The question on the minds of many people is this: Just what are the main factors that can help me get ahead in my cybersecurity career?
These are my hard-won tips, based on my own experience of the items that helped me to scale the corporate ladder.
Dress for the role you want, not the role you are in.
I love cardigans; they are incredibly comfortable. I haven’t owned one since 1996 when a colleague remarked: “Oh look, here comes Raef, power dressing again in his cardigan.”
Up until that point, I had always thought it was great that whilst all the executives had to wear jackets, my role had the leniency to wear pretty much whatever I wanted. Then I realised that my attire was impacting how I was perceived. I went out the next day and invested in much smarter attire. I got promoted about two months later, then again and again, rising five rungs in the corporate ladder in just three years. I hadn’t changed but my clothing had.
If you dress as sharply as the sharpest person in the office, I have even heard executives comment that they had to promote the person because it looked bad if they introduced them in a junior role when they looked like a senior executive!
Get relevant, internationally recognised certifications.
You may know what you are doing, but when it comes to candidate selection, nothing shows your capability more than having the right credentials. In my time I have certified in Project Management, Program Management, and ISACA’s Certified Information Systems Auditor (CISA), and Certified Information Security Manager (CISM).
Of all of the certifications I took, CISA provided the best initial cybersecurity job boost. In fact, when I meet people who are just about to pass their CISA, the next time we meet, they have usually shuffled upwards quite considerably in their career.
As a further example, I ran security in a SaaS platform for several years before I took my CISM certification – but I recognised that although I was already delivering security management and even writing security frameworks for multi-billion dollar companies, without relevant proof, my résumé might be overlooked in favour of a candidate with the reassurance of a relevant certification.
It is also worth looking at where the skills gaps are. For example, in the ISACA State of Cybersecurity 2018 survey (part 2), 43 per cent of respondents selected that ‘skill and/or resource limitations’ were one of the biggest barriers to implementing active defence.
It is worth choosing your certification based on both what you enjoy but also taking into consideration the latest research on the cyber jobs market. There is even more about the job skills gaps in part 1 of the survey.
Be a reliable person of value.
As Einstein said, “Try not to be a (person) of success, but rather try to become a (person) of value”.
People get promoted because they are consistently valuable to their organisation. Success can fade, but value stays with you.
In the world of cybersecurity, your value is also deeply reliant on ensuring you stay updated on your topic. More on that topic further down!
Develop your soft skills.
Some of the most career-enhancing training I have ever received has focussed on developing communication, presentation and negotiation skills. These are the kinds of added value attributes that differentiate between a good practitioner and an excellent manager.
For example, I changed career from key account management to information technology around 17 years ago. I had already been presenting to large company boardroom executives for many years. Then, I joined IT. At that time, the communication skills in the team were, er... basic to say the least. I was quickly the person to go to for prepping and delivering content to managers, and in return my colleagues helped me quickly build my skills in technology delivery.
I cannot emphasise enough that cybersecurity professionals who are also great communicators are a shortage skill set inside a shortage skill set. Developing your communication skills is a sure way to boost your earning potential.
Look for the biggest pond you can find.
I have met some excellent security professionals who are woefully undervalued simply because they have gone as far as they can in the enterprise they are in.
One of the additional challenges for a cyber pro is this: Is your organisation able to help you grow in your chosen area of expertise? For example, how much easier is it for a digital forensics specialist to acquire and update information in a large team of digital forensics specialists?
If you need to stay within a smaller enterprise, then another tip is to ensure they allow you enough time to create your own ‘large pond’. Attend relevant conferences, meet regularly with others in your field and tap into what they have learned, where they have failed and what they find most useful to apply.
Operate with integrity and honesty.
The only item that can mess up all of the above is when people fail to operate with honesty and integrity in everything they do.
There are still people out there who may (briefly) get ahead through dishonest means – but we all know that sooner or later, their tactics catch up with them.
I have yet to meet a sharply dressed, reliable, relevantly certified cybersecurity professional with great communication skills who is not in high demand. However – if you know of any – just let me know and I am sure I can help them find a role.
Raef Meeuwisse, Governance Expert and author, Cybersecurity for Beginners, ISACA
Image Credit: B-lay