Career Advice Tuesday – “Career Rebuild”

February 2, 2010

Dear Infosecleaders:

I have more than 15 years of experience in the IT Application Development area.   As part of my career, I was an  ’Applications Solution Architect’ as well. I am seeking to switch into IT Security area.   How do I go about and where do I start? I do not want to give up my existing experience, I want to  do some which will complement my App dev and Architect experience.

One person suggested getting a CISSP.  Another suggested that I begin wtih some  penetration testing, gravitate toward wireless security and then take the CISSP.

Can you please advise me on how I should go about rebuilding my career with a focus on information security.     I am unemployed now and I could really use some sound advice. 


“Career Re-Builder”

Dear “Re-Builder”:

When anyone who has 15 years of work experience thinks about making a career transition, the best advice is to attempt to leverage your past experience the best way possible.   You state that you have spent your first 15 years as an application developer and application architect – so figure out a way to use those skills – and apply them to information security.

There are many information security roles that focus on the broad topic of “application security” – I would try to figure out which of these roles would best utilize your past experiences.  After I understood where the needs were, I would do all that I could to learn about security concepts that are critical to succeed in these roles.   I would then aggressively pursue these roles and companies that are attempting to solve these problems. 

You may also consider to apply for pure application development roles that have an information security component.  These particular roles will allow you to hone and develop your information security skills so that in the future you may be able to attain a role that is 100% security centric. 

One thing that is great about security is that it touches all areas of technology.  The fact that you have deep experience in application development  (coupled with your new security knowledge) may place you at an advantage when competing against others that do not possess your depth of application development subject matter knowledge. 

As you get settled and back on your feet, you can always go after a CISSP or maybe a SANS certification to provide you with additional credentials if that is your desire.   However, before you spend money and time on any certification, make sure that it is geared toward a subject matter that you would like to learn more about and enhance your new career direction.

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday 


Comments are closed.