5 Myths about Starting a Cybersecurity Career

Cybersecurity is a rapidly growing field with excellent career prospects. There are two main reasons. First, the cybersecurity market is increasing and is forecast to reach a global volume of $273.6 billion by 2028 (CAGR of 10.48%). Second, the cybersecurity skills shortage persists.

So many organizations are developing cybersecurity teams and budgeting for cyber solutions, but more people need to fill the roles. Yet, despite these opportunities, professionals can be discouraged from pursuing cybersecurity because of common misconceptions about the field. In this article, I’ll bust the five myths about starting a career in cybersecurity.

Myth 1: Cybersecurity is too complex for beginners

One of the most significant myths about cybersecurity is its perceived complexity. People often fear complex things, and many believe cybersecurity is too challenging to grasp. They may imagine a lone cybersecurity analyst in a windowless room fighting an impossible battle against a faceless bad actor or triumphing only through a genius level of technical savvy and know-how. Even if they developed this image from the exaggerated portrayal of cyber in movies and shows, it could be powerful enough to hide reality and reflexively push them away from cybersecurity as a career option.  

The truth is that while cybersecurity is indeed complex in some ways, it is in no way an insurmountable challenge. If it were, cybercriminals would dominate the cyber game, and businesses would be ruined. Instead, cybersecurity professionals spend their days breaking down complex concepts into manageable chunks. This helps them build a strong foundation of information and knowledge, which provides the basis for everyday problem-solving. Experienced cybersecurity professionals usually have an advantage over beginners because they’ve seen the evolution of cyberattacks and solutions, but they, too, started from somewhere. Ultimately, anyone who wants to learn how to solve complex problems in cybersecurity can build a thriving cybersecurity career. No single type of person, worker, or learner fits this mold, either — cybersecurity professionals come from diverse backgrounds, and they’re not all “geniuses.” 

Myth 2: Cybersecurity pros are coding wizards

Another prevalent myth is that you must be a coding wizard to have a successful career in cybersecurity. While coding skills can be advantageous, they are not required for all cybersecurity roles. 

Another way to bust this myth is through the Chief Information Security Officer (CISO) prism. A CISO is the company's highest level a cybersecurity professional can rise to. A CISO will have some technical cybersecurity mastery, but that’s their least relevant qualification. A CISO’s leadership skills and fit within their organizational culture are far more vital. This is to say when people climb into higher managerial roles, they’ll move away from skills like “coding.” As a matter of fact, they may have never coded anything.

If you’re interested in a career in cybersecurity, focus on mastering the core principles and concepts and choose a specialization that aligns with your skills and interests. That may include coding, but it doesn’t have to.

Myth 3: Cybersecurity roles are all highly technical

Many individuals assume that a career in cybersecurity means being confined to a narrow set of technical roles. This misconception couldn't be further from the truth. Cybersecurity offers a diverse range of job titles and specializations. Beyond technical roles like ethical hackers and security analysts, there are plenty of non-technical roles such as IT auditors, Governance, Risk, and Compliance (GRC) specialists, and IT product managers — all critical in ensuring an organization's security posture. 

Let me elaborate a bit more. When organizations assess their likelihood of being attacked, most conclude that bad actors will constantly threaten them. Defending against attacks isn’t about implementing a zero-trust solution and never thinking about cyber again. It requires a strategic company-wide approach focused on winning the cyber war — forever. To do this successfully, an organization can’t just put their employees through a single round of phishing training. They need consistent investments in cybersecurity, from taking a defense-in-depth posture to developing an incident response plan. These big projects involve people with various skill sets in several parts of the organization. Technical expertise is important, but it’s hardly the only skill. 

Myth 4: You need a college degree with a major in cybersecurity 

In the past, a college degree might have been a prerequisite for entering the cybersecurity field. However, the landscape has evolved significantly. According to the U.S. Bureau of Labor Statistics, you don't need a bachelor’s degree to kickstart your cybersecurity career — 31% of information security analysts do not have one. Nor do you need a “traditional” four-year college education with a major in cybersecurity (not to mention a cybersecurity degree isn’t a standard offering) — degree programs that can cost up to $250,000. Accelerated programs such as cybersecurity boot camps, community college courses, and online learning platforms like Coursera, Udemy, and Maven offer comprehensive cybersecurity education that can train people from all backgrounds, whether starting in the workforce or switching careers. 

There are a few reasons for this shift in the education requirements for a cyber career. 

• One is that non-traditional educational paths favor a skill-building approach over knowledge attainment, so these programs often make hands-on lab work and practical experience the focus of their workload, which employers greatly value since business security has real-world stakes and is never just an academic exercise. 

• Another is that being a cyber pro is like being a digital detective. Developing and maintaining an effective attack surface management solution includes soft skills like curiosity, imagination, persistence, and attention to detail, which you don’t need to go to college to learn. 

• Also, cybersecurity occurs in the digital universe, where the threat landscape quickly changes. Hence, learning how to defend an organization from bad actors aligns well with the online education movement — seven of the 17 most popular IT certifications involve security. 

Speaking of certifications…

Myth 5: You need tons of certifications

As a credential, cybersecurity certifications can be just as valuable as a four-year bachelor’s degree. They can even boost your prospects of getting a job — your new certification may align with a specific market need, or it may help you strengthen your professional network or develop a unique skill set in an evolving area of cyber. But certifications are not the be-all and end-all of a successful career; simply collecting them is unlikely to advance your career.

Certifications are a case of quality over quantity. Certifications should complement your practical skills, not be a stand-in for your career development. If certifications offer you the opportunity to get new real-world problem-solving skills and practical experience — that’s good. If they give you hands-on lab experience and the chance to apply your knowledge to address real-world cybersecurity challenges, they can make you highly marketable — even better. In this way, certification courses can be helpful for an entry-level professional who hasn’t had the time to gain enough first-hand, on-the-job experience. But just amassing tons of certifications will not help your career. 

Conclusion

In conclusion, a career in cybersecurity is more obtainable than some may believe. By dispelling these five common myths, I encourage individuals to pursue their passion for cybersecurity. Remember that complexity can be conquered, coding skills are not mandatory for everyone, degrees are no longer the only path, job titles are diverse, and certifications should be coupled with practical experience. With determination, dedication, and a commitment to learning, anyone can embark on a successful and fulfilling career in cybersecurity.

After all, tomorrow is another day… to share this article with all your besties!

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD