Career Advice Tuesday – “Unhappy Passover”

April 26, 2011

Dear Infosecleaders:

I’m current a Security Tester at a small-size company, with some offices around the globe.   I also have some certifications and Security background. However, since I’ve started working for this company as Automation Testing Engineer I started to change the Security posture of the company.   I’ve proposed for the board the creation of a security area, I’ve originated the company’s Security Committee; I integrated a Risk Assessment and Vulnerability Management process and developed the company Security Dashboard.

The good news is that due primarily to my efforts and perseverance my employer has finally created the Security Manager position. The bad news is that the person selected for this position was an existing IT Manager, and not me.

Needless to say that I am very disappointed and have been left unmotivated after learning of their decision and I have started looking for a new job.

A Fortune 100 company interested in hiring me contacted me to work with them as a Security & Compliance Coordinator.  This company does not have Information Technology as their core business. They are in a different industry.

I’m hesitant to go to a new company where the core business is not related with Information Technology and it’s growing at a slower rate than my current employer.   That being said, I am very interested in the opportunity in front of me, and it effectively enables me to leverage my current technical skills to gain experience related to compliance, which is a direction that aligns with my long term career goals.

The dilemma I have is that I am unsure if leaving my company for this opportunity is a good career move?


“Unhappy Passover”


Dear Mr. Heston:

You ask a complex question so we are going to dissect them in equal parts.

The first thing is that it is never a good feeling to learn why you were “Passed-Over” for this Security Manager opportunity.  You have every right t feel let down considering that you believe that it was your efforts that led to the creation of the role.  Before you do anything drastic, my advice would be to set up a meeting with the person who made the decision, and ask them why the selected the other internal candidate.    Granted you may not agree with their answer, but it is possible that their decision was based on some logic or a key “skill gap” that may prevent you for performing the role as it was designed.   If they point out a skill gap, you may need to do some self assessment to see if their analysis has merit.  If you believe it does, you should ask your employer to help you find a way to gain this experience so that you may develop your skills.  At that point, if your employer does not provide you with a clear answer, or you can not come to terms with their thought process, then my suggestion is that you need to move on, especially if you believe you can not find the passion and motivation that enabled you to be effective in your security testing role.

The next question that you ask is that if you should leave your IT based employer to work for a company in a non-IT based industry.  My answer to this question is that industry alone should not be a determining factor – for this decision.  There are many non-IT businesses that have excellent commitment and business alignment with the information security function.   Historically, financial services has always been a prime example of this, however recently companies in retail, manufacturing, healthcare, and other industries have become more invested in information security and building “world class” information security functions.

The questions you should be asking yourself are two-fold – is the new company committed to building a first class information security function (you should understand the drivers and the security functions leadership)  and if you have an interest in learning about the business/industry of your new prospective employer.  If the answer to both is “yes”, you should not hesitate to explore the opportunity in greater detail.

Your third question regarding building new skills aligned with your interests and career plan is an easy one.  By all means, if the new employer enables you to leverage your existing skills, to build and develop new ones, I would jump at that opportunity – especially if this opportunity does not exist at your existing employer.

You close by saying that you have a dilemma – and I would disagree.  It appears that you have some very good skills, a strong passion for information security, and the ability to influence others – these are the foundations of successful Information Security leaders.

Dilemmas are situations where you do not have any good choices.  What you have is a decision to make – which when it comes to managing your information security career is always a good thing.

Hope this helps.

Happy Passover,

Lee and Mike


Posted by lee | Filed Under Advice, Career Advice Tuesday, Planning, Position Selection, Skills 


One Response to “Career Advice Tuesday – “Unhappy Passover””

  1. Madge on May 1st, 2011 12:25 am

    It’s sopoky how clever some ppl are. Thanks!