“It’s really about expanding the perception of the industry and showing people just how many areas security touches, whether that be on the supply chain side, third-party risk management, corporate risk management, crime, incident response, you name it,” Chaney says. “Before you decide where you want to go with your career, allow yourself to see all the possibilities.”

1. Understand the Possibilities

For young security professionals or those that haven’t yet embarked on their first position, the most important consideration before mapping out career plans is understanding the possibilities available.

Mary N. Chaney, Chairwoman, CEO & President of the nonprofit Minorities in Cybersecurity (MiC), says that as a whole, the security industry does a poor job of educating students and young professionals about the breadth of available positions within the security profession.

Experts say that putting together a written plan of goals and dreams helps solidify and clarify what the goal setter truly wants.

When it comes to mapping out career plans, security professionals at any stage of their career can benefit from breaking down where they want to be and how they’ll get there. To map out your next career move, start with these four steps.

Chaney says that the advice even applies to established security professionals. Understanding the possibilities to translate your existing skills to other aspects of the profession can be a powerful tool to avoid burnout, for example.

“With security, oftentimes people leave the profession because they feel like they have maxed out in the field, but the truth is the opportunities within security are more wide-reaching than we market as an industry, and you might just find that another area within security speaks to you,” Chaney says.

2. Plan for the Future

Once you’ve got an idea of the possibilities within your field and where you’d like to go, come up with one-year, three-year, five-year and 10-year plans. (The actual year delineations don’t matter too much. For example, you could come up with one-, two- and five-year plans. What really matters is getting your goals down in writing.)

“The beginning of the year is a great time for all professionals to have their goals and objectives drafted out,” Chaney says. “Knowing where you want to get to in the short term and long term and drafting that out also serves the purpose of determining what’s realistic and the steps that you must take to get there.”

The one-year plan should be a short-term plan focusing on what you want to accomplish that year — find a new job in a specific field or focus on skill-building. The longer-term plans should identify realistic goals on where you’d like to get to. For example, a three- or five-year plan could include moving into a management role.

Students or younger professionals should look at job descriptions and talk to people within their target job area to see what skills and education their dream positions are looking for.

“Once you’ve identified where you want to be, you have to work your way back in increments to break down the steps and skills you need to get where you want to go,” Chaney says.

Breaking down your goals often involves identifying subject matter expertise and soft skills you need to develop to excel in your career. “Security professionals should be adding at least one soft skill to their list each year that they can focus on — that could be leadership or management skills, communication skills or public speaking,” Chaney says. “You need to take a hard look at what skills will make you a more well-rounded professional in your journey.”

3. Soft Skills

Chaney says she often sees people in underrepresented groups struggle with soft skills as they try to advance in their careers. “So many women and minorities have all the technical experience, but it’s the soft skills in particular that become more of a challenge when you are trying to get promoted or lead people, such as building relationships, managing and breaking down stereotypes,” she says. “For so many people, developing those skills can be more difficult if you don’t have the support or resources or don’t know where to get that support or those resources.”

To help develop some of those soft skills, security professionals can and should seek a community through social media, networking events, or groups such as MiC. Reading books on targeted topics such as leadership are also important resources, according to Chaney.

But, perhaps most importantly, when it comes to skill development, Chaney says security professionals should seek out employers that make development a priority. “In order to be successful in today’s marketplace, organizations have to be dedicated to offering training and opportunities to their people, and focus and developing and growing their talent,” she says. “As a professional, before you ever accept a role, you should find out what their training and development plans are and decide if that’s where you want to be.”

4. Your Security Brand

After mapping out your path, Chaney says it’s important to spend time understanding how to brand yourself. “You need to have a stance and think of yourself as a brand,” Chaney says. “At the beginning of a career, it’s really about pitching yourself, talking about your achievements, training, skills and talents. Later in your career, you have to be a storyteller and be able to articulate who you are, what you do and where you want to be.”

Part of that branding entails understanding all of the skills — both technical and non-technical — that you have to offer, as well as the journey you’ve taken to deliberately develop those skills.

Another part of that branding is recognizing what you are already good at. “Distinguish yourself from others in an area that you are good at,” Chaney says. “It’s the thing that you can do that you don’t have to think too much about and need to focus on developing.”

For example, if you are a solid public speaker, do as much of that as possible to showcase your skills by offering to present at meetings or speak at events or networking sessions. If you are a talented communicator, showcase those skills during team meetings and volunteer your time to take on a leadership role within an association or industry group.

In the end, Chaney reminds security professionals that despite the challenges and lack of development opportunities within many organizations today, individuals can map out their careers and move toward their goals with commitment, candid conversations and community resources.

For more articles on security career development, visit:

Security’s Career Intelligence column

The effect of continued education on your security career

The first 90 days of your new security job