It's no secret that the cybersecurity industry is facing a shortage of skilled professionals. The threat landscape has evolved faster than nearly anyone was expecting, creating a high demand for talented individuals with niche skillsets to help protect enterprise and consumer infrastructure.
Despite the demand, however, it is still exceedingly rare for people to even consider cybersecurity as a valid career path – whether because they have a non-technical background, lack expertise or have never been exposed to the career possibility. This perception is unfortunate; as a member of the security industry for more than twenty years, I can confidently say that the people I have encountered who are most effective in a cybersecurity role are not those who come from the most traditional background – instead, it’s those who see an opportunity for an exciting, rewarding job and seize it.
Throughout my career, I’ve taken notice of three key qualities of people who are successful in the field of cybersecurity:
- Adaptability: You’ve heard the old idiom: the only constant is change. This rings particularly true in a career such as cybersecurity. Hackers will never stop adjusting their methods; that means the threat landscape is constantly shifting along with it. And if we look at the landscape over the past several years, not only have the problems drastically changed, but so have the technologies and how people solve them. A higher education degree might be helpful to a certain extent, but the fact is that with how rapidly our technology is changing, people need to be adaptable to excel in this fast-paced environment. One of the fundamental characteristics of people pursuing a career in cybersecurity has to be that they are comfortable with adapting to any changes that come along, and morphing their principles and approaches along the way.
- Creativity: Traditional education can only prepare you for a cybersecurity career to a certain extent. The most successful professionals are able to think outside the box and alter their approaches to solving new problems that will inevitably arise. Sometimes the right answer is the non-traditional one. For example, think about how the use of user and application-based policies versus ACLs has evolved over the last decade in security – it used to be user-based controls were only used by human resources for the monitoring of employees’ internet usage while at work, but today, every next-generation security technology on the market leads with the ability to set policies by users (or applications) to enable security teams with the ability to better understand who and what is on the network. There are countless similar examples that highlight how rapidly cybersecurity changes; you have to be willing to challenge convention in order to solve the problem.
- Intuition: Cybersecurity isn’t an exact science. When you work in an industry that is as fast-paced as this one, you have to be comfortable with being uncomfortable – that is, making important decisions without always having all of the facts. The only way to succeed in this setting is by following your gut. Fortunately, intuition only gets stronger the more you rely on and trust it. The most successful professionals I’ve found have faith in themselves and trust their gut – even if it means taking a risk.
Above all, it’s important to realize that to be successful for a career in cybersecurity, you should never stop learning. It’s critical to take this learning upon yourself – take an online class, read a book, attend a lecture. The landscape is always changing and will continue to do so; a tactic you may have successfully implemented just a quarter or two ago may already be out of date and ineffective. I always love the saying, if you are the smartest person in the room, you’re in the wrong room. You should always surround yourself with people who can push you and help you grow towards becoming a better version of yourself – no matter what industry you are in.