Editor’s note: This is the fourth in a weeklong series of ISACA Now blog posts sharing guidance on how to start 2025 strong across digital trust professions. Today, we focus on security.
The cybersecurity landscape is not for the faint of heart as attack methods grow in sophistication, powered by advancements in emerging technology. The good news is there are tangible ways that security professionals can meet the challenges they face, simultaneously advancing their careers and better protecting their organizations.
With the new year underway, there is no time like the present for us to refine our approaches and become more effective security professionals. Below are five areas to consider prioritizing in 2025.
1. Expand Engagement with Leadership
Prioritizing ongoing and proactive information-sharing with your organization’s executive leadership and board of directors is a necessary piece of aligning security outcomes with the organization’s strategic goals.
This can be achieved by providing tangible data, such as updates on KPIs, benchmarking and other pertinent metrics. Whether you are directly responsible for reporting to leadership or not, find out what information your organization’s leaders value and be part of the solution in gathering and packaging those data points to foster constructive decision-making.
2. Find Ways to Better Anticipate Security Risks
Look at ways to better anticipate and mitigate cyber risk. As we enter 2025, for many organizations, that will include gaining a deeper understanding of risks related to generative AI, increasing cloud concentration and other supply chain risks, the evolving regulatory landscape, and outstanding technical debt. Additionally, be sure to factor insider threats into the risk equation.
Putting solid incident response procedures in place is essential, but even better is having a clear understanding of how the threat landscape is most likely to impact your organization and setting up your defenses accordingly.
3. Spend More Time Interacting with Fellow Security Professionals
There’s tremendous benefit in the rich exchange of ideas and experiences within the security community. Whether you are a CISO, an entry-level security practitioner or somewhere in between, be intentional about carving out time to share questions, ideas and solutions with your colleagues. This can take place at industry conferences, on online platforms such as ISACA’s Engage community or through old-fashioned methods such as catching up with colleagues in your area over a cup of coffee.
On a more formalized level, I support the creation of industry Computer Security Incident Response Teams (CSIRTs) to enable more collaboration and cooperation among peer companies – and even competitors – to better address cyber risks.
4. Balance Security with Opportunities to Innovate
As I mentioned in a CSO article, as artificial intelligence becomes increasingly prioritized on the enterprise landscape, security leaders are charged with securing AI implementations – often no easy task – while also enabling swift adoption with minimal friction. A number of challenges exist regarding implementing privacy and security controls while leveraging AI to refresh and accelerate many facets of the enterprise.
To strike this balance, security professionals should draw upon key principles for AI governance and responsible use. This includes security oversight for grassroots and enterprise-wide AI initiatives, expanding supply chain due diligence to third-party vendors’ AI use, enhancing visibility and control over the AI data lifecycle, reducing and monitoring the broader threat surface, ensuring that AI partners are engaging in ethical practices, and integration of evolving regulatory requirements.
5. Make Time to Nurture the Next Generation of Security Professionals
One concerning reality for the security profession is that many stalwart practitioners are nearing retirement age while others exit due to the high stress and demands inherent to cybersecurity. Substantial gaps already exist in the cybersecurity workforce, and this challenge could become even more acute in the coming years.
That is why it is on all of us to keep an eye on the future. Welcoming the next generation of cybersecurity professionals into the profession is a win-win for prospective industry newcomers and for your organization, and we all stand to benefit from a more sustainable workforce. Make time for capacity-building initiatives, mentorship and supporting scholarship and education programs such as those offered by the ISACA Foundation.
Avoid Career Stagnation
It is easy for security professionals to remain stuck in the status quo: there are intense demands on our time and we often are stretched too thin to pursue new ideas and initiatives. However, simply treading water is not going to take our profession – or us individually – where we need to go. Instead, in this new year, equip yourself with new approaches to advance your career and elevate your impact.
By being intentional about engaging with leadership, better anticipating high-impact cyber risks, learning from colleagues’ triumphs and mistakes, championing responsible AI integrations and helping to usher in the next wave of security professionals, you will exit 2025 with your career on an upward trajectory.
