Career Advice Tuesday – Career Planning For Senior InfoSec Pros
September 28, 2010
Hello Lee and Mike,
I enjoy your column and regularly forward it around to my peers in the industry. One area that I would like some input on is career growth for people in senior level positions.
I have been very fortunate in my career. I work as a network security manager, with reasonable hours, and a low six figure income. I am in my mid-thirties and have been thinking about how I want to spend the next thirty years in the industry. When I look around, most positions in InfoSec are at or below the pay I make now. Where do I go from here?
I am looking for the next level of challenges and rewards. Can you recommend an InfoSec career plan for someone with a lot of energy, a lot of drive, and a fair bit of luck? What steps should I take to transition into a senior level position with a mid six figure salary?
Dear “Forward Thinker”:
First of all, thanks for the question. You bring up an excellent point. As we speak across the country at information security events, it is common to think that career planning is the responsibility of emerging information security leaders as opposed to information security professionals who have reached some level of seniority and advanced responsibility.
I would say that “career planning” is more critical for senior level information security professionals than information security professionals just starting out. The reason for this, is that when you reach a certain level of seniority, your career decisions are more magnified. Each decision that you make about skill development, position selection, and personal investment comes with bigger rewards and greater consequences. When you are just starting out in your career, you have the luxury of making smaller mistakes and you can overcome minor detours. As you move further along in your career, ill advised decisions and impractical choices are more highly scrutinized and have greater impact.
As far as some personal advice, the first thing I would say is to figure out what makes you good in your current role. You should ask yourself the following question “ I do ______________ better than most, if not all.” This can be as a technician, a project managers, or an interpersonal skill. (As a note, if it is an interpersonal skill, you better be able to demonstrate its impact.) That answer should serve as your prime differentiator and it should represent your most logical value to both your current employer and to future ones. This is your most marketable skill, and the one that you can best leverage.
Next, you should ask yourself about areas that you have some interest that leverage your current skill set. You should figure out some areas that you have an interest in learning more about, and already have some exposure to through your current role. In your case, you may think about getting more into computer forensics, compliance and governance, incident response, or identity and access management. Whatever has interest to you, you may want to investigate further and develop some new skills.
If you decide that you are happy with your current technical skill set, you may want to select some broader business skills to develop. You may want to learn more about the network security product market space, you may decide to take a greater interest in your current company’s industry, or you may want to build some of your leadership skills. Any of these skill developments may prepare you for increased responsibility, managing more visible projects, or leading larger teams.
Without knowing your personally, I am not sure which of these recommendations directly apply to you, but without question you should drive yourself to either become more proficient at what you do, build new technical skills, or develop broader business/leadership skills. A combination of all three will definitely have increased value to you, your current employer, and future ones.
When you have developed these skills, try to align them with your local market and industry. As you do, you should find others that see the value to get you to the next level of your organization and increase your earning potential.
If you would like, you can always contact us at our regular work addresses to discuss your background in greater depth and for more personal advice.
Hope this helps,
Lee and Mike