Career Advice Tuesday – “Graduate’s First Career Decision”

May 31, 2011

Dear Infosecleaders:

I am a recent graduate of a Masters program with a concentration in Information Security and I am trying to make a decision about selecting my first job.

To give you some background, I have an undergraduate degree in Computer Science and have been coding since I am about eight years old.  During the course of my undergraduate studies I discovered information security, and I was hooked.  During undergrad I found internships that were centered on software development, but found myself looking for information security related problems to solve.

Upon graduation, I decided to pursue a Masters degree to learn more about information security, which I have.  The program has focused on some of the non-technical areas, which has really opened my eyes to some of the types of issues that I would like to focus on.

Now that I am about to graduate, I have two different opportunities to choose from – the first is a software development role (at one of the company’s where I interned) that has some components of information security.  The pay for the position is $75,000 and they will pay for relocation.  Also, the role is in an area of the country where the cost of living is relatively low, so the money will go further.

The second opportunity is to work in the information security function of a Fortune sized company, where I will work on security governance, risk, and compliance initiatives, in support of a Director.  That position pays $45,000, the relocation package is not as comprehensive, and the cost of living is much greater.   The upside is that the area has a thriving information security community, and I should be able to meet many other information security professionals.

One other point, I have student loans, no additional financial support from my parents, and a car that has about 160,000 miles.

All of my friends and parents have told me to take the higher paying job and get on my feet, but there is something inside me that tells me that the other job is better suited for my interests.

Any advice would be appreciated.




Dear Mr. PIB:

The best advice that I can give you is to follow your gut and follow your passion.  Wherever the destination you choose, make the best of it, and maximize its value.

While I am not going to give you an answer to your question – I am going to point out some facts that I think you should apply to your framework for decision making:

1)   You came to the realization through the years that Information Security is the direction you would like for your career to lead.

2)   You spent two years of your time and money attending graduate school to learn about information security.

3)   You have already worked in the environment (via internship) in the software development role, so you have some first hand experience on how they feel about information security and if you will be able to utilize your knowledge.

4)   It appears that your policy job is in an area where there is a thriving community and many other information security opportunities.  The software development job appears to be located in a more remote location without many other suitable employers.

5)   Only you know your financial issues, and can appreciate the effect that they will have on your living situation.   (We were all there once.)

Some other things that I will share from experience:

1)   You are at a point in your life where you have personal freedom and can follow your dreams.  As you get older, you will be forced to make decisions based on external factors, so my advice is to take advantage of this freedom – before you know it, it will be gone.

2)   As long as you keep your hard “technical” skills, you will be able to find employment.   For example, if the policy job does not work out, I am pretty confident you could call the other company and ask if they would hire you as a software developer.

3)   Dismiss the opinions of anyone who tells you to take the job that pays the best, exclusively on that criteria.  (This logic alone validates that they are amateurs, and do not understand a thing about your professional options)  This can be your parents, your significant other, or even a professor, at this stage in your life, money is a component of your decision, but should not be the driver.

4)   Whatever you decide, make the most out of it.  Work your butt off.  Meet as many people as you can – internally or externally – so that you grow your skills , your network and develop  your interests in information security.

5)   Don’t second guess yourself – try not to wonder “what if” – you decided differently, it may only make you crazy.

Like I said, I am not going to give you an answer on what I would select.  Now is about the time that all of your great education should come in handy!

Best of luck,

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday, Compensation, Planning, Position Selection, Skills 


2 Responses to “Career Advice Tuesday – “Graduate’s First Career Decision””

  1. Infosec Joe on May 31st, 2011 12:58 pm

    $30K is a big enough salary gap — have you given any thought to what factors account for the difference? Clearly the first company must have been impressed with your work as an intern; are there any other opportunities there focused on the infosec work that interests you, or have you discussed the potential of moving into a fulltime security role down the line? Also, a lot of GRC work is decidedly non-technical; as someone who is considering a software development job and “[has] been coding since [you were] about eight years old,” are you looking to do more technical security work or more risk/compliance?

  2. Christy on June 23rd, 2011 10:09 am

    That’s not just logic. That’s really ssenible.