Cybersecurity career paths can feel a bit unclear, as our field is a relatively new one. The longer I’m in this industry, the more people ask me how to navigate their way into cybersecurity. This always fills me with trepidation, as “cybersecurity” isn’t so much one job as it is hundreds of different types of jobs, comprising dozens of different specializations.

My answer to those looking to start a cybersecurity career is usually to underscore the importance of getting to know people already in the industry and establishing your trustworthiness. Beyond that, it’s important to get a sense of what specialties interest you, as the best way to get into penetration testing isn’t necessarily the best way to get into a governance and compliance role.

Every Cybersecurity Career Path Is Different

My own career voyage might be best described as what happens when you’re blown about by the winds of fate. I found my first job at a security company because a friend told me about a people-oriented position she thought would suit me; they chose me because I’m a fast typist and I know how to find my way around Microsoft Office programs — not exactly the traditional path into this industry!

The rest of my career progression has been about exploring what aspects of security intrigued me. I discovered there were some topics that were a lot of fun and some I’d rather have my toenails pulled off than revisit.

My total lack of traditional job experience and any kind of purposeful career planning made my journey much slower than average, but a meteoric rise up the career ladder has never been something that appealed to me. This scenic route has taught me lessons and a breadth of skills that might not be gained with a more direct trajectory. I took my time to learn as much as I could, which was something that has served me well in the long term. Pursuing a nontraditional path can be a good way to go, but you’ll need to allow yourself extra time to explore.

If you want to figure out how to start career planning, it’s a good idea to get as much information as possible about where you would like that journey to lead you. If you’re just starting your career, the best way to do this may just be to explore by doing. But you can also help narrow down your search by asking yourself some questions about the way you work.

Reflect on What Really Moves You

I once interviewed someone for a malware analyst role within an emergency response team who gushed about how he loves digging into a tricky problem and pointing to a product on a store shelf to show off the results of his labors. Emergency situations don’t really allow for deep dives, and there would be nothing tangible for him to share with his loved ones. Once we talked about this, we agreed that he would likely find the job unsatisfying.

What he did in this interview is something I would advise more people to do: Ask people already established in a specialty that seems interesting to you what their job is like, and tell people what really makes you tick. Here are some key questions to consider:

What Brings You Job Satisfaction?

There are many things we can find satisfying about a job well done. Some like hearing from people they’ve helped. Others may find it fulfilling to express themselves through a creative outlet, such as writing or designing. Those of us who like playing with puzzles may have a fondness for solving difficult problems. You might find it satisfying to bring order to messy situations. Many of us like making a difference by helping people learn and grow. Or, you might find it motivating to explore new topics or learn about different types of security technology.

What Job and Life Factors Are Important to You?

Not everyone likes the same working conditions. Some people need the face-to-face interaction that’s offered in an office, while some find they’re more efficient working from home. Some people like to be able to move between groups or departments within a big company, while others like the opportunity to wear a lot of hats within a smaller company.
You may prefer having a stable, predictable source of income, but another person might like the chance to gamble on the possibility of a bigger payoff with a startup.

If you want to live in a particular locale, your options may be different from those of someone who would prefer the possibility of moving around. Some people like to be slow and thorough with their work, while others function better moving quickly from one topic to the next.

What Are Your Job Deal-Breakers?

The more specific you can get with your preferences, the more likely you are to find something ideally suited to you. It’s also important to realize that this is a journey, and you may choose to take roles that are slightly less than ideal to gain the experience that will help you get where you want to be. But there are also limitations to what we can stand that we all must put in place to preserve our happiness and sanity. It’s also important to get clear about which factors are “nice to have” versus “must-have.”

For instance, some people may not like to move locations for different jobs but might be able to put up with it temporarily, whereas others might find this truly intolerable. If some factor is truly important to you, that restriction could add time to your journey, but respecting your own needs makes it less likely that you’ll burn out before you get where you want to go.

There’s a Cybersecurity Job Out There for You

Whether you’re already 100 percent clear on what moves you in life or you need to drift around for a bit to see what floats your boat, there are plenty of cybersecurity career paths for all kinds of people. By taking the time to think about what truly moves you before making a job decision, you can enjoy calmer seas as you set off on your career journey.

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read