Career Advice Tuesday – “Getting Back in The Game”

December 14, 2010

Dear Infosecleaders:

I was a Security Analyst for a small start up company.  I was laid off in May of 2009.  Over time, while I was working, my job became more a more non technical.  I was presenting at sales meeting, providing security awareness training, authoring security policy, etc.

I am looking for job right now but not having much luck.  I can’t find many jobs with skills I posses, and I am not confident with my technical skills since I have been so out of touch.

Any advice on how to get back into the field. Or are there not so technical careers in Security arena??

Please advise.

“Bench Warmer”

Dear BW:

Please do not give up hope and think that your information security career is over.  Before we begin addressing your problem, I would like to provide you with some insight and clarity into what you are experiencing.

Technical skills are very easy to quantify and assess.  During any credible interview, a hiring manager can easily assess someones technical knowledge and competency.  Therefore, information security professionals who maintain a high level of technical knowledge very rarely have a difficult time in finding a paycheck.   Unfortunately, the softer skills of information security are not as easy to value and articulate.  Tasks that include policy writing and security awareness training by themselves are very difficult to quantify during the confines of an interview.   It appears that this may be where you are having your issues.

I think that the first thing that you have to figure out for yourself is where you believe you can perform best- technical roles or policy/training/awareness roles.   After you figure this out, you have to come up with a way to demonstrate your proficiency in marketing yourself (resume and interviews).

It appears that you have a good technical background but that these skills have lapsed a bit.  It also appears that you are very good at writing and articulating security concepts to non-technical people through training and awareness.  What you may want to think about is pursuing positions whose primary skill requirements are policy/awareness/training – and utilize your technical proficiency (although lapsed) as a secondary skill.

For example, you will compete better if you market yourself as a technically proficient security awareness professional, as opposed to marketing yourself as an average technician with good writing skills.

I do believe that your best bet is to target opportunities where companies are going through transitions in their information security function, or look for companies who have been recently effected by new legislation or whom have experienced a breach.  It is these company’s that have to communicate information security’s importance throughout their enterprise.   If you can demonstrate that you can articulate some of the technical information and put this into terms that the average employee can understand, you may have found your avenue for success.

Once you identify these opportunities, I would make sure that your resume accentuated these skills and you included a writing sample or some training collateral, that you created (sanitized of course) to demonstrate your knowledge and the relevance of your experience.

Hopefully these tips should help get you going in the right direction and out of career purgatory.

Lee and Mike

Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Interviewing, Skills, Uncategorized 


Comments are closed.