Career Advice Tuesday – “Future InfoSec Leader Seeks Advice”
October 6, 2009
Dear Mike and Lee:
I would like some advice on my future career as an Information Security professional (which has yet to officially begin).
Here is some background, I am 22, just finished a CS degree, hold 3 information security related certifications, and have recently began a masters degree program. I also write a blog and contribute to the open source community. In addition, I have built a home “lab” environment which I use on a daily basis.
I was thinking that when I graduate the Masters program, I will not have any real world experience to support my academic and self directed information security pursuits. Do you foresee this as being a big problem as I approach the job market, and officially begin my professional career?
“Future InfoSec Leader”
Dear “Future InfoSec Leader”:
The first thing that I will tell you is that you appear to be doing everything correctly to get your career started down the right path. You have received formal education, you have attained relevant certifications, and you are contributing to the community (blog, open source projects). In addition, you are running a lab environment that is providing you with some hands-on experience (albeit at a much different scale).
The second thing that I can tell is that you have some of the intangibles that employers are looking for, commitment and passion. It appears that from your efforts you are able to demonstrate to information security hiring managers that you are going to be a dedicated employee, and that you have a drive to take on responsibility and are willing to work hard (once you get a job).
All that being said, I do agree that you are falling short on a key component that could hinder you in landing your first full time information security role, formal work experience. Please understand that work experience does not have to come in the form of a full-time job. It can take the form of internships (which you may be able to get through the university), part-time work (potentially in the university’s computer lab/IT environment) or through donating your time to charitable causes (who need security skills).
I think that if you pursue these types of opportunites, and find a way to garner some “real world” experience, you will offer an employer the “complete package” and skill matrix that most will search for in an entry level information security employee. Most importantly, the cumulative result of all of your activities (and experiences) will place you at a competitive advantage to your peers (and competition) for these roles.
In closing, you are doing the right things and are off to a good start. If you keep working hard at your career, your future should be quite bright. Please keep us posted.
Hope this helps,
Mike and Lee