Great breakdown. One thing I noticed with invoice scams lately is how they mimic real branding almost perfectly. Have you seen more of these in your inbox too?
The point about people not failing due to lack of intelligence, but lack of a plan, hits hard. Cybersecurity has plenty of opportunity, but without a clear path it’s easy to end up permanently “preparing” instead of progressing.
And with AI-driven threats and chat-based fraud accelerating, security is not just growing, it’s becoming one of the most critical and fastest-expanding fields in tech.
Solid! And then there are the soft skills that are harder to learn with certifications but are essential for management or coordination positions, and of course incident response. I would try working on soft skills, or at least be very aware of their impact, all along the certification journey.
Ego management, probably ;) To be more specific to cybersecurity: being emotionally resilient and not taking things too personally. That's something I've seen a lot in crises I managed: IT people taking the breach personally, feeling this is on them, and in the worst cases feeling they failed at their job. They end up exhausting themselves trying to "correct" it, and making mistakes. And of course, more broadly in cyber, this comes with the ability to take everything with a grain of salt, even one's own assumptions, as there will most often than not someone better at our job proving us wrong :)
I was going to say the ability to explain complex topics to different audiences. That’s something I find particularly useful. You can go on and on about technical details, but that won’t get you any budget.
Totally! This is a massive one. As an ex-tech journalist turned consultant, I discovered the ability to understand complex subjects enough to actually write about them to a non-specialist audience is like a secret weapon in consulting. This, and maybe the ability to get people talking together, fostering discussion without directing it, identifying hot / important themes in the discussion flow, and nudging them to dive deeper into it, helps revelations emerge. This has been quite a bit of my engagements recently, and it gives really great results.
Not only consulting! Especially in cybersecurity, you need to deal with people who are not involved in the field all the time.
Thank you for sharing your experience here. I really appreciate it.
I really like your point about fostering discussion without steering it too hard. That’s a skill many technical people underestimate, but it’s often where the real insights surface, not from having the “right” answer, but from creating the space where the right questions emerge.
This is another brilliant post, Erich. I really think you should be talking to graduates or at least career services at universities, as this information is absolutely gold.
Thank you, Sam. I really appreciate it. Unfortunately, it appears that this post wasn’t particularly popular among my subscribers. Not sure if that’s a good sign taking it any further.
Remember though, Erich, there's always the silent majority who read what we write, digest it, and use it in impactful ways in their own lives. Also, it might be that career service providers aren't your target audience for your Stack. I still think you should package this up and send it to of these people, as I think it would be really interesting for them.
It might be the case. I might give it a shot. I was already thinking about packaging some of the stuff I write here. Do you have anyone specific in mind who you think would appreciate it?
I would just do a search of 10 institutions in three different countries that offer cybersecurity and send it to the programme leaders for each of those. Your expertise would probably sell itself in the email.
You’re touching on the exact failure mode I was trying to highlight: certifications without context create the illusion of progress, not capability.
I’ve seen the same thing..people stacking certifications but never seeing how security actually operates day to day, especially around things like SOC2 workflows, evidence collection, or how controls survive real systems.
Great breakdown. One thing I noticed with invoice scams lately is how they mimic real branding almost perfectly. Have you seen more of these in your inbox too?
Thank you, I appreciate it.
That’s unfortunately one of the things AI has made much easier. User awareness is more important than ever.
The point about people not failing due to lack of intelligence, but lack of a plan, hits hard. Cybersecurity has plenty of opportunity, but without a clear path it’s easy to end up permanently “preparing” instead of progressing.
And with AI-driven threats and chat-based fraud accelerating, security is not just growing, it’s becoming one of the most critical and fastest-expanding fields in tech.
That was exactly my point
People rarely fail because of intelligence. They fail because they don’t have a plan, so they stay in “prep mode” forever.
Meanwhile, the field keeps moving faster. With AI-driven threats and fraud scaling like crazy, cybersecurity isn’t just a good career anymore.
It’s becoming critical infrastructure.
The best time to start doing real work (not just studying) is now.
Thank you. First time I have some clarity
I am happy to hear that! Feel free to reach out to me with any questions!
Solid! And then there are the soft skills that are harder to learn with certifications but are essential for management or coordination positions, and of course incident response. I would try working on soft skills, or at least be very aware of their impact, all along the certification journey.
Thanks!
Absolutely! I will cover the importance of various soft skills for cybersecurity roles in one of my articles I am currently working on!
Out of curiosity, what soft skill do you think is most important in technical roles?
Ego management, probably ;) To be more specific to cybersecurity: being emotionally resilient and not taking things too personally. That's something I've seen a lot in crises I managed: IT people taking the breach personally, feeling this is on them, and in the worst cases feeling they failed at their job. They end up exhausting themselves trying to "correct" it, and making mistakes. And of course, more broadly in cyber, this comes with the ability to take everything with a grain of salt, even one's own assumptions, as there will most often than not someone better at our job proving us wrong :)
That is a good one!
I was going to say the ability to explain complex topics to different audiences. That’s something I find particularly useful. You can go on and on about technical details, but that won’t get you any budget.
Totally! This is a massive one. As an ex-tech journalist turned consultant, I discovered the ability to understand complex subjects enough to actually write about them to a non-specialist audience is like a secret weapon in consulting. This, and maybe the ability to get people talking together, fostering discussion without directing it, identifying hot / important themes in the discussion flow, and nudging them to dive deeper into it, helps revelations emerge. This has been quite a bit of my engagements recently, and it gives really great results.
Not only consulting! Especially in cybersecurity, you need to deal with people who are not involved in the field all the time.
Thank you for sharing your experience here. I really appreciate it.
I really like your point about fostering discussion without steering it too hard. That’s a skill many technical people underestimate, but it’s often where the real insights surface, not from having the “right” answer, but from creating the space where the right questions emerge.
This is another brilliant post, Erich. I really think you should be talking to graduates or at least career services at universities, as this information is absolutely gold.
Thank you, Sam. I really appreciate it. Unfortunately, it appears that this post wasn’t particularly popular among my subscribers. Not sure if that’s a good sign taking it any further.
Remember though, Erich, there's always the silent majority who read what we write, digest it, and use it in impactful ways in their own lives. Also, it might be that career service providers aren't your target audience for your Stack. I still think you should package this up and send it to of these people, as I think it would be really interesting for them.
It might be the case. I might give it a shot. I was already thinking about packaging some of the stuff I write here. Do you have anyone specific in mind who you think would appreciate it?
Thanks again, Sam!
I would just do a search of 10 institutions in three different countries that offer cybersecurity and send it to the programme leaders for each of those. Your expertise would probably sell itself in the email.
Thanks for the tip, Sam. I’ll do my research and give it a shot!
Thank you
Thanks, I really appreciate that perspective.
You’re touching on the exact failure mode I was trying to highlight: certifications without context create the illusion of progress, not capability.
I’ve seen the same thing..people stacking certifications but never seeing how security actually operates day to day, especially around things like SOC2 workflows, evidence collection, or how controls survive real systems.