If you are in your 20s or 30s and working in Cybersecurity then read this

The Cybersecurity Career Advice I Would Give My Younger Self

In 2025 I will complete over twenty three years in Cybersecurity .. a fact that makes my mind boggle

Looking back I would love to time-travel and give my younger self some wisdom so I can avoid the mistakes I made. This is The Cybersecurity Career Advice I Would Give My Younger Self

Unfortunately, I cannot do that so the next best thing is to give newcomers some good old fashioned career advice

-

If you are in your 20s or 30s then this advice might be very useful to you so pay close attention!

1. Certifications Do Not Equal Career Growth

Cybersecurity certifications are massively useful .. do not get me wrong

BUT they are not a silver bullet anymore

In 2005 .. I was getting job offers left and right after completing the CISA and CISSP certs but those days are long gone

The market is filled with certified individuals who cannot get jobs

Do not go overboard with certs but balance them with learning hands on skills

I made this mistake multiple times when I equated career stagnation with not having the latest cert !

Which brings me to my next point

2. Do Not Neglect A Career Plan

Do you have a career plan in Cybersecurity ?

Or does your strategy equal waiting for your manager to promote you in the coming year or getting a bonus?

This is one of the easiest ways to get frustrated in your career

Do not wait around for something to happen

Open LinkedIn and find your dream job and then gap yourself against it

What areas or skills are you falling short in ?

Use that to create a tactical plan for the next 12 to 18 months

3. Cybersecurity Incidents Will Happen No Matter What

As a wise person once told me:

It does not matter how well-prepared you think you are or how many AI-powered products you implement.

There will always be incidents that come out of nowhere and destroy your false sense of security.

Focus on stabilizing the situation, then on the lessons learned.

Avoid the blame game — it’s counterproductive.

Instead, identify what training, tools, or processes could prevent a recurrence.

4. Don’t Get Caught Up in Buzzwords and Tools

The cybersecurity industry loves buzzwords like “Zero Trust,” “shifting left,” and “cyber kill chain.”

These are concepts to be applied, not products to be bought.

Avoid over-reliance on third-party tools; invest in your team’s expertise instead.

An experienced analyst who knows the environment is worth more than any shiny new tool.

5. Be Your Own Marketing Machine

A bitter pill to swallow not just in Cybersecurity but any industry is that the most qualified person doesn’t always get the job

Often it is the person who markets themselves the best.

Resume writing, interview skills, and networking are critical to career success.

Treat your career like a business, and position yourself as its CEO.

No one else will if you don’t stand up for your career path or income.

Promotions, raises, and career advancements won’t magically appear.

Take control by setting goals and actively pursuing opportunities.

6. Don’t Stay Too Long in One Job

We have all been there

You stay in one position and find out that the market has passed you by

Suddenly newly graduated professionals are earning as much as OR more than you.

Staying in one position for too long can lead to wage stagnation.

Regularly assess your career to ensure you’re staying competitive.

7. Nobody Cares About The Long Hours You Worked

Cybersecurity and most tech jobs in general have a overtime problem

Remember that while long hours and overtime often go unnoticed by employers but are keenly felt by your family.

Don’t sacrifice work-life balance in the hope of being rewarded.

Instead, focus on delivering value efficiently.

When layoffs happen .. “When did this employee leave the office everyday?” is not a question that is asked by HR!

8. Build Your Brand Outside Your Job

Relying solely on your job makes you vulnerable to layoffs and market shifts.

Cybersecurity offers fantastic opportunities for personal branding.

Sharing LinkedIn posts isn’t enough.

Build a robust industry profile by:

• Creating and sharing course content on platforms like Udemy.

• Speaking at cybersecurity conferences.

• Writing a book — a challenging but rewarding way to showcase your expertise.

  
  

Mentorship and teaching are also fulfilling ways to give back to the cybersecurity community.

Sharing your knowledge not only helps others but also reinforces your own expertise.

A strong industry network will open doors and provide stability if you ever find yourself between jobs.

Check out this newsletter I have started that focuses on Cybersecurity side hustles that might give you some good ideas

9. Embrace Change and Adapt

Being stubborn or resistant to change will hold you back.

The earlier you adapt to new trends and requirements, the better prepared you’ll be for the future.

Today it is GenAI .. tomorrow it will be Quantum Computing or something else

Complaining about it will not change anything

See what trends are changing the industry and feed that into your learning plan for the coming year

10. Becoming A CISO Is Not The Measure Of Success

This is something I truly wish I knew over 10 years ago

I thought becoming a CISO is what separates successful cybersecurity professionals from the failures

And yet when I became a CISO I was not happy in the job at all

Instead of doing technical stuff I was bogged down with budgets and PowerPoint presentations all day long

Cybersecurity is a massive field with a huge number of career paths

Not everybody is going to become a CISO nor do they need to be !

Find out your own long term goal be it starting your own cybersecurity company or becoming a consultant

Do not follow the crowd

That wraps it up

I hope these insights help and inspire the next generation of cybersecurity professionals.

The journey is challenging but incredibly rewarding.

Take control of your career, and don’t forget to enjoy the ride!

Taimur Ijlal is a multi-award-winning, information security leader with over two decades of international experience in cyber-security and IT risk management in the fin-tech industry.

Taimur can be connected on LinkedIn or on his YouTube channel “Cloud Security Guy” on which he regularly posts about Cloud Security, Artificial Intelligence, and general cyber-security career advice.