002: 7 Biggest Lies in Cybersecurity Ruining Your Career and Business | Create Your Future

Read Time: 5 Minutes

***

90% of all cybersecurity career advice is crap. Over the last 20 years, I have seen so much bullshit. I have called out on a lot of it, but it still keeps coming up. We need to cut the fluff, throw out the buzzwords and act real. For real. We need a change. What the heck do I mean?

The world's economy today survives on attention, whether it is the attention of your current or potential employer, hiring manager, prospect, client, stakeholder, etc.

Attention is extremely hard to capture. Capturing attention requires that you provide the value they need.

If you look at cybersecurity, AI or even leadership:

• It’s not about the title, degree or certs you have.
  They have little to no say in building trust.

• It’s not about the size of your program.
  Think big but it's critical to start small.

• It’s not about the revenue you make.
  Margin and cashflow tell more.

• It’s not about the budget you own.
  Money alone won't fix issues.

• It’s not about your bloated ego.
  It can hurt your credibility.

To build your career, business and your life on your terms, you need to be able to spot bullshit, and break the myths to move forward and 10x. Let's look at them and how you can take back control and build your successful future.

7 Biggest Lies Ruining Your Career and Business (Stop Them and Take Back Control)

You cannot manage well what you do not understand.

Before we get into the details (because the devil is in the details), let's look at some key rules again that I shared with you in my previous newsletter.

💡 Rule No. 1: You are responsible for your career, business and life.

💡 Rule No. 2: Never forget Rule No. 1, that's the ultimate truth.

LIE NO. 1: To succeed as a professional or leader you need to do it all by yourself

I’ve seen this happen over and over in countless organizations to countless professionals and security leaders. As an example, an architect gets promoted to become the entire security architecture team, and gets promoted again to become the security leader for the organization and also the entire one-person security team.

In situations like these, you are ecstatic because you feel you you got promoted. That couldn't be any farther from reality. You got a new title, but no better mandate, no pay raise, no seat at the table and for the same terms and conditions you are doing the job of 12 people for the pay of one. No wonder, many security leaders feel burned out.

The biggest mistake you can make is try to do it all by yourself.

Stop trying to do all by yourself. Don't be in a role just to check that damn compliance box.

Do not do it all by yourself. Instead create your support system:

Step 1: Set the right expectations from the start.
Step 2: Leverage and collaborate with other teams and departments.
Step 3: Ask for an appropriate pay raise or additional support e.g. consultants, hires, etc.
Step 4: Agree on a timeline and plan to work together with your line manager to make it happen.
Step 5: If nothing works, find yourself a place where you'll be valued and won't be working as a one-person security team. It's not worth ending in a burnout.

The future you want and hope for, go create it for yourself.

LIE NO. 2: If you just work hard, you’ll get that budget, that promotion and your dream team

Closed mouths do not get fed.

Closed mouths don’t get fed. Loyalty doesn't always get rewarded. I have seen people staying stuck in one organization for 15+ years getting paid much less than their fellow colleagues in the same rank, with less growth, less opportunities and almost a stagnant career. It's not that they didn't have it in them. It's not even that their employers didn't believe their potential. Majority time they simply didn't raise their hands.

Something very similar happened to a woman I know. She got promoted fast. She thought it was amazing only to find out she was doing more way more work whilst others on her level with similar roles were being paid almost twice as her. Don't be her.

You need to know when to raise your hands, what to ask for and how to ask. You’ll always need to have some leverage first. The biggest leverage is to create a win-win outcome.

8 years ago, I applied to only 3 jobs in Norway, while I was still living in Germany. I could only apply to three jobs due to language constraints. However, my success rate was a 100% percent. All three companies wanted to employee me. All three gave me a verbal or written offer. I accepted one of them and moved.

How did I get a 100% success rate despite only having extremely limited options and whilst applying from abroad as an immigrant with zero Norwegian language skills at the time? I created leverage.

Specifically, here's how I did it:
Step 1. Didn't take 'no' for an answer
Step 2. Tailored my resume to 'stand out'
Step 3. Showcased my 'global' experience and value
Step 4. Showed my 'commitment' to learn a new language
Step 5. Made myself an 'easy' choice despite not being Norwegian

Step 5 was key in creating that leverage. You want them to feel that this is a win for them. This applies equally if you were asking for a budget, new hires or a seat at the table. You want to make it a win also for them. But step 5 wouldn't have worked if I took no for an answer, if I didn't showcase the value I was bringing to the table or if I didn't speak up my needs based on what I was providing. Create a win-win. That's your biggest leverage. Then go ask for what you need to execute that win-win strategy.

Got promoted with bigger responsibility? Use that as a leverage to ask for a corresponding raise. Got bigger area to cover? Use that as a leverage to ask for hires as per need. Got better mandate? Use that as a leverage to ask for the right budget. Create a win-win.

LIE NO. 3: You need to be a technical expert, hacker or coder

***

One of the biggest lies within cybersecurity industry is that you can only succeed within our industry, if you are a hacker, a coder or a technical "expert". Do you need to understand basics of technology? Yes you do, just like you need to understand how people and psychology work to some level, depending on your role. Do you need to be a tech expert? No you don't. Does it hurt to be a tech expert, coder or hacker? For sure not. But great careers are not built by:
- Title
- Degrees
- No. of years
- Certifications
- Technical "expertise"

but rather by:
- Being curious
- Providing value
- Solving problems
- Being led by purpose
- Being driven by ethics
- Creating opportunities
- Having the right attitude
- Challenging the status quo
- Focusing on outcomes vs. hours
- Having a strong belief in yourself
- Being always extremely open to learning

Whether you are a technical expert or not, there is a place for you within cybersecurity. Don't let anyone tell you otherwise.

To build exceptional careers, you need to think exceptionally different, not exceptionally technical.

LIE NO. 4: Cybersecurity is primarily about technology

Cybersecurity is way more about people, risk management and negotiations than it is about technology. I went from hacker to CISO, because even when I was working as a hacker, I learnt quite fast in my career that my job was to help business understand how they can best manage risk and to negotiate with them the prioritization.

It's ultimately a business decision, but understanding people, risk management and negotiation tactics go way beyond any technical expertise you think will 10x your career.

The biggest risk is not taking the risk. In a world that's changing really quickly, the only strategy that is guaranteed to fail is not taking risks. –– Mark Zuckerberg

Feel you are not a technical expert? Give it a shot nonetheless.
Feel you are not qualified enough? Give it a shot nonetheless.
Feel you are not a 100% match? Give it a shot nonetheless.

If you win, great. If you fail, learn, adapt and try again. In my upcoming Guide to Break into Security Leadership, I'll show you how to break into a security leadership role and 10x your career. Add yourself to the waiting list here.

Here's what you'll get:
✅ My decade long and proven framework to nail that interview
✅ A practical guide with actionable insights from 20 years of experience
✅ Why right now is the best time to work in cybersecurity and become a leader
✅ Why security leadership is 5% technology, 5% risk management and 90% negotiation
✅ The framework I used to go from hacker to CISO with proven, actionable and no bs tips (how you can do it too)

LIE NO. 5: Cyberattackers have unlimited resources

The narrative that I see thrown around often “anyone can rob a bank but it takes massive effort to protect …” holds no water in reality, especially when it comes to defending why certifications, degrees, etc must be a mandatory requirement for people entering into our cybersecurity industry.

Cybercriminals do not have unlimited resources whether it's budget, time, operational capability, etc. They also need to do a cost-benefit analysis of the type of attacks they will perform, towards which targets, etc. Add to that if you as a cybercriminal organization are being financed by a nation state attacker (in particular, a powerful dictatorial regime) do you believe that you would be allowed to spend those finances at your own whim? Think of these nation state attackers as "VCs" that control the cybercriminal organization to certain extent. Even without a nation state backing, cybercriminals are not limitless in their scope, resources and approach. They want highest ROI at the least cost.

Add to that, if anyone could rob a bank and leave without any trace and without any planning, unfortunately more people would be trying to get money the "easy" way. All successful heists, even cybercriminal heists, require meticulous planning, understanding of how things work and sometime even inside knowledge. Surely there are spray and pray mechanisms but success of those are usually preceded by low probability.

Cybercriminals do not have unlimited resources. We don't need to win every time, not even against cybercriminals. Successfully reducing the probability or consequence or both is a win. It's not a zero sum-game.

LIE NO. 6: You must match 100% of the requirements

I never matched 100% of the job description, for any of the jobs I landed. I didn’t match 100% criteria of a CISO, a hacker or a leader, before I became one. I don’t look for fitting 100% of any role description. Neither should you.

Job descriptions are often highly misunderstood. Job descriptions are NOT supposed to a be-all, do-all of a role.
They are a tool, a guidance and a framework.

What they are not is a hard and fast rule on a 100% match. In fact, if you match 100% of the criteria I suggest you do not apply to that job or apply with caution. If you matched 100% of the criteria:
- You are already over qualified for that job.
- You will likely have little to no growth.
- You will rarely be challenged.

While you are at it remember,
- Your internships count as experience.
- Your external relevant projects count as experience.
- Your relevant experience from other industries count as experience.

Do not wait to match 100% of the requirements before you apply. Instead do this:
1. Check if you already fit ca. 70% of the criteria
2. If you answer yes to above, check if you have the drive and are hungry to learn
3. If you answer yes to above, check if the job is interesting and one you want to grow into
If you answer yes to above, apply!

LIE NO. 7: There’s a huge talent gap

We started with massive layoffs, continued with the great resignation, continued with layoffs in the thousands, and yet we are calling it the so-called talent gap? That makes no sense, imho. Is there a huge talent gap? No. Is there a problem with the hiring process? Yes. Can it be fixed? Yes, it can but that's why we all need to do a better job, we as hiring managers, we as executives, we as leaders, we as recruiters, we all together. Either you are in the position to hire today or you will at some point, remember you can close the so-called "talent gap" or at least help fix the hiring process but setting realistic requirements. Read here for more.

Can you make it into cybersecurity and leadership, if you are coming from hospitality, retail, military, healthcare, finance and more? The answer is yes. Listen to the full episode below between Naomi and I where we talk about the so-called talent gap and how can you build your career in cybersecurity and/or leadership.

***

To build your career and life on your terms, it takes a few key traits that I have learnt over the last two decades of doing it. No matter where you are coming from, these key traits serve as the foundation that can be adopted to your career and lifestyle. Whether you are starting in tech, cybersecurity, AI or breaking into leadership, the following will have a much bigger say in your success:

1. Why you are doing it and what's your vision?

2. What value you bring to the table?

3. How do you tell your story?

The above three questions will help you break the barriers of a lot of the myths that keep on popping up and help you declutter the noise.

Go build your career and life on your terms, and I’ll see you next time.

–– Monica

Monica Verma

Follow me on Linkedin, Instagram, Youtube or Book a 1:1 Call

Wish to 10x your career or business in AI, Cybersecurity or Leadership?

Whenever you are ready, there are 4 ways I can help you... (↓):

1. 10x Your Career: I went from a hacker to a CISO in just 4 years and continued my journey as a leader. Through many calculated risks over time, I built my career and life at my own terms and conditions. So can you. Book your 1-1 coaching today.

2. The Ultimate Security Leadership: Here's your chance to become the ultimate security leader that makes an impact. This Ultimate Guide is a cumulation of 20 years of experience, my journey from hacker to leader, synthesized in an easily consumable format with practical tips and tools to help you 10x your career in security leadership. Launching next week. Join the waiting list.

3. 10x Your Business: Are you tired of talks full of jargons and sales? Do you hear to hear a lack of storytelling, engagement and clear messaging? I am a professional keynote speaker and a storyteller, helping businesses demystify artificial intelligence, leadership and cybersecurity with engaging storytelling. Excited? Learn more to book me as your speaker today or sponsor the The Monica Talks Cyber podcast show to get your message across to 30K+ audience.

4. The 10x Circle: Leadership Masterclass: The first MASTERCLASS ever on 10x security leadership with a cumulative of 50+ years of experience from me and top 10+ global security leaders. COMING SOON. Pre-book your spot here.