How to specialize in cybersecurity: Find your path and your passion
Most up-and-coming cyber pros know that the industry is vast and ever-evolving. That’s why committing to a career path can be so intimidating. Especially when you’re just starting out.
Whether you’re interested in multiple areas or still totally undecided, Cyber Work Podcast guest Casey Ellis shares how to kickstart your career — and how to find your niche.
Step 1: Find your passion
If Casey’s career arc is one thing, it’s inspirational. This pentester turned Chairman and CEO of Bugcrowd, a crowdsourced bug bounty and vulnerabilities disclosure platform, channeled his childhood fascination into a career he’s actually passionate about. But, he acknowledges it’s not that straightforward for everyone.
While a lot of cyber professionals come from different backgrounds and industries — some even decades into their career — Ellis was one of the lucky ones whose path picked him early on. And stuck with it.
What should you learn next?
As a kid, Ellis found himself intrigued by physics, an interest he blames on his father, a science teacher who often brought home computers, radios and even lasers to experiment with. This initial interest in how things work eventually evolved into a fascination with “criminal creativity,” or how hackers operate and engineer attacks. Without rules or laws guiding decision-making, Ellis says you can “create an environment for solution development with pure pursuit of possibility as the primary objective.”
Reconciling the art of hacking with doing good is the core concept he built his career upon, proving that focus and commitment can garner paramount success.
But, what if you’re not passionate about anything in particular? Ellis suggests: start somewhere. “Go dip your finger into as many different aspects of security as you possibly can,” Ellis says. “Then, watch your own reaction.”
Getting hands-on experience early on in your career will either inspire you to keep learning — or turn you on to a new path entirely. Either way, Ellis says, you’ll learn vital information about what excites you and what drives you.
The importance of specialty skill sets
Once you discover your primary interest, Ellis suggests narrowing your focus and sharpening a specific set of skills.
All industries, whether it’s healthcare, the government or even education, call for an acute understanding of the processes and structures that comprise it — even if the tools and technologies change. Finding pros who know these specifics inside and out, however, isn’t always easy. And because these specialized skills are harder to find, they’re always in higher demand, which often means higher pay.
Take medicine, for example, a field that’s even more vast and nuanced than cybersecurity. According to Glassdoor, a general practitioner who knows a bit about everything typically makes an average of $178,000 per year. Oncologists, however, make an average of $247,000, and dermatologists earn around $265,000 annually.
Pros with specialized skills offer invaluable expertise that can set an organization apart. Especially when they’re teamed up to solve a problem. This is why Ellis purposefully seeks out people from highly specific areas ranging from car enthusiasts to medical device experts. That way, he’s got a team full of SMEs experienced in all facets of IT. "I do think one of the biggest trends that Covid has kind of kicked over is this concept of technology convergence,” says Ellis. “It used to be like, ‘I’m a web app person, or an API person, or radio person,’ or whatever else. But at this point in time, so many different technology groups are converged into a single product that you actually need folk from everywhere."
So, how do you determine what you want to specialize in? "Find out where you can be most effective,” Ellis suggests. “Figure out the things that draw interest out of you, that you can create the most inertia around. Once you’ve found those things, then double down, because they’re always going to be relevant."
In other words, don’t get hung up on what’s new and exciting. Technologies will come and go, but your passion will never be obsolete. Find a concept that fascinates you and you can apply your curiosity, discipline and methodology to anything.
Growing your career and giving back
In addition to uncovering your strengths and specialties, Ellis emphasizes the importance of finding — and eventually becoming — a mentor. Exchanging knowledge with those in the industry, he says, is vital to personal growth. “I think you can learn something from everyone,” Ellis says. “Anyone who’s not you knows something that you don’t know that’s potentially helpful.”
While connecting with industry veterans may feel intimidating at first, Ellis says there’s nothing to lose, and therefore nothing to be afraid of. “What’s the worst that could happen? People say ‘no’ all the time.”
“You have to be bold enough to go [up to someone] and say, ‘Hey, can we grab a cup of coffee? I’ve got some really dumb questions that I want to ask you. But I’d love to be able to get a little bit of your time. Here’s how I think I might be able to help you in return.’”
Taking that initial leap and opening up a two-way dialogue, Ellis says, is how the cyber community can stay connected — and keep growing. “I think mentorship works best in both directions,” he says. “I’ll end up talking to folks 10 or 20 years younger than me. And I’m learning as much from them and their connection with how things have evolved and changed as they’re learning from my experience.”
The bottom line? Don’t be intimidated. The world of cybersecurity is brimming with people and opportunities that will help you harness your unique strengths. You just have to find them — and stay committed.
FREE role-guided training plans
To learn more about ethical hacking, entrepreneurship or how to kickstart your career, listen to the Cyber Work Podcast, How to get started with bug bounties and finding vulnerabilities featuring Casey Ellis.
Sources
- General practitioner doctor salaries, Glassdoor
- Oncologist salaries, Glassdoor
- Dermatologist salaries, Glassdoor
In this Series
- How to specialize in cybersecurity: Find your path and your passion
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get free resources in your inbox!
Sign up for our newsletter and get free cybersecurity resources in your inbox every week. Prepare for your next cert, learn new skills, increase your salary and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity