Super Cyber Fridays!
Join us TOMORROW, Friday [07-11-25], for "Hacking the Resilience Mindset"

Join us this Friday, July 11, 2025, for Super Cyber Friday: “Hacking the Resilience Mindset.”

It all kicks off at 1 PM ET / 10 AM PT, when David Spark will be joined by Liz Morton, field CISO, Axonius, and Nick Vigier, CISO, Oscar Health, for an hour of insightful conversation and engaging games. And at 2 PM ET / 11 AM PT, stick around for our always-popular meetup. This time, it will be hosted right inside the event platform.

Register now on LinkedIn

Remember to add it to your calendar via LinkedIn or on Airmeet link in the invite.

Thanks to our Super Cyber Friday sponsor, Axonius

Defense in Depth
Is It Even Possible to Fast-Track Your Way Into Cybersecurity?

With one simple training course, in just 8 weeks, you could have a good-paying job working in cybersecurity. Too good to be true? Well, it might be true, but very rare. So, how does it happen? And is a fast track into cybersecurity even possible?

Check out these posts from Ira Winkler, CISO, CYE and David Spark for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is David Cross, CISO, Atlassian.

Listen to the full episode here.

The experience prerequisite

The cybersecurity industry faces a fundamental debate about entry-level positions and the prerequisites for success. Bill Schneller of Geffen Mesher argued that "security is not an entry level job" due to the extensive technical foundation required, noting that candidates need years of experience in areas like networking, operating systems, or programming to be effective. Peter Gregory of Akylade reinforced this perspective, reflecting on his own 20-year IT career progression through datacenter operations, programming, and engineering before transitioning to cybersecurity management in 1999. "I cannot imagine being successful in cybersecurity without that 20 years of real-world IT experience," Gregory said, concluding that "entry-level cyber jobs aren't in cyber—they are in IT."

The bootcamp reality check

Cybersecurity bootcamps show mixed results, with success heavily dependent on participants' existing technical backgrounds. Ashis Das of GEM Team tracked his 30-person UCSD Extension cohort and found a clear pattern: all five students with IT backgrounds landed cybersecurity jobs, while the "career changers" without technical experience failed to secure relevant positions. Caitlin Sarian, Cybersecurity Girl on TikTok, has observed widespread issues with programs that "overpromise and underdeliver," saying "I’ve seen firsthand how many people invest thousands into bootcamps, and universities that are more focused on making money than actually preparing students for a cybersecurity career."

The compensation conundrum

Experienced IT professionals face a frustrating paradox when attempting to transition into cybersecurity roles. Brian Rogers of Aerospike highlighted how the industry expects seasoned SRE and DevOps engineers to accept entry-level wages despite already performing security functions in their current roles. "Cybersecurity will forever have a staffing problem, not because of a lack of qualified workers, but because the egos involved in cybersecurity mean you will NEVER be seen as qualified," Rogers observed. J. David Christensen of OneSpan criticized the industry's "profit over practicality" approach, where people are misled into believing degrees and certifications alone guarantee cybersecurity roles, often leaving those who do land positions looking "like a fish out of water" without practical experience.

The domain expertise imperative

Understanding the underlying technology remains crucial for cybersecurity effectiveness across all specializations. Logan Opalisky of Motion Recruitment emphasized that "to be a sound security professional in any discipline within cybersecurity, you need to understand what it is you're securing." This philosophy extends beyond security tooling to fundamental knowledge—network security professionals should understand how networks are built and function, while application security engineers need coding skills to be taken seriously by developers. Opalisky noted that while cybersecurity degrees have become more mainstream, the most desirable security engineers and architects are still those who can handle basic technical tasks like spinning up Linux servers or explaining TCP/IP protocols.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, ThreatLocker

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jim Bowie, vp, CISO, Tampa General Hospital.

Thanks to our sponsor, Vanta

Cyber chatter from around the web...
Jump in on these conversations

“How much you make as a cybersecurity contractors?” (More here)

“What certs are truly valuable?” (More here)

“What is one threat you think people still underestimate?” (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [07-11-25] Hacking the Resilience Mindset

• [07-18-25] Hacking Vendor Competition

• [07-25-25] Hacking the Security Poverty Line

Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.