Summary

A cybersecurity professional with extensive experience shares valuable lessons learned throughout their career, emphasizing the importance of continuous skill development, process improvement, non-technical skills, honesty in knowledge gaps, and pragmatic risk management.

Abstract

The author, a seasoned cybersecurity expert, reflects on the evolution of the industry and the critical lessons that have shaped their successful career. They stress the necessity of constantly upskilling to stay relevant in a field rapidly changing with AI advancements. The article advises against being swayed by new security products without first optimizing processes and acknowledges the enduring value of human expertise. It also highlights the significance of non-technical skills such as crisis management, leadership, and emotional intelligence, which are irreplaceable by technology. The author encourages cybersecurity professionals to be humble and admit when they don't have an answer, fostering a culture of continuous learning. Lastly, the importance of pragmatic risk management is underscored, suggesting that the best security professionals find alternative solutions rather than outright rejecting proposals.

Opinions

The cybersecurity industry has matured significantly over the past two decades, with terms like CISO and Appsec becoming commonplace and standards like PCI DSS being established.
Professionals should focus on acquiring new skills and updating existing ones to avoid obsolescence in the face of AI's impact on the job market.
Security analysts with deep knowledge of their environment are more valuable than the latest security products.
Non-technical skills such as crisis management, leadership, and emotional intelligence are crucial for long-term success in cybersecurity.
It's acceptable and even respectable for cybersecurity leaders to admit they don't know everything, as the field is too vast and

5 Valuable Lessons That Helped Me In My Cybersecurity Career

This is the stuff they do not teach you in cybersecurity courses

As someone who has been in cybersecurity for many many years I always try to spread whatever useful knowledge I have gained

( I also like writing articles where I can put as much memes as I want )

But joking aside, it is frankly astounding how much the cybersecurity industry has matured over two decades

Take into account that when I started out in cybersecurity:

No one knew what CISOs were
Appsec was an unknown term
Viruses were just those things that required you to format your PCs
SIEM / SOC sounded like something you got medical treatment for
PCI DSS did not exist as a standard

It has a been very humbling seeing this industry mature over the years and so many people ( young and old ! ) choose this as their profession

I have had a great career in cybersecurity mainly because of great mentors who helped me throughout the ups and downs.

Here is a few of the good advice I have gotten from them over the years

1 — Always be upskilling

Please note the focus is here on skill ..

Do not translate that into “getting the newest security certification”

Cybersecurity industry is undergoing massive changes with the AI monster coming for the jobs which are vulnerable to automation

Learn new skills and keep updating yourself or you will find yourself with an obsolete skillset.

Do not become complacent by doing the same thing day in and day out

One good tip is to check job postings on LinkedIn in your area and see how many of those skills do you currently have ?

2 — Avoid the “shiny product” syndrome

There will always be another security product coming out that looks better than the one you have

Vendors will come to you with great slide decks of the newest product and why this is the only thing you need to be secure

Focus on improving your processes first before implementing the next hot thing

You still need people to run those products so always keep that in mind

A cybersecurity analyst who knows the environment inside out is better than any security product

3 — Non-technical skills matter more in the long run

No AI or security product can give you the below skills

Crisis management when the crap has truly hit the fan during a security incident and everyone is looking to you for guidance
Leadership skills to resolve conflicts that arise between team members
Emotional intelligence that lets you distance your emotions from the situation

These 3 Mistakes Will Destroy Your Cybersecurity Career

Learn and Avoid these mistakes at all costs !

taimurcloud123.medium.com

4 — It is OK to say “I dont know”

As you rise through the ranks, you will be expected to know every risk about every technology under the sun.

Do not be embarrassed if you are asked a question you do not know the answer to

Saying “I dont know” shows your humility and is nothing to be ashamed about especially given how quickly technology changes

Always have a learner mindset as cybersecurity is simply too big for you to know everything

5 — Saying “No” all the time will cause you trouble

Yes yes I know security is not an afterthought and “shift security left” and all that blah blah

The reality is you WILL be faced with situations where you have to make a go / no go decision for something which did not go though the proper security gates

The normal instinct is to say “you shall not pass” like Gandalf

But always try to be pragmatic and weigh if some Option B can be put in

The best cybersecurity professionals I knew were those who had mastered the art of risk management and threat modeling.

They could ALWAYS find other ways of mitigating risk instead of just saying “NO” to everything

Do not be that guy

Thanks for reading this. If you are interested in acing your next Cybersecurity Interview then check out my Free Ebook HERE

Taimur Ijlal is a multi-award-winning, information security leader with over two decades of international experience in cyber-security and IT risk management in the fin-tech industry. Taimur can be connected on LinkedIn or on his YouTube channel “Cloud Security Guy” on which he regularly posts about Cloud Security, Artificial Intelligence, and general cyber-security career advice.