This month, Security magazine is celebrating our Top Cybersecurity Leaders of 2026. This award celebrates the dynamic, talented professionals that innovate the cybersecurity field and spearhead change within their organizations. 

As we’ve recognized these esteemed professionals throughout March, I wanted to take a closer look at how cybersecurity leaders are developing their careers for the modern era. Particularly, I wanted greater insights into three common, key areas of career development: 

• Education and/or certifications 
• “Soft skills”
• Networking 

Outside of those conventional areas of career development, I also wanted to see what unique paths cyber professionals are seeking to improve their career standing. So, I reached out to Daniela Giannini, Senior Security Engineer at Black Duck, and Shane Barney, Chief Information Security Officer at Keeper Security, to hear their perspective on how cybersecurity workers should grow their career. 

How to Grow Your Cybersecurity Skills

Security magazine: What education or certification(s) can support a successful career in cybersecurity?

Giannini: The world of cybersecurity is an extremely broad and, at times, complex environment. Looking back a few years, cybersecurity was based almost exclusively on the network: ‘everything inside the corporate network is trusted; everything outside is untrusted.’ Today, this perimeter-based model is no longer sufficient. We now operate in an interconnected ecosystem distributed across cloud environments, mobile devices, IoT, and increasingly enriched by elements of artificial intelligence.

For those who want to approach cybersecurity, the first step is to identify a macro-area of interest. Web application security, AI application security, and OT/IoT security, for example, require different skill sets and approaches. Despite these specializations, there is a common foundational knowledge base that is essential for anyone starting this journey: networking concepts (protocols, models, architectures), principles of application architecture, fundamentals of AI and machine learning — now increasingly relevant in modern digital ecosystems — as well as basic knowledge of operating systems and identity management.

From this foundation, it is possible to develop one’s specialization through training programs, professional courses, and certifications. There are both entry-level and advanced certifications that can help structure the learning path, such as CompTIA Security+, ideal for beginners; CEH (Certified Ethical Hacker), aimed at penetration testing; and CISSP (Certified Information Systems Security Professional), an advanced certification focused on security management and governance.

What’s important to understand is that cybersecurity is neither a single nor a linear path: it is a collection of disciplines that evolve rapidly.

Barney: Certifications certainly matter, but they’re not magic. Early in your career, they’re useful signaling mechanisms. They show discipline and a baseline understanding of the field. CISSP remains one of the most widely recognized generalist credentials in the field. It’s broad, it’s respected and it forces you to think beyond tooling into architecture and governance. If you’re leaning toward leadership, CISM carries weight because it emphasizes management and risk oversight. If you’re more risk-focused, CRISC is increasingly relevant in a world where boards want quantified risk conversations. 

That said, experience is always more important to me. Hands-on exposure to incident response, identity and access management, cloud security and privileged access controls will shape judgment far more than any single certification. Certifications can open doors, but demonstrated decision-making under pressure is what builds long-term credibility.

Security: What “soft skills” should aspiring security leaders develop?

Giannini: Each change has marked a break from the past, introducing new attack surfaces and new forms of exposure, and requiring specialists to adapt quickly.

Curiosity is essential. Cybersecurity thrives on details, analysis, and a deep understanding of systems. Being curious allows you to explore new technologies, understand how they work, and identify potential vulnerabilities before others do. Continuous learning is fundamental. Technology evolves at an impressive pace, and the ability to stay up to date — reading documentation, taking courses, engaging with the community, and constantly experimenting — is what distinguishes effective professionals. Critical thinking and problem solving are equally crucial. Every incident, threat, or anomaly requires structured reasoning: evaluating hypotheses, analyzing clues, and arriving at the right solution. Critical thinking is what enables informed, rapid and responsible decisions.

Technologies change, threats evolve, and professionals must evolve with them: curious, adaptable, collaborative, and always in motion.

Barney: Sound judgment, strong communication and calm under pressure are vital skills for aspiring security leaders. Security leadership isn’t about knowing every tool — it’s about making the right call when information is incomplete. Cyber professionals need to translate technical risk into business language without oversimplifying it, understand when to escalate and decide when to absorb impact. 

A good leader in cybersecurity needs to be steady when everyone else is escalating emotionally during an incident. They must also be able to align security priorities with business outcomes, ensuring that controls such as zero-trust architecture, identity governance and privileged access management are understood as business enablers, not obstacles.

Security: How can aspiring security leaders strategically network in order to develop their skills and career?

Giannini: The world of cybersecurity thrives on communities, educational events, and opportunities for discussion. These elements are both valuable and essential: they provide access to new information, help us follow innovation, and support the creation of a solid network of contacts and reference points.

They are spaces where people learn, share experiences, and grow — both as professionals and individuals. Cybersecurity is a constantly evolving field, where collaboration is often the key to anticipating threats and responding quickly and effectively. No one can know everything: it is the exchange between experts, researchers, companies, and institutions that enables us to develop a broader perspective and address challenges with greater awareness.

Communities, conferences, and workshops are not just places for technical dissemination; they become true catalysts for innovation. They offer opportunities to discover new technologies, understand emerging trends, discuss regulatory developments, and, above all, build lasting professional relationships.

In a context where digital security has become a pillar of economic growth, infrastructure reliability, and the protection of individuals, these opportunities for discussion are strategic tools.

Barney: Aspiring security leaders should seek out people who have handled real incidents and ask them what failed. Volunteer for cross-functional projects where you have to work with teams like legal, finance and operations. Join professional communities as a contributor, not just a listener. If you’re at a conference, go beyond collecting business cards and instead have conversations about lessons learned rather than focusing solely on product discussions. 

The strongest career acceleration happens when someone credible is willing to vouch for your judgment under pressure. That kind of reputation is built on shared experience.

Security: Are there any “out of the box” approaches to developing your career that you would recommend, such as volunteering or building a strong social media presence?

Giannini: A career in cybersecurity is built through several key elements: actively participating in communities, contributing to volunteer projects, and engaging in events and initiatives — whether in person or across social platforms. These activities are far more than optional “extras”: they are accelerators of growth. They allow you to put your skills into practice in real contexts, explore emerging areas of innovation, interact with professionals from diverse backgrounds, and expand your network in meaningful ways.

By taking part in these experiences, you gain exposure to new perspectives, discover tools and methodologies you might not encounter in daily work, and develop the soft skills that are essential in an ever evolving field — communication, teamwork, and the ability to navigate complexity. Each initiative becomes an opportunity to refine your interests, understand where you want to specialize, and strengthen your professional identity.

Everyone can choose the path that fits their personality and ambitions — technical, strategic, research focused, or community driven — and build a career that feels authentic, rewarding, and always evolving.

Barney: Volunteer to be on the incident response team. Help run a tabletop exercise. Contribute to internal threat modeling reviews. Teach junior analysts. Write post-mortems, even if they’re internal-only. Those activities sharpen decision-making in ways certifications can’t. 

Aim to build a resume and career that shows hiring decision-makers that you’re not just knowledgeable, but trustworthy. Demonstrate that you understand identity and access as a primary attack vector in modern environments, and that you can design controls that reduce risk without disrupting operations.