This article was written as an editorial in collaboration with Bradley Henschke and Stacey Fernandes from Calleo Group. The article aims to answer over 20 user questions that were asked in the 'Virtual Ask an Expert' section. Although all efforts have been made to address every topic, due to the sheer volume of these, we cannot guarantee that all of them have been answered - keep an eye out for any follow-up articles.
What struck me about the questions submitted for this “Ask the Expert” feature was how human they were. Few asked about tools or technologies. Most focused on careers, leadership, confidence, and the profession's future.
Cybersecurity is often portrayed as a purely technical discipline. In reality, it’s a people profession.
Compared with fields like finance or engineering, cybersecurity leadership is still relatively young as a discipline. Many professionals entering or advancing in the field are navigating uncertainty while also helping shape the next generation of cyber leadership.
Entering the Cybersecurity Profession
Several questions focused on how to break into cybersecurity. Some came from high school students, others from professionals considering a career change.
Cybersecurity is not a single job. It’s an ecosystem. Roles range from governance and risk management to engineering, incident response, threat intelligence, security architecture, and policy.
Many professionals enter cybersecurity from other disciplines. Backgrounds in project management, software development, networking, testing, audit, psychology, and risk management all translate well into security roles.
For students, curiosity is the best starting point. Learn how systems work, experiment with technology, and develop problem-solving skills. Cybersecurity rewards people who ask questions and enjoy understanding how things connect.
For career changers, it's almost never too late. Organisations value transferable skills like structured thinking, communication, and risk awareness. The main challenge is typically gaining initial practical experience, and many professionals start by taking on related roles to gradually build security expertise.
Salary expectations also came up frequently.
A common misconception about cybersecurity careers is the money. While the industry can offer strong earning potential, it is not a shortcut. Technology evolves, threats evolve, and professionals who succeed in the field are those who continue evolving with them.
The widely discussed “cyber skills shortage” is also often misunderstood. Demand is strongest for experienced professionals, while entry-level roles remain competitive. Over time, however, the market differentiates as individuals gain experience and take on greater accountability.
Australia is investing heavily in growing the cyber workforce. The challenge now is ensuring emerging professionals have opportunities to receive hands-on experience rather than relying solely on the existing workforce.
Certifications
Certifications often come up in conversations about cybersecurity careers. They are valuable, helping build fundamental knowledge and demonstrating commitment to the field. But at some point, certifications stop distinguishing your capabilities.
Employers care about how professionals handle risk. They watch how you communicate with stakeholders and operate within complex environments. Continuous learning is essential. Experience remains the most powerful teacher.
The Human Side of Cybersecurity
Some of the most honest questions centred around confidence and leadership.
- Imposter syndrome is common in cybersecurity. The field evolves quickly, and the sheer volume of knowledge can make even experienced professionals feel like they’re constantly catching up.
The reality is that no one understands every part of cybersecurity. It’s simply too broad.
Effective professionals build depth in specific areas while maintaining enough awareness to collaborate across disciplines.
- Leadership transitions bring another challenge. Many professionals are promoted for their technical ability, only to discover that leadership requires a different skill set, guiding teams, influencing stakeholders, and making decisions in ambiguous situations.
I learned this lesson the hard way. Leading a technical team in a high-stress operational environment meant heavy workloads, fatigue, and occasional communication breakdowns.
The most valuable leadership lesson I learned was to address issues directly. Be honest about your values, deal with conflict early, and don’t let problems fester. Leaders grow more when they are challenged than when things are comfortable.
Ultimately, I learned that effective leadership is always about people.
As a leader, your responsibility is to create an environment where your team wants to come to work, and the rest will follow.
The Future of Cyber Leadership
Looking ahead, the expectations placed on cyber leaders will continue to evolve.
Technologies such as artificial intelligence are being adopted rapidly across organisations. While some fear the risks and potential job losses, I see AI as an opportunity.
We’ve seen similar transitions before. When cloud computing emerged, and even earlier when the internet became mainstream, many feared widespread job displacement. In reality, those shifts created entirely new industries and opportunities.
AI will likely follow a similar path. The professionals who thrive will be those who are curious, adapt quickly, and learn how to use these tools effectively.
If I were entering the profession today, my advice would be clear: master the art of prompting and cultivate an endless curiosity.
Modern AI tools make knowledge more accessible at your fingertips. What will set you apart is your ability to ask the right questions, prompt effectively, and critically evaluate the information you receive.
However, rapid adoption without thoughtful governance introduces significant risks. Organisations and governments must establish clear guardrails for issues such as data exposure, decision transparency, and reliance on third-party providers.
Future cyber leaders will need to operate across technical, regulatory, and ethical dimensions while communicating cyber risk in a language executives understand.
Technology plays a critical role, but resilience is built through leadership, collaboration, and the development of capable teams.
In cybersecurity, success ultimately depends on people
