๐ŸงญBest for Newcomers

The Pivot Playbook: Finding Your Footing in Cyber

Symone Johnson · 33:19 · 2025 · Track 2

careerpublic-speaking

Symone Johnson on the pivot playbook. A Track 2 session from Simply CyberCon 2025.

Open this segment on YouTube โ†— ยท jumps to 1:35:55 in the Track 2 livestream

The Pivot Playbook: Finding Your Footing in Cyber

Symone Johnson pivoted out of higher ed in 2020 and has pivoted multiple times within cybersecurity since. Her talk is a structured field manual for anyone stuck in a role they thought they wanted, framed around the question most people are afraid to ask: should I leave, or am I just having a bad coffee?

The Signs You Should Pivot

Symone's signal list is honest. Sunday scaries on steroids. Six months in and you still hate it. You like the people and the company but the work feels wrong. You catch yourself watching other teams in meetings, wishing you could play with them. She started in application security, did the work because she could do the work, and only realized nine months later that doing it well is not the same as wanting to do it.

Get To Know Yourself First

Before picking a new role, Symone runs a self-interview. Hands-on technical or strategic? Alone or on a team? What are your natural strengths โ€” and could those translate sideways? Hers did. Someone noticed she wrote well and asked if she had thought about policy work. She had not, because she did not know cyber even had policies. That conversation became the bridge to GRC. Symone's other test: do you like breaking things or building them? She manages a colleague who insisted she was a manager, not a pentester, until Symone pointed out how good she was at breaking the team's systems. That manager is now a pentester.

What To Know Before You Go

Build transferable skills, both technical and soft. Keep a brag sheet โ€” every accomplishment, even the small ones. Keep what Symone calls a bounceback report โ€” every time you thought you were going to lose your job and did not. Both become interview material. Check internal moves before external ones โ€” your salary may go higher elsewhere, but shadowing inside your company is the cheapest way to test a new role. She shadowed her university's IT department for three to four months before leaving higher ed. Leave on good terms because cyber is small and people resurface everywhere.

The Dora Framework โ€” 90 Days of Real Work

Days 1 to 30: research three to five roles, hit LinkedIn for the skill lists, message the people doing the work, and ask for coffee chats. Most ignore you. The ones who answer make it worth it. Days 31 to 60: pick two or three top choices and run hands-on projects. Symone simulated NIST CSF assessment data on her own to test whether risk work was actually what she wanted. Days 61 to 90: decide, update the resume with the keywords and projects, and start applying. Do not get hung up on titles โ€” HR invents most of them. Look at the actual skills required.

Who Should Watch

Anyone in their first or second cybersecurity role wondering if it is the field or the seat. Career switchers from outside cyber who feel stuck after landing. Managers and senior folks who have stopped pivoting and forgot they could. Symone's framework is light enough to apply this week and structured enough to keep you honest about whether you are pivoting toward something or just running away.