JR Logo
James Roberts

Why Visibility Beats Technical Skills for Security Career Growth

Producing absolutely brilliant work will get you nowhere unless the right people know about it.

Why Visibility Beats Technical Skills for Security Career Growth

I once asked an ex security manager how he made the final call on promotion decisions. "Manager's intuition," he said. Straight face.

So, yeah vibes.

That answer explained more than he intended. It was the reason my head-down, "the work will speak for itself" approach was getting me nowhere. You can't have good vibes about someone whose best work is invisible to you.

Security is uniquely cruel this way. The best outcome of what we do is that nothing happened. Nothing happened means no story. No story means nobody remembers what you did.

  • The breach your threat model prevented never made headlines.

  • The outage your certificate automation stopped was never an outage.

  • The authentication bypass you caught in code review never made it to prod.

Promotions don't happen on invisible work. They happen on what people can see, remember, and say when your name comes up in a room you're not in.


Prioritising visibility will change your career

Focus on high-impact work. Prioritise business value. Avoid busywork. That was the advice I followed for years.

Not wrong, but it ignores one important reality: High-impact work that nobody sees doesn’t advance your career.

I'd spend weeks building elegant solutions to problems nobody knew existed. Then wonder why I was still getting average performance reviews.

Now I ask myself two questions before I commit to any task:

  • Is it high value?

  • Is it visible?

These two questions create four boxes that will change how you prioritise your work:

highres3

Every task we touch lands in one of these boxes. Here’s what belongs in each and what to actually do about it:

Career Makers (High Value + Visible)

What lives here:

  • Leading incident response when customer data is at risk

  • Presenting the security architecture redesign to the board

  • Being the face of the zero-trust migration that everyone in leadership is watching

The play: When these land on your desk, clear your schedule.

Hidden Gems (High Value + Not Visible)

What lives here:

  • That authentication bypass you caught in code review that would've leaked 2M records

  • The certificate automation you built preventing this year's outage

  • Mentoring the junior who's now the lead analyst on your team.

The play: This is 80% of what we do. Critical stuff that nobody sees. Your job isn't just to do this work, it's to make sure the right people know about it.

Bathroom Jobs (Low Value + Visible)

What lives here:

  • Updating the security awareness deck for the fourth time

  • Being the security checkbox on projects that don't need you

  • Building dashboards your manager will look at once, then forget

The play: Minimum viable effort. Nobody compliments a clean bathroom, but they'll notice if it's dirty. Do just enough to not get called out, then move on.

Time Thieves (Low Value + Not Visible)

What lives here:

  • Perfecting documentation nobody reads

  • Automating a process you do twice a year

  • Maintaining that Python script one person uses

The play: Delete it. Delegate it. Or accept that every hour here is an hour stolen from work that could actually advance your career.

This doesn't mean giving yourself a complete personality transplant. Two to three hours a week redirected away from Bathroom Jobs and Time Thieves is usually enough to close the gap.


Make your impact visible without the cringe

I know what you’re thinking:

"Okay, I get it. Make my work visible. But HOW? I don't want to become a LinkedIn influencer posting about how I 'learned about leadership from my 3-year-old.'"

This is where most advice on visibility falls apart. It tells you to "build your personal brand" or "share your wins" without acknowledging how gross that feels.

I struggled with this too. I actively avoided self-promotion because the whole thing felt performative and fake. But here's what changed my mind:

Visibility isn't about bragging. It's about giving your manager the ammunition they need to advocate for you in promotion discussions.

That reframe made all the difference for me. You're not promoting yourself. You're helping your manager promote you.


Focus on problems, not boasts

Use this structure whenever you talk about your work:

PROBLEM → ACTION → IMPACT → WHAT'S NEXT

What was broken. What you did. Why it matters. What's next.

"Fixed the authentication service"

"Customer logins vulnerable to session hijacking → Implemented secure token rotation → Protected 2.3M accounts → Rolling out to mobile next week"

"Improved monitoring"

"Zero visibility into API abuse → Built rate-limiting detection → Blocked 3 credential stuffing attacks this week → Expanding to all endpoints"

"Finished security review on Project X"

"Found hardcoded AWS keys in production → Rotated all secrets, moved to vault → Prevented breach that would've cost us £2M → Auditing all repos this month"

Flex the formula based on your audience. Technical manager? They want the implementation details. Head of Engineering? They want to know what didn't go down. CISO? Business risk and cost avoidance.

One more thing: ask your manager directly how they prefer to receive updates. Quick chat? Email? Weekly summary? Almost nobody asks this. Most just guess and wonder why their updates aren't landing.


Avoid these mistakes

I've spent years screwing up visibility in creative ways. Here are the six mistakes that did the most damage, so you know how to avoid them.

Underselling

What I said: "Just updated some firewall rules" → Actually: Redesigned the entire network segmentation, cut attack surface by 60%.

My manager's reaction: "Why are you wasting my time?"

Why this happens: You're so close to the work that a massive architecture overhaul feels like "just doing your job." To you, it's Tuesday. To leadership, it should be a career highlight.

Overselling

What I did: Created a 47-slide deck for a log parser update.

My manager's reaction: "Could've been an email.”

Why this happens: You confuse effort with impact. You spent three days building the parser, so you think it deserves a three-day presentation. It doesn't.

Tech babbling

What I said: "Migrated to HashiCorp Vault with dynamic secrets and automated PKI with short-lived credentials."

My manager's reaction: "I have no idea what you just said."

Why this happens: You're explaining how you did something when they only care why it matters.

Friday bombing

What I did: Sent a 500-word email at 4:47 PM Friday.

My manager's reaction: "I'll definitely read this never."

Why this happens: You finally had time to document everything, so you did. In one sitting. Right before the weekend. You optimised for your calendar, not theirs.

Review-time hero

What I did: Radio silence all year, then flooded my manager with updates right before review season.

My manager's reaction: "How convenient."

Why this happens: You hate self-promotion, so you avoid it until you can't. Then you panic and overcompensate. Your manager sees right through it.

Situation blindness

What I did: Announced major vulnerabilities during a strategy meeting with the CTO.

My manager's reaction: "Your timing is a vulnerability.”

Why this happens: You found something important and wanted to act with urgency. Admirable. But context matters. That vulnerability wasn't going to be exploited in the next 30 minutes.


The pattern I eventually figured out:

Underselling makes you invisible. Overselling makes you exhausting. Both kill your career.

You don't need perfect judgment. You just need to stop making the obvious mistakes that signal "I don't understand how organisations work."


The work doesn't speak for itself—you do

So visibility is the most important thing?

No, the most important things are doing an excellent job and being a positive part of your team.

But right after those it’s ‘making sure people are aware of the work you are doing’.

It's a learnable skill, so don’t give up if you're terrible at first. I'm still not great at it, but I'm better than I was a year ago, and that's made all the difference.

Here's where to start:

  • Pull up your last few weeks of completed work

  • Find the 3 highest-impact projects

  • Translate them into PROBLEM → ACTION → IMPACT → WHAT'S NEXT

  • Share them with your manager

That's it. Maybe two hours of effort. It won't fix everything overnight.

But it's how you start closing the gap between how good you are, and how good people think you are.