This is an OpEd piece - if that's not your thing, you can stop reading now. Otherwise, I hope my position can shed some light or at least give a few some encouragement to keep moving the needle forward.
Â
I keep reading posts on LinkedIn and elsewhere from leading voices in our industry about how people should "bugger off" if they aren't doing this or that. Without throwing shade at any one individual, I will state it's much easier to claim one isn't needed when one is already shouting it from the mountaintop with all the bluster and vitriol - not to mention captive audience - one can muster. But ask that same person how they got to the mountaintop and the silence will be deafening. Or worse, ask what YOU should do to achieve their same level of success and then you'll be the recipient of a non-stop barrage of excuses on why there's no roadmap, guide, signpost, cairns, etc. along your journey and how you should be encouraged and emboldened to blaze your own trail and "do you". Screw that. That's pure fear talking. And if it isn't, it's worse - apathy. Remember folks, at the end of the day, it's much easier (i.e., it takes far less time) to tear someone down than it does to build them up.
Cybersecurity's Main Problem in a Nutshell
The problem with the Cybersecurity industry isn't complex, it's not even skills based as we would have everyone believe and as we keep telling ourselves over and over so it becomes true, it's not even whether you want to break or fix stuff. It's purely an age-old and human one - ego. Those who have it and yield it, and those who don't yet feel confident enough to yield it, but know they want it at their disposal, nonetheless.
Think I'm off the mark here? Let me present all those articles on breaking into cybersecurity, all the make lemonade from lemons rejections-but-keep-going-because-someone-will-eventually-hire-you posts, all the constant re-hashings of imposter syndrome and the validation that comes after/with it, all the paper tiger arguments from individuals who may have never sat a cert test in their life because they're "above it all" as proof.
Still need more? How about the constant postings of certifications earned and badges won from anything and everything cyber-related. Why do we do this? Quite simply, it's for the validation. We all want to feel connected within the community we work in or have chosen as our field of expertise. Whether this validation is consciously or subconsciously sought is based on the individual, but we're all the same. We want to be heard and we want to contribute. Heck, we're even using a platform aptly named to connect us all.
How can I contribute if I keep getting told no, or don't do that?
It's a fair question and an honest one. The answer is keep contributing while you are being told no or don't do that. That's not to say don't listen or ignore good advice on why you might want to go about a task or action a certain way, but don't let the naysayers, and there will be plenty of them, dissuade you from climbing the same mountain they did. You might even catch several of them looking up at it from base camp when you pass. Just because their careers went a certain way, or they experienced things a certain way doesn't mean you will repeat it or follow their footsteps one for one.
So how do we apply this to our every day? Let's address some of those points from above.
Advice - we'll close this article with more on this topic in a little bit but suffice it to say for now that advice is freely given, and it's just that ... free advice. Take it or leave it. But as with most things, why would you surround yourself with naysayers when you're trying to accomplish a new goal, new feat, or new task? You wouldn’t, right? But in the same context, you don't really need to touch a hot stove to know it's hot now do you? Bottom line: situational awareness and a healthy dose of common sense will serve you very well in the cybersecurity field. Apply them both. Liberally.
Starting Out - the best advice I can give those who are starting out in this industry is to seek out others who have recently been successful in their bids to land jobs in cybersecurity and stop putting so much precedence on the folks who have been in the industry for years or decades. It's not that these wizened or seasoned professionals aren't sympathetic or willing to help in some cases, it's just that it's been quite some time since they were starting out and there's a lot of change and nuance in the industry, and memories are fickle not matter how well-trained. So what might have worked for them, could be obsolete or non-existent today. You'll have better luck getting advice from others who are freshly minted professionals and hearing or learning what they did. That said, there is no excuse to sit back and wait to be handed a job. No one owes you anything. Similarly, make sure you are applying for those jobs you're qualified for - if you don't have experience, volunteer or ask about internships.
Affirmation - all of us have or experience imposter syndrome during at least one point or another within our career. It simply goes with the turf. This field is full of technology that constantly evolves and a higher-than-average number of smart individuals performing important jobs, sometimes under sustained periods of stress or pressure. Going toe-to-toe or holding one's own can sometimes be daunting. The reality is, if you're not experiencing imposter syndrome at some time, you're either not challenging yourself, asking the right questions, or you're simply superhuman. The latter is by far the rarest occurrence. So, keep at it. Keep learning more and keep pushing ahead.
Rejections - rejections are common. Try to develop a thicker skin and do not let their number or frequency get you down. Sometimes, rejections can be a blessing in disguise as they can save you from an otherwise ill-fit or experience. Rejections can also be good sources of information for where you need to concentrate or focus your time spent - perhaps you're great at the technical but have a hard time speaking articulately or concisely? Regardless, use the rejections as a form of self-improvement. And also remember that not everything needs to be posted online. This is especially true for rejection notices. Not every employer relishes the idea that their business be made public. There is a lot to be said for mutual respect.
Certifications - the so-called "paper tiger" argument. There are two types of cybersecurity professionals out there - those who support certifications, and those who don't. You will meet both. Does a certification entitle you to anything? No, it doesn't. Is it a substitute for work experience? No, it isn't. Should it matter in your hiring decision? Possibly. So what is it good for then if it's deemed of non-value to some and valuable to others? One thing and one thing only - learning and retaining the knowledge from that learning. If you are expecting anything else, you will be disappointed.
Online. Online resources and social media platforms are good for the industry, but they are not a substitute for person-to-person interactions. After all, how much can you truly know about an individual simply by reading their blogs, posts, articles, etc.? Probably quite a bit actually. But just because a platform tells you you're "connected" or you're "friends" doesn't necessarily make it so. It's good to have these connections or acquaintances online, yet you do not need them to validate you or your pursuits or place in cybersecurity.
What to make of it all?
No one here on LinkedIn, me included, or anywhere else online is going to be able to set out the definitive path for you or validate that your place is in cybersecurity. Nor should we. You need not blaze the trail alone by any means, but please take the time to learn from others and be cognizant of those who have come before. Frost, the poet, wrote of taking the path less traveled and that making all the difference, but that's not an invitation to walk blindly into a cybersecurity snowstorm when all your colleagues are telling you that's a bad idea. Apply yourself with grace, compassion, and a healthy dose of self-deprecation and skepticism.
And when you're feeling like an imposter or hearing that cacophony of industry pundits bellowing loudly in your ears about why you're not wanted, just remember that we like catchy phrases and analogies in cybersecurity. So here's one that's been borrowed from elsewhere and that I think is wholly apropos for this situation and latest trend - remember that when all these naysayers crop up and you're down on yourself and your abilities - opinions are like rear ends, everybody's got one. Hang around them long enough and they're going to start to smell no matter how freshly powdered.