From the company featured.com, we asked industry experts to share one piece of advice they wish they’d received earlier in their cybersecurity careers and how it would have benefitted them. Here are their strategies for managing human error, balancing security measures, and proactively managing risk.
6 Cybersecurity Career Tips – Insights from the Experts
- Technical Skills Open Doors, Communication Keeps Them Open
- Adopt an Agnostic Approach to Tech Solutions
- Human Error Management is Critical in Cybersecurity
- Balance Server and Application Security
- Learn to Build Before You Learn to Break
- Proactive Risk Assessment is Crucial
Technical Skills Open Doors, Communication Keeps Them Open
One piece of advice I wish I had received earlier in my cybersecurity career is that technical skills will open doors, but communication skills will keep them open.
Early on, I was focused on mastering the latest tools, threat detection methods, and compliance frameworks. While that knowledge was critical, I later realized that the ability to clearly explain risks, justify security investments, and align cybersecurity goals with business objectives was just as important.
This is especially important for those exploring how to get into cybersecurity without a degree. Building a foundation of strong communication, practical knowledge, and self-driven learning can open career paths that don’t rely solely on formal education.
If I had embraced this earlier, I could have built stronger relationships with leadership, accelerated buy-in for security initiatives, and avoided situations where technical insights were overlooked due to poor messaging. This understanding ultimately shaped how I built my company, ensuring that cybersecurity professionals are hired for their technical expertise and evaluated on their ability to influence and collaborate.
Amit Doshi
Founder & CEO, MyTurn
Adopt an Agnostic Approach to Tech Solutions
One piece of advice I wish I had received earlier in my cybersecurity career is the importance of adopting an agnostic approach to tech solutions. This approach has been central to how we operate. By not binding ourselves to a single vendor, we reduced our clients’ technology costs by over 30%. We avoided being caught off guard by security threats that a more limited tech stack might have exacerbated.
An example of this approach’s success was when we guided a healthcare provider through a serious security breach. By leveraging multiple security providers, we reduced the mean time to respond by 40% without needing an expensive 24/7 SOC team. This mitigated the immediate threat and saved the organization significant costs in manpower and infrastructure.
By fostering an agnostic strategy, we can tailor solutions to specific security needs, such as deploying Managed Detection and Response (MDR) technology. This proactive security measure cut incident response times to just 15 minutes and resulted in over 80% savings in security costs, demonstrating how adapting flexible and diverse technological approaches can be highly effective in managing and mitigating risks.
Ryan Carter
CEO/Founder, NetSharx
Human Error Management is Critical in Cybersecurity
I wish we had realized earlier that humans are the most critical step in the cybersecurity chain. Most cybersecurity experts will agree that human error is a vital thing to manage, so on reflection, doing more training, allowing people to understand more about why certain things were necessary, and then helping people to manage their own knowledge and training at a higher level, would be a great way to help everyone stop the surge of cybersecurity issues. In this regard, I think a “change management” focus for cybersecurity companies early on would have been a great thing to do earlier.
Andrew Lance
CEO, Sidechain Security
Balance Server and Application Security
Early on, I wish someone had emphasized the importance of a dual focus on server and application security. While at my current company and Cleanspeak, I learned that neglecting either aspect can lead to glaring vulnerabilities. For instance, the Milwaukee Bucks incident and LinkedIn hacks underscored the necessity of robust, multi-layered security strategies that address varied attack vectors, from brute force to phishing.
By carefully balancing server hardening with application defenses, our teams could protect user data even when faced with evolving cyber threats. Utilizing Purple Teams, our approach proved effective by fostering collaboration and maximizing cybersecurity efforts without straining resources. This strategy notably fortified our systems against breaches and saved resources over time.
As demonstrated by OWASP guidelines, recognizing the necessity of evolving security protocols, like frequently increasing the work factor for password hashing, is also essential. This knowledge allowed us to adapt our systems swiftly, maintaining both scalability and security, averting potential disasters that can stem from underestimated vulnerabilities.
Brian Pontarelli
CEO, FusionAuth
Learn to Build Before You Learn to Break
If there’s one piece of advice I wish I had received earlier, it’s this: Learn to build before you learn to break.
Early on, I was like every other script kiddie—firing up prebuilt tools, running exploits, and thinking that was the game. It worked, but only to a point. The real shift happened when I learned data engineering, full-stack development, and system architecture. Once I understood how things were built, breaking them became second nature. Debugging systems exposed vulnerabilities before I even had to test for them.
And then there’s the data. If you can’t sift logs, parse anomalies, and wrangle massive datasets, you’re just another player in the game. The best red teamers, the best blue teamers—they beat AI, not just other humans. AI-driven attacks are scaling. Defensive AI is advancing. If you can’t out-think it, you’re obsolete.
So if you want to elevate your cybersecurity game? Stop just breaking things—start building.
Dr. James Utley MSc, PhD
Scientist, Biohacker, Transhumanist, Engineer, Syndicate Laboratories
Proactive Risk Assessment is Crucial
Early in my cybersecurity career, I wish someone had stressed the importance of a proactive risk assessment approach. Understanding and applying a custom cybersecurity framework drastically reduced breach attempts by over 70%. This proactive risk assessment allows businesses to anticipate vulnerabilities and align their security strategies with operational demands, ensuring compliance as both business needs and threats evolve.
Another indispensable insight would have been the critical role of integrating AI into security operations. Implementing an AI-driven incident response system reduced our alert response times by 60%, freeing up resources to focus on strategic initiatives rather than being mired in manual processes. Using AI for triaging has proven to be a game-changer, preventing threats before they cause significant harm.
These experiences underline a lesson: that staying ahead in cybersecurity requires embracing innovative technologies and aligning security measures with business needs. Considering both technological advancements and organizational demands, a custom approach improves resilience and promotes seamless operational growth.
Ali Khan
Founder & CEO, MOATiT
Featured Image Credit: Photo by Christina Morillo; Pexels
