This week, Cybersecurity Awareness Month focuses on cybersecurity careers and jobs in the industry, with a simple tagline: Explore. Experience. Share. Check out NIST’s workshops and toolkits for Career Week.

For cybersecurity and IT workers, if you want to position yourself well, do some exploring. Get to know new territory outside of cybersecurity. The reason? Simple: share your insights on the industry. Perhaps more importantly, learn about what matters to others to find some common ground.

Can You Talk Business When it Comes to Cybersecurity Jobs?

Cybersecurity and IT workers: up your game and learn the language of business. The information and data security function is much more integral to keeping a business going than it was even as recently as five years ago. No longer just a side issue, digital safety is a core issue. Learn to tell the C-suite that.

Regardless of job role, all teams understand dollars and cents. That’s your common ground. You can bridge the gap, and if becoming a chief information security officer (CISO) is your plan, you are putting yourself in a good position for the job. Cybersecurity careers being all about tech is so 2020. Go out of your comfort zone. Learn about the business and teach other stakeholders about your duties while you learn about theirs.

Cybersecurity Careers: Generalist or Specialist?

Regardless of where you are in your cybersecurity career, you’re going to have to make a decision. So I want to be a generalist or specialist? Each has its pros and cons.

• Generalist: This career path can be bumpy. You’ll face entry-level positions where specific skills, tasks and abilities to use software platforms and tools are required. If you are too theoretical with no prior hands-on work, you may struggle to break into the industry. But if you are further into your career and expand beyond tech and specific skills, you open yourself up to greater opportunities that may be more business-, risk- and privacy-focused.
• Specialist: This path likely helps you break into the industry, but the longer you stay as a specialist, the more likely you pigeonhole yourself for the future. Cybersecurity careers rapidly change as technology does. Remember, what is good today may not be good tomorrow, especially if new tech, like orchestration and artificial intelligence, starts to take over tasks. Also, being a specialist may get you the CISO job, but without building out your skill stack, don’t expect to keep the CISO job.

Don’t Let Certifications Hold You Back

Let’s be real: the industry is in desperate need of talent. If you have skills but are missing the certification, still seek a position that could continue your career. Employers can help encourage people into cybersecurity careers, too. Perhaps your future employer can pay for your training and exam costs if the certification is really that important. Show that you can walk the walk and the rest will fall into place.

A note to employers, HR departments and those seeking talent: no more job listings that look like a check box exercise. I’m going full Dee Hock here:

“Hire and promote first on the basis of integrity; second motivation; third capacity; fourth understanding; fifth knowledge; and last and least, experience. Without integrity, motivation is dangerous; without motivation, capacity is impotent; without capacity, understanding is limited; without understanding, knowledge is meaningless; without knowledge, experience is blind.”

The check box route is an exercise in looking for unicorns. You will almost always end up with the wrong person in the position, or worse, somebody who is there for the ride to get a resume boost and will jump ship. People are looking for work in cybersecurity careers right now. Listen to Dee Hock: find them, train them and they’ll appreciate that, especially nowadays.

Final Note to Employers: It’s On You to Hold On to Staff

People normally depart a job because they are burnt out, are in a bad workplace environment or because they have been pushed out. You are never going to build that culture of cybersecurity with high turnover.

In closing: if you are losing for cybersecurity careers in 2021, chances are it’s because you are letting them get away, not because they are doing a bad job. And that word will spread, which will make it only harder for you to replace that talent. Be wise about talent retention decisions. You may be feeding the competition without even realizing it and you may never get that talent back.

Next week, we close off this series with the Cybersecurity First theme.