Robert Voegtlin wrote in with a question many cybersecurity graduates recognize: the field is enormous, specialties multiply every year, and picking one path can feel like gambling decades of your career.
Voegtlin’s path makes the question personal. He started listening to Security Now in fourth grade. He is now 22, holds a cybersecurity degree from Augusta University, and describes the show as having been “there for as long as I can remember.” As he began job hunting, he realized how vast the industry is—and how little any one person can master.
“The more I learn, the more I realize I know nothing… It feels like it could take decades of working across different roles and industries before I discovered the niche that truly fits me. But then much of my career will already be behind me. How do you determine which area of cybersecurity is worth dedicating your life’s work to?”
Gibson’s Path: Stumble Wide, Then Go Deep
Gibson admitted he had no master plan either. He entered security indirectly—through Shields Up (a need he saw in the market) and the OptOut adware remover (after finding Aureate adware on his own PC). At the time, SpinRite was running smoothly, and security looked like the next problem worth solving.
His background—from childhood interest in electricity through electronics, physics, engineering, hardware, and software—gave him a broad base before he specialized.
His advice to Robert:
- Deliberately do what he did accidentally: pursue the widest possible exposure across the field
- Let gravity work: breadth surfaces many subdomains; you may naturally gravitate toward one
- Then specialize hard: in today’s competitive market, become the best you can at a narrowly targeted specialty—but only after you discover what truly interests you
Even if no single niche clicks immediately, Gibson argued, broad exposure still makes you better equipped for whatever you eventually choose.
Laporte: Try Things Until Something Clicks
Laporte called it an eternal question—not unique to cybersecurity. His own kids ask the same thing. With so much happening in tech today, he said he would not know which direction to pick if he were starting over.
His framework aligns with Gibson’s:
- Try as many things as possible — expose yourself and see what sticks
- Listen to your heart — you will know when something clicks
- Do what you love — Gibson and Laporte both said they followed interest, not a spreadsheet
Laporte summarized the goal in one line Gibson echoed: “I never worked a day in my life”—because the work felt like joy, not labor.
What This Means for Early-Career Cybersecurity Pros
Robert’s dilemma—breadth vs. depth before time runs out—is real, but the hosts reframed it:
| Fear | Reframe |
|---|---|
| “I’ll waste years finding my niche” | Exploration is the path—not a detour from it |
| “I need to pick one specialty now” | Pick exposure first; specialize after something sticks |
| “I know nothing” | That awareness is normal in a field with endless subspecialties (GRC, IR, cloud, AppSec, OT, etc.) |
Practical moves while exploring:
- Rotate internships or junior roles across SOC, GRC, pentest, cloud security, or identity if possible
- Ship small projects—homelabs, CTFs, bug bounties, open-source tooling—to test what energizes you
- Follow problems that annoy you personally; Gibson built tools because he had the problem
- When something clicks, narrow aggressively and aim to be exceptional in that lane
Bottom Line
Neither Gibson nor Laporte offered a formula for choosing “the one” cybersecurity specialty at 22. They offered something more durable: explore widely, notice what pulls you in, then specialize fiercely. Robert Voegtlin already proved long-term curiosity—fourth grade to a degree. The niche is less likely to arrive in a job title on day one than in the problems you cannot stop thinking about after you have tried enough of them.
Frequently Asked Questions
Q: What did Steve Gibson advise about choosing a cybersecurity specialty?
A: Gain the widest possible background exposure first, let yourself gravitate toward what interests you, then become exceptional in a narrow specialty once you know what sticks.
Q: What did Leo Laporte add?
A: Try many things, listen to what clicks emotionally, and pursue work you love—he and Gibson both said they followed passion rather than a predetermined career map.
Q: Should new graduates pick one cybersecurity path immediately?
A: The hosts argued no—premature specialization can misallocate years. Exploration across roles and problems is how you discover what deserves a lifetime of focus; depth comes after that discovery.





