The Virtual CISO with Steve King

Training & Security Leadership

Turning to a Career in Cybersecurity

Cyberthreats Are Rampant, Expertise Is Needed, and the Rewards Are Great
Turning to a Career in Cybersecurity
Image: Getty Images

It should be clear to even the most casual observer that we are fully engaged in a battle for global security.

See Also: The External Attack Surface Is Growing and Represents a Consistent Vulnerability

We get hacked and breached daily and pay large ransomware sums, regulatory violations and fees abound, vendors consolidate, we still try to defend after the attack and we generally understand little about the domain we are getting paid to manage.

Cybersecurity has not surprisingly emerged as one of the most critical fields, safeguarding our digital lives, national security and the global economy. The escalating frequency and sophistication of cyberattacks highlight the urgent need for skilled professionals to defend against these threats and open up a myriad of opportunities for individuals considering making a shift in their career paths toward cybersecurity.

But how does one do that?

The transition to a career in cybersecurity is not just a change of professional direction; it represents a commitment to defending the digital world. Without that commitment, practitioners lack the passion needed to fuel their work.

The Unavoidable Reality of Cyberthreats

The digital age has ushered in a new era of vulnerabilities. From personal data breaches affecting millions to sophisticated cyberespionage campaigns targeting governments, the threats are as diverse as they are dangerous. The WannaCry ransomware attack, which affected over 200,000 computers across 150 countries, and the SolarWinds hack, which penetrated U.S. government agencies, underscore the global scale and severity of cyberthreats. They point to technical vulnerabilities but also to the human shortfall in cybersecurity expertise.

The Escalating Demand for Cybersecurity Professionals

The demand for cybersecurity professionals is skyrocketing, driven by the ever-expanding cyberthreat landscape. Estimates of a 4-million job shortfall are probably underrated. This gap is not just a statistical concern; it represents a glaring risk to global digital infrastructure. We need to address it to secure our future against the existential threats posed by cyber adversaries. The Opportunity for Career Shifters

For those contemplating a shift in their career path, cybersecurity offers a compelling proposition. It is a field where the demand for talent far outstrips supply, ensuring strong job security and competitive compensation. And cybersecurity roles span a diverse range of interests and skills, from ethical hacking to compliance and risk management. This diversity means that individuals from various backgrounds - such as IT, law or liberal arts - can find a niche within cybersecurity that aligns with their skills and interests.

The Path to a Cybersecurity Career

Transitioning to a career in cybersecurity typically involves a combination of education, certification and practical experience.

For most, the journey begins with gaining a foundational understanding of computer science and network systems. But the field's dynamic nature means that continuous learning and specialization are crucial. Certifications such as the Certified Information Systems Security Professional - CISSP - or Certified Ethical Hacker - CEH - showcase your expertise and commitment to prospective employers.

But getting a certification with no background in cyber at all is not a path we recommend. After you complete's Fundamentals coursework, join a security team and blend the team's needs with your own. Then you can identify the next coursework you should pursue. These are rational and incremental steps to building value for yourself and your employer.

If you don't yet have a willing employer, it's important to practically apply your growing skills through internships, personal projects and contributions to open-source cybersecurity initiatives. These experiences build competency and demonstrate your proactive approach to problem-solving and genuine passion for the field.

The bottom line: A hands-on approach that burns the experience into your brain coupled with self-directed education and training are the two critical components for your transition path. Avoid traditional university degree programs in cybersecurity at all levels. Such a degree may get you a role in administration, but to be useful in filling the 4-million-job gap, you need to possess critical technical skill - and you won't find that in most university degree programs.

The best results we have witnessed come from converting good network analysts into SOC analysts or forensics folks. Nothing is more important in cybersecurity than understanding the network.

What's Next?

  • Tell your boss you want to make a turn toward cybersecurity. Ask permission to start part-time training.
  • Look for examples of your targeted roles in the opportunities listed on your internal job board. Read about and fully understand what each of these roles will do all day before you make a decision.
  • Once you decide on a role, go for it with gusto.
  • Offer your services to your IT and/or security teams during off-hours. Listen and learn.
  • Plan to acquire 100 hours of education, and be first in line for grunt work.
  • As you discover your inherent skills, allow yourself to drift in that direction.

For those ready to take on the challenge, a career in cybersecurity offers continuous learning, adaptation and commitment to a great cause. You will have the chance to be at the forefront of protecting the digital frontiers of our interconnected world and in doing so, you also may be safeguarding the future of our digital civilization.

About the Author

Steve King

Steve King

Managing Director, Cybersecurity Marketing Advisory Services, CyberTheory

Steve King has served in senior leadership roles in technology development and deployment for the past 25 years. He is an author, lecturer and serial startup founder, including three successful exits in cybersecurity, and served for six years as the CISO for Wells Fargo Global Retail banking. As a co-founder of the CyberTheory Institute, King is passionate about the role Zero Trust must play in the future of cybersecurity defense. He is currently the managing director of CyberTheory and has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, and served as CIO for Memorex and was the co-founder of the Cambridge Systems Group.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.