Cybersecurity isn’t just about defending networks anymore, it has become a critical business function that touches every corner of modern organizations. We sat down with Bradford Willke, a facilitator at Flatiron School and cybersecurity veteran with over 30 years of experience spanning the U.S. Air Force, the Cybersecurity and Infrastructure Security Agency (CISA), and global manufacturing, to explore where cybersecurity fits within today’s organizations and how aspiring professionals can chart their career paths.
Where Cybersecurity Lives in Organizations
One of the most striking things about cybersecurity today is how varied the roles and placements can be. Bradford explains that cybersecurity professionals work at multiple layers:
Operational Teams sit embedded in IT departments as Security Operations Center (SOC) analysts, constantly monitoring for vulnerabilities and threats. They might report to a threat and vulnerability manager or SOC manager, serving as the front line of defense.
Governance and Compliance Teams work alongside corporate risk management, handling identity and access management and regulatory requirements. They ensure the organization meets security standards and measures up against industry benchmarks.
Specialized Areas are emerging in fields like Operations Technology (OT) security. In manufacturing, healthcare, water treatment, and transportation, cybersecurity professionals now work directly with engineers on the factory floor, securing systems that run manufacturing processes, not just traditional IT infrastructure.
Chief Information Security Officer (CISO) Structures in larger organizations create entire departments with training, awareness, identity management, threat assessment, and architecture teams. Even then, these teams often place liaison officers close to business units to align security with daily operational needs.
External Partners like CrowdStrike and other cybersecurity providers act as extended team members, bringing specialized expertise that organizations can’t always maintain in-house.
“You can’t find an area now that there’s not a stratus of positions,” Bradford notes. The career paths you can blaze are varied and numerous, a far cry from when he started and you had to fit a specific mold or cybersecurity simply wasn’t for you.
Why Cybersecurity Is More Than Technical
If cybersecurity were just a technical function, it would live quietly in the IT department. Instead, it’s moved to the boardroom. Why?
Cyber attacks are normalized: Major breaches make headlines constantly. Organizations expect attacks to happen, which means cybersecurity needs to be “snapped at the hip with the business” to communicate well during crises and plan effectively for them.
Regulatory requirements are tightening: The Securities and Exchange Commission (SEC) now requires publicly traded companies to have not just a CISO, but a comprehensive cyber risk management plan with annual internal assessments against risk scorecards.
Business operations depend on security: When companies merge, divest, or integrate new systems, they’re constantly joining different environments together. Security can’t be an afterthought, it needs to move with the organization, not against it.
AI is accelerating everything: As organizations use AI to unlock new business opportunities from their data, security professionals must ensure systems are ready. AI tools like Microsoft Copilot and CrowdStrike’s AI features are also helping security teams analyze threats and make faster decisions about closing attack surfaces.
“The business doesn’t care how things get programmed at the command line,” Bradford emphasizes. “They care about functional uptime, customer reputation, avoiding costs and downtime, and strategic growth opportunities.”
Building Your Cybersecurity Career: Knowledge, Skills, and Abilities
The good news? You can truly choose your own adventure in cybersecurity today. You don’t have to be a jack of all trades or lock yourself into one specialty forever.
Knowledge includes understanding networking, operating systems, cloud services like AWS and Azure, and how systems work at both conceptual and practitioner levels. You need to know what network administrators know about routing tables, because security mistakes often happen when those fundamentals aren’t properly secured.
Skills are the practical capabilities you develop. Vulnerability management, for instance, requires knowing how to identify and scan for vulnerabilities, understanding the National Vulnerability Database, assessing criticality, and managing the entire process from detection to remediation. Other skill areas include risk assessment, secure coding, and threat detection.
Abilities are the softer competencies that grow over time: analytical thinking, communication, leadership, and adapting to evolving threats. “Sometimes they’re experiential and sometimes you can get them out of a book,” Bradford says. “Most of the time I’ve seen that abilities are something you experience.”
The communication ability is especially critical. You need to translate technical topics for non-technical stakeholders, explaining to finance why an investment is essential, or demonstrating to insurers that you have a risk management program, not just a toolbox full of expensive security products.
Your Roadmap: The NICE Framework
When Bradford entered cybersecurity, it was truly a choose-your-own-adventure with no clear roadmap. Today, the NIST NICE (National Initiative for Cybersecurity Education) framework provides that missing map.
The framework organizes cybersecurity work into key categories:
- Securely Provision: Security administrators, firewall managers, identity management
- Operate and Maintain: Ongoing security operations
- Protect and Defend: SOC analysts and proactive threat hunters
- Respond: Incident response teams
For each role, the framework outlines the tasks, knowledge, and skills required. It shows you what certifications and education paths make sense, what demonstrating basic competency looks like versus expert-level performance, and where you might have gaps to close.
“If you want to move from an incident response role to a cyber defense manager or cybersecurity manager, it would show you the path you need to take,” Bradford explains. The framework reveals which KSAs are re-emphasized in the next position and what training, certifications, or courses you need to bridge the gap.
The Role of Certifications
Bradford has held his CISSP (Certified Information Systems Security Professional) certification for over 20 years. While it gave him foundational knowledge across security domains when formal cybersecurity education was rare, he’s clear about its limitations: “Does it make me into a CISO who understands risk management and scorecards? No, absolutely not. Does it make me into a SOC analyst? Absolutely not.”
But certifications serve important purposes. They level an organization’s understanding of your exposure to different security domains. Today’s certifications are highly specialized, you can pursue credentials in risk management, auditing, cloud security, and other specific areas that help you level up and follow a defined career path.
Combined with the NICE framework, certifications help map out a progression. Moving from a junior SOC analyst to a Chief Information Security Officer might involve five different roles: security analyst → security engineer → architecture → security manager → CISO. At each step, the right certifications, training, and demonstrated experience help you advance.
The Most Important Takeaway: Connect Security to Business
Bradford’s final advice cuts to the heart of what makes cybersecurity professionals truly valuable: “Cybersecurity careers really thrive when they connect technical expertise in the security practitioner with the business needs in those departments.”
You need to embed yourself with business units, learn their operations as much as you can. Bradford didn’t want to be a financial person or run an enterprise resource planning system, but he had to know what the screens looked like, where the data lived, and what workflows looked like to support them properly.
“In an incident, I can’t guess at that stuff,” he says. If the first time you’re meeting business stakeholders is during a crisis, it’s too late. You need to be shaking hands, building trust, and having ongoing dialogues about what operational outcomes and continuity look like, before disaster strikes.
He shares a powerful example: working with Louisiana’s Governor when five school districts faced ransomware attacks affecting 5,000 systems just two weeks before the school year. The critical question wasn’t just about technical recovery, it was about priorities. Can you pay teachers? Do they get benefits? Can they deliver classes? Which system gets restored first, and which is 5,000th?
“If you haven’t embedded yourself with the business, you’ve lost a lot as a cybersecurity professional and what you bring for value,” Bradford emphasizes. Even SOC analysts and architects can bridge to the business side and have it reflected in their procedures.
Your Path Forward
The cybersecurity field offers unprecedented opportunities for varied, meaningful careers. Whether you’re drawn to hands-on threat detection, risk management, architecture, or leadership roles, the paths are clearer than ever before.
Start by exploring the NICE framework to understand where your interests align. Build both technical skills and business acumen. Pursue relevant certifications as you progress. Remember that cybersecurity isn’t just about protecting systems, it’s about enabling businesses to operate securely, grow confidently, and recover quickly when challenges arise.
The next generation of cybersecurity professionals won’t just be defenders, they’ll be essential business partners who understand both the technical landscape and organizational needs. That’s where the real opportunity lies.
Ready to turn interest into impact? Take the next step toward a career in cybersecurity by applying to our Cybersecurity program. Build in-demand skills, gain hands-on experience, and prepare to become the kind of cybersecurity professional organizations rely on. Start your path forward with us.
