Open information security jobs are everywhere. For businesses small and large, and across all industries, the need for qualified cybersecurity professionals is widespread. Compensation for the skills required to help run an information security program makes this field one of the most lucrative out there.

It’s unwise to kick off your cybersecurity career without having thought about what you want to specialize in. Information security is not just about keeping attackers away: There’s an entire life cycle associated with the security and risk management process. From managing the core elements of computers and networks to overseeing the day-to-day work, security requires specialized expertise in various areas.

Read the IBM executive report: Addressing the Skills Gap with a New Collar Approach

Find Your Focus

Early on in my career, through both formal education and hands-on experience, I gained a ton of knowledge about computer operating systems, software development and networking. I built up this skill set for the first half of my career and, once I went out on my own as an independent consultant, figured I was going to do all things security-related.

I was sorely mistaken — arguably delusional. I even introduced myself during some of my earlier presentations as someone who performs security assessments for those who take security seriously and incident response for those who don’t. I thought I was the end-all-be-all solution for everyone’s information security needs.

But it became clear to me that I needed to specialize in something, so I did just that. I decided that I wanted to work more on the proactive side of security, evaluating vulnerabilities and risks and then providing guidance to help my clients secure their environments before a breach occurs — without sacrificing productivity.

Carving Out Your Niche in Cybersecurity

Whenever people ask me what area of security they should focus on, my answer is always the same: It depends. I then ask them questions such as:

  • Do you consider yourself a techie or are you more business-oriented?
  • Do you feel like you’re a good communicator?
  • What security work seems more appealing to you: working on a computer in a lab all day or interacting with people?

Beyond that, I tell people to look at what they’ve been good at in the past and what they do well now. For example, some people are great at seeing the big picture and identifying patterns that create challenges to the business or IT function. Conversely, others are better at discovering technical details such breach-related clues and log files or knowing the proper source code syntax to prevent the manipulation of a web application. This can be a difficult process, but it’s really important if you want to get involved with security in the right ways.

Additionally, aspiring cybersecurity professionals should think about what areas interest them and what they want to get better at. In terms of specific areas of specialization, there are countless options, including:

  • Architect and designer;
  • Policy manager;
  • Administrator;
  • Analyst;
  • Security tester, including vulnerability and penetration testing;
  • Trainer;
  • Auditor;
  • Incident responder;
  • Forensics investigator; and
  • Lawyer.

You can do any of the above across practically all industries as an employee, consultant or contractor, including in the military and local, state and federal governments. You can start out at a junior level, end up in mid-management and even work your way up to chief information security officer (CISO). There is such a great need for information security skills in business today that you can literally write your own ticket in this field. If you’re likable, well-spoken and well-written, and understand security as it related to business, the sky is the limit, as long as you specialize.

Chart Your Cybersecurity Career Path

Regardless of your background and goals, the simple truth is that you cannot be an expert at everything. Even a seemingly niche field such as information security is extremely diverse and complex. Think things through: Ask yourself the tough questions now so that you can get on — and stay on — the right path rather than having to re-evaluate and shift your career focus years down the road.

When you find your area of specialty, go all in. Commit to continuous learning and vow to always be a person of value. There are a lot of people working in security who are not of much value — in many cases, because they lack direction and focus. Regardless of your skills, your ultimate success will depend on the quality of your relationships: who you know and, most importantly, who knows you.

Read the IBM executive report: Addressing the Skills Gap with a New Collar Approach

More from CISO

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…

Laid Off by Big Tech? Cybersecurity is a Smart Career Move

Big technology companies are laying off staff as market conditions change. The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years. As noted by Stanford…