"Shiny object syndrome" is a metaphor for being drawn to new, alluring things at the expense of completing current tasks. This is particularly prevalent in the tech industry—and even more so in cybersecurity—due to the rapid evolution of tools, training programs, technologies, frameworks, and attacker behaviors.

Having spent the last half-decade immersed in the cybersecurity industry, I've seen how easy it is to fall into the trap of chasing after the next best thing, whether it's a job, certification, tool, or the latest craze.

The alluring pull is analogous to the sirens in Greek mythology, where sailors were lured to their doom by enchanting songs. Just as the sirens' songs were irresistible to ancient mariners, new technologies and certifications can draw security professionals away from their core responsibilities and strategic objectives. This distraction, though tempting, can lead to scattered focus and prevent us from excelling at anything.

Let's explore this problem and how to address it.

Interested in sponsoring an issue of Cyberwox Unplugged? Reach out below!

Contact Us!

Cybersecurity SOS

In the context of cybersecurity, SOS manifests as the constant pursuit of one of the following:

• New certifications without evaluating their practical value

• New technologies and frameworks without fully mastering existing ones

• Trending security tools that may not address core organizational needs

• Multiple initiatives simultaneously, leading to scattered focus and reduced effectiveness

This behavior can be particularly detrimental in cybersecurity, where meaningful expertise and mastery are crucial for achieving tangible results.

I'll be honest that as a content creator, I don't help this narrative much. I usually partner with companies to promote their tools or trainings as the "next best thing"—which they often are—but this doesn't help others, especially beginners who are extremely susceptible to falling into the trap of the shiny object syndrome.

The latest certification

The allure of certifications in cybersecurity is particularly strong. With hundreds of options available—from entry-level CompTIA certs to advanced specialized credentials appearing daily—it's easy to fall into the trap of "certification collecting" rather than strategic skill building.

The industry's rapid evolution and constant emergence of new threats only amplify this tendency, as professionals feel pressured to continuously validate their expertise through new credentials.

However, not all certifications carry equal weight or value. Some may be trendy but offer little practical benefit, while others might be crucial stepping stones for career advancement. The key is to approach certification decisions strategically rather than reactively.

Before pursuing a new certification, carefully consider whether it will truly advance your career. Take time to analyze the return on investment, weighing both the financial costs and time commitment against potential career benefits.

Research current job postings to verify if the certification is actually in demand in your target market. Additionally, reach out to professionals who already work in your desired role to get their honest feedback about the certification's value.

Equally important is ensuring the certification aligns with your professional goals. Take a moment to map the certification content against a two to five-year career plan to ensure it fits your trajectory.

Consider whether the certification builds meaningfully on your existing knowledge base or opens valuable new specialization paths. Finally, evaluate if the skills and knowledge gained will help address current challenges in your role, providing immediate practical value.

The hottest job

The cybersecurity field is known for its dynamic job market, with new opportunities constantly emerging. However, the temptation to switch positions frequently can be a manifestation of the shiny object syndrome that ultimately hinders career growth in some cases.

When evaluating a new job opportunity, it's important to look beyond the surface-level attractions like higher salaries or prestigious company names. Consider whether the role offers genuine opportunities for skill development, leadership growth, or exposure to new technologies that align with your expertise.

Sometimes what appears to be a better opportunity might simply be different, without providing meaningful advancement. If your current role is good and continues to push you and give you opportunities for growth, don't jump ship just because something else looks better or is more appealing—it's not always the case. As the adage goes, the grass is not always greener on the other side.

Most importantly, each career move should be evaluated against your long-term professional goals. Ask yourself if this position will help you develop the skills and experience needed for your desired career trajectory.

A lateral move might make sense if it provides valuable experience in a new domain, but frequent job changes without a clear purpose can make it difficult to build meaningful expertise in any area.

Take this from someone who's worked at four different companies over the past five years: This approach has worked very well for me so far, but it isn't always the best option.

The newest tools

The cybersecurity market is flooded with new tools and solutions, each promising to be the silver bullet for security challenges. However, the excitement of new technology can sometimes overshadow practical considerations and lead to tool sprawl and really just a waste of money.

When evaluating new security tools, it's crucial to assess whether they address genuine organizational needs rather than just offering exciting new features. Consider if the tool solves actual problems your team faces and whether it can integrate seamlessly with your existing security stack.

Remember that implementing new tools requires time, resources, and training. Each addition to your security arsenal should be carefully evaluated against its practical benefits and the total cost of ownership, including maintenance and training requirements.

Cyberwox Resources

Resources for your career

🔹Join the Cyberwox Academy Discord!!

🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform

🔹Cyberwox Cybersecurity Notion Templates for planning your career

🔹Cyberwox Best Entry-Level Cybersecurity Resume Template

🔹Learn AWS Threat Detection with my LinkedIn Learning Course

Recent Content

A few publications I’ve released recently.

Computer Networking & Cybersecurity Fundamentals using Wireshark (Mini-Course)

In this mini-course, we're going back to the basics. Many cybersecurity professionals don't fully understand how common protocols and networking concepts work, largely because they've never interacted with these protocols beyond the theoretical level.

Think about it—have you ever seen how DHCP or ARP packets work? Do you truly understand packet encapsulation and decapsulation? Have you seen how TCP sessions end with reset packets or witnessed a TCP 3-way handshake? If you answered no to any of these questions, you'll find this mini-course valuable. In just over an hour, you'll level up your networking and protocol knowledge.

My goal is to transform your theoretical knowledge from CompTIA Network+ or Security+ into practical understanding by showing you how to interact with these protocols and demystifying the complexities of computer networking. So, if you're interested, let's dive in.

How I Would Learn Cybersecurity If I Could Start Over in 2025 (Complete Roadmap & Breakdown)

I break down a step-by-step roadmap that will take you from absolute zero—no degree, no IT experience, no certifications—to landing your first cybersecurity job. We’re talking entry-level roles like SOC analyst, penetration tester, or even your first cybersecurity engineering gig.

You’ll get all the tools, tips, and strategies you need to stand out and succeed in an increasingly competitive job market. So grab a notebook, stay till the end, and let’s build your cybersecurity career together. Trust me, you’ll want to catch every step because I went all in on this one.

The Underrated Cybersecurity Skill of Writing ~ Day's Engineering Diary EP13 (Video)

✍🏾 Why I write more as a cybersecurity engineer.

Cybersecurity Career Game Plan for 2025

Day Johnson

·

Feb 12

If you clicked open on this newsletter, you’ve already made the decision to break into one of the most exciting, fast-growing, and—let’s be honest—lucrative industries of our time: cybersecurity. And let me tell you, if you’re just getting started, this is

Read full story

The Underrated Cybersecurity Skill of Writing

Day Johnson

·

Feb 17

It’s 2025, and I’ve been doing a lot more writing. Not because it’s a New Year’s resolution but because I see how essential it is to my growth as a cybersecurity engineer.

Read full story

Closing

Once again, you made it this far :)

Thanks for reading. If you so desire, subscribe and restack - it helps spread the word and keeps me writing content. If not, I’ll see you around…somewhere on the internet!