What Specifically Do You Want to Do in Cybersecurity?

When I asked graduate students what specifically they want to do in cybersecurity, a lot of them say cyber threat intelligence (CTI). Why? Probably because it sounds cool. It is cool, but that’s not the point. The point is that sometimes people fixate on a cybersecurity specialty, which their resume doesn’t support. If you have neither cybersecurity experience nor real-world intelligence experience (federal agencies or military), you’ll likely struggle marketing yourself for those specialty roles.

You’ll find it easier to land a more generalist role and move into a specialist role after you’ve gained some experience and proven yourself. Role mobility is a lot easier to come by within an organization, than as an outside hire.

Focus on finding cybersecurity analyst opportunities, where you can learn and get wide exposure. I’ve seen cybersecurity generalists move (and sometimes be promoted) internally to forensic investigation, threat hunting, and yes, cyber threat intelligence roles.

Undoubtedly lots of people have a friend, classmate, or relative, whose first cybersecurity job was some exotic specialty. That’s great, if you can pull it off. Just don’t lose the plot. You have a greater chance of landing an entry-level generalist role. (For career changers maybe even a non-technical cybersecurity role.) Get your foot in the door, then show them what you’re made of.

After a year or so you’ll be a bona fide cybersecurity professional. Use that time to continue to self educate, learn some new skills, and network internally. Then you can find your path to any number of specialty roles.