Change is constant in any career, and the world of cybersecurity is no exception. Hackers and cybercriminals devise new tactics regularly, and cybersecurity professionals must stay current with emerging threats and new technology. While keeping pace with these shifts is essential, it’s also important to balance your commitment to the field with your personal career goals.
Marc van Zadelhoff, Chief Executive Officer at Devo, has a few career frameworks he’s found invaluable throughout his journey that he shares in Devo’s SOC Career Guide. While he did not invent these from scratch, he’s reworked existing ideas for his own use—and you can too! These frameworks are helpful in any professional or industry setting, proving a great way to take a step back and evaluate your career from a higher viewpoint.
Becoming Acquainted with Change and Challenges
In the cybersecurity domain, change is a known constant. You’ll undoubtedly encounter your fair share of new and rapidly developing cyber threats, changes to your team or role, and organizational modifications. How you evolve and deal with these developments can set you apart and foster your growth.
One model that proved highly beneficial in Marc’s early career days was the “Emotional Cycle of Change,” devised by psychologists Don Kelley and Daryl Connor. Marc added his own touches to this framework, which is particularly useful when embarking on a new role, task, or job.
Here’s what the cycle looks like:
Stage 1: Optimistic, Uniformed
In this phase, you have little information about impending changes—whether that’s promotions, new responsibilities, or changes in roles—and initially, your feelings of excitement and optimism are high.
Stage 2: Less Optimistic, More Informed
As you accustom yourself to changing realities, expectations could seem overwhelming, and your new role might be more daunting than initially thought.
Stage 3: Pessimistic, Informed
At this stage, changes are in full swing, but you haven’t developed the necessary skills or acquired the knowledge to confidently assume them.
Stage 4: Less Pessimistic, Informed
Despite still struggling with new responsibilities, you have started adapting, communicating with colleagues, and setting new processes in motion.
Stage 5: Optimistic, Informed
Congratulations! You’ve successfully adapted to the change.
Unraveling The Incongruity Between Your Responsibility and Ability
Your role, as best embodied by your job title, will not consistently translate to your skill level directly. You might find yourself in a job role you feel underqualified for, leading to feelings of being an impostor. Conversely, you might find yourself waiting months, or even years, for a promotion, leaving you feeling frustrated and stagnant in your present position.
There are three common scenarios that typically occur: The “I’m bored! I’m ready!” situation; the “Help, I’m stricken with impostor syndrome!” predicament and the “I feel completely gratified with my role” state of mind. Feeling completely gratified with your role is a great place to be because you’re striking the right balance between your skills and your job satisfaction. The key takeaway here is to remember that although it is a great feeling to be satisfied with your role, the more comfortable you get, the more likely you are to repeat the cycle and start to feel bored again.
The Triad of Risk: Calculating, Managing, and Prioritizing
The cybersecurity domain is fraught with relentless cyberthreats, and prioritizing tasks can be daunting, which makes risk assessment and management vital elements of this field. A handy formula to help you focus on what matters most is: Impact x Likelihood = Risk. This framework was first developed by the United States Department of Defense, but Marc altered it slightly. It defines risk across four categories: high likelihood, high impact; low likelihood, high impact; high likelihood, low impact; and low likelihood, low impact. The high likelihood, high impact risks that ought to be your top priority, and low likelihood, low impact risks likely need less immediate attention.
Hopefully these three frameworks provide valuable insights to use throughout your cybersecurity career. Whether you are a beginner, working toward a new promotion, or merely seeking general career guidance, make sure you check out our full SOC career guide, which is full of nuggets of wisdom and advice.