. Those of us who like playing with puzzles may have a fondness for solving difficult problems. You might find it satisfying to bring order to messy situations. Many of us like making a difference by helping people learn and grow. Or, you might find it motivating to explore new topics or learn about different types of security technology.

What Job and Life Factors Are Important to You?

Not everyone likes the same working conditions. Some people need the face-to-face interaction that’s offered in an office, while some find they’re more efficient working from home. Some people like to be able to move between groups or departments within a big company, while others like the opportunity to wear a lot of hats within a smaller company.
You may prefer having a stable, predictable source of income, but another person might like the chance to gamble on the possibility of a bigger payoff with a startup.

If you want to live in a particular locale, your options may be different from those of someone who would prefer the possibility of moving around. Some people like to be slow and thorough with their work, while others function better moving quickly from one topic to the next.

What Are Your Job Deal-Breakers?

The more specific you can get with your preferences, the more likely you are to find something ideally suited to you. It’s also important to realize that this is a journey, and you may choose to take roles that are slightly less than ideal to gain the experience that will help you get where you want to be. But there are also limitations to what we can stand that we all must put in place to preserve our happiness and sanity. It’s also important to get clear about which factors are “nice to have” versus “must-have.”

For instance, some people may not like to move locations for different jobs but might be able to put up with it temporarily, whereas others might find this truly intolerable. If some factor is truly important to you, that restriction could add time to your journey, but respecting your own needs makes it less likely that you’ll burn out before you get where you want to go.

There’s a Cybersecurity Job Out There for You

Whether you’re already 100 percent clear on what moves you in life or you need to drift around for a bit to see what floats your boat, there are plenty of cybersecurity career paths for all kinds of people. By taking the time to think about what truly moves you before making a job decision, you can enjoy calmer seas as you set off on your career journey.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today