top of page

10 Steps to Take Control of your Career in Cybersecurity in 2025

  • Writer: Kristina Sisk
    Kristina Sisk
  • Jan 13
  • 7 min read

Two hands holding a growing seedling in a pile of dirt.

Welcome 2025!


Whether you set a New Year's Resolution or not, this is still the time of year to start setting goals at work. For the unlucky among us, yearly goals are certain to be out of date by March.


For many, goals are an important part of the corporate performance management routine. But are goals enough to ensure your career is developing the way you want?


Maybe.


Here are 10 steps you can take at any level to get behind the driver's seat of your career in 2025.


Step 1: Learn your desired Career Path Type.

Learn the motivation behind your career to help you understand what you really want from it. Don't worry—it's just data to make you think. If you disagree with the results, well, that, too, is data.


  • Take the Career Concepts Quiz.

  • Reflect on the results and whether you agree with them.

  • Optional: Save the results to share with your manager.


Step 2: Are you a rock star or a superstar?

In her book Radical Candor, Kim Scott described the different growth trajectories for excellent performance. While I give a brief overview, I recommend reading the book to really understand the difference. I focus on excellent performance because, statistically, we all believe our contributions are above average.


Radical Candor matrix with performance on x-axis and growth trajectory on y-axis.

Rock stars

In the bottom right quadrant are employees with excellent performance and a more gradual growth trajectory. (Ignore media hype; this is not "quiet quitting" because you still have excellent performance.)


Superstars

In the top right quadrant are employees with excellent performance and a steep growth trajectory.



  • Reflect on your personal commitments for 2025.

Our personal lives influence our ability to seek advancement at work. Babies, aging parents, and our own health can all signal a time to be a rock star until our personal lives settle down.

  • Reflect on 2024. Which quadrant were you in? Based on your end-of-year review, which quadrant did your manager believe you were in?

No one is ever stuck in one quadrant for their whole career. You move between quadrants based on life circumstances. Always trying to be a superstar will lead to burnout.

  • Decide what kind of star you want to be in 2025.


Step 3: Create at least one 3-5 year career goal.

Why create a longer-term goal when the world is changing so quickly? Just look to Lewis Carroll's book, Alice in Wonderland, to explain.


Alice: "Would you tell me, please, which way I ought to go from here?"

Cheshire Cat: "That depends a good deal on where you want to get to."


  • Imagine it’s 2030. You reflect on the past 5 years of your career. You are so proud because ________ (fill in the blank).

  • Consider Steps 1 and 2. Compare those answers to what would make you proud in 2030. Do they align?

  • Consider how much direct control you have over the 2030 outcome and adjust.

If your 2030 goal is being promoted at the same company you work at now, then you are fully dependent on that company to have the availability of the position for your skillset. Meaning your goal is not fully within your control.


Instead, dive deeper. Perform a 5 Whys exercise. Why do you want the promotion? What does it mean to you? Perhaps it's increased influence and decision-making, or perhaps it's more income?


The more specific you are with yourself and the goal, the more opportunities you will have to succeed. Which obviously means, the more likely you are to look back in 2030 and grin ear to ear.


Step 4: Do you want to be a people leader or a technical leader?

Not everyone enjoys helping others grow so much they are willing to deal with the paperwork of being a people leader. You have to really enjoy it to be a good leader. And if you aren’t interested in trying to be the best people leader possible, then please don’t bother to become one.


  • A people leader is someone with direct reports who also mentors and coaches team members so that they bring their unique value to the team.

  • A technical leader is someone who has deep expertise in at least one field and broad expertise across IT to design and develop innovative solutions to enterprise-level problems. Microsoft calls these roles Distinguished Engineers.

  • 🙋🏼‍♀️ Want to learn more about becoming a technical leader? Let me know in the comments, and I will create a shareable version of the framework I have used for years with my direct reports.

  • Decide which career you would like to pursue in 2025. Don't worry—you can change your mind later. I have multiple times in my career.


Step 5: Document steps 1-4 in your company HR system.

I know. This one seems obvious, but it's not uncommon to shy away from this step. Inputting this information into your HR System can provide you with continuity during manager changes.


  • Your HR system is likely Workday or a similar SaaS product. Look for sections in your profile titled "Career Interests," "Career Preferences," and "Career Skills."


Step 6: Create Development Items.

Let’s get tactical now for 2025. Perform a gap assessment on the technical and essential skills needed for your long term goal with where those skills are right now.


  • Relationship Management, Written Communication, and Change Leadership are all examples of essential skills. The label "soft skills" is misleading. If you forget to grow these types of skills, your career will plateau; nothing "soft" about that.

  • If you have been in your role for more than a year, request specific 360° feedback to ensure you have identified all potential growth areas.

  • Research your company’s available training opportunities.

    Mentoring, shadowing, college certificate refunds, and company access to online platforms like Degreed or Linkedin Learning.

  • I don’t recommend putting these as goals in your HR system. Instead, look for an area focused on growth, like Workday's Development Items section.


Step 7: Create your cybersecurity career 2025 SMART goals.

Typically, companies require you to set goals, maybe yearly, maybe quarterly. Your manager may want to write your goals. If this is the case, be sure you understand that goal as though you wrote it yourself. Your manager may just want to review your goals. Either way, here are steps to ensuring your goals are meaningful.


  • Understand your team’s strategy, roadmap, or OKR’s. If you don’t have materials provided by leadership to work from, then think through the messaging you have heard in all-hands meetings.

    Review the list of ongoing projects and see if you notice a theme, such as becoming well managed (projects focused on process), improving technology (projects focused on new platforms), or growing (projects focused on new services like Deception).


    If you are on a psychologically safe team, share your thoughts with your manager or team members to see if they agree on what strategy you think the team is following.

  • Assess how your planned BAU and project work align with the strategy and roadmap.

  • If you don’t see the opportunity to gain the expertise or experiences you need to grow according to your development plan from step 6, discuss this with your manager.

  • Enter your goals into your performance management system in a SMART format. Include in the goal how you are supporting strategic initiatives by focusing on those goals.


Step 8: Throughout 2025, actively manage your goals and development items in the system.

This is really important to ensure you meet expectations, but it also future-proofs these if your manager changes unexpectedly.

  • Set update reminders in Outlook/Google Calendar or a reoccurring task in your task-tracking app of choice. Do this more frequently than your performance management cycle.

  • Create a shared Meeting Notes document with your manager to review during your 1:1s or Check-Ins. Check out Jeff Su for ideas on what this could look like.

  • Add your development items and SMART goals to your 1:1 Agenda with your manager. Determine the right frequency for reviewing these.


Step 9: Maintain a yearly brag sheet.

Performance management is the time to brag. Create a file to store your accomplishments throughout the year. If you need to get better at this, read Brag Better by Meredith Fineman.


  • If you get feedback through a company platform on a job well done, maybe even a spot award, capture it on the sheet.

  • If your company assesses you during performance management on “living the values,” a brag sheet is a great way to capture the way you approached a project, handled a difficult conversation, etc.

  • Set a reoccurring 10-minute time block every other week to update your brag sheet. That way, you always do it when it's fresh in your mind.

  • Create an email category or tag with a fun name. I like Joy. When you receive feedback emails, add your "Joy" tag to them before you archive them so you can easily find them later to add to your brag sheet.


Step 10: Mentors, Coaches, and Sponsors.

Do not rely solely on your manager to help you achieve your long-term goal, especially if you are experiencing rapid changes in leadership. Create a personal board of directors to guide and support you. Read more on the differences in these roles from HBR's A Guide to Mentors, Sponsors, and Coaches.


  • Mentors can be peers who you have seen successfully use a skill you are working to develop. They do not need to be at a certain level. Mentors can also be at other companies; just don’t share nonpublic information with them.

  • Coaches ask you questions to help you get unstuck, but with your own answers instead of advice.

  • Sponsors need to be someone “in the room where it happens.” Basically, they need to be where decisions are being made. If you want above average on your performance review, then focus on a sponsor that will be in the performance management calibration or alignment meetings. If you want a role on a project, pick a sponsor in the room where decisions are made on who is on the project team.


    The key with sponsors is that you can’t choose them; they choose you. So, if someone would make a good sponsor, do your homework. What are they trying to achieve, and how can you contribute to a successful delivery? Remember that a sponsor uses their influence, reputation, and political capital to sponsor you, and it takes significant trust for someone to do that. Earn that trust, and it pays off.


That's it. If you spend the time to complete those 10 steps, you will feel more in control of your cybersecurity career in 2025.


Have your tips or run into problems? Share in the comments.

Privacy & Terms of Use

© 2025 by Practical in Theory, LLC. 

bottom of page