Should Aspiring Cybersecurity Professionals Join the Industry?

Navigating the Hype Series Part 1 of 2

In a recent mentor meeting with vCISO Alan McDermott, I asked about:

  1. Conflicting views on the labour market for new entrants to cybersecurity.

  2. What he’s up to in applying AI to cybersecurity knowledge work.

He shared some great insights that are recorded in this YouTube video, and I’ve documented key points on the labour market discussion below. Check it out and come back next time for a sequel on navigating through AI hype.

Should Aspiring Cybersecurity Professionals Join the Industry?

There's a lot of conflicting advice out there about whether now is a good time to get into cybersecurity. Some experienced professionals are saying don't bother - the market is saturated and there aren't enough entry-level positions. Others point to Bureau of Labor and Statistics projections that Information Security Analyst will be the fifth fastest growing occupation in America over the next decade at 32% growth (10x more than average). Driving this growth is increasing technology dependence, complexity, capabilities, flaws, and threat actors with no signs of slowing down.

Who's right? The answer depends on which of the diverse roles in cybersecurity you’re targeting and what transferable skills you can bring to add value from day one. Relevant feeder roles to the industry highlighted by the Cyberseek Career Pathway tool include:

  • Networking

  • Software Development

  • Systems Engineering

  • Financial & Risk Analysis

  • Security Intelligence

  • IT Support

So while it's true that the cybersecurity job market is challenging at the moment, that doesn't mean you should write off the field entirely. Develop valuable skills, look for ways to pivot into security from adjacent fields, and take a long-term view.

Advice on How to be Strategic and Proactive to Break In

Leverage your existing skills and experience. Use the Career Pathway’s Tool and research competencies required for your target job to figure out how your unique skills and experiences can translate into a cybersecurity context.

Make a T-Shaped Skill Development Strategy

Develop deep expertise in a specific security domain or technology. If you have IT Audit, Access Control or Change Management experience, that can be your foothold into the suite of NIST Cybersecurity Framework Controls. Become the go-to expert for those while ramping up on less familiar domains for cross-discipline expertise.

Build a Body of Work to Demonstrate Your Knowledge

Write blog posts, contribute to open source projects, earn certifications, participate in CTF competitions. Show, don't just tell.

Network Relentlessly

Attend local security meetups, connect with professionals on LinkedIn, offer to help on projects or initiatives. Relationships are key to finding opportunities.

Be Open to Unconventional Paths

Maybe you start in an IT audit role and then move into Information Security. Maybe you join a company in another technical role and then transition internally. There's not one straight line, well worn path.

Play the Long Game

Cybersecurity is a career that rewards ongoing learning and adaptability. You may need to zigzag a bit in the early years, but the long-term payoff can be huge - intellectually, financially, and in terms of impact.

Bottom-Line

The cybersecurity profession is at an interesting inflection point. The hype of unfilled jobs and skills shortages is giving way to a more complex reality. But for those with a genuine passion and willingness to chart their own path, the opportunities are still immense. It just requires grit, creativity, and long-term thinking to navigate the terrain.

So don't be scared off by the doom and gloom - but also don't expect a cakewalk. Embrace the challenge. Cybersecurity remains an incredibly rewarding field for those willing to put in the work to break in and keep growing. Our countries need more diverse talent working to protect the economy and national security in cyberspace. You could be a key part of that - but you'll have to earn your spot.