Career Advice Tuesday – “Listing Polarizing Interests on a Resume”

November 30, 2010

Dear Infosecleaders:

Wanted to ask a question about my resume and including my outside of work activities.   Without getting into specifics – I take part in some outside activities that some may consider to be polarizing.  Although I know that this site is anonymous, I would like to keep them to myself – however, for arguments sake, lets say that they fall into categories that would include one of the following:

1) My Political Beliefs

2) My Religious Beliefs

3) My Sexual Preference

4)My Ethnicity

I have followed your advice, and not only am I a member of this group, but I am also a leader.  My group has raised a great deal of money, performed good work in the community, and I am very proud of the work that we have done.   My participation in these groups have enabled me to develop and refine some additional skills that benefit me in my job as an information security professional.

I ultimately would like to list them on my resume, because I believe that they reflect well.  However, I have learned from reading your site that when it comes to employment and selection of candidates - ”beauty is in the eye of the beholder”. 

My fear is that by listing these activities, I will do more harm than good, and  I will close more doors than I will open. 

Do you have any advice? 

Signed,

“Wanna B. Free”

Dear Wanna:

Your question is a good one and I think that the answer that you are searching for can fall into two categories – 1) Focusing on your Goal  (Getting a Better Job) and 2) Being Honest with Yourself.

If the goal of the resume is to get a better job, I think that you are taking a big risk in featuring your outside activities on your resume, if you believe that they are as polarizing.  By including these items on a resume, you begin to eliminate your audience and you enable people to make prejudgments about you as a person.  Granted if some of the employers share the same interests or beliefs, that may give you a leg up in the process, however since many people will be viewing your resume, you become more likely that you will encounter someone who may disqualify you based exclusively on this activity. 

In addition, today the legal environment in the workplace is more risk adverse than ever.  Granted, companies preach the concept of diversity, however at the same time they try to prevent the work place becoming the “soap box” for the expression of people’s personal beliefs, especially if they may offend others or pose a distraction.   Sometimes no matter how talented the candidate, companies simply do not want to take this risk.  

To compound on this, many times hiring managers will ultimately choose an alternate candidate, simply due to the fact that they may be exposing themselves if they hire someone that may be more of an outlier, as opposed to someone who is viewed as a safer choice.  Remember, they have a job too!

2) Being Honest With Yourself – I think that you have to determine if this outside interest, you bring into the work place.   Many people cannot separate their avocations from their vocations, and their outside interests consume them in all environments.   If you recognize that you fall into this category, my advice would be to list it. 

The reason for this, is that this outside interest speaks to exactly who you are.  And if this is the case, the company should know it, and you should feel comfortable that they are accepting of you (in your totality).   I think that by being honest with yourself- and your employer – you set a strong foundation for a long lasting relationship.  However, if by being honest you repel the employer and are not hired, you may experience short some initial remorse.  However,  in the long run you will benefit for not having to work in an environment that does not embrace you or your extracurricular activities.

In the end, I think that resumes in general are not an ideal form of communication, so I do believe that it would be best to list your interest, but soften it a bit so that it is not viewed as polarizing, but still provides a potential platform for discussion.     If you eventually get selected for an interview, you should figure out if you want to bring this up with members of the interview team during a discussion.  In this form of communication, it may be easier for you to articulate your external interests and demonstrate how they have effected your personal and career development in a positive way.

Thanks for asking the question.  Many people struggle with this.  Hope that the answers are useful to you and to others.

Lee and Mike

Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Resume | Comments Off 

Career Advice Tuesday – When is a degree a waste of time and money?

November 23, 2010

Dear Infosecleaders:

I am looking for some career advice. I am planning on entering the Information Security work arena. I am currently studying for the CISSP and am not finding it too difficult. I am 20 years experience in Telecoms and Technical Operations, managing large technical teams and physical security.

I don’t have current hands on knowledge of Windows Server, Linux or Cisco, nor any of their Certificates. I do have a PMP and a degree in Electronics and an MBA.

Will a Masters in Information Assurance or the more trashy named Cyber Security assist me in moving into this new field or just a waste of my time and money.

I am in my early 40′s and unemployed.

Thank you.

Get a Degree?

Dear GAD,

We’re both big fans of having a degree as part of your overall career investment.  Sometimes, you can’t get where you’re trying to go without having the right credential.

For example, a few years ago, I (Mike) was working at a Fortune 100 company as a senior security architect.  Looking at the senior management of the company (VP level and above), it became clear that, if I wanted my career to advance, I would have to have an advanced degree; every person in the company at VP-level had at least a Master’s degree, and everyone in the C-suite had a Ph.D.  In that case, it was clear that my lack of an advanced degree was going to be a career-limiter.

However, sometimes, going through the time and expense of getting a degree is a complete waste.  While I’m sure that we don’t have all of the details of your situation, my hunch is that it would be in your case.

You identify something that is far more likely to limit you than your degree situation: a lack of technical skill.   With an MBA and a degree in Electronics, you’re not hurting for academic credentials.  You’re hurting for knowledge and skills.

Were I coaching you directly, my advice would be to stop by Barnes & Noble on your way home and pick up books in whichever skills you feel are most lacking, and download some VMs for practice environments.  Maybe even go on Ebay and pick up some old Cisco gear, Checkpoint firewalls and IDSes to play around with.  Spend a month building a lab of devices and you’ll be up to speed pretty quickly.

It’ll cost you far less than a degree would and you’ll be marketable much more quickly.  Not to mention that, in an interview, you’ll have a story to tell.  (As an answer to “What have you been doing while you’ve been unemployed?”, one of these answers would impress me significantly more: “I went back to school”, or “I built a lab in my house and have been working on rebuilding my technical skills on my own.”)

Sometimes, a degree just isn’t the way to go…

Mike & Lee

Posted by mmurray | Filed Under Career Advice Tuesday | Comments Off 

Career Advice Tuesday – “Should I Tell Them I Was Fired”

November 23, 2010

Dear Infosecleaders:

I am currently in the process of applying for a Senior Information Security leadership position with a company, and I was given an application form to complete.  The form asked me if I was “fired” from any of my previous employers.

In my case, the answer to that question is “Yes.” 

About 10 years ago, when I was in my 20′s I was fired from an information security consulting firm, that is no longer in existence.   I did not get fired for anything egregious, just basically voiced an opinion counter to the owner of the business.  ( I will chalk that up to lessons learned)

My question is, should I reveal this to my potential future employer on the application.  My ethics tell me to do so, however I really am interested in this opportunity and I do not want to raise a red flag.

Any advice would be appreciated?

Sincerely,

The Apprentice

Dear “The Apprentice”:

Plain and simple, your instincts are correct.   You should definitely fill out the form with the appropriate information, and let this perspective employer know that you had been fired in the past.  If possible, you should give a brief (and we do mean “brief”) description of the circumstances, to give some background (and so that human resources mind does not wander).

In addition, if you are extended an offer to join your new employer, and they check for references, you should make sure that at least one of your references is from that employer.  By doing this, you can demonstrate that you are not hiding from your past and that you are willing to address the situation from the perspective of another party.  Hopefully this person will be able to validate your story, if asked.

You do bring up a good point.  If you have worked in the the information security industry for over a decade, it is very likely that one of your previous employers does not exist.   However, it is naive to think that your employment records have not been kept, and that any reputable background investigation firm would not be able to validate anything that you attest to on your application.  

In my history of running my recruitment firm, I have witnessed first hand the merits of honesty and integrity, when it comes to revealing and discussing past transgressions or embarrassing moments.  By demonstrating accountability for your actions, you present yourself in a positive light, and can most likely overcome any objection.  When you are subversive, and try to hide the truth, the outcome is rarely pleasant.

Hope you get hired,

Donald Trump  (aka Lee and Mike)

Posted by lee | Filed Under Advice, Career Advice Tuesday | Comments Off 

Career Advice Tuesday – Practice, Practice and More Practice

November 16, 2010

Dear Lee and Mike,

I resigned from my last job a year ago.I was”squeezed out” after 20 years due to [some things going wrong].

Now, I’m ready to go back to work.   I provide HR with 3 great professional references wherever I apply. I am always asked about “the” reference from my former manager. I say I will try to get one, that it is difficult to contact her, she seems to be away a lot. I know a reference from the former manager is non existent.  It just aint gonna happen.  Each time, I hope that my 20 years at a company, with 3 great prof.references from staff whom I have worked with for 20 years, will satisfy them. It obviously does not. I am guessing, but after what I think was a really good interview, I just don’t hear from them.  Should I email the potentially new employer and very briefly try to summarize the conditions under which I left my last job, of course not mentioning the specifics?

Please advise, even though you have answered similar questions.I feel soooo stuck and I have been out of work a year.

Hurting and Scared

Dear H.a.S,

One of the toughest parts of answering these questions is that, sometimes, it’s incredibly hard to tell people what they don’t want to hear.  And it’s hard because we’re very compassionate and caring guys, and we don’t ever want to hurt anyone’s feelings.

First things first, however… you’re breaking one of our positively, absolutely, 100% cardinal rules of interviewing.  Don’t lie.  Ever.  Never.  EVER, EVER, NEVER, EVER. Were we clear there?

Don’t say: “Oh, she’s on vacation a lot.”  Say something like: “Things didn’t really go very well when I left due to some situations that occurred.  I doubt that my previous manager has much to say that reflects the way that I worked.  Perhaps you could speak to [insert these 3 other previous managers] to get a better idea of who I really am.”

Here’s the thing: people unconsciously detect deceit in those who aren’t naturals (i.e. sociopaths).  Something about your letter (most of which we didn’t reproduce above) suggests that you’re not a natural sociopath.  Thus, you’re probably coming off as nervous and it’s helping to taint the interviewer’s impression of you.

Which brings us to the hard part of the response.  You say that you leave what you “think was a really good interview”.  Here’s the thing: it wasn’t.  If it was a really good interview, at least one of these hiring managers would have brought you back.   Lee often brings up the old saying that “if 3 people tell you that you’re drunk, you’re drunk.”  If it was just one interview, I’d say you just had bad luck.  But the fact that it’s multiple interviews across multiple companies suggests that you’re not interviewing well.

Here’s what you need to do: get someone who’s an experienced hiring manager in your field.  Preferably someone who isn’t a friend of yours who’s willing to interview you for a job and give you honest feedback on the process. Compare that with how you thought that it went.  And learn from that process.  Do it a few times until you start to understand your own issues and you start to notice when things aren’t going well.

Then, you’ll know what’s a good interview and what isn’t.  And you’ll start to have some insight in to why you aren’t getting the positions that you interview for.

That’ll be a good start.

Mike & Lee

Posted by mmurray | Filed Under Career Advice Tuesday | Comments Off 

Career Advice Tuesday – “Confusion”

November 9, 2010

Here is a question that we received – we have kept it unedited – we thought it would be a good idea for everyone to understand the type of confusion that others are going through when making these types of decisions around their careers.

Dear Infosecleaders:

I am currently active duty military and I want to finish my degree. I was considering Information Systems Security from AMU. I was wondering what you thought about this school it is regional accredited the link http://www.amu.apus.edu/academic/programs/degree/1279/bachelor-of-science-in-information-systems-security
 shows you the course curriculum, What do you think? Because I am active duty I am limited in the schools i can attend. I was wondering  if you could also give me some advice from start to finish what I should do if  I got my b.s. here;  I could get my ms here http://www.scs.gatech.edu/future/msinfosecdistance .  Any advice on certificates? I have a secret clearance and i am hoping to get a top secret one  hoping this will help me with possible job opportunities when I get out.  I eventually want to be a CISO.
 
I was also thinking about Information systems management trying to get both degrees at the same time
 
Should i just stick to one and then try to get my masters or due both?
 
I’m so confused any help will be appreciated.

Sincerely,

All Over The Map

Dear “Career Explorer”:

I think that the best advice that we can provide to you would be to slow down and collect yourself.  Your questions had such broad range, that in the end, we feel that it would be better for us to answer them strategically, as opposed to tactically.   The journey that you took us on from the beginning of the paragraph, began with education, then advanced education, evaluation of schools, certification, clearance, and ended wiht the statement that ” I eventually want to be a CISO.”

You are in the process of making some very critical decisions here, that may or may not be as intertwined as you believe.   For example, I am not sure if you want to combine your undergraduate education with your pursuit of a masters degree.   Your desire for specific knowledge may change significantly during your undergraduate years, and locking yourself into a masters program at the onset, may turn out to be counterproductive. 

In addition, you speak about getting clearances, which would be great if you would like to pursue a career as a government CISO, but may not have much value if you decide to pursue a career in business.  

The best advice that we can give you is to begin slowly, focus on a targeted pursuit of one specific career goal, and maximize it.  Instead of pursuing additional education, it may be best to get some more relevant experience so that you can compliment your education with practical knowledge.   By being in the military, you should be able to easily pursue advanced clearances if you like, but you may want to focus more energy on industry certifications, that can brand you better toward the commercial world.

It is great that you have so much energy and desire to achieve (do not let us temper that enthusiasm) but you need to make sure that you are equally efficient in your pursuits.   I think that if you take a more targeted approach to your career development, you will be able to build the skill, experience, and educational foundation that will unlock career opportunities as you pursue your ultimate career goal.

We know that we did not answer your questions directly, but hopefully we provided you with a framework and a thought process for you to make your decisions.

Please follow up with us if we can provide more clarity.

Sincerely,

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday | Comments Off 

Career Advice Tuesday: Major Problem

November 2, 2010

Dear Lee and Mike,
I am currently in college and need help selecting a major. I am interested in computer information technology but the university offers several paths.  I am leaning to network/system administration and security. What do you think about it? What will be the career path for this B.S. Degree?  I am drawn to the security because I believe this will be one of the most demanding area in securing data and other personal information. Like I said I am now starting, so changes can be easily made if necessary. If possible what will be a realistic starting salary for a B.S. Degree in this field? Your help will be greatly appreciated.
Sincerely,
Current Student.

Current Student (or, CS as we’ll call you),

If you’re thinking about coming to security from a degree perspective, we’re big fans of having as broad a background as possible in information technology beforehand.  Thus, we like your choice of programs: a program that combines system and network administration with security will give you a broad understanding of the architectural and operational concerns with deploying technology while you also gain an understanding of the security concerns of those same systems.

This is one of the problems that we see with a lot of security-specific degree programs – risk management is often an incredibly nuanced discipline, requiring a detailed understanding of the systems in play before one can make detailed risk management decisions.  Nowhere is this issue more obvious than the financial crisis in the USA over the past 5 years.  The issues of managing risk within complex systems like credit default swaps and mortgage-backed securities requires a detailed understanding of all of the technical issues.  And, unfortunately for all of us, those engaged in attempting to manage that risk did so without that understanding.  And it caused massive issues in the way that risk was managed.

Unfortunately, degree programs that don’t provide their students with an effective background in the systemic issues that they’re attempting to risk manage lead to the same problems.   We’ve both seen far too many people who claim expertise in an area of security without an adequate background – for example, someone who claims expertise in secure software development and SDL without an understanding of computer science and software engineering practices.

An education path that provides both will serve you well in the future.

Mike & Lee

P.S. As for “starting salary”, that’s so dependent on your own experience (outside of your degree), your location, the type of company that you work for, etc. that we’re not even going to hazard a guess.

Posted by mmurray | Filed Under Career Advice Tuesday | Comments Off