(Late because I took CYSA + Beta on Thursday 1/09) [Fingers-Crossed]
I think people direct people to “find what they love and do it…” They say that as if doing that is just the easiest thing, but sometimes it isn’t. For example the number of things I thought I really wanted to do and then finally realized I wasn’t suited for or I really wasn’t as interested in are too numerous to list here.
I will admit that it is important to find the things that you are most interested in because it makes you want to learn more about it. Although, there is often things that one has to learn in order to move forward or change careers or what have you, it’s also important to kind of focus in one the things that really interest you and learn about them.
For me, Digital Forensics and Penetration Testing is one of the subsets of Cybersecurity that really interests me. I may have to learn to do SIEM investigations and log analysis for work, but learning these things isn’t a passion project for me, it’s a means to an ends. These things are still interesting , but when I learn them it’s not the same sense of pride or what have you as I feel when I uncover something or even when doing a CTF.
I 100% am not set on what exactly what I will be doing in 5 or 10 years. Because my path has diverged so often and in such varied ways I try not to make solid plans, but rather have an outline of things I would like to learn or do. Whether that would work for others isn’t for me to say. I just know that I tried to rigid planning thing and that didn’t work for me at all. The unplanned plan does work.
My best advice would be to learn, to be open to learning and always be researching shifts and changes and developments and then just to absorb the things that interest you the most and see where these things might take you.
One Great Site for seeing what careers might be available to research:
https://www.cyberseek.org/pathway.html
Build A Security Ninja 