Career Advice Tuesday – “It’s Tough Being A One Man Show”

September 1, 2009

Dear Mike and Lee:

I have been in various roles as an IT pro for 12 years or so. The last 3 years have been in management roles both in Operations & Security more recently. Being a one man show building a security organization it’s not very difficult to stay technically engaged but as the team grows, or as I move on to work for other companies and larger teams, what advice do you have for keeping your hands in tech as much as you can? I’m pretty well headed down the management track but I think we all need to keep our heads out of the clouds when we manage technical teams. What advice do you guys have for staying in touch with the guys in the trenches & touching the tech without falling short on your leadership role?

Signed – “One Man Show”

Dear “One Man Show”:

You are correct in your statement that being a one man show is no easy task for any information security professional.   Many information security professionals in your situation get caught up in the breadth of responsibilities of their current position and neglect the development of specific skills that will differentiate them in the market.     Since you are functioning as a team of one – you will appear to lack people management skills (due to size), and if you choose to let your technical skills lapse – you may have a hard time proving your value to external employers if your skills are deficient in both areas.  

In a competitive situation -  you will most likely  always be out shined by people with greater management experience, and you will lose out to engineers and architects who have not had the responsibilities of management. 

Fear not – all is not lost.   The technically competent manager is always in great demand.  Companies always believe that they can develop managers, but it is mostly the information security professionals responsibility to keep their technical skills sharp. 

If you have ever heard me speak, one of my favorite lines is that “In thirteen years of recruiting information security professionals, I have never received interview feedback that one of my candidates had too much technical competency.”   (Which is true!)

Although remaining technically sharp is  essential to an information security professional’s long term career success., it is not easy  and requires extra effort.    As your position leads you into other areas, you have to remain conscious about the depth of your technical skills, and make sure that you allocate proper time and training to maintain them.  There are many information security professionals that have neglected these skills, and are now no longer relevant, because the industry has surpassed them. 

Keeping yourself technically sharp is difficult.  It takes extra time and takes extra effort.  However, if you are able to stay on top of the current technical trends and industry developments, it will enhance your credentials as a manager and a leader.  

It is possible to become overwhelmed by amount of technical challenges that we face as information security professionals.  If it helps, focus your efforts and education on two or three topics that have an interest to you, are important to your current role, and are recognized by the information security industry as a whole as “growing trends.”    Some technical areas that I see emerging are “cloud computing,”  the technical aspects of PCI, security event management, and green computing.

Try to leverage and direct the responsibilities of your current role so that it requires you to become more educated on these topics, therefore more marketable and relevant.   This approach  may enable you to allocate your time better – and “kill two birds with one stone.”

It is never easy being a “one man show,” but at least you get to make all the decisions!

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Uncategorized 


Comments are closed.