I don’t know your story, but let me guess why you opened this article..

You’re a Software Developer with years of experience, and you are wondering what your next career steps are supposed to be.

Or maybe you are at the beginning of your career, and you see cybersecurity as an attractive career path.

You were excited about the field, and then you found out the transition from Software Development to Cybersecurity won’t be that easy.

You got frustrated, maybe you gave up..

If that’s you, let me give you 5 specific steps that you can take to get closer to your goal!

How do I know?

Because I have been where you are, and now I am where you want to be.

I am not bragging, I am here to help you!

What Should I Do?

That’s the question you are probably asking yourself..

What should I do to get a role in Cybersecurity?

Let’s take it step by step…

1. Realize what your real strengths are (and stop copying others)

Most developers don’t realize how transferable their skills are.

You don’t need to start from scratch. And that’s a great advantage!

This step is absolutely crucial for the next steps on this list. So don’t skip it.

Sit down and write down 10 things you’re really good at!

Are you done?

You didn’t do it..did you?

Really, give it those 2 minutes, and while you are at it, let us know in the comments what your strengths are!

Leave a comment

If you have completed this step, I prepared a short list of skills and how they can be useful in cybersecurity!

2. Choose which part of cybersecurity you actually want to be in

Cybersecurity is a huge field. So when people are telling how they want to get into cybersecurity, my first question is: What does it mean for you?

Let me guess: You are not sure what roles this field offers.

Well, I got you covered!

At minimum, it splits into:

• building secure systems

• breaking systems

• governing risk and compliance

• making security decisions

But I assume you need specific roles to make this decision.

You can find all types of cybersecurity roles here:

What does CEO have to do with cybersecurity, and who CPO even is?

Erich Winkler

·

July 14, 2025

Read full story

Remember: Trying to “learn everything” is the fastest way to get stuck.

Pick one direction early and go deeper instead of wider.

3. Get proof that you’re serious

Like it or not, certificates matter in this field.

They won’t make you automatically good at security.
But they signal intent, and many companies simply won’t hire you without them..

Why?

Because they often can’t test your knowledge by themselves. So they rely on external entities.

Besides that, they answer an unspoken question hiring managers have:

“Is this person just curious, or committed?”

But there is one drawback to cybersecurity certificates.

They are expensive..

But I have good news for you! If you subscribe to this newsletter, I will teach you how to be smart about it and get the most results for the least effort.

But don’t worry, I will tell you what certificate to take as the very first.

If you are committed to this plan of becoming a cybersecurity expert, you need to know one organization - ISC2.

Why?

Because it is the most recognized organization in the field. And they have a cybersecurity certificate, which is completely FREE!

Certified in Cybersecurity from ISC2:Link

If you need help with how to study for such exams, I got you covered again!

Get Control Over Your Results: How to Study Efficiently While Being Busy

Erich Winkler

·

November 3, 2025

Read full story

And I don’t want to be too annoying about it, but you find everything you need for the exam on Decoded Security for FREE.

4. Become a security champion where you already work

Who is the “Security Champion”?

A security champion is a developer or technical team member who acts as a security advocate, embedding security best practices directly into their team's workflow, bridging the gap between development and central security teams, and fostering a strong security culture from within.

Basically, be the person who studies the best practices and actively incorporates them into what you are doing.

Trust me, people will notice. And you will get something you need. The reputation of a cybersecurity expert. This is almost as important as getting a certificate.

And since most of the people and managers are trying to avoid cybersecurity topics as much as possible, you will be surprised how easy it is to stand out.

All you need to do is do it!

5. Join a community and learn how others think

While you have many skills that you can leverage in getting a cybersecurity role, there is one thing you will need to change.

That is your MINDSET.

The mindset required for security roles is simply different from what you are probably used to.

If you want to know specific differences, all you need to do is check one of my previous articles, where I break it down.

Why good engineers fail the CISSP exam - and managers don’t

Erich Winkler

·

Jan 5

Read full story

What’s the best way to change it?

Talk to people who are already in the field..

That is the single easiest thing you can do to understand the mindset you need to have.

Where do I find such people?

I got you covered again?

Simply join our community of 550+ cybersecurity professionals and enthusiasts and start discussing any topics you want!

Join Erich Winkler’s subscriber chat

Available in the Substack app and on web

Join chat

Conclusion

If you’re still reading, you’ve already done something most people never do:
You stopped thinking about cybersecurity as a vague goal and started treating it as a direction.

I’ve been where you are.
And I can tell you this. Progress doesn’t come from learning everything.
It comes from understanding where you add value and how to demonstrate it.

If you follow these steps, things will start moving.
Not overnight. But noticeably.

Your real task isn’t to become “perfectly ready.”
It’s to build enough confidence and evidence that others can trust your judgment and give you responsibility.

That’s how security careers actually begin.

In the next article, I’ll break down what hiring managers and security teams really look for in security interviews and why many technically strong candidates fail that part.

If you don’t want to miss it, you know what to do.

Let’s connect

If you want to collaborate, discuss, or just geek out over virtualization and cloud security, reach out to me:

• Email: erich.winkler@decodedsecurity.com

• LinkedIn: Erich Winkler

Enjoyed this article? Like it or drop a comment. I’d love to hear your thoughts and questions!

Let’s learn and grow together!

Ready to level up your cybersecurity skills?

• 💬Comment below and tell me what your experience with SLAs is

• ❓Take the quiz to test your understanding: CybersecErich: Quiz Hub

• 📰Subscribe (free or paid) to get new posts straight to your inbox.

• Share this with a friend studying for CISSP, or anyone curious about cybersecurit