Spotlight
Being mobile helps information security professionals negotiate higher salaries, greater benefits and more flexible work conditions
In any economy – but especially in this
current one of business uncertainty,
budget cuts, high unemployment rates,
reduced benefits, and other challenges –
information security professionals must pay
extra attention to managing their careers.
Questions regarding education, experience,
communication, negotiation, salary,
benefits, credentials, security clearances,
and organizational compatibility must be
answered by any well-informed professional
in this ever-changing career path.
Although we are living in a time of
uncertainty, for those who do not remember
a world without laptop computers and cell
phones, take heart, for we have always lived
in uncertain times. Today’s uncertainty is
no more ‘uncertain’ than that of yesterday.
Different factors of uncertainty do exist
today, but that is the nature of uncertainty.
If we could predict uncertainty, then we
wouldn’t be so uncertain.
The good news is that strategies
that worked in the past still work today.
Fundamental approaches exist that all
but guarantee professional (and personal)
success. This article will focus on the
fundamental elements for professional
success in the field of information security by
examining seven critical elements.
EducationEducation must be a life-long endeavor,
because the field of technology changes
rapidly. If Moore’s Law holds true and
aspects of technology (such as processor
speeds, storage capacity, and functional
capability) double every 18 months, then we
must constantly educate ourselves to keep
up with these changes.
College courses, active attendance at
professional conferences and reading a
variety of industry publications all help
to keep us current. A bachelor’s degree
should be viewed as the minimum
requirement in remaining competitive,
with any advanced degrees and/or
certification(s) increasing one’s perceived
value to an organization. Education, as
in many areas of life, is a fundamental
21
Seven Crucial Infosec Career Steps
SPOTLIGHT
The (ISC)2 US Government Advisory Board Executive Writers Bureau shares its wisdom and experiences from the perspective of career-IT and IT security professionals by focusing on the keys to a successful career. Read on for advice on how younger professionals can get the best out of this rewarding profession
MAY/JUNE 2011 SPOTLIGHT
Information security is increasingly viewed as a management priority, with the information security profession having a more respected, distinct and influential role in implementing corporate and government policyW. Hord Tipton
building block on the road to any
successful career.
Experience Experience in the field of information
security is critical. Do not be afraid to make
a lateral move if it means gaining necessary
experience in a new area.
We recommend reviewing your
experience and identifying what is missing.
Then, develop a path to fill the holes. A mix
of technical and managerial experience in
private industry, public sector service and
academia is highly recommended. Even a
temporary ‘downgrade’ (taking a lower pay
or filling a lower resumé level position) may
be considered a positive strategic move
with long-term payoffs, if the experience
helps achieve future goals.
Communication Skills Being an effective communicator is an
absolute necessity for job recruitment,
advancement and retention in today’s
business environment. It’s not enough for
a professional to possess skills as a gifted
programmer, forensics expert or network
intrusion specialist; one must also possess
strong written and verbal communication
skills in order to succeed.
These include skills beyond blogging
or developing an informative PowerPoint
briefing. Information security professionals
must be able to succinctly and coherently
present information to all management levels
of the enterprise – many of whom do not
possess the same highly technical skill sets
– to help them clearly understand a problem
and enable more informed decisions.
Also, perfect your writing skills. Having
good written and verbal communication
skills is critical because, frequently, tech
experts are weaker in their communication
skills. Learn to write well and to speak
effectively, and embrace opportunities to
practice public speaking.
Negotiation SkillsNegotiation skills are essential to the well
being of your salary and benefits. It is well
worth your time to know the value of your
skill set in the professional marketplace,
both in your locality as well as in other
geographical areas.
Considering another location that
offers better professional opportunities?
By all means, relocating is worth
considering rather than enduring the
inertia of being in an unsatisfying job,
organization or location. Being mobile
helps information security professionals
negotiate higher salaries, greater benefits
and more flexible work conditions (i.e.,
teleworking, alternate work schedules,
family accommodations, etc.). Information
regarding comparable salaries throughout
various industries around the world can
be found and utilized in the negotiation
process. As an example, reference the
2011 (ISC)² Global Information Security
Workforce Study.
Professional Credentials Professional credentials are more important
than ever before, both in the public and
private sectors. After all, if you need heart
22 MAY/JUNE 2011SPOTLIGHT
SPOTLIGHT
Information security professionals must be able to succinctly and coherently present information to all management levels of the enterprise – many of whom do not possess the same highly technical skill sets – to help them clearly understand a problem and enable more informed decisions
Sometimes a temporary downgrade – in terms of role or salary – can be beneficial over the long term, especially if the new opportunity offers a chance to acquire skills that may not be ascertained elsewhere
surgery, would you prefer a heart surgeon
or a ‘Board Certified’ heart surgeon? If you
need business accounting, would you prefer a
professional accountant or a ‘certified’ public
accountant? Professionals can add credibility
to their business card and resumé by
earning one of the internationally recognized,
professional industry certifications.
Security professionals should also
consider earning certifications in areas that
diversify their qualifications and background.
For example, earning one certification in
security, one in project management and
another in acquisition and/or budget – rather
than earning four security certifications –
would broaden your appeal because it shows
expertise in multiple business disciplines.
The higher one moves up the professional
ladder, the more important one’s breadth
of expertise will be considered for career
advancement. Our advice: Get certified!
Security Clearances A security professional cannot simply “get
a clearance” in the same way one can earn
an advanced degree or pass a certification
examination. A security clearance is tied
to a position, and the individual filling
that position must be able to obtain the
appropriate clearance.
However, having security clearance adds
tangible value in the marketplace, because
many positions require clearances. In fact, a
security clearance can be worth tens of
thousands of dollars annually in additional
salary. If a professional has the opportunity
to fill a position requiring a clearance, then
they should take it and hold that clearance
for as long as possible.
Organizational CompatibilityThe individual and his/her organization
must be compatible. Whether in a
government agency, a large corporation,
a small startup company, a personal
consulting business, academia, or so on,
professional fulfillment is found when one
finds his/her niche. Further, professional
advancement opportunities tend to
gravitate toward those who are happy
and engaged in an organization where
individual professional style and personal
needs are being accommodated.
Our advice is to realistically assess your
current fulfillment factor: Are you fully
engaged in the organization’s mission?
Are there opportunities for advancement?
If not, polish up that resumé and fine-
tune those interviewing skills. Local career
fairs or staffing centers can be excellent
resources for free career counseling or
resumé critiques.
The Total Package“Information security is increasingly
viewed as a management priority, with the
information security profession having a
more respected, distinct and influential role
in implementing corporate and government
policy”, says W. Hord Tipton, CISSP-ISSEP,
CAP, CISA, executive director of (ISC)2 and
former CIO for the US Department of the
Interior. “Uncertain times actually require
organizations to invest more heavily
in people who demonstrate the ability
to fortify and sustain the future of an
organization’s assets.”
Organizations are seeking qualified
candidates who possess critical skills, and
now is the time to examine one’s career
path against these seven key elements.
The right mix of education, experience,
communication skills, negotiation
skills, professional credentials, security
clearances and organizational compatibility
will help to minimize the uncertainties
of today’s business environment and
will place today’s information security
professional on track for a successful
career in one of the most dynamic, in-
demand fields in the world.
SPOTLIGHT
23MAY/JUNE 2011 SPOTLIGHT
Practice makes perfect: Infosec professionals should embrace opportunities to speak publicly
Having a security clearance adds tangible value in the marketplace…In fact, a security clearance can be worth tens of thousands of dollars annually in additional salary
Members of the Bureau include federal
IT security experts from government and
industry. John R. Rossi, CISSP-ISSEP, was
the lead author of this peer-reviewed arti-
cle. For a full list of Bureau members, visit
www.isc2.org/ewb-usgov.