Career Advice Tuesday – “Reflection”

January 5, 2010

Dear Mike and Lee:

I have spent the past two weeks reflecting on both my career as an information security professional and my life in general, and I am hoping for some advice.

I have spent the past six years of my career as an information security consultant, primarily perfoming penetration tests.  My first 2 years were performing network pen test, and my next 4 years have been performing Web-App pen tests.  I have traveled to some fun places, met some very smart people, and have had the chance to do a bunch of “cool work’ (we’ll leave it at that).

I am now close to 30.  My friends outside of the industry are beginning to settle down, have families, advance in their field, and have “normal lives”.   Granted, I would not trade my past experiences for theirs (I am the interesting one when we all get together), but I will admit that I am getting a bit envious.

The last two weeks I have given some thought about changing my career, and my life for that matter – but I am not sure where to begin and what I am truly qualified to do (beyond pen testing).   I do not want to earn less money and I do not want a boring job – can you give me some advice.


At a Crossroads

Dear Crossroads:

I am glad that your time of reflection provided you with a clear direction.

Congratulations,  you are on the right path!  You have identified your problem and are ready to make some adjustments to accomplish your short term goal.  I think that there are many people out there that believe that their career problems will just go away without any effort.  You have a journey ahead of you, but at least you know where you want to head – and that is the most important part of the battle.

I will be candid with you, the life of a security consultant/penetration tester is an exciting one, for the reasons that you outlined.  When you are young, and responsible to only yourself, it is a great way to see the world, get exposure, and meet all types of people.  However, the trade off for all of the frequent flier miles, the hotel reward points, and the atypical hours -  are the regular aspects of life ( that it appears that your friends enjoy).   The fact is that you most likely will never experience this type of “professional thrill” again in your career – will be something you should be willing to accept before your transition.

Once you have accepted this, you have to plan your transition. I think that it is important to understand that just because you have come to this personal revelation over the past 2 weeks – it does not mean that finding nirvana will be as quick of a journey.

A career transition usually takes some time – especially if you are looking for an opportunity that is a departure from your current role.  (For example – I am sure that you could find a pen testing/consulting  job in less than 30 days). You also may have to come to grips with the fact that you will have to accept a more junior role, take orders for someone less qualified then you, or take a reduction in pay – to achieve the lifestyle that you desire.  However, this is up to you.

One of my favorite quotes is that “Life is always a series of trade-offs.” You will have to figure out which ones are worth making.

You should think of the skills that you already possess and can apply to the position (and environment)  that you would ultimately like to be in.  Whatever those skills are, you should spend the time developing, refining, and enhancing them.   You should also be using this time to reach out to your professional network and past clients ( in environments that interest you) and see if they have opportunities that would align with your new career direction.

The best pieces of advice that I can give to you are as follows:

1) Remain Focused on your Goal  (This will be harder the longer it takes)

2) Do Not Settle For New Position Where You Will Be Miserable  (This will be easier the longer it takes)

Hope this helps,

Lee and Mike

