Career Advice Tuesday – “InfoSec Pro Seeks Long Term Deal”
June 14, 2011
Currently I work as an Application Security Consultant where I have been engaged on a long term contract with a Fortune 1000 company. The current engagement that I am working on, came about as a result of being laid off from a professional services firm during 2009. I have approached the current client about becoming a full time employee, and they just do not have the ability to bring on a full time employee due to mandates that extend beyond information security and are dictated by the business at large.
Recently I was approached through a friend about an opportunity to become a Senior Application Security Engineer for a “Web 2.0” company. There is no doubt that the work would be exciting and I would learn a great deal, and on the surface the company seems like it is on good footing. However, due to my past experiences I am not sure.
My current situation is a good one – I am paid well (more than the full time opportunity), I know that there is plenty of work for me, however there is not any real “career” opportunity because I am a consultant (and they will not make me an employee). I think that for this reason, I would like to take the job with the “Web 2.0” company, but there is a voice inside of my head telling me that I should try to protect myself.
I am thinking about asking for a “2 year contract” in order to accept the role. Is this possible? If so, how should I ask the employer for this addition to the offer?
Unfortunately for you, the rules that apply to highly talented all-star basketball players do not translate to highly skilled information security professionals. The idea of a company extending a “2 year contract” to a senior engineer would be a new one for me.
To provide you with a point of reference, in 15 years of recruiting information security professionals, I have never been a party to a search assignment that contained an employment contract like the one that you are requesting. In fact, the longest severance package I have ever seen an employer offer was one-year, and that was offered to a CISO who was relocating his family to an area that he was unsure of moving to.
I am not sure that this will make you feel better, but in essence we are all free agents, and employees “at –will.” As members of today’s information security work force, the development, maintenance , an constant enhancement of our skills serve as the fabric of our personal employment “contracts”.
Getting back to your current situation I do think that you should do some due diligence on your new employer and the role that you are considering. I think that you should make sure for your own sanity that you do two things prior to accepting the role :
1) Make sure that you are comfortable with the career path that they have outlined for the position. The reason I say this, is that if you do not think that the career path will help you grow your skills and prepare for the future, then stick with the contracting role – since the career path would be the main reason for leaving the world of contracting.
2) Make sure that you will excel at your new job. Plain and simple, you are going to want to come in and make an impact – not struggle. You want to make sure that you can exceed expectations and shine –not just be average. Just being average will make you “another employee”, and in that case your career acceleration chances decrease.
Again, career acceleration and progression should be key, you want to make sure that you fee confident that these elements of your new role exist, and you can maximize them when they avail themselves to you.
Hope this helps,
Lee and Mike