Zooming Out Then Zooming In
Thinking In The Long Term
When it comes to learning in Cybersecurity, you are faced with a plethora of new subjects.
We might get overwhelmed with all the information out there and not know where to start.
When learning something new, we can find ourselves jumping around from topic to topic or going down rabbit holes after every new buzz word. In a field as broad as Cybersecurity, this can happen easily.
Curiosity is good, however we want to stay focused.
Even more dangerous is wanting to take shortcuts or oversimplify things. Someone online talks about “how to do x in 60 days” and sets up a lot of people with unrealistic expectations. It’s a sign of the times we are living in.
A lot of people are constantly trying to keep up with the new thing, the “cutting edge”.
If someone sent you this over the last week, just know they mean well.
After being in the field of Cybersecurity for 8 years I have learned that “the only thing that is constant is change”. Being able to focus on a subject and do deep work (“locking in”) is extremely valuable and will make the difference.
Having this skill will be able to carryover to any new technology that comes your way.
When it comes to planning for this, I would recommend people develop a long term approach to their goals.
This is something I had to learn after being in this field. As I look back at every milestone I have been able to achieve, I realize this has happened only when I step back and set a longer term goal I set out, getting into this field included.
When you think in the long term, your framing of how you approach challenges changes.
You have your larger goal you set out to accomplish. From here, milestones are reached that serve as stepping stones for that longer term goal.
For example, someone looking to get their start in the field could have a 1 year plan on getting an entry-level role, from here the milestones leading up to it might be:
1 month - Narrow down your interests
3 months - Have a self-study plan or enroll in a program that matches with researched job roles
4 months - Reach out to 20+ people with similar roles you are targeting
6 months - Have built meaningful relationships with 10 people in the field you’re aiming for
9 months - Have checked off X % of skills do the job roles of interest
12 months - Internship and interviews in the pipeline
In this approach, you have a larger goal you’re aiming for: getting a certain job role. You outline a plan tailored to it, and you then work backwards towards it.
Not to get confused here, I believe the idea of "5-year" plans are gone (Maybe a 5 year outline). Too much can change in that time frame, including the way we work… Instead, focus on creating goals a couple years out or less and then specific milestones from within these goals.
For example, work on creating a 6 month plan. Be flexible on the timeline should your circumstances change, but be tough on yourself.
Brutally prioritizing, is how you can look at it. Tracking your progress is crucial, because the time will go fast.
Reflecting is something I try to be intentional about, as life can get in the way sometimes of taking state of things and planning your next move. Taking this time to see your progress will be very beneficial.
If you’re attempting to pivot into Cybersecurity as your career path (you’re in the right place), here’s another post that can help you in your journey
Cybersecurity Career Path: Detection and Response
In this series, we’re going to go over different career paths in Cybersecurity.
It goes over the ins and outs of Detection and Response as a career path.
What I Read This Week
Nation-State 'Paragon' Spyware Infections Target Civil Society
Its deployed through messages apps such as Whatsapp
“governments are in fact using both Android and iOS spyware against both their citizens and foreign citizens," warns Censys
A tool I tested out recently.
A browser-based tool for converting Sigma rules to SIEM-specific query languages. This performs local in-browser conversion using the pySigma package, and of course offers rule sharing.Really cool stuff in Detection Engineering
Highly recommend this book. It connects the technical and business aspects of Cybersecurity, with insights into the broader market.
Shoutout to Ross from Venture in Security for the great book.
Conclusion
We want to zoom out, get clarity and then zoom in. Not always get distracted with the flashiness we might see on the internet.
Remember, think in the long term and your framing will change.
“Most people overestimate what they can do in one year and underestimate what they can do in ten years.” - Bill Gates
See you in the next one.
P.S. I worked on a Cybersecurity Interview Guide to aid in the uphill battle that is interviews.
It’s a collection of interview questions and scenarios that you could face, that I’ve annotated over the years and put together in a Notion guide. This is available here