What Working in Cybersecurity Is Really Like: Insights from Professionals

  •   min.
  • Updated on: January 10, 2025

    • Expert review
    • Home
    • /
    • Resources
    • /
    • What Working in Cybersecurity Is Really Like: Insights from Professionals

    When you think of cybersecurity professionals, you might picture mysterious hackers in dark rooms, frantically typing away to stop cyber attacks. The reality? It's far more diverse and nuanced. We spoke with nine industry veterans—from IAM consultants and Information Security Officers to CISOs—with experience ranging from 2.5 to 30 years in the field.

    What they revealed might surprise you. While technical skills matter, cybersecurity isn't just about coding and penetration testing. It's about people, processes, and persistence. Whether you're considering a career change or simply curious about the field, understanding the day-to-day reality of cybersecurity work is crucial. Through these professionals' insights, we'll explore the true nature of working in this dynamic and evolving industry.

    Breaking Common Misconceptions

    Think cybersecurity is all about thwarting hackers and responding to dramatic security breaches? Seasoned professionals paint a different picture. "We are not hacking all day and there are an enormous number of fields to work inside CyberSec which are not related to pentesting/red-blue teaming activities," explains Panagiotis (Panos) Georgakopoulos, an IAM consultant with seven years of experience.

    The field encompasses a vast array of roles, from governance and compliance to risk management and security architecture. Clay Cavanaugh, Head of ITSM at a Fortune 500 company, notes, "I think the biggest surprise for people would be how much cybersecurity work isn't technical, and is actually focused on governance and compliance. Auditing roles make up a surprisingly large percentage of the cybersecurity world, and there's definitely a place for non-coders and non-hackers."

    The reality of cybersecurity work often involves more collaboration and strategic thinking than technical troubleshooting. Professionals spend significant time on risk assessment, policy development, and working with various departments to implement security measures. As Wally Valters, SVP/Director of Operations with 16 years in security, points out, "How diverse it is. The same role at different companies is completely different depending on their maturity and focus."

    The Reality of Daily Work

    The day-to-day reality of cybersecurity work often differs dramatically from initial expectations. "Night and day," says Sung Jin (Andrew) Park, a CISO with 25 years of experience. This sentiment echoes across professionals at various levels of their careers.

    Many enter the field expecting purely technical work, but the reality involves substantial people management and process optimization. "There is a lot of non-technical work, managing peoples' expectations and driving the processes in the background that make security operations work," explains Valters. Similarly, Georgakopoulos reflects, "I imagined more technical work than talking to people, which is not the case as you advance more and more in the field."

    The administrative aspects of cybersecurity also surprise many newcomers. Mike Slone, an Information Security Officer with 30 years of combined IT and cyber experience, puts it simply: "More paperwork." Mark Evans, an RMF project manager, adds another perspective: "I thought I would be building systems, but do not touch many."

    This reality check doesn't diminish the field's value—instead, it highlights the diverse skills needed to succeed in modern cybersecurity roles. The work requires a unique blend of technical knowledge, business acumen, and people skills, making it both challenging and dynamic.

    Hidden Challenges and Essential Skills

    The technical aspects of cybersecurity might seem daunting, but our past students reveal that the real challenges—and the skills needed to overcome them—often lie elsewhere.

    "Oh, the silos you'll find. The silos between an InfoSec organization and an IT organization can be huge, but then there are usually even further silos within each of those organizations," shares Cavanaugh. "Learning how to navigate those silos—and especially the personalities that try to protect their little domains—is a huge challenge. I would take technology challenges every day, all day over people challenges!"

    This sentiment resonates across different roles and experience levels. For Park, the challenges escalate at higher management levels: "Politics as part of strong security posture. This cannot be avoided at the highest level of cyber security management." Similarly, Valters emphasizes the ongoing challenge of "selling the value of security both internally and externally."

    The skills needed to navigate these challenges often surprise newcomers to the field. Georgakopoulos highlights "effective communication with people, dealing with team conflicts and maintaining a healthy Way of Working across all relevant parties" as crucial skills that aren't typically listed in job descriptions. Slone puts it simply with one word: "influence." This emphasis on soft skills is further reinforced by Cavanaugh, who notes, "Organizational systems thinking is very underrated. Being able to look at a situation or challenge and immediately know who the players are that should be involved and how they relate to each other organizationally is absolutely critical."

    The reality of modern cybersecurity work involves managing relationships across global teams and time zones, often with limited control over critical resources. Success requires more than technical expertise—it demands emotional intelligence, tenacity, and strategic thinking. As Park emphasizes, professionals need the ability to recognize "what will get the buy-in from the board members or the CEO." Even seemingly straightforward security decisions become complex when factoring in organizational dynamics, as Slone notes: "Figuring out a way to say yes while still protecting the organization."

    These hidden challenges and essential skills paint a picture of cybersecurity as a field that demands a sophisticated blend of technical knowledge, business acumen, and interpersonal skills. It's a reality that differs markedly from popular perceptions but offers rich opportunities for professionals who can master this complex landscape.

    Looking for some exam prep guidance and mentoring?


    Learn about our CISSP and CCSP personal mentoring

    Image of Lou Hablas mentor - Destination Certification

    The Rewards and Impact

    Despite its challenges, cybersecurity professionals find deep satisfaction in their work. For Park, the reward is elegantly simple: "Each day without an incident is a blessing." This sentiment captures the profound responsibility and impact that cybersecurity work has on organizations and their stakeholders.

    The satisfaction of solving complex problems and seeing tangible results drives many in the field. Cavanaugh shares, "From a cybersecurity perspective, delivering solutions to big, tricky problems is the most rewarding aspect of my work. When you build something that protects the company's physical property, intellectual property, time, money, etc., you feel like you've really made an impact." This sense of concrete achievement is echoed by Valters, who finds fulfillment in "seeing a change in posture happen over the long term. Looking back where you were 2 years ago vs now."

    For Georgakopoulos, the rewards come from both project success and human impact: "Satisfaction from successful projects after going-live, making the life of people more efficient so that they thank you for your hard work!" This human element appears in different forms across roles – whether it's Slone's appreciation for "collaboration with other leaders" or Cavanaugh's satisfaction in "supporting people in reaching their goals and helping them craft a balanced, happy life."

    Even in the face of adversity, there's a sense of achievement. Chanza finds reward in "achieving goals when fighting against bad actors," while Evans takes pride in securing "ATOs and solving complex funding issues." These victories, both large and small, contribute to a sense of purpose that makes the challenging aspects of cybersecurity work worthwhile.

    FAQs

    Is cybersecurity a stressful job?

    Yes, cybersecurity can be stressful due to the responsibility of protecting valuable assets and responding to potential threats. However, the level of stress varies by role and organization. While incident response and threat detection positions might face more pressure, roles focused on compliance or security architecture might experience different types of challenges. Many professionals find that the satisfaction of solving problems and making an impact helps balance the stress.

    Is cybersecurity a 9-5 job?

    Cybersecurity often extends beyond traditional work hours, especially in roles involving incident response or working with global teams. While some positions in governance or compliance might follow regular business hours, many cybersecurity professionals need to be flexible with their schedules. The exact hours depend on your role, organization, and whether you're part of an on-call rotation.

    Is cybersecurity an introverted job?

    Despite its technical nature, cybersecurity is largely a people-oriented field. Professionals spend significant time communicating with stakeholders, collaborating across teams, and explaining complex concepts to non-technical colleagues. While there are roles that allow for more independent work, success in cybersecurity generally requires strong interpersonal skills, regardless of whether you're naturally introverted or extroverted.

    Starting Your Cybersecurity Career

    The reality of cybersecurity work defies common stereotypes—it's a field where technical skills meet business acumen, and where protecting organizations requires both expertise and emotional intelligence. Our professionals' insights reveal that success comes not just from knowing the latest security tools, but from understanding people, processes, and organizational dynamics.

    "In my decades of experience teaching cybersecurity professionals, I've observed that the most successful practitioners are those who can bridge the gap between technical expertise and business objectives," shares Rob Witcher, Co-founder & Master Instructor at Destination Certification. John Berti, fellow Co-founder & Master Instructor, adds, "What sets great security professionals apart isn't just their technical knowledge—it's their ability to adapt, communicate, and think strategically about risk."

    For those considering this path, the message is clear: prepare for a career that's challenging, dynamic, and deeply meaningful. Whether you're looking to transition to this field or advancing your career, building a strong foundation is crucial. And that's where cybersecurity certifications can help you get ahead.

    Here at Destination Certification, we offer comprehensive masterclasses for today's most valuable cybersecurity certifications—CISSP, CCSP, CISM, and Security+. Our experienced instructors don't just prepare you for the exam; they share real-world insights that bridge the gap between certification and practical application. Because in cybersecurity, success comes from understanding both the technical and human aspects of the field.

    Image of John Berti - Destination Certification

    John is a major force behind the Destination Certification CISSP program's success, with over 25 years of global cybersecurity experience. He simplifies complex topics, and he utilizes innovative teaching methods that contribute to the program's industry-high exam success rates. As a leading Information Security professional in Canada, John co-authored a bestselling CISSP exam preparation guide and helped develop official CISSP curriculum materials. You can reach out to John on LinkedIn.

    John is a major force behind the Destination Certification CISSP program's success, with over 25 years of global cybersecurity experience. He simplifies complex topics, and he utilizes innovative teaching methods that contribute to the program's industry-high exam success rates. As a leading Information Security professional in Canada, John co-authored a bestselling CISSP exam preparation guide and helped develop official CISSP curriculum materials. You can reach out to John on LinkedIn.

    The easiest way to get your CISSP Certification


    Learn about our CISSP MasterClass

    Image of masterclass video - Destination Certification
    >