So You Want to Get Promoted in Cyber?

So You Want to Get Promoted in Cyber?

Robert Wood

There are a lot of ambitious people working across cybersecurity. With all that ambition comes a drive for career growth and a big question for many: How do I climb the ladder? Whether you're eyeing a promotion or seeking a more significant challenge, understanding the nuances of career advancement in this field will help you avoid the churn and stress that sometimes comes. This article will explore the pathways to promotion in cybersecurity, delve into the motivations behind seeking advancement, and offer some practical advice on positioning yourself for success.

Career Growth Pathways

I hear from many people that they want to know how to be a CISO. How did I get here? What do they need to do to have that esteemed CISO title?

While I love what I do, my response is typically something like “are you sure you want to go this path?” There are many ways to grow in cybersecurity, and being in a CISO role is both very strategic and heavily steeped in management. On some level, you need to enjoy managing other people, helping them grow, working through their challenges, and sometimes working through poor performers or bad apples in your culture.

So the conversation comes back then to the different growth pathways you can take in cyber. At a high level, you can go down the individual contributor or management pathway. But then, within that, there’s a lot of nuance. Being an individual contributor doesn’t mean you’re spending all day coding or reverse engineering malware. This might mean you’re a GRC analyst or you‘re supporting a third-party risk management program. You might be working on a team of SOC analysts. This can also be a less technical or non-technical role, such as developing training programs, communications, sales, or project management.

The management pathway has a similar level of nuance, largely dictated by the level of seniority of a given person in an organization. Managing a small team or being a director over several teams is a lot of responsibility. You may find that balance of being close to the technical happenings and tactical decision-making mixed with leadership and people management to be quite rewarding.

So before you rush into those big cheese CISO aspirations, stop and think about the whole spectrum of options you have. That leads us to consider your “why.”

Finding Your ‘Why’ Behind Promotion

Before setting your sights on a promotion, it's vital to understand why you want it. Is it the allure of a higher title, the promise of better compensation, the desire for more significant responsibilities, or something else? Here are some considerations:

  1. Understanding your motivations: Reflect on what drives you. Sometimes, the desire for a promotion is more about personal growth than external rewards.
  2. Alternative routes to your goal: If your primary motivation is something other than climbing the corporate ladder, such as increasing your knowledge or expanding your skill set, consider whether there are other ways to achieve these goals, like specialized training or lateral moves within your organization. Perhaps going down a team lead and technical route would satisfy everything you're actually seeking.
  3. What fills your cup: Spend some time thinking about what makes you happy regarding work. There are a lot of tasks in technical work and management work that can be draining. Reflect on how these will impact you and factor that into your goal-setting process.

Positioning Yourself for Promotion – Do’s and Don'ts

Successfully positioning yourself for a promotion involves more than just doing your job well. It's about making your aspirations known and demonstrating your potential to add value at a higher level.


  1. Express your aspirations: Communicate your career goals with your manager. Have open discussions about your future and the potential paths within your organization.
  2. Expand your skill set: Whether on the technical or managerial track, continuously upgrading your skills is crucial. This might involve additional certifications, cross-training, or taking on challenging projects. One of the most impactful areas you can usually level up is going to be around soft skills as they can significantly differentiate you.
  3. Build a network: Cultivate relationships within and outside your team or perhaps even your organization. Networking can provide mentorship opportunities and insights into upcoming opportunities.


  1. Avoid being a lone wolf: Cybersecurity may involve a lot of individual work at times, but teamwork and collaboration are vital for career advancement. Being a rockstar seems appealing, but in many cases, they are toxic for team dynamics.
  2. Don't neglect soft skills: Sure, we're biased here...but these become increasingly important as you advance. This is especially true for those on a management track; soft skills like communication, empathy, negotiation, and leadership are as important as technical prowess.
  3. Avoid being complacent: The tech industry evolves rapidly, and staying updated is non-negotiable. Don’t get too comfortable in your current role and skill set.


Seeking a promotion in cybersecurity is a journey of self-discovery, skill enhancement, and strategic positioning. Whether you decide to delve deeper into the technical aspects or steer towards a management role, understanding your motivations and strategically positioning yourself are key. Remember, every step forward is a building block in your career path, so choose wisely and prepare diligently.