Cybersecurity career paths can feel a bit unclear, as our field is a relatively new one. The longer I’m in this industry, the more people ask me how to navigate their way into cybersecurity. This always fills me with trepidation, as “cybersecurity” isn’t so much one job as it is hundreds of different types of jobs, comprising dozens of different specializations.

My answer to those looking to start a cybersecurity career is usually to underscore the importance of getting to know people already in the industry and establishing your trustworthiness. Beyond that, it’s important to get a sense of what specialties interest you, as the best way to get into penetration testing isn’t necessarily the best way to get into a governance and compliance role.

Every Cybersecurity Career Path Is Different

My own career voyage might be best described as what happens when you’re blown about by the winds of fate. I found my first job at a security company because a friend told me about a people-oriented position she thought would suit me; they chose me because I’m a fast typist and I know how to find my way around Microsoft Office programs — not exactly the traditional path into this industry!

The rest of my career progression has been about exploring what aspects of security intrigued me. I discovered there were some topics that were a lot of fun and some I’d rather have my toenails pulled off than revisit.

My total lack of traditional job experience and any kind of purposeful career planning made my journey much slower than average, but a meteoric rise up the career ladder has never been something that appealed to me. This scenic route has taught me lessons and a breadth of skills that might not be gained with a more direct trajectory. I took my time to learn as much as I could, which was something that has served me well in the long term. Pursuing a nontraditional path can be a good way to go, but you’ll need to allow yourself extra time to explore.

If you want to figure out how to start career planning, it’s a good idea to get as much information as possible about where you would like that journey to lead you. If you’re just starting your career, the best way to do this may just be to explore by doing. But you can also help narrow down your search by asking yourself some questions about the way you work.

Reflect on What Really Moves You

I once interviewed someone for a malware analyst role within an emergency response team who gushed about how he loves digging into a tricky problem and pointing to a product on a store shelf to show off the results of his labors. Emergency situations don’t really allow for deep dives, and there would be nothing tangible for him to share with his loved ones. Once we talked about this, we agreed that he would likely find the job unsatisfying.

What he did in this interview is something I would advise more people to do: Ask people already established in a specialty that seems interesting to you what their job is like, and tell people what really makes you tick. Here are some key questions to consider:

What Brings You Job Satisfaction?

There are many things we can find satisfying about a job well done. Some like hearing from people they’ve helped. Others may find it fulfilling to express themselves through a creative outlet, such as writing or designing. Those of us who like playing with puzzles may have a fondness for solving difficult problems. You might find it satisfying to bring order to messy situations. Many of us like making a difference by helping people learn and grow. Or, you might find it motivating to explore new topics or learn about different types of security technology.

What Job and Life Factors Are Important to You?

Not everyone likes the same working conditions. Some people need the face-to-face interaction that’s offered in an office, while some find they’re more efficient working from home. Some people like to be able to move between groups or departments within a big company, while others like the opportunity to wear a lot of hats within a smaller company.
You may prefer having a stable, predictable source of income, but another person might like the chance to gamble on the possibility of a bigger payoff with a startup.

If you want to live in a particular locale, your options may be different from those of someone who would prefer the possibility of moving around. Some people like to be slow and thorough with their work, while others function better moving quickly from one topic to the next.

What Are Your Job Deal-Breakers?

The more specific you can get with your preferences, the more likely you are to find something ideally suited to you. It’s also important to realize that this is a journey, and you may choose to take roles that are slightly less than ideal to gain the experience that will help you get where you want to be. But there are also limitations to what we can stand that we all must put in place to preserve our happiness and sanity. It’s also important to get clear about which factors are “nice to have” versus “must-have.”

For instance, some people may not like to move locations for different jobs but might be able to put up with it temporarily, whereas others might find this truly intolerable. If some factor is truly important to you, that restriction could add time to your journey, but respecting your own needs makes it less likely that you’ll burn out before you get where you want to go.

There’s a Cybersecurity Job Out There for You

Whether you’re already 100 percent clear on what moves you in life or you need to drift around for a bit to see what floats your boat, there are plenty of cybersecurity career paths for all kinds of people. By taking the time to think about what truly moves you before making a job decision, you can enjoy calmer seas as you set off on your career journey.

More from CISO

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…