August 25, 2017 By Kevin Beaver 3 min read

Open information security jobs are everywhere. For businesses small and large, and across all industries, the need for qualified cybersecurity professionals is widespread. Compensation for the skills required to help run an information security program makes this field one of the most lucrative out there.

It’s unwise to kick off your cybersecurity career without having thought about what you want to specialize in. Information security is not just about keeping attackers away: There’s an entire life cycle associated with the security and risk management process. From managing the core elements of computers and networks to overseeing the day-to-day work, security requires specialized expertise in various areas.

Read the IBM executive report: Addressing the Skills Gap with a New Collar Approach

Find Your Focus

Early on in my career, through both formal education and hands-on experience, I gained a ton of knowledge about computer operating systems, software development and networking. I built up this skill set for the first half of my career and, once I went out on my own as an independent consultant, figured I was going to do all things security-related.

I was sorely mistaken — arguably delusional. I even introduced myself during some of my earlier presentations as someone who performs security assessments for those who take security seriously and incident response for those who don’t. I thought I was the end-all-be-all solution for everyone’s information security needs.

But it became clear to me that I needed to specialize in something, so I did just that. I decided that I wanted to work more on the proactive side of security, evaluating vulnerabilities and risks and then providing guidance to help my clients secure their environments before a breach occurs — without sacrificing productivity.

Carving Out Your Niche in Cybersecurity

Whenever people ask me what area of security they should focus on, my answer is always the same: It depends. I then ask them questions such as:

  • Do you consider yourself a techie or are you more business-oriented?
  • Do you feel like you’re a good communicator?
  • What security work seems more appealing to you: working on a computer in a lab all day or interacting with people?

Beyond that, I tell people to look at what they’ve been good at in the past and what they do well now. For example, some people are great at seeing the big picture and identifying patterns that create challenges to the business or IT function. Conversely, others are better at discovering technical details such breach-related clues and log files or knowing the proper source code syntax to prevent the manipulation of a web application. This can be a difficult process, but it’s really important if you want to get involved with security in the right ways.

Additionally, aspiring cybersecurity professionals should think about what areas interest them and what they want to get better at. In terms of specific areas of specialization, there are countless options, including:

  • Architect and designer;
  • Policy manager;
  • Administrator;
  • Analyst;
  • Security tester, including vulnerability and penetration testing;
  • Trainer;
  • Auditor;
  • Incident responder;
  • Forensics investigator; and
  • Lawyer.

You can do any of the above across practically all industries as an employee, consultant or contractor, including in the military and local, state and federal governments. You can start out at a junior level, end up in mid-management and even work your way up to chief information security officer (CISO). There is such a great need for information security skills in business today that you can literally write your own ticket in this field. If you’re likable, well-spoken and well-written, and understand security as it related to business, the sky is the limit, as long as you specialize.

Chart Your Cybersecurity Career Path

Regardless of your background and goals, the simple truth is that you cannot be an expert at everything. Even a seemingly niche field such as information security is extremely diverse and complex. Think things through: Ask yourself the tough questions now so that you can get on — and stay on — the right path rather than having to re-evaluate and shift your career focus years down the road.

When you find your area of specialty, go all in. Commit to continuous learning and vow to always be a person of value. There are a lot of people working in security who are not of much value — in many cases, because they lack direction and focus. Regardless of your skills, your ultimate success will depend on the quality of your relationships: who you know and, most importantly, who knows you.

Read the IBM executive report: Addressing the Skills Gap with a New Collar Approach

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today