This article is about reasons why cybersecurity may not be a good fit for you, as well as some of the downsides to working in cybersecurity. If you’d like to learn more about whether cybersecurity is for you, you can check out our article here, which includes a quiz you can take to help determine your cybersecurity fit.

If you read anything that I write, you know that I’m a big proponent of cybersecurity.  I’ve seen cybersecurity make such a positive impact in so many people’s lives (including my own), from higher salaries and bigger opportunities to higher self-esteem, that it’s hard not to be positive about the field.  But nothing in life is all fairytales and roses, so in this article, I’m going to cover 5 big reasons you may NOT want to work in cybersecurity. Here we go.

Cybersecurity’s Rate of Change is Really, Really Fast

The rate of change in nearly every industry seems to have picked up in the last ten years of so, with online outfits like Amazon killing small businesses and local retail, and services like Uber and Airbnb putting unregulated pressure on taxi drivers and hotels.  But the rate of change in cybersecurity is something completely different.

Cybersecurity has a built-in rate of change, not just because it is a technology-based field (and technology is changing all of the time), but because the nature of the field means that the first to discover a new vulnerability or flaw wins.  That means that everyone related to cybersecurity (both the good guys and the bad guys), are racing to learn and develop new things. This creates an ever-going and ever-increasing rate of change treadmill. And if you’re going into cybersecurity, there is no way to get off of that treadmill.  It’s built into the job. Which brings up the point of this section:

Reason #1:  If you don’t want to be forced to learn and adapt quickly, don’t work in cybersecurity.

If you don’t like change and constant learning, cybersecurity will not be the field for you.  Ever. Not now, and certainly not ten years from now. No one seems to know where cybersecurity is going over the next decade, but everyone agrees that there will be massive change.  One person I spoke to recently called the future of cybersecurity the “wild west’, referring to an amount of change and uncertainty that is almost uncontrollable, unpredictable and lawless.  If you choose to go into cybersecurity, you’re going straight into the lion’s den of change.  

Cybersecurity’s Rate of Change Makes Aging in the Job Difficult

In the first section above, we covered the challenge that change brings to the job of cybersecurity on a daily basis.  But there is another factor of change that many people overlook, and that is that change in cybersecurity has the potential to age out people as they get older.  

It’s no secret that learning new things doesn’t get easier as we age, and the fact that cybersecurity is so relentless in how much you must learn, and keep learning, means that a certain amount of pressure will be felt by all of us as we age in the field.  

Reason #2:  The rate of learning will be challenging as an older worker in cybersecurity.

I’ve spoken to several people in the field that recognize that some days, it can be challenging to keep up with the young guns in the field.  Or that learning something new just seems a little more difficult than it may have been before. They still are great at what they do, and they can still provide massive value, but they can feel that slight change.  And because of this, it makes a lot of people wonder if they’ll be able to be effective in the cybersecurity field as they age. This is something to consider as you evaluate your career options.

Some cybersecurity professionals have considered planning their eventual exit from the field or phase two of their careers.  They begin to consider other options in or related to cybersecurity that doesn’t have quite the fast pace of change, but in which they can still leverage their skills.  Some professionals consider gigs like cybersecurity consulting or teaching as something they plan to get into when the rate of change becomes too difficult or tiring.

Others Never Understand What You Do

If you meet someone and they say they’re an accountant or a third-grade teacher, you know what that means.  But when someone says they’re in cybersecurity? What does that really mean? Does anyone outside of the field really understand it?  Does anyone outside of the field even have a clue as to what you do each day?

Cybersecurity is still new enough that a large portion of the population doesn’t understand it at all.  And that can be frustrating at times, especially when your family members or friends ask you the same questions over and over about your job, or discount or minimize what you do as “something to do with computers.”  It’s not uncommon for parents or family members to assume that you don’t really work that hard, or that you don’t do anything important or challenging, simply because they don’t understand what it is.

It’s easy for other people to not understand what you do when it comes to cybersecurity, or anything related to new technology.  In some cases, even the boss that signs your paycheck won’t really understand what you do, other than that it’s important to the organization at some level, and that you cost the company a lot of money to be there.

A lot of this is because cybersecurity didn’t exist in the not-so-distant past.  Your grandparents didn’t have cybersecurity as a career option. Your parents didn’t take cybersecurity classes in high school.  They didn’t have guidance counselors in high school suggesting they go into cybersecurity. It’s just so new and ever-changing that it’s hard for anyone not in the field to understand it.

Reason #3:  You may not get the support and understanding you expect from those around you if you work in cybersecurity.

Cybersecurity Requires Serious Passion

Just about all of the cybersecurity professionals I know love what they do.  They love that they get paid well, but they love what they do first and foremost, meaning that they would still probably do it if the money were less.  For many of them, they got into the field when the salaries weren’t as strong as they are now, which means they chose it for the enjoyment and opportunity that is offered, and perhaps less so about the financial benefit.

I personally don’t see the same passion in many other fields.  When I visit a doctor, I can tell that they’ve studied a lot and are competent (hopefully), but I don’t often see them wearing their passion on their sleeve.  I’m not sure that administrative assistants, restaurant workers, Subway sandwich artists, and office managers are really passionate about what they do either. They may enjoy it, and they may be good at it, but do they really have a passion for it?  Some do certainly, but they may be in the minority.  

I think a big portion of the workforce works only because they have to work, and the job that they have is one that they are able to do which pays the bills.  That’s it. Some studies have shown that nearly three-quarters of the American workforce doesn’t like their jobs and would quit today if they were financially able to do so.

Working and succeeding in cybersecurity requires a big commitment and a real passion for technology.  Since cybersecurity changes so fast and can be intense at times, you need to be fully committed, which means it’s your passion that will pull you through and keep you grounded and sane when things get challenging, which they will.  It’s important to assess if you really enjoy technology from an interest perspective, because that will be a good indicator of your passion for the field down the line.

Reason #4: If you don’t enjoy and have a passion for technology, cybersecurity will be a challenging field for you to succeed in.  

Cybersecurity is Very Cerebral

There are some lines of work where you are required to work hard physically.  I’d imagine that construction workers and nurses, for example, are often physically exhausted at the end of a long shift.  Other jobs, like accountants and attorneys, are probably similarly mentally exhausting at times. I’m sure that every attorney can relate to being mentally exhausted and fried after a long day of reading through the nuances of contracts or legal documents.

Cybersecurity can be mentally exhausting as well.  Certainly, from a physiological perspective, intense, sustained concentration causes the brain to use a great deal of energy.  This can be common in cybersecurity too, because there will be times when you’re looking for something in a log file or reading technical documentation, and unless you are laser-focused and concentrating heavily, you can’t really be effective.  The same goes for studying certification books on your own time. Even studying cybersecurity materials, which are technical and tend to be dry, can be mentally exhausting. So consider:

Reason #5:  If you prefer work that is not mentally taxing at times, you may want to consider a line of work other than cybersecurity.


There you have it.  Several reasons that you may want to look elsewhere for a career.  Cybersecurity is a great field for a lot of people, but it’s not for everyone.  Consider what you enjoy and how you like to work. Consider what your long term goals are and what motivates you.  If you prefer physical work, or never enjoyed studying, cybersecurity may not be a good fit.

One of the best things you can do for yourself in order to make an educated decision is to find a cybersecurity professional to talk to or shadow.  Read our article on how to find out if cyber is for you here. Find someone that works in cybersecurity and see what they like and don’t like about what they do, and consider how you feel about what they’re saying. If you don’t know anyone is cybersecurity, you can review our interviews with cybersecurity professionals here. Good luck with your career exploration journey.

About the author 

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity, and technology training fields. He has a degree in Computer Information Science and CompTIA A+, Network+, Security+, Server+, CySA+, and Cisco CCNA certifications.