Choosing Your Path in Cybersecurity

A few years into a cybersecurity career, most people hit the same fork in the road. You can go deep — becoming the person who knows more about memory forensics, or cloud security, or red teaming than almost anyone else. Or you can go broad — building enough knowledge across enough domains to lead teams, advise organisations, and see the full picture.

Neither is the wrong choice. But making it deliberately, rather than just drifting, will shape your career for years.

The Case for Specialising

The cybersecurity market rewards depth. Senior specialists — a forensic analyst with ten years of Windows artefact knowledge, a malware reverse engineer who can unpack custom packers, a cloud IR specialist who's responded to a hundred AWS incidents — are genuinely scarce and genuinely well compensated.

Specialisation also builds reputation. In a field that moves fast, being known as the person to call for a specific type of problem is a powerful career asset. Conference talks, research papers, and public tooling all come more naturally when you've gone deep into one area.

DFIR as a specialism is particularly strong right now. Demand for incident responders and forensic analysts consistently outstrips supply. The skills are hard to automate. And the nature of the work — every incident is different — means that deep specialists rarely get bored.

The downside: deep specialisms can become obsolete. The forensic techniques that were cutting-edge five years ago are now commoditised into tools. Staying relevant as a specialist means continuously pushing your knowledge forward, which takes sustained effort.

The Case for Going Broad

Generalists tend to progress into leadership faster. Security managers, CISOs, and consulting partners need to understand enough about many domains to make good decisions, communicate risk to boards, and manage teams of specialists.

If you're drawn to the strategic side — building security programmes, managing vendor relationships, translating technical risk into business language — breadth serves you better than depth.

Generalists also tend to be more resilient to market shifts. If one specialism becomes less relevant (or gets absorbed into a product), someone with broad knowledge can pivot. A very deep specialist may find themselves retraining from scratch.

The honest trade-off: generalists often earn less than top-tier specialists at the peak of the market, but they tend to have more stable, varied careers with clearer routes to senior management.

The T-Shape Model

Most practitioners end up somewhere in between — and the concept of a T-shaped professional is a useful frame.

The vertical bar of the T represents deep expertise in one or two areas. The horizontal bar represents broad enough knowledge across adjacent domains to collaborate effectively with other specialists and understand the full picture.

In DFIR terms, this might look like:

• Deep: Windows memory forensics and malware analysis
• Broad: Enough cloud knowledge to follow an attacker who pivots from on-prem to AWS; enough networking to read packet captures; enough IR process knowledge to lead a response

The T-shape also evolves over time. Many practitioners spend their early careers building the horizontal bar — broad exposure across domains — and then deliberately go deep once they find the area that genuinely interests them.

Questions to Ask Yourself

If you're trying to work out which direction fits you, these are the questions worth sitting with:

Do you want to be in the room when strategy is decided, or when the incident is happening? Strategy = broader path. Incident = specialist path.

Does deep, sustained focus on one problem energise or exhaust you? Research and specialisation require long hours with the same problem. Some people love that. Others find it draining after a while.

What do you find yourself reading about when no one's watching? The areas you return to voluntarily are usually the areas you should invest in professionally.

Where does your current employer need depth? Sometimes the right move is shaped by opportunity. If your organisation has a gap in forensic capability and you're interested in it, filling that gap is a fast track to valuable experience.

The Career Stages to Consider

0–3 years: Go broad. Exposure to different domains — SOC work, IR, some red team thinking, cloud basics — builds the pattern recognition you'll rely on for the rest of your career. Don't specialise too early.

3–6 years: Start going deep in one or two areas. By now you should have a sense of what genuinely interests you. Pursue certifications, contribute to the community, and start building a reputation.

6+ years: The T-shape comes into its own. Deep expertise, broad enough to lead. This is where the interesting roles open up — principal analyst, consulting lead, internal DFIR team lead, CISO track.

One More Thing

The practitioners who have the best careers — not just the highest salaries, but the most interesting, sustainable work — are almost always the ones who are genuinely curious. They read outside their job description. They build things for fun. They share what they know.

Specialist or generalist matters less than whether you're actually interested in the work. If you're not, no amount of strategic career planning will make up for it.