Beginning and building your cyber security career

Every day online I see someone asking for the best way to start or advance a career in cyber security.

An example today finally inspired me to put pen to paper!

I do not believe there is one true path to happiness. Rather, I think we should approach our careers as a process:

• There is no need to choose one area and stick to that.
• Start where the doors are open for you, and keep on learning.
• Keep your eyes and ears open, and you’ll see the directions you want your next steps to go.
• Try to understand what you want in your career, and more importantly what you don’t want.
• Likely your answers will change over time, as your circumstances change, and as you change and grow.
• Keep on asking yourself what you want and what you don’t want.
• Try to stay as flexible and as open as possible, while still maintaining health boundaries on what is unacceptable for you.
• Side-channel attacks are for career progress as well as hacking! You don’t always have to take the direct route to the career you want. Many jobs can turn towards cyber security if you want.
• Complex exploit chains are for career progress as well as hacking! You might have to combine previous art (or roles or skills) in clever ways, and add things you build yourself. Many jobs allow you to invent roles – companies and bosses are often happy if you just start taking responsibilities in a new area, especially if it makes their life easier.

In addition, cyber security is far broader field than most people imagine:

• Some people prefer to be specialists.
• Some people prefer to be cross-domain.
• Some prefer to be technical only.
• Some prefer to avoid the technical.
• There are million ways to be technical.
• There are another million ways to be non-technical.
• Some prefer a mix of technical and not technical.
• If you want, your personal mix can change day to day, week to week, while still working the same job. Some people like it like this, like the variety and the changes. Some people hate the uncertainty and distractions from their ‘real’ job.
• A million different mixes exist. Like with most things in life and about people, you may find the magical complexities easier to navigate when thinking in fluid spectrums rather than in static binaries.
• All these types of people, and a million more, are needed somewhere in cyber security.

Whatever your career path, even in the most “pure” of technical roles, constantly working on improving your people skills (like the technical skills you learn, this is never finished, we all have more to learn and improve) will be critical for your progress and success:

• Empathy, curiosity, and respect for others – without this, you will become known in your company and your industry, and not in a good way. With it, people will want to work with you, will want to help you, and will give you their best. Even the most ‘pure’ technical people have bosses, colleagues, customers, and more. People they need to work with to succeed.
• Really listening and learning to understand others – without this, you will have constant friction in both your work and your career. With this, you will be able to turn conflicts into solutions, you will learn things that make you better at the core parts of your work, and you will be able to build and maintain fun teams.
• Clear communication, both written and spoken – without this, you will often fail to get what you want and need, even when you are “right.” By clearly expressing yourself in your audience’s language, your suggestions will find friendlier ears, and your problems and projects will find helping hands.

Good luck! Maybe one day we will be colleagues?