In my role as Technical Director at Mimecast, I have the good fortune of working across a huge variety of functions. I love running the pre-sales and consulting teams, getting into the nitty-gritty details of deployment, doing sales, swapping ideas with marketers, and of course, getting to develop and play with new products. It’s a challenging job, to be sure, but that’s what makes it exciting: there’s always something new to discover, learn and figure out. The demands on cybersecurity workers are incredibly varied and diverse, and it takes a certain kind of personality and mindset to thrive in today’s complex and fluid cyber environment.
There is no such thing as a ‘conventional’ career path to cybersecurity
This is perhaps one of the most misunderstood parts about working in cybersecurity: your capacity for self-learning. The landscape changes so rapidly, it keeps you on your toes and is always throwing something new and exciting your way. The ability to learn-by-doing and educate yourself is an immensely valuable skill.
So valuable, in fact, that degrees and formal qualifications become almost secondary. To thrive in a cybersecurity role, you need to be the sort of person who enjoys problem-solving, can pick up new skills quickly and has the people skills to work well with others.
My own career journey is proof of that: even though I had an educational background in physiotherapy, my curiosity and passion for problem-solving took me from IT desktop support to many technology roles around the world, ranging from network security, firewalls, switching, VPNs and cloud technology, and now cybersecurity.
Practical skills can often beat classroom education
Hiring for cybersecurity has always been challenging since requirements vary so much from company to company and qualified candidates are usually in short supply. That being said, I feel too many companies unnecessarily restrict themselves by focusing on qualifications rather than competence.
Obsessing over conventional benchmarks like a university degree or directly related experience is the old-school way of thinking. University-level IT degrees definitely have their place, but it’s important to look at them in context. In my view, they serve more as proof of intent and commitment but don’t always translate into practical skills.
Given how intense the competition for cyber talent is, you can’t wait around for a unicorn candidate to magically pop in through the door. Modern companies understand that, and that’s why their hiring managers are focusing on finding people with the baseline knowledge, skills and aptitude needed to do the job.
What companies should be looking for in their cybersecurity hires
One of the biggest challenges cybersecurity workers face is uniting disparate systems across a company with limited resources. Companies need to seek out people who have experience of multiple platforms and understand the bare bones of hardware and software security. If they have experience with the platform ecosystem your company uses, all the better.
Ideally, you want someone who has well-rounded experience in different kinds of security, maybe holding a CISSP certification, but such candidates are always in very short supply. To broaden your net, look for evidence of aptitude: troubleshooting abilities, technical skills and a curious nature. See how proactive they are outside of work. Are they on top of the current news in the industry? Are they making consistent efforts to upskill? Maybe they have a home lab they like to tinker with. Projects like that really show initiative and demonstrate their genuine interest in the field.
A lot also depends on whether their role will be customer-facing or not. The best candidates tend to also show high emotional intelligence and are able to articulate their thoughts and ideas in a compelling story. This is a bigger advantage than many realise. A lot of cyber professionals complain about their limited resources and of not being heard in meetings. Strong communication can be a powerful asset when making a case to other stakeholders.
The best cybersecurity talent is homegrown
Far too many companies overlook the people they already have when chasing after external cyber talent. Often, they already have some great potential candidates in-house in other IT roles. For IT generalists, specialising in cybersecurity, especially an evergreen area like email security, can be a smart move to future-proof their careers. Email has proven to be remarkably resilient and looks to be the standard way we communicate well into the future, which means there will always be a demand for email security specialists.
For those looking to make the switch to cybersecurity, the best place to make that transition is most likely within their current workplace. IT generalists have the advantage of adaptability, and forward-thinking companies are more than happy to help their IT people upskill. Joining organisations like ACS and AISA is a great place to start. Participating in cybersecurity webinars, taking online courses in security and staying on top of current security trends are all important for building a cybersecurity career. The key is to demonstrate your passion for cybersecurity through action.
Companies that invest in their cyber team will win out
Attracting good talent relies a lot on your company’s brand and vision, along with perks and benefits you offer. But retaining talent will come down to the culture and environment they experience working with you. Companies that support the growth and professional development of their people, invest in their employees, offer career progression and provide a culture that supports and values cybersecurity, will find their best cyber talent wouldn’t want to work anywhere else.