Advice for cybersecurity professionals: 10 notes from experts

You’re new (or new-ish) to cybersecurity. It’s exciting, but there’s so much to take in. Imagine if you could sit down with a group of leading cybersecurity practitioners – the kind of people who’ve walked the path before you – and have them tell you their best advice?

That’s exactly what this blog post is. 

We asked ten seasoned professionals to share their top advice for all cybersecurity practitioners right now – and here are the notes they left for you. 

1. Be yourself and include others. 

Chris Carter (aka Umar - Head of Cybersecurity at Captive Resources) said:

“Be yourself. Don’t forget to take breaks. Don’t forget to include others. Don’t forget to think about the future. Cybersecurity is a very dynamic space, and in order for us to continue to evolve and grow and responsibly protect data, we have to do these things.” 

2. It takes everyone to make cybersecurity better. 

Ning Wang (CEO at Offsec) said: 

“It takes everyone to make cybersecurity better. So if you are a user, learn to have some cyber literacy. If you’re building products, design your products with security in mind, so it’s not an afterthought. If you are in a leadership position in government or in a company, think about policy.”

3. Don’t focus too hard on tech. 

Ashish Shrestha (Group CISO for Jaguar Land Rover) said: 

“Don’t get overly concerned by just technologies. Look at the risk landscape. Look at the way that data and technology-driven products are driving that paradigm shifting people’s way of life; and how can we make a bigger and better impact than just compliance and security frameworks. How do we now influence that trust with the consumers that are using the products in their day to day life?” 

4. Keep learning (and never stop). 

Umer Khan (CIO and SVP of Software at Relativity Space) said: 

“Keep learning. Cybersecurity continues to evolve, it’s very dynamic – if you’re not learning you’re falling behind. You need to keep up with the attacks, defence, knowledge and techniques. There’s so much to learn on a constant basis – if you’re not into learning, do not get into cybersecurity.” 

5. Get up close and personal with AI. 

Allan Alford (CEO at Alford and Adams consulting) said: 

“Learn AI. And I don’t use mean learn AI from a user perspective, I mean go buy some hardware, put Goethe an AI rig at home, load up the models, download them, play with them, learn how LLM works, learn how Generative AI works, and then start putting on your evil hat like we always do in cybersecurity. Start thinking bad even as you’re doing good, and start figuring out ways that AI can benefit the bad guys. Because it’s coming, and we need to be ready for it.” 

6. Remember there’s so much available to you in cyber. 

Kirsten Davies (Global CISO and Founder and CEO of the Institute for Cyber Civics) said:

“Keep being in cybersecurity. There’s so much opportunity around the globe it’s not specific to any one country – cybersecurity is needed everywhere, from small businesses to individual citizens from countries around the world, to nation states, governments, agencies. So the important message I would give to people in cybersecurity is BE in cybersecurity. Expand your skill set, learn new things, and be curious about the world around you – because there’s so much there and so much available.”

7. Challenge assumptions (your own and others’). 

Sounil Yu (CTO and Chief Ai Safety officer at Knostic) said: 

“One piece of advice…even those who are starting, is that you should always be constantly learning and challenging assumptions. So to be able to be constantly learning is really the main piece of advice.” 

8. Be an eternal student. 

Adam Holland (CISO at Wendy’s) said: 

“Be a constant student. Don’t use the completion of a class, attaining a role or finishing a certification as a stopping point. Let each of them be a step instead. Seek to learn, understand what you’re doing, grow; you cannot ask enough questions and in fact, you’re best served if your questions become your new answers.” 

9. Leverage mentors and expand your knowledge networks. 

Ramy Houssaini (Chair of the Cyber Poverty Line Institute) said: 

“Make sure you are continuing your learning, that you’re actually leveraging mentors and seeking different networks and ecosystems to expand your knowledge. Cybersecurity is no longer a monolithic domain, it’s a very diverse and complex domain – and complexity requires focus and attention, and a bigger understanding of the overall context. Keep the energy, keep the passion, and stay on the treadmill to make sure you’re learning and learning and learning.” 

10. Get ready to do the work. 

Jaya Baloo (COO and Co-founder a Stealth Startup) said:

“There’s a lot more work to do. We have the legacy of the past and the tech deck issues that we’re still trying to overcome while embracing a whole host of new technologies and figuring out how we actually make sure they’re in the same level of protection that we’re giving everything else. I’d urge this next generation to get ready to do that work.” 

Do you want to learn directly from the leading minds in the field of cybersecurity? 

These notes are just the very tiniest tip of the iceberg of knowledge the Black Hat MEA community has to share.

Register now to attend our 2025 event and expand your knowledge.