First Steps in Cybersecurity: here is what you need to know

When I first stepped into the world of cybersecurity, I was driven by energy, curiosity, and ambition. But I also carried many misconceptions about what it truly takes to succeed in this field.

This article is a reflection on the lessons I’ve learned over the past five years. It is a guide for those entering the field. From certifications to mentorship, here’s what shaped my journey, and what will help you get ahead. 

Some of these lessons came easily. Others, I learned the hard way.

 1. You need fuel for the journey

Cybersecurity is a high-stakes, high-pressure field. We're responsible for defending digital infrastructure against increasingly advanced threats. It's a meaningful mission but let’s be real, it can also be exhausting.

The challenge begins when work starts to define your entire identity. That happened to me during the pandemic. I lost touch with the parts of myself that had nothing to do with cybersecurity. I became consumed by work, and it affected my well-being. It might sound counterintuitive, but here’s my top lesson: to perform better at work, you need to work less and invest in interests beyond cybersecurity.

The most brilliant professionals I’ve met in this field all share something in common: they cultivate passions outside of work. For me, that means playing tennis, dancing, and spending time with loved ones. When I reconnected with those hobbies after the pandemic, everything shifted. I felt more energized, more focused and yes, even looked forward to Mondays.

So, whatever your passion is, never put it on pause for your career. Let it power your career.

2. Being Great Technically Isn’t Enough

If you’re early in your career, it’s easy to think that mastering technical tools and frameworks is the only way to grow.

But cybersecurity is not a technical issue - it’s a business issue. The security strategy should be driven by business goals, not by technical capabilities. At the heart of every security program is a business need.

If you’re in a client-facing role (or aspire to be) you’ll need to learn how to communicate with people who don’t speak “tech.” You’ll need to explain risks, justify investments, and align security initiatives with business priorities.

That ability to bridge the gap between technical and business language? It’s rare. And it will set you apart.

3. Certifications Speak Louder than Experience

When you’re just starting out, you might think you don’t “know enough” which is totally understandable given how broad the field is, especially if you don’t have a technical degree.

That was my case. But within three months of starting my internship, I began preparing for a certification. That decision, combined with hard work, helped me land a full-time role right after my internship ended. Whether you’re on the technical or functional side of cybersecurity, certifications matter. They’re not just pieces of paper, they’re proof of your commitment, your knowledge, and your credibility.

In interviews, certifications can speak louder than hours of project work. They give hiring managers and clients confidence in your abilities. If you have the time and resources, invest in one that aligns with your role. It’s worth it.

4. Focus on Expertise, Not Trends

Cybersecurity evolves at lightning speed. One year it’s cloud security, the next it’s zero trust, and now it’s AI. The industry is full of buzzwords, and it’s tempting to chase every new trend in hopes of staying relevant.

I’ve done it. I’ve jumped into new frameworks, attended trendy webinars, and tried to keep up with every shift. I understand how tempting it is to jump on every new trend. But if you’re early in your career, that can be a mistake. If you constantly pivot, you risk becoming a generalist with no deep expertise to fall back on.

You need time to build a solid foundation. Stick to your 2–3 year plan. Build your core skills. Finish that certification. Then, once you’ve established yourself, explore the new trends that genuinely interest you.

Don’t let hype dictate your path. Let your strategy guide you.

5. Learn From the Right People

Many people starting out believe that the only way to grow is by learning from those with big titles.

When I started out, I was in awe of big titles. I thought the only way to learn was from the most senior people in the room. But I quickly realized that many of them were too busy (or too disconnected) to offer meaningful guidance.

Some of the best advice I’ve received came from people outside cybersecurity: doctors, teachers, peers in adjacent tech fields. What they had in common was time, empathy, and a willingness to listen. A good mentor doesn’t just give you answers, they help you ask better questions. They help you build a roadmap that works for you.

So don’t just look up the seniors in your organizations. Look around. Your best mentor might be someone you least expect and most important wants to see you fulfilled.

6. Your Network Is Your Net Worth

This one took me a while to accept. The most interesting opportunities don’t always go to the most qualified person. They go to the most visible one.

If people don’t know you, they won’t think of you when opportunities arise. That’s why networking matters, especially in cybersecurity, which is a small world where trust and reputation are everything.

Even if you’re introverted (and I know it’s hard), make the effort to attend in-person events. Introduce yourself. Ask for LinkedIn connections. Follow up a message.

The more you do this, the more doors open.

7. You Will Make Others Uncomfortable. Do It Anyway.

Cybersecurity is still very much a man’s world. If you’re a young woman entering the field, you’ve probably already noticed the lack of diversity whether in university lecture halls, industry conferences, or corporate offices. While companies often highlight their efforts to hire women, the real challenge begins after onboarding: creating an environment where women are empowered to grow, lead, and contribute meaningfully.

From my own experience, I’ve seen how subtle, systemic biases quietly shape careers. I’ve sat in meetings where women (not interns, not juniors) were asked to take notes, send calendar invites, or “share the MoM afterwards.” Meanwhile, their male colleagues were handed strategic tasks and visibility. That’s the trap: you’re told you’re going to succeed, but you’re given responsibilities that don’t allow you to demonstrate your value.

I remember one client who was interviewing candidates to replace me. He asked about my certifications, and when I listed them, he looked genuinely surprised and even impressed. What struck me most was that after a year and a half of working together, he had no idea what certifications I held. Why? Because the tasks he assigned me had nothing to do with my expertise. They were the ones he didn’t want to handle himself: taking notes, sending Outlook invites, covering for him during holidays. Despite my background, I was treated like a personal assistant. That’s not just poor management, it’s bias. At that moment, I felt small. And I made a promise to myself: I would never again be in a role that didn’t align with my expertise or my goals.

My advice? Keep your instincts switched on at all times and trust them. If someone or something makes you feel uncomfortable, diminished, or undervalued, speak up. And if nothing changes within a few weeks, walk away. It might feel like a waste of time, especially if the project looked promising on paper. But what truly matters is your contribution - not just your presence.

I’m sharing this because if you ever find yourself in a similar situation, I want you to know you’re not alone. And when you overcome it, you’ll inspire others to do the same. That’s how we create change: by taking space, on your own terms, even when it makes others uncomfortable.

So if you’re a young woman entering this industry, don’t be blind to the challenges. The hashtags and celebrations of women you see on LinkedIn are a step forward (as they help raise awareness) but they often miss the point: what happens after women enter the workforce? Cognitive bias still prevents highly skilled women from making a real impact. To use a football analogy: women are recruited to join the team, but they’re left on the bench when the big games begin.

My hope for this industry is to see women not just on the field, but scoring goals, leading the team and lifting the biggest trophies.