In partnership with

Edition #36 – The Career Compass

Welcome back to The Career Compass, your trusted resource for career clarity, cybersecurity insights, and recruiter-backed strategies. In this edition, we dive into how to build a cybersecurity portfolio that stands out, explore emerging industry trends, spotlight a high-impact cyber role, and share practical career advice to help you stay resilient and ready.

Video of the Week: Build a Cybersecurity Portfolio That Lands You Jobs in 2025!

Looking to break into cybersecurity or stand out in a competitive job market? A well-built portfolio can make all the difference.

In this week’s video, I show you how to build a cybersecurity portfolio that turns heads and opens doors—whether you're a complete beginner or looking to level up.

🔍 What You’ll Learn:

• Why a portfolio is your ticket to cybersecurity jobs

• 5 steps to create a portfolio that screams “Hire me!”

• Common mistakes to avoid so you don’t get overlooked

• Bonus tips to make your portfolio unforgettable

Perfect for aspiring pentesters, defenders, cloud security pros, or anyone entering the field. No experience? No problem—this video has you covered.

👉 Watch now and take your first step toward a standout career.

Learn AI in 5 minutes a day

This is the easiest way for a busy person wanting to learn AI in as little time as possible:

1. Sign up for The Rundown AI newsletter

2. They send you 5-minute email updates on the latest AI news and how to use it

3. You learn how to become 2x more productive by leveraging AI

Sign up to start learning.

News & Trends in Cybersecurity

Why CTEM Is Winning for CTOs

Continuous Threat Exposure Management (CTEM) is becoming a must-have strategy for forward-thinking CTOs and CISOs. Unlike traditional vulnerability management, CTEM delivers real-time threat visibility, continuously prioritising risks based on evolving environments and helping organisations respond before incidents occur.

🔹 Why it matters:

• Transforms cybersecurity from reactive to proactive

• Speeds up remediation through data-driven prioritisation

• Aligns technical security efforts with business risk at the executive level

Expect to see CTEM influence job descriptions, performance metrics, and the core skills expected of cybersecurity professionals in 2025 and beyond.

MITRE Launches AI Threat Matrix

MITRE has released a new AI Threat Matrix to help organisations understand and defend against threats unique to artificial intelligence systems. This framework classifies risks like data poisoning, model inversion, and adversarial input manipulation.

🔹 Why it matters:

• AI is now both a tool and a target in cybersecurity

• Adds an essential dimension to red and blue team strategies

• Encourages AI fluency for modern cybersecurity professionals

The Rise of Hybrid Security Roles

As organisations become more digital, they’re looking for cybersecurity professionals who can wear multiple hats. Roles that combine compliance, incident response, risk, and cloud security are rapidly gaining popularity.

🔹 Why it matters:

• Creates new entry points for professionals with transferable skills

• Emphasises the need for broad knowledge across domains

• Provides a path for lateral career movement and long-term adaptability

Challenge of the Week: What's Your X Factor?

Quick poll for cybersecurity professionals:

What's the most underrated skill that helped you land your first cyber role?
(Not talking about certs or tech here—think soft skills and intangibles.)

• Was it your communication?

• Persistence?

• Personal branding?

• Interview strategy?

👉 Reply and share your story—your tip could be the spark someone else needs.

We’ll feature top responses in an upcoming issue!

Cyber Career Spotlight: Cybersecurity Risk Analyst

Cybersecurity Risk Analysts play a strategic role in protecting organisations from unseen threats. Instead of just defending against attacks, they help anticipate and prevent them by evaluating risk across systems, vendors, and data.

🔹 What They Do:

• Conduct cybersecurity risk assessments and gap analyses

• Evaluate vendor risk and recommend mitigation plans

• Align risk strategies with business priorities and compliance standards

• Help enforce regulatory frameworks (e.g., ISO 27001, NIST, PCI-DSS)

🔹 Key Skills:

• Risk modelling and threat analysis

• Strong writing and communication for reporting and policy work

• Familiarity with GRC tools (Archer, ServiceNow GRC)

• Understanding of governance and legal requirements (GDPR, HIPAA, etc.)

🔹 Career Path:

• Entry-Level: Risk Analyst, GRC Associate

• Mid-Level: Cyber Risk Consultant, Information Security Specialist

• Senior-Level: Risk Manager, VP of Risk & Compliance

🔹 Salary Range:

$80,000 to $140,000+, depending on industry, experience, and certifications

This role suits professionals who enjoy evaluating the bigger picture, collaborating across departments, and balancing security with strategy.

Cyber Book Club Pick of the Month

The Hacker Playbook 3: Practical Guide to Penetration Testing by Peter Kim

This hands-on guide is perfect for anyone interested in red teaming, ethical hacking, or understanding how attackers think. Peter Kim walks readers through real-world scenarios and simulated environments, offering tactical strategies and scripts you can immediately apply.

🔹 Why we recommend it:

• Easy to follow, even for beginners

• Packed with practical labs and offensive tools

• Offers insight into red team methodologies

• Helps bridge the gap between theory and hands-on skills

Whether you're pursuing penetration testing or just want to build a hacker's mindset, this book is a great place to start.

📬 Got a favourite book? Send it in—we might feature your recommendation next!

Career Advice Corner: Avoiding Burnout in Cybersecurity

Cybersecurity is fast-moving, and that momentum can easily turn into pressure. Here’s how to keep growing without burning out:

🔹 Set boundaries: You don’t need to be on-call 24/7. Guard your off time.
🔹 Focus on quality over quantity: Choose a few key areas to specialise in instead of trying to learn it all.
🔹 Celebrate milestones: Tracking wins, certifications, or project completions builds confidence and motivation.
🔹 Lean on your network: Mentors, peers, and online communities can offer clarity, advice, and encouragement.

Cybersecurity is a career marathon, not a sprint. Protect your energy, pace yourself, and remember: sustained growth beats quick burnout every time.

Career Coaching & Consulting Services

Need personalised support in your cybersecurity or career journey?

I offer tailored coaching and consulting services designed to help you land the right job faster, feel confident in your career decisions, and present yourself like a pro—on paper and in person.

🔹 What I Offer:

• 1:1 Career Coaching: Clarify your goals, plan your next steps, and overcome obstacles with guidance from someone who's been there.

• Resume & LinkedIn Optimisation: Make your first impression count with a resume and profile that reflect your true value.

• Interview Preparation: Nail your next interview with tailored strategies, mock sessions, and real-time feedback.

• Career Transition Support: Whether you’re changing industries or stepping into cybersecurity for the first time, I’ll help you move with confidence.

If you’ve been feeling stuck, applying endlessly, or unsure how to stand out—let’s talk. A short call could be the first step toward your next breakthrough.

📩 Reach out to book a free exploratory chat.
www.lukegoughcoaching.com

Thank you for being part of The Career Compass community. Stay inspired, proactive, and committed to your professional journey—and as always, keep levelling up your career. I’ll see you in the next edition!

Best Wishes,
Luke Gough
Career Coach / Founder of The Career Compass