How to specialize in cybersecurity: Find your path and your passion
Most up-and-coming cyber pros know that the industry is vast and ever-evolving. That’s why committing to a career path can be so intimidating. Especially when you’re just starting out.
Whether you’re interested in multiple areas or still totally undecided, Cyber Work Podcast guest Casey Ellis shares how to kickstart your career — and how to find your niche.
Step 1: Find your passion
If Casey’s career arc is one thing, it’s inspirational. This pentester turned Chairman and CEO of Bugcrowd, a crowdsourced bug bounty and vulnerabilities disclosure platform, channeled his childhood fascination into a career he’s actually passionate about. But, he acknowledges it’s not that straightforward for everyone.
While a lot of cyber professionals come from different backgrounds and industries — some even decades into their career — Ellis was one of the lucky ones whose path picked him early on. And stuck with it.
As a kid, Ellis found himself intrigued by physics, an interest he blames on his father, a science teacher who often brought home computers, radios and even lasers to experiment with. This initial interest in how things work eventually evolved into a fascination with “criminal creativity,” or how hackers operate and engineer attacks. Without rules or laws guiding decision-making, Ellis says you can “create an environment for solution development with pure pursuit of possibility as the primary objective.”
Reconciling the art of hacking with doing good is the core concept he built his career upon, proving that focus and commitment can garner paramount success.
But, what if you’re not passionate about anything in particular? Ellis suggests: start somewhere. “Go dip your finger into as many different aspects of security as you possibly can,” Ellis says. “Then, watch your own reaction.”
Getting hands-on experience early on in your career will either inspire you to keep learning — or turn you on to a new path entirely. Either way, Ellis says, you’ll learn vital information about what excites you and what drives you.
The importance of specialty skill sets
Once you discover your primary interest, Ellis suggests narrowing your focus and sharpening a specific set of skills.
Why it’s important to specialize in cybersecurity
All industries, whether it’s healthcare, the government or even education, call for an acute understanding of the processes and structures that comprise it — even if the tools and technologies change. Finding pros who know these specifics inside and out, however, isn’t always easy. And because these specialized skills are harder to find, they’re always in higher demand, which often means higher pay.
Take medicine, for example, a field that’s even more vast and nuanced than cybersecurity. According to Glassdoor, a general practitioner who knows a bit about everything typically makes an average of $178,000 per year. Oncologists, however, make an average of $247,000, and dermatologists earn around $265,000 annually.
Pros with specialized skills offer invaluable expertise that can set an organization apart. Especially when they’re teamed up to solve a problem. This is why Ellis purposefully seeks out people from highly specific areas ranging from car enthusiasts to medical device experts. That way, he’s got a team full of SMEs experienced in all facets of IT. “I do think one of the biggest trends that Covid has kind of kicked over is this concept of technology convergence,” says Ellis. “It used to be like, ‘I’m a web app person, or an API person, or radio person,’ or whatever else. But at this point in time, so many different technology groups are converged into a single product that you actually need folk from everywhere.”
So, how do you determine what you want to specialize in? “Find out where you can be most effective,” Ellis suggests. “Figure out the things that draw interest out of you, that you can create the most inertia around. Once you’ve found those things, then double down, because they’re always going to be relevant.”
In other words, don’t get hung up on what’s new and exciting. Technologies will come and go, but your passion will never be obsolete. Find a concept that fascinates you and you can apply your curiosity, discipline and methodology to anything.
Growing your career and giving back
In addition to uncovering your strengths and specialties, Ellis emphasizes the importance of finding — and eventually becoming — a mentor. Exchanging knowledge with those in the industry, he says, is vital to personal growth. “I think you can learn something from everyone,” Ellis says. “Anyone who’s not you knows something that you don’t know that’s potentially helpful.”
While connecting with industry veterans may feel intimidating at first, Ellis says there’s nothing to lose, and therefore nothing to be afraid of. “What’s the worst that could happen? People say ‘no’ all the time.”
“You have to be bold enough to go [up to someone] and say, ‘Hey, can we grab a cup of coffee? I’ve got some really dumb questions that I want to ask you. But I’d love to be able to get a little bit of your time. Here’s how I think I might be able to help you in return.’”
Taking that initial leap and opening up a two-way dialogue, Ellis says, is how the cyber community can stay connected — and keep growing. “I think mentorship works best in both directions,” he says. “I’ll end up talking to folks 10 or 20 years younger than me. And I’m learning as much from them and their connection with how things have evolved and changed as they’re learning from my experience.”
The bottom line? Don’t be intimidated. The world of cybersecurity is brimming with people and opportunities that will help you harness your unique strengths. You just have to find them — and stay committed.
To learn more about ethical hacking, entrepreneurship or how to kickstart your career, listen to the Cyber Work Podcast, How to get started with bug bounties and finding vulnerabilities featuring Casey Ellis.
- General practitioner doctor salaries, Glassdoor
- Oncologist salaries, Glassdoor
- Dermatologist salaries, Glassdoor