General security

How to get promoted in a cybersecurity career

Daniel Brecht
July 1, 2020 by
Daniel Brecht

Introduction: What the cybersecurity talent market looks like at the moment

Are you considering a career in cybersecurity? If so, this is actually a great time to be in the field, especially with an excessive shortage of cybersecurity workers in the United States. 

According to the 2019 ISC2 Cybersecurity Workforce Study, “in the U.S., the cybersecurity workforce gap is nearly 500,000. By combining our U.S. cybersecurity workforce estimates and this gap data, we can calculate that the cybersecurity workforce needs to grow by 62% in order to meet the demands of U.S. businesses today.”

The employment and skills crisis is actually a great opportunity for employees who are seeking to advance their careers but also transfer laterally into cybersecurity positions from other IT fields. Businesses, in fact, are ready to invest in the professional development of current employees and help them take industry-specific courses, obtain certifications or participate in advanced training. 

More and more companies are keen on retaining their workforce and provide opportunities for staff to prove and improve their skills to grow within the job and progress in a cyber security career path through promotion or lateral transfer. Fostering staff that already knows how to work in the environment and has formed professional relationships within the company creates a win-win situation for both the employee and the employer; the in-house person is already familiar with the business and is knowledgeable of the organization, its purpose and mission; he or she is already immersed in its culture and a promotion can only increase loyalty and sense of belonging while providing opportunities and incentives to evolve and emerge. 

Of course, when promoting someone internally, there is also the immediate benefit of saving time and money in recruiting external candidates on job boards, websites or working with hiring agencies.

How to progress in a cybersecurity career

Whether you are already in an entry-level position in cybersecurity or looking for a progression through lateral transfers, there are a number of actions you can take in order to boost your career. 

Having a clear path in mind is the first step, at least in terms of general direction. The cybersecurity field is vast, and employers are willing to offer rewarding jobs to professionals who have specialized in particular sectors. Using a career pathway tool like can help pinpoint which jobs to start with, which roles are most in demand in various areas of the country and what does the natural progression look like in a particular path. 

As Tim Herbert, vice president of research and market intelligence for CyberSeek, explains: the CyberSeek model helps aspiring and experienced security professionals progress through their career by providing actionable data about the job market. The CyberSeek interactive cyber security career roadmap also offers details on salaries, credentials and skill sets associated with various roles.

A cybersecurity career might not be as straightforward as many other IT career paths. After starting in a position that allows professionals to know more of how systems as well as organizations work, the right formal knowledge, experience (passing through roles like cybersecurity analyst, consultant or penetration tester) and industry certifications are key to a quicker progression.

Professionals can start in roles as diverse as network engineer, security analyst, IT auditor, if not as web administrator or developer. Whether entering the field straight after college, transferring laterally from other positions or even coming from the legal, risk assessment or managerial fields, building a strong technical foundation and the will to never stop learning are essential traits for a cybersecurity career.

In addition to acquiring a bachelor’s degree in computer science, cybersecurity or information technology (not a requirement for some jobs, but a valuable asset when progressing through the ranks), there are a number of skills that professionals should strive to acquire through studies and work experience. A working knowledge of Linux has been requested in many ads, as well as project management skills, consulting or analysis skills, communication and presentation skills. 

As the career advances, it is essential that you are able to prove not only keen technical abilities but also aptitude in managing others and a knack for communicating effectively with all stakeholders at any management level.

Specialization is something professionals should always keep in mind. As the demand for cybersecurity professionals grows, so does the need for focused roles; IT practitioners need to really review their talents and strengths to launch themselves in a particular direction, whether it is cloud computing, wireless technologies, databases or cryptography.

A cyber security certification path includes many non-technical positions, so professionals with an interest in IT security might want to concentrate on opportunities as program managers, professional communicators or data scientists whose skills concentrate more on support roles rather than purely technical positions. They should also consider any roles that have to do with governance, risk and compliance and legal issues. Legal issues is a very hot field, actually, thanks to the number of regulations currently in place — especially as related to privacy.

Earning the right certification(s) is also key for a cybersecurity professional who moves from an entry position on to the advanced career level.

  • Entry-level: ISACA’s CSX Practitioner (CSXP); (ISC)2 Systems Security Certified Practitioner (SSCP); GIAC Security Essentials (GSEC); CompTIA’s Security+
  • Mid-level: (ISC)2 Certified Information Systems Security Professional (CISSP)
  • Advanced-level: GIAC Security Expert (GSE) or GIAC Security Leadership Certification (GSLC); ISACA’s Certified Information Security Manager (CISM); CompTIA Advanced Security Practitioner (CASP); EC-Council’s Certified Chief Information Security Officer

What can staff do to get noticed and promoted?

As work experience becomes the preferred attribute for employers, so do qualifications that will make an employee be noticed and, in good time, receive a promotion or be assigned other positions. Any staff member’s certification in support of their professional competence can put them in a good light and make them stand out from their peers. It allows them to assume more cybersecurity responsibilities or take on a leadership role without the company needing to take on new hires.


With an immediate need to fill shortages in the workplace, more and more employers are opting to retain their best workers and identify future leaders within their workforce. Professionals can take advantage of more opportunities to progress in their chosen field by preparing themselves by identifying early on a suitable career path; again, tools like the CyberSeek Cybersecurity Career Pathway is a good place to start. 

In addition, they need to focus on professional development (i.e., the learning of new skills and knowledge) that are suitable for any entry-, mid-, or advanced-level position while still specializing themselves in a preferred sector of the vast cybersecurity realm. That is possible through university degree offerings, vendor training programs and, above all, proper certifications that can help lead to faster promotion. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.



  1. Pros and Cons of Hiring Externally, HR Daily Advisor
  2. Promoting From Within vs. Hiring Externally: Which Is Better?, McQuaig
  3. Cybersecurity Career Pathway, CyberSeek
  4. A Guide to Cyber Security Certifications,
  5. How to Build a Cybersecurity Career [2019 Update], Daniel Miessler
  6. 10 Hot Cybersecurity Certifications For IT Professionals To Pursue In 2020, Cybersecurity Ventures
  7. Strategies for Building and Growing Strong Cybersecurity Teams, ISC2
  8. Cybersecurity Career Paths and Progression, DHS (CISA)/Carnegie Mellon University
Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.