Finding Your Path in Cybersecurity: A Mentor's Perspective

"Your work is to discover your world and then, with all your heart, give yourself to it."— Buddha

The Question of Belonging

In my mentoring journey, especially for college seniors and fresh graduates, one question kept resurfacing: "How do I know if cybersecurity is truly my field, where I can excel and be happy?" It’s natural to question whether cybersecurity is the right fit and where to find your place within its diverse specializations, especially as the field continues to evolve and expand rapidly. However, the key to answering this question lies not in external validation but in understanding and embracing your journey.

To find your place, it’s essential first to understand the nature of cybersecurity and the opportunities it offers.

The Nature of Cybersecurity

Before exploring where you fit in, it’s essential to understand the nature of cybersecurity. This isn’t just a career—it’s a lifestyle that shapes how you think, build attitudes, and behave. It’s an ecosystem that spans proactive defenses, incident responses, and ethical hacking. As Shon Harris described in the CISSP All-in-One Exam Guide, “information security is like a river a mile wide and an inch deep,” reflecting the broad nature of the field without requiring depth in all areas. This breadth provides an invitation to explore widely before narrowing your focus.

But beyond the technical aspects, what’s your why? Are you driven by the challenge of solving puzzles? Or by the responsibility of safeguarding others? Are you the person of fine details or rather the one who looks at the big picture? Understanding this internal motivation is the first clue that cybersecurity might be the right field for you. Rather than trying to label yourself too early, the initial years are about discovering possibilities and finding your path in a vast field.

Reframing the Journey – No Labels, Just Possibilities

Once you're intrigued by the field, it’s tempting to label yourself, wear a hat, and join a team—perhaps as a penetration tester or a risk analyst. However, in the first three years of a career, I advise against this. Early specialization can confine you, hindering growth in other areas. Cybersecurity is diverse, and embracing this diversity is key to uncovering possibilities you may not have initially considered.

At the core of this openness to possibilities is the need for self-awareness—a crucial element in defining a fulfilling career in cybersecurity.

The Power of Self-Awareness

One of the most crucial competencies you can develop is self-awareness. When you understand your strengths, values, and interests, you can set the conditions for success and happiness (up to your very own definition). If your strength lies in strategic thinking, or if your passion is in solving hands-on technical challenges, knowing this will guide your next steps.

Curiosity also plays a significant role. As I tell my mentees, your curiosity is your compass—it directs you toward the subfields that could bring both professional satisfaction and fulfillment. Don’t hesitate to explore different areas, even if only briefly (in a well-coordinated internship, or through a rotation plan), to better understand where your interests align.

Once you’ve honed your self-awareness and experimented with different avenues, it’s time to bring your vision into focus and intentionally build your career.

Building a Career with Vision and Awareness

A fulfilling career in cybersecurity requires balancing introspection with practical exposure. Here’s where embracing the breadth comes in, with four essential components:

1. Covering Foundational Areas: To navigate cybersecurity successfully, understanding core areas like networking, cryptography, and risk management is critical. These areas serve as a launchpad for exploring more specialized domains.
2. Keeping Informed: Staying up to date with industry news, research, and trends is essential. Cybersecurity demands continuous learning, as each day can bring new threats and vulnerabilities.
3. Valuing Certifications: Professional certifications like GIACs, CISSP, or CISM not only validate your knowledge but also build a pathway to further growth and credibility.
4. Building a Network: Networking is a crucial aspect of career advancement. Engage with communities, attend conferences, and seek mentorship to build relationships with professionals who can provide guidance, open doors, and share experiences.

It’s important to differentiate learning in classrooms from hands-on exposure. While academic programs provide theoretical knowledge, it’s the practical experiences—solving real incidents, engaging in simulations—that lead to true reliable competence.

At the same time, don't neglect soft skills like effective communication, problem-solving, selling and negotiation, and effective leadership. Your ability to articulate technical findings to non-technical stakeholders and lead a team under pressure is just as crucial as your technical skills.

Remember, this journey is uniquely yours, so resist early comparisons and stay open to evolving opportunities as they align with your vision.

Addressing the Cybersecurity Skills Gap

The demand for skilled cybersecurity professionals continues to outpace the available talent pool. According to the 2024 (ISC)2 Cybersecurity Workforce Study, the global cybersecurity workforce gap is projected to reach 3.4 million by 2025. In Saudi Arabia specifically, the workforce gap increased from 14,252 in 2023 to 18,077 in 2024—a 26.8% year-on-year rise. Meanwhile, the estimated workforce in 2024 is at 59,766 compared to 53,907 in 2023, reflecting a growth of 10.9%.

Further, as highlighted in the NCA's "Report On Key Economic Indicators in The Cybersecurity Sector 2024," the number of Saudi cybersecurity specialists in Saudi Arabia stands at 19.6 thousand, with women making up 32% of this workforce—a positive indicator of increasing diversity in the sector. However, this growth still falls short of meeting the rising demand for experts in specialized areas like cloud security, threat hunting, threat intelligence, and industrial cybersecurity.

To effectively bridge this gap, it’s essential to look at the cybersecurity landscape holistically and position yourself where there are notable shortages. Focusing on emerging and underrepresented specializations not only increases your market value but also contributes to fortifying cybersecurity defenses across industries. By aligning your skills and career path with these areas of need, you’re not only filling a skills gap but strategically positioning yourself for long-term growth and relevance in the field.

Conclusion: Crafting Your Journey Without Limits

Your journey in cybersecurity should be a blend of introspection, curiosity, and strategic foresight. Resist early labels, nurture self-awareness, and embrace the breadth of the field. Stay open to evolving opportunities and continuously align your career with your strengths and industry needs. After all, your path in cybersecurity is yours to shape, guided by passion and curiosity.