These 3 Mistakes Will Destroy Your Cybersecurity Career

Let me tell you a quick story about a Cybersecurity Analyst called Tom.

Tom started his career in 2015 at a small tech firm and dived headfirst into every cybersecurity issue he could find.

Eager to make a great first impression, he was hands-on with the security solutions and helped drive change.

But as time went on and his career progressed, Tom made certain blunders, resulting in wasted time and stress!

In this article, we are going to see the top 3 mistakes that he made, which every Cybersecurity professional should avoid.

These lessons are honestly timeless and apply to pretty much any cybersecurity field.

LESSON 1 — Not Developing Management Skills

In 2015, Tom was an absolute boss when it came to cybersecurity skills

He knew the environment inside out and was the go-to guy when it came to solving any technical security issue

The management recognized his skills and promoted him to managing a team

This is where the trouble began

While Tom was awesome when it came to managing his goals, he realized that managing other people’s expectations was a completely different ball game.

He was immediately stressed out when conflicts would break out among team members.

He often micro-managed and wanted the team to implement technical controls EXACTLY the way he wanted, causing a lot of friction.

Communicating these was also a problem as he found out he was a bit too blunt when it came to expressing his opinion.

The Good news?

Tom realized these issues and took leadership courses that taught him about effective communication, delegating, and team dynamics.

What Tom Learnt:

NEVER neglect management skills in your cybersecurity career. People might forget how much of a tech-wiz you were .. but they will always remember how you treated them.

LESSON 2 — Losing touch with Technical Skills

In 2018, Tom finally hit his groove with team building and started to enjoy the whole process.

Team Meetings, Strategy sessions, and handling budgets no longer gave him a stress headache.

But one problem.

The more he got involved in the higher-level issues .., the more detached Tom became from the technical side.

During a sudden incident in the firm one day .. Tom realized he did not have the slightest idea how the security issue had happened and what needed to be done.

This was when the team was looking to him for guidance!

After the crisis had passed .. Tom decided to take action.

He decided to get involved in hackathons and workshops that his team was involved in to get back in touch with his technical side.

He even told the team to recreate his credentials within the security solutions so he could log in and check how the systems were performing now and then.

What Tom Learnt:

NEVER lose touch with your technical side within cybersecurity. The threat environment is too dynamic, and each challenge might be different.

LESSON 3 — Not Developing IT Risk Management Skills

Due to his many wins within the company, Tom usually enjoyed the support of management in the decisions he made

In 2020, the company aggressively expanded and acquired more companies to grow their operations.

Instead of the usual scenarios where the outcome was usually clear, Tom was swamped with decisions that needed to be made where there was no clear yes or no answer.

Saying “NO” would derail the project .. Saying “YES” might open the company to new risks.

Tom was in this predicament as he never bothered to develop an essential skill: Risk Management.

Don't get me wrong .. Tom knew what risk management was, but it mainly was something he had done on Excel sheets to satisfy auditors.

Due to his lack of risk management skills, Tom focused on the wrong areas during the acquisition, i.e., on perceived risks rather than the most significant ones.

Resources were stretched too thin, and the security risks were not solved.

Tom realized he needed to develop his IT risk management skills to prioritize what could wait and what needed to be fixed NOW.

He reached out to the risk management teams and got their help on what areas to focus on based on a detailed risk analysis instead of his “gut feeling.”

He also enrolled in specialized courses on risk management within cybersecurity.

What Tom Learnt:

You cannot fix everything in Cybersecurity, and it becomes a game of knowing what should be prioritized over what. Risk Management is crucial to formalize this process.