People at the early stages of an information security career face a paradoxical set of circumstances:
There’s a widely reported skills shortage in cybersecurity, which means there should be lots of jobs available. This means the outlook for a talented individual is very positive – the industry isn’t oversaturated with talent, so competition for jobs is low.
Cybersecurity is a high-pressure industry, and there are lots of variables that could destabilise your job security – from rapidly changing technology, to blame culture and scapegoating (when some organisations fire security leaders in response to a breach).
Putting aside those issues at an industry level, we want to look at what you – talented security individual – can do to create a sustainable, long-term career (with lots of healthy progression) within cybersecurity.
The short answer: make yourself indispensable
In this LinkedIn post, Chani Simms (Managing Director at Meta Defence Labs) wrote about the power of being truly valuable to your organisation, your colleagues, and your industry.
Throughout her career, Simms noted that she has “learnt countless personal lessons, but one that has truly stood out is the significance of being indispensable in my professional journey…”
“It is a quality I have always aspired to possess and will continue to strive for.”
So, inspired by Simms, here’s our take on what makes a cybersecurity professional indispensable.
Spoiler alert: it’s not just about your education or tech experience.
1. Cultivate big picture thinking
Don’t work with a narrow field of vision. Strive to grasp a big picture view of the organisation you’re working within – understanding the businesses objectives, and not just security operations. But even bigger than that, remind yourself to zoom out on a regular basis and look at the socio-political landscape you’re working in. Security and risk never exist in a vacuum.
To be an effective cybersecurity leader you can’t just keep an eye on what’s happening in technology, or what’s happening in the specific industry that your current organisation operates in. You need to take lessons from across industries, and consider the potential of social and political changes to impact security.
In the World Economic Forum’s Global Security Outlook Report 2023, there’s a strong focus on geopolitics, as well as emerging tech and regulatory shifts. Of the cyber leaders and business leaders surveyed, 93% think it’s ‘moderately’ or ‘very’ likely that global geopolitical instability will result in a catastrophic, far-reaching cyber event within the next two years. And 74% say that global geopolitical instability has influenced their cyber strategy ‘moderately’ or ‘substantially’.
Staying on top of everything is…not easy. You’re busy. You’ve got so much to do. But you must make the time to look at the big picture – otherwise, you’ll look up from your keyboard one day and realise you’ve been left behind.
2. Dedicate yourself to adding value
The indispensable individual does more than their job description. But this sounds unfair, doesn’t it? Here’s the thing: adding value doesn’t necessarily mean doing more work.
Instead, the security professionals who consistently add value are the ones who think outside the box. You don’t have to work hours of unpaid overtime – but what if you could use some of your time in a way that would provide a bigger benefit to your organisation?
Instead of exhausting yourself, practise the mindset of working better. Be constantly on the lookout for more efficient strategies, more impactful choices, and never stop learning.
3. Be a good person to work with
Being easy to work with goes a long way to becoming indispensable – because a surprising number of people are not easy to work with.
This means:
Do what you say you’ll do, when you say you’ll do it.
Make an effort to build strong, positive relationships with your colleagues – so you can communicate clearly, truthfully, and without unnecessary confrontation.
Be willing to accept feedback and criticism, and then act on it.
Don’t cover up problems. When they come up (and they will), be transparent as quickly as possible. Own your mistakes, too – personal accountability is a quality that any good employer or colleague will value highly.
Go out and find opportunities to share knowledge and collaborate with colleagues across different departments and different organisations. Don’t sit and wait for those opportunities to come to you – be proactive, and put yourself in the room.
Whenever you have a choice between complaining about a problem or doing something positive to change it – choose to do the thing. For example, if your team has seen an influx of new employees who are struggling to find their feet, and you’re wasting loads of time fielding queries from them about things they should already know – you could waste time feeling frustrated and complaining about it. Or, you could offer a training session to get them up to speed.
And being good to work with also means being the person who lifts others up. Take every chance you get to make your colleagues feel good about their work. Empower them to learn and develop their skills, and when they show a spark for something, encourage them to pursue that line of skill or interest.
4. Be adaptable – and stay open to change
Never fall into the trap of believing you know enough. Cybersecurity is always changing, and there will always be more to learn. Stay committed to expanding your knowledge, exploring new ideas, and changing the way you work.
5. Don’t hide who you really are
This one is closely related to our perspective on mental health in cybersecurity. It’s a tough industry, and as you take on more and more responsibility, the pressure weighs heavy on your shoulders.
Be one of the people this industry really needs. Be someone who stays open. Share your own challenges and bring your own personality to your professional world – because in doing so, you’ll help to foster a more empathetic, welcoming industry. And that’s a crucial step in creating more balance and better wellbeing: because it’ll become clearer that cybersecurity professionals are humans, not robots.
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!