Top challenges cybersecurity pros face in growing their careers — and how to set yourself up for success

Jeff Peters
August 13, 2024 by
Jeff Peters

Cybersecurity is a dynamic field that can be both challenging and rewarding as a career. The recent ISC2 Cybersecurity Workforce Study revealed that while 75% of cybersecurity professionals believe their job is getting harder, 70% of those same professionals report being very or somewhat satisfied with their careers.

That satisfaction is due to the unique blend of intellectual stimulation and problem-solving, as well as the immense satisfaction of protecting critical systems and data that cybersecurity offers. 

However, as you navigate your mid-career journey or take on a leadership role, you'll inevitably encounter roadblocks to growth. This guide will explore the five most common challenges faced by mid-level and manager-level cybersecurity professionals: 

  1. Picking your cybersecurity career path 
  2. Keeping up with the industry and emerging technologies 
  3. Preventing and overcoming cybersecurity employee burnout 
  4. Overcoming imposter syndrome in cybersecurity 
  5. Navigating promotions and layoffs

Continue reading

We'll show you how to turn these challenges into success by drawing wisdom and actionable advice from industry experts we've interviewed on our podcast and other resources. 

Challenge 1: Picking your cybersecurity career path 

The beauty of cybersecurity is in its breadth. Unlike linear career paths, cybersecurity offers a multitude of directions you can take once you get started. The ISC2 study highlights this point, with 80% of professionals agreeing there are more pathways...

Cybersecurity is a dynamic field that can be both challenging and rewarding as a career. The recent ISC2 Cybersecurity Workforce Study revealed that while 75% of cybersecurity professionals believe their job is getting harder, 70% of those same professionals report being very or somewhat satisfied with their careers.

That satisfaction is due to the unique blend of intellectual stimulation and problem-solving, as well as the immense satisfaction of protecting critical systems and data that cybersecurity offers. 

However, as you navigate your mid-career journey or take on a leadership role, you'll inevitably encounter roadblocks to growth. This guide will explore the five most common challenges faced by mid-level and manager-level cybersecurity professionals: 

  1. Picking your cybersecurity career path 
  2. Keeping up with the industry and emerging technologies 
  3. Preventing and overcoming cybersecurity employee burnout 
  4. Overcoming imposter syndrome in cybersecurity 
  5. Navigating promotions and layoffs

We'll show you how to turn these challenges into success by drawing wisdom and actionable advice from industry experts we've interviewed on our podcast and other resources. 

Challenge 1: Picking your cybersecurity career path 

The beauty of cybersecurity is in its breadth. Unlike linear career paths, cybersecurity offers a multitude of directions you can take once you get started. The ISC2 study highlights this point, with 80% of professionals agreeing there are more pathways into cybersecurity today than ever before, and 82% viewing this as a positive for the industry. 

However, navigating this abundance of options can be overwhelming. The same ISC2 study breaks down the most common transitions after a first cybersecurity job: 

  • Practitioner to manager (35%): As a practitioner, you gain hands-on experience in cybersecurity. Transitioning to a manager role involves overseeing a team, setting goals and managing projects. This path allows you to combine technical skills with leadership and strategic thinking. 
  • Specialist to generalist (26%): Specialists develop deep expertise in a specific area, such as penetration testing or incident response. Becoming a generalist means broadening your knowledge across various domains. This path suits those who enjoy learning about different aspects of cybersecurity and solving diverse problems. 
  • Generalist to specialist (19%): Generalists may choose to specialize in a specific area to gain a competitive edge or deep in their expertise. This path allows you to focus on a niche, become an expert and potentially earn a higher salary. 
  • Started working as an independent contractor (16%): Independent contractors enjoy the freedom of working for themselves and choosing their clients. This path is ideal for those who value autonomy, have strong time management skills and can handle unstable income. 

As you can see, any pivots to where you go next are often influenced by where you started. Here are some other common cybersecurity job transitions from the ISC2 study: 

  • Private sector to public sector (13%) 
  • Started own cybersecurity business (13%) 
  • Public sector to private sector (11%) 
  • Become an educator (8%) 
  • Independent (contractor or own business) to an organization (5%) 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Follow your cybersecurity interests 

"You don't have to pick the aspect of security that you're going to be in for the rest of your life," explained Alyssa Miller of S&P Global Ratings. Most cybersecurity professionals will go through many different roles in their career, so don’t be afraid to embrace trying new things. 

Following your natural interests and continuing to evolve is the key to finding a successful and long-term cybersecurity career. Miller recommends regularly reading security blogs and seeing what you gravitate to. What you enjoy learning about may provide direction for where to point your career. 

Challenge 2: Keeping up with the industry and emerging technologies 

Cybersecurity constantly evolves alongside new technology and the tactics employed by attackers. A study by ESG and ISSA found that 81% of cybersecurity professionals believe complexity and workload have significantly increased, and 59% think cyber threats have increased as the attack surface has grown. 

Opportunities in cybersecurity have grown as threats have escalated. This report also found significant skill shortages in specific areas: 

  • Application security (38%): Mastering application security allows you to identify and mitigate software vulnerabilities before someone can exploit them. 
  • Cloud security (37%): As cloud adoption grows, expertise and securing cloud environments becomes increasingly valuable. 
  • Security analysis and investigations (27%): Developing your skills in analyzing security incidents and investigating cyberattacks is crucial for effective response and prevention. 
  • Security engineering (27%): Security engineers design and implement security Solutions to protect an organization's systems and data. 

According to the ISC2 workforce study, hiring managers echo these in-demand skills. Cloud security (32%) tops the list, with communication skills (31%), risk (31%), security analysis (28%) and security engineering (28%) close behind. Of course, these aren’t the only career options, but if you’re looking to upskill, starting with the biggest demands isn’t a bad approach. 

Here are some ways to keep your knowledge up to date: 

Importance of selling your skills — and yourself 

"How do you tell a compelling story about who you are and what's the differentiated value you bring to the table?asked Katie O'Malley, founder of (en)Courage Coaching and Counseling 

"Most people don't like to sell themselves. Especially women, we feel like we can't toot our own horn," said O'Malley. But you must get past this. Effectively communicating your skills and accomplishments is essential for career advancement.   

Challenge 3: Preventing and overcoming cybersecurity employee burnout 

The relentless pressure to stay ahead of ever-evolving threads and constant change due to emerging technologies, corporate restructuring and regulatory updates can create a perfect storm for cybersecurity burnout. ISSA and ESG found that burnout is the third highest cause (28%) for chief information security officers to change jobs. 

Combating burnout requires a two-pronged approach: fostering a supportive work environment and prioritizing individual self-care. 

For managers, this means: 

  • Creating a culture of open communication: Employees shouldn't fear repercussions for seeking help or taking breaks. Leaders must set the tone by openly acknowledging the demanding nature of the work and encouraging team members to prioritize their well-being. 
  • Providing professional development: Offer opportunities for your team to stay current on the latest threats and Technologies through conferences, training courses and certification programs. 
  • Allowing flexibility: Consider flexible work arrangements, remote work options or compressed work weeks to help employees manage their responsibilities. 
  • Promoting work-life balance: Encourage employees to take vacations, use PTO and set boundaries between work and personal life. 
  • Keeping work manageable: Distribute tasks effectively and avoid overloading team members. 
  • Rotating roles: Rotate team members across different cybersecurity functions to prevent monotony and promote skill development. 

Individuals can prevent burnout by: 

  • Prioritizing overall well-being: Take a holistic approach to health. Look at all aspects of your life and set goals for each for a more balanced life. 
  • Practicing self-care: Engage in activities that reduce stress and promote relaxation. This could include exercise, spending time in nature, meditation or pursuing hobbies. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Reprioritize your life to combat burnout 

Karen Worstell, the Senior Cybersecurity Strategist at VMware, explained that sometimes you need to reprioritize parts of your life to prevent burnout 

For many people, "everything they do kind of revolves around their work," she said. Try to look at the whole picture of your life and set goals for improvement in each area to create a well-rounded and fulfilling life. 

Challenge 4: Overcoming imposter syndrome in cybersecurity 

Imposter syndrome is a psychological pattern where individuals doubt their accomplishments and skills despite evidence of their competence. It manifests as a persistent feeling of inadequacy and a fear of being exposed as a "fraud." This phenomenon is surprisingly common and affects high-achieving professionals across all industries, including cybersecurity. 

Even seasoned cybersecurity professionals with impressive track records can fall prey to imposter syndrome. Alyssa Miller, a recognized cybersecurity leader, shared her experience with imposter syndrome in a Cyber Work Podcast. Early in her career, she led a large vulnerability management program for a Fortune 200 company. Despite the significant accomplishment, self-doubt crept in, and she downplayed her role. Later, when passed over for promotion under questionable circumstances, imposter syndrome resurfaced, leading to a loss of confidence. 

While imposter syndrome can strike at any stage of your career as it did for Alyssa, there are some strategies you can use to combat it: 

  • Challenge negative self-beliefs with evidence of your skills and accomplishments. 
  • Find a mentor who can offer guidance, support and honest feedback. 
  • Focus on continuous learning to stay ahead of the curve. 
  • Keep a record of your achievements, certifications and positive feedback. 
  • Engage with other professionals in online forums and at industry events or cybersecurity meetups to realize you're not alone. 

There's no such thing as a stupid question 

"When I was younger and coming into this industry, I just didn't have the confidence,said Susan Morrow, head of research and development at Avoco Secure. “I thought, 'I'm just not as good as they are. I just need to hide. I don't want to speak to anybody.'"  

Morrow said there should be an open mic culture in cybersecurity to prevent this thought process. "We need to ask questions because there is no such thing as a stupid question in cybersecurity." 

Challenge 5: Navigating promotions and layoffs 

The cybersecurity industry experiences natural ebbs and flows of hiring and layoffs. Whether you hope to advance at your current company or transition to a new organization, positioning yourself as an asset is crucial. 

The most valuable asset you can possess is a commitment to continuous learning. The study by ESG and ISSA identifies networking and attending more training as the top two ways to advance in cybersecurity. This aligns with the perspective of security professionals themselves. The same study highlights that additional training is the most effective way for organizations to improve their cybersecurity programs. 

The ISC2 study reinforces this point, indicating that investing in training is the primary strategy to overcome staff shortages. The study also ranks cybersecurity certifications as the second most important qualification for cybersecurity professionals after communication skills. The study also suggests that certifications hold more value than independent experience or entry-level degrees. 

Therefore, to remain a valuable asset and get noticed as one, it's important to: 

  • Actively seek out opportunities to expand your knowledge and stay current with the latest threats, technologies and best practices. 
  • Network and build relationships with other cybersecurity professionals by attending industry events, joining online forums and connecting with people on LinkedIn. 
  • Take initiative, volunteer for challenging projects and share your knowledge with others to showcase your leadership potential. 

Choosing the right certifications for career advancement 

With various certifications available, selecting the most relevant and valuable credentials can be challenging. Popular vendors like CompTIA, ISACA and ISC2 offer globally recognized certifications that can help boost your career prospects. Technology giants like Cisco, Microsoft and AWS provide specialized certifications tailored to their respective platforms and solutions. 

When choosing certifications, align your selections with your career goals and areas of expertise. For instance, if you aspire to a leadership role in cybersecurity management, certifications like the CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) may be more relevant than technical certifications focused on specific technologies or platforms. 

Keep a wide view of your career options 

It’s important not to narrow your career view, explained Maxime Lamothe-Brassard, founder of LimaCharlie. As you progress in your career, explore different areas of cybersecurity and gain a broad understanding of the field.  

"It's really important to try to understand what the tool is doing, what's happening behind the curtain," he said. Building this fundamental knowledge is key because it allows you to adapt to new situations and technologies, future-proofing your career.  

Choosing the right cybersecurity career path 

The cybersecurity profession offers a rewarding career path and cybersecurity professionals are in high demand, but choosing to be one is not without its challenges. This guide has explored five common hurdles faced by cybersecurity professionals on their career journeys: 

  • Choosing a career path 
  • Keeping up with technology and the industry 
  • Burnout 
  • Imposter syndrome 
  • Promotions and layoffs 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

The good news is that these challenges are not insurmountable. Here are the steps to tackle them head-on: 

  • Network with other cybersecurity professionals for tips, new opportunities and support. 
  • Develop strong communication and collaboration skills, which are essential in cybersecurity. 
  • Never stop learning to stay ahead of new technology and threats. 
  • Pursue certifications to validate your skills and stand out. 
  • Embrace a culture of change and stay prepared for new opportunities. 

By taking the steps outlined in this guide, you can position yourself for a successful and fulfilling career in cybersecurity. The future of cybersecurity is bright, and you can be a part of it with dedication and perseverance.   

Jeff Peters
Jeff Peters

Jeff Peters is a communications professional with more than a decade of experience creating cybersecurity-related content. As the Director of Content and Brand Marketing at Infosec, he oversees the Infosec Resources website, the Cyber Work Podcast and Cyber Work Hacks series, and a variety of other content aimed at answering security awareness and technical cybersecurity training questions. His focus is on developing materials to help cybersecurity practitioners and leaders improve their skills, level up their careers and build stronger teams.