How to get promoted in a cybersecurity career
Introduction: What the cybersecurity talent market looks like at the moment
Are you considering a career in cybersecurity? If so, this is actually a great time to be in the field, especially with an excessive shortage of cybersecurity workers in the United States.
According to the 2019 (ISC)² Cybersecurity Workforce Study, “in the U.S., the cybersecurity workforce gap is nearly 500,000. By combining our U.S. cybersecurity workforce estimates and this gap data, we can calculate that the cybersecurity workforce needs to grow by 62% in order to meet the demands of U.S. businesses today.”
FREE role-guided training plans
The employment and skills crisis is actually a great opportunity for employees who are seeking to advance their careers but also transfer laterally into cybersecurity positions from other IT fields. Businesses, in fact, are ready to invest in the professional development of current employees and help them take industry-specific courses, obtain certifications or participate in advanced training.
More and more companies are keen on retaining their workforce and provide opportunities for staff to prove and improve their skills to grow within the job and progress in a cyber security career path through promotion or lateral transfer. Fostering staff that already knows how to work in the environment and has formed professional relationships within the company creates a win-win situation for both the employee and the employer; the in-house person is already familiar with the business and is knowledgeable of the organization, its purpose and mission; he or she is already immersed in its culture and a promotion can only increase loyalty and sense of belonging while providing opportunities and incentives to evolve and emerge.
Of course, when promoting someone internally, there is also the immediate benefit of saving time and money in recruiting external candidates on job boards, websites or working with hiring agencies.
How to progress in a cybersecurity career
Whether you are already in an entry-level position in cybersecurity or looking for a progression through lateral transfers, there are a number of actions you can take in order to boost your career.
Having a clear path in mind is the first step, at least in terms of general direction. The cybersecurity field is vast, and employers are willing to offer rewarding jobs to professionals who have specialized in particular sectors. Using a career pathway tool like cyberseek.org can help pinpoint which jobs to start with, which roles are most in demand in various areas of the country and what does the natural progression look like in a particular path.
As Tim Herbert, vice president of research and market intelligence for CyberSeek, explains: the CyberSeek model helps aspiring and experienced security professionals progress through their career by providing actionable data about the job market. The CyberSeek interactive cyber security career roadmap also offers details on salaries, credentials and skill sets associated with various roles.
A cybersecurity career might not be as straightforward as many other IT career paths. After starting in a position that allows professionals to know more of how systems as well as organizations work, the right formal knowledge, experience (passing through roles like cybersecurity analyst, consultant or penetration tester) and industry certifications are key to a quicker progression.
Professionals can start in roles as diverse as network engineer, security analyst, IT auditor, if not as web administrator or developer. Whether entering the field straight after college, transferring laterally from other positions or even coming from the legal, risk assessment or managerial fields, building a strong technical foundation and the will to never stop learning are essential traits for a cybersecurity career.
In addition to acquiring a bachelor’s degree in computer science, cybersecurity or information technology (not a requirement for some jobs, but a valuable asset when progressing through the ranks), there are a number of skills that professionals should strive to acquire through studies and work experience. A working knowledge of Linux has been requested in many ads, as well as project management skills, consulting or analysis skills, communication and presentation skills.
As the career advances, it is essential that you are able to prove not only keen technical abilities but also aptitude in managing others and a knack for communicating effectively with all stakeholders at any management level.
Specialization is something professionals should always keep in mind. As the demand for cybersecurity professionals grows, so does the need for focused roles; IT practitioners need to really review their talents and strengths to launch themselves in a particular direction, whether it is cloud computing, wireless technologies, databases or cryptography.
A cyber security certification path includes many non-technical positions, so professionals with an interest in IT security might want to concentrate on opportunities as program managers, professional communicators or data scientists whose skills concentrate more on support roles rather than purely technical positions. They should also consider any roles that have to do with governance, risk and compliance and legal issues. Legal issues is a very hot field, actually, thanks to the number of regulations currently in place — especially as related to privacy.
Earning the right certification(s) is also key for a cybersecurity professional who moves from an entry position on to the advanced career level.
- Entry-level: ISACA’s CSX Practitioner (CSXP); (ISC)2 Systems Security Certified Practitioner (SSCP); GIAC Security Essentials (GSEC); CompTIA’s Security+
- Mid-level: (ISC)2 Certified Information Systems Security Professional (CISSP)
- Advanced-level: GIAC Security Expert (GSE) or GIAC Security Leadership Certification (GSLC); ISACA’s Certified Information Security Manager (CISM); CompTIA Advanced Security Practitioner (CASP); EC-Council’s Certified Chief Information Security Officer
What can staff do to get noticed and promoted?
As work experience becomes the preferred attribute for employers, so do qualifications that will make an employee be noticed and, in good time, receive a promotion or be assigned other positions. Any staff member’s certification in support of their professional competence can put them in a good light and make them stand out from their peers. It allows them to assume more cybersecurity responsibilities or take on a leadership role without the company needing to take on new hires.
Conclusion
With an immediate need to fill shortages in the workplace, more and more employers are opting to retain their best workers and identify future leaders within their workforce. Professionals can take advantage of more opportunities to progress in their chosen field by preparing themselves by identifying early on a suitable career path; again, tools like the CyberSeek Cybersecurity Career Pathway is a good place to start.
In addition, they need to focus on professional development (i.e., the learning of new skills and knowledge) that are suitable for any entry-, mid-, or advanced-level position while still specializing themselves in a preferred sector of the vast cybersecurity realm. That is possible through university degree offerings, vendor training programs and, above all, proper certifications that can help lead to faster promotion.
What should you learn next?
Sources
- Pros and Cons of Hiring Externally, HR Daily Advisor
- Promoting From Within vs. Hiring Externally: Which Is Better?, McQuaig
- Cybersecurity Career Pathway, CyberSeek
- A Guide to Cyber Security Certifications, CyberDegrees.org
- How to Build a Cybersecurity Career [2019 Update], Daniel Miessler
- 10 Hot Cybersecurity Certifications For IT Professionals To Pursue In 2020, Cybersecurity Ventures
- Strategies for Building and Growing Strong Cybersecurity Teams, (ISC)²
- Cybersecurity Career Paths and Progression, DHS (CISA)/Carnegie Mellon University
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- How to get promoted in a cybersecurity career
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security