If I Had to Start Over in Cybersecurity, Here's What I'd Do Differently

I didn't take the "traditional" path into cybersecurity, because when I started, there wasn't one.

My degree? Mathematics. But that had nothing to do with how I landed my first security job. My real break came in the Air Force, managing Top Secret systems as a Communications and Computer Systems Officer. That role gave me military-grade security experience and a Top Secret clearance, but it's not a path most people can follow (or one I could repeat if I had to start over).

If I were starting today, I'd take a completely different approach. And if you're looking to break into cybersecurity—or level up—here's what I'd do to get ahead faster.

Plan your career—don't drift

For 10 years, I had a stable, comfortable security job. Then I got laid off.

I wasn't prepared. I assumed the role was secure, so I wasn't actively growing my career. When it ended, I had to scramble to reposition myself, and that's when I realized I had wasted years coasting instead of being intentional.

What I'd do differently 

• Define my long-term cybersecurity career path early (offensive, defensive, leadership?)
• Choose roles that build toward that goal, not just do what's comfortable
• Take on stretch assignments and leadership opportunities sooner
• Lesson learned: Cybersecurity careers don't just "happen." You have to drive them.

Skip the degree (unless you absolutely need it)

I have a degree, but let me be blunt: it didn't get me into cybersecurity.

Most security jobs don't require a degree. If I were starting over, I wouldn't spend years in school unless I had a very specific goal, like:

•  Becoming a CISO or security executive (some companies still prefer degrees)
• Working in federal security or a government contractor role (many require one)
• Pivoting from a non-technical background (if I had zero IT/security knowledge)

Otherwise? Experience > degree. Certifications and hands-on skills will get you hired faster.

Get hands-on, not just certified

Too many beginners obsess over certifications without learning how security actually works.

When I started, I had no choice but to learn on the job. But today? You can gain hands-on experience before you ever land a role.

What I'd do differently

•  Set up a home lab (Kali Linux, cloud security, SIEM, malware analysis).
• Get on TryHackMe and Hack The Box (CTFs aren't just for pen testers).
• Practice incident response and log analysis (Splunk, Azure Sentinel, ELK stack).
• Document everything (write blog posts, record findings, post on LinkedIn).
• Certifications help you get past HR filters, but hands-on skills get you hired.

One of my biggest career mistakes? Spending too much time as an individual contributor.

I didn't push for leadership early enough. I was good at security but didn't realize that technical expertise alone wouldn't take me as far as I wanted to go. Leadership roles require different skills: communication, strategy, decision-making. And they come with more impact (and, yes, more money).

• Start building leadership skills early (mentoring, leading projects, public speaking).

• Improve communication and writing (because great security leaders explain risk clearly).

• Transition into management earlier instead of staying in my comfort zone.

  When I finally took a leadership role, it accelerated my career. I led a company to its first ISO 27001, SOC 2, and HIPAA certifications. I should have made that move years earlier. Who knows where I'd be now if I had?

My 10-year job felt stable. Until it wasn't.

I got laid off and I wasn't actively planning my next step. The reality is, no job is "secure." If you're not constantly growing and positioning yourself for the next opportunity, you're vulnerable.

• Always keep learning and evolving. Complacency is career death.
• Make career moves strategically. Don't wait until you "need" to job hunt.
• Take intentional risks. Speak, write, lead, and push your boundaries.
  When I landed my next job, I led the company's entire security program and helped them earn critical compliance certifications. That move supercharged my career. I just should have done it much sooner.
• Lesson learned: Don't settle. Keep growing.

I made plenty of mistakes in my cybersecurity career: staying in a comfortable job too long, not moving into leadership sooner, and underestimating the importance of always planning my next step.

But one thing I got right? Networking.

I've been active in the ISACA Puget Sound chapter for more than 10 years, now serving as chapter president. It's been key to expanding my network, building relationships with security and compliance professionals, and giving back to the community. Beyond my jobs, ISACA board service helped me develop leadership experience outside of work. 

• Get involved in ISACA, ISSA, or ISC2 chapters; don't just attend, volunteer and contribute.
• Attend security conferences and events.
• Engage on LinkedIn and X: comment, share insights, and stay visible.
• Skip Reddit for networking (usually good for info, not connections).
• Most jobs aren't posted. Referrals and relationships get you in the door. 

• Be intentional. Your career won't manage itself.
•  Hands-on skills > degrees and certs. Employers want problem solvers.
• Leadership accelerates your career. Start developing soft skills early.
• Never get too comfortable. Complacency kills careers.
• Leverage your network strategically. Who you know opens doors.
  

If you're breaking into cybersecurity (or leveling up), learn from my mistakes. Take action now. The best time to start is today.

This article appeared originally on LinkedIn here.