Back to Blog

Best of Ask Me Anything - Direction for Those New to Cyber

career ccl classllc cyber career lab keyaanwilliams Jan 11, 2022

By: Keyaan Williams

I kicked off Ask Me Anything in January 2022 as part of my efforts to rethink how I contribute to the success of others (thanks again to Adam Grant and his book, "Think Again”). I recognize that anything worth doing requires time and momentum. The idea is still growing, but a response to my introduction of the program in a private LinkedIn group is worth sharing while we continue to make people aware of the opportunity to ask me anything and receive a real answer.


Stuart G, CISSP gets credit for the best question from last week.

What path should someone new to the [cybersecurity] field choose, and what are the best certifications?



  1. Everyone who trusts someone else to give career advise should consider the role of person providing the advice. Is the insight coming from a mentor or a coach? A mentor tells you what you should do based on what they think and may or may not understand about you. A coach provides specific guidance that equips you to be the best you can be once you have decided what you want to do.
  2. I think coaching is better than mentoring when providing career advice to people. I encourage people who ask me for cybersecurity career advice to complete a self-assessment using the NICE Cybersecurity Workforce Framework Work Roles ( to identify the best fit for them. The framework lists 52 work roles. Most people find at least one role that is a good fit for the knowledge, skills, and abilities they currently have or are willing to develop.
  3. Joining and actively participating in a professional association like ASIS, ISSA, or CSA to develop relationships and hear from people who know what they are talking about. The area of specialty chosen will influence the right association(s) to join.

Digging deeper, the path to success will vary drastically depending on the experience that people start with, their across multiple security domains, and how hard they are willing to work to be successful. Success also varies based on the work role selected.

Regarding certifications, the right certification makes a difference for the right role. I don’t think certification in digital forensics is necessary or required for people who specialize in identity management. Similarly, I am not sure that a project management certification is appropriate for an individual contributor in a specialized technical role. Certifications complement knowledge, but a ton of free knowledge is available from reputable organizations without the need for a degree or certification. 

What are your thoughts? Feel free to add to the conversation on LinkedIn or submit questions by sending an email to (anything at CLASS-LLC dot com).

Don't miss a beat!

Get regular content, event updates, cybersecurity news and much more delivered straight to your inbox. 

We hate SPAM. We will never sell your information, for any reason.