Seven Crucial Infosec Career Steps

The (ISC)² US Government Advisory Board Executive Writers Bureau outlines several steps to a successful infosec career
The (ISC)² US Government Advisory Board Executive Writers Bureau outlines several steps to a successful infosec career
Sometimes a temporary downgrade – in terms of role or salary – can be beneficial over the long term, especially if the new opportunity offers a chance to acquire skills that may not be ascertained elsewhere
Sometimes a temporary downgrade – in terms of role or salary – can be beneficial over the long term, especially if the new opportunity offers a chance to acquire skills that may not be ascertained elsewhere
Practice makes perfect: Infosec professionals should embrace opportunities to speak publicly
Practice makes perfect: Infosec professionals should embrace opportunities to speak publicly

In any economy – but especially in this current one of business uncertainty, budget cuts, high unemployment rates, reduced benefits, and other challenges – information security professionals must pay extra attention to managing their careers. Questions regarding education, experience, communication, negotiation, salary, benefits, credentials, security clearances, and organizational compatibility must be answered by any well-informed professional in this ever-changing career path.

Although we are living in a time of uncertainty, for those who do not remember a world without laptop computers and cell phones, take heart, for we have always lived in uncertain times. Today’s uncertainty is no more ‘uncertain’ than that of yesterday. Different factors of uncertainty do exist today, but that is the nature of uncertainty. If we could predict uncertainty, then we wouldn’t be so uncertain.

"Being mobile helps information security professionals negotiate higher salaries, greater benefits and more flexible work conditions"

The good news is that strategies that worked in the past still work today. Fundamental approaches exist that all but guarantee professional (and personal) success. This article will focus on the fundamental elements for professional success in the field of information security by examining seven critical elements.

Education

Education must be a life-long endeavor, because the field of technology changes rapidly. If Moore’s Law holds true and aspects of technology (such as processor speeds, storage capacity, and functional capability) double every 18 months, then we must constantly educate ourselves to keep up with these changes.

College courses, active attendance at professional conferences and reading a variety of industry publications all help to keep us current. A bachelor’s degree should be viewed as the minimum requirement in remaining competitive, with any advanced degrees and/or certification(s) increasing one’s perceived value to an organization. Education, as in many areas of life, is a fundamental building block on the road to any successful career.

Experience

Experience in the field of information security is critical. Do not be afraid to make a lateral move if it means gaining necessary experience in a new area.

We recommend reviewing your experience and identifying what is missing. Then, develop a path to fill the holes. A mix of technical and managerial experience in private industry, public sector service and academia is highly recommended. Even a temporary ‘downgrade’ (taking a lower pay or filling a lower resumé level position) may be considered a positive strategic move with long-term payoffs, if the experience helps achieve future goals.

Communication Skills

Being an effective communicator is an absolute necessity for job recruitment, advancement and retention in today’s business environment. It’s not enough for a professional to possess skills as a gifted programmer, forensics expert or network intrusion specialist; one must also possess strong written and verbal communication skills in order to succeed.

"Information security is increasingly viewed as a management priority, with the information security profession having a more respected, distinct and influential role in implementing corporate and government policy"
W. Hord Tipton

These include skills beyond blogging or developing an informative PowerPoint briefing. Information security professionals must be able to succinctly and coherently present information to all management levels of the enterprise – many of whom do not possess the same highly technical skill sets – to help them clearly understand a problem and enable more informed decisions.

Also, perfect your writing skills. Having good written and verbal communication skills is critical because, frequently, tech experts are weaker in their communication skills. Learn to write well and to speak effectively, and embrace opportunities to practice public speaking.

Negotiation Skills

Negotiation skills are essential to the well being of your salary and benefits. It is well worth your time to know the value of your skill set in the professional marketplace, both in your locality as well as in other geographical areas.

Considering another location that offers better professional opportunities? By all means, relocating is worth considering rather than enduring the inertia of being in an unsatisfying job, organization or location. Being mobile helps information security professionals negotiate higher salaries, greater benefits and more flexible work conditions (i.e., teleworking, alternate work schedules, family accommodations, etc.). Information regarding comparable salaries throughout various industries around the world can be found and utilized in the negotiation process. As an example, reference the 2011 (ISC)² Global Information Security Workforce Study.

Professional Credentials

Professional credentials are more important than ever before, both in the public and private sectors. After all, if you need heart surgery, would you prefer a heart surgeon or a ‘Board Certified’ heart surgeon? If you need business accounting, would you prefer a professional accountant or a ‘certified’ public accountant? Professionals can add credibility to their business card and resumé by earning one of the internationally recognized, professional industry certifications.

Security professionals should also consider earning certifications in areas that diversify their qualifications and background. For example, earning one certification in security, one in project management and another in acquisition and/or budget – rather than earning four security certifications – would broaden your appeal because it shows expertise in multiple business disciplines. The higher one moves up the professional ladder, the more important one’s breadth of expertise will be considered for career advancement. Our advice: Get certified!

Security Clearances

A security professional cannot simply “get a clearance” in the same way one can earn an advanced degree or pass a certification examination. A security clearance is tied to a position, and the individual filling that position must be able to obtain the appropriate clearance.

"Having a security clearance adds tangible value in the marketplace…In fact, a security clearance can be worth tens of thousands of dollars annually in additional salary"

However, having security clearance adds tangible value in the marketplace, because many positions require clearances. In fact, a security clearance can be worth tens of thousands of dollars annually in additional salary. If a professional has the opportunity to fill a position requiring a clearance, then they should take it and hold that clearance for as long as possible.

Organizational Compatibility

The individual and his/her organization must be compatible. Whether in a government agency, a large corporation, a small startup company, a personal consulting business, academia, or so on, professional fulfillment is found when one finds his/her niche. Further, professional advancement opportunities tend to gravitate toward those who are happy and engaged in an organization where individual professional style and personal needs are being accommodated.

Our advice is to realistically assess your current fulfillment factor: Are you fully engaged in the organization’s mission? Are there opportunities for advancement? If not, polish up that resumé and fine-tune those interviewing skills. Local career fairs or staffing centers can be excellent resources for free career counseling or resumé critiques.

The Total Package

“Information security is increasingly viewed as a management priority, with the information security profession having a more respected, distinct and influential role in implementing corporate and government policy”, says W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)² and former CIO for the US Department of the Interior. “Uncertain times actually require organizations to invest more heavily in people who demonstrate the ability to fortify and sustain the future of an organization’s assets.”

Organizations are seeking qualified candidates who possess critical skills, and now is the time to examine one’s career path against these seven key elements. The right mix of education, experience, communication skills, negotiation skills, professional credentials, security clearances and organizational compatibility will help to minimize the uncertainties of today’s business environment and will place today’s information security professional on track for a successful career in one of the most dynamic, in-demand fields in the world

 

Members of the Bureau include federal IT security experts from government and industry. John R. Rossi, CISSP-ISSEP, was the lead author of this peer-reviewed article.

 

What’s Hot on Infosecurity Magazine?