Career Advice Tuesday- “Observations From Black Hat”
August 9, 2011
Having just returned from Black Hat, we thought it would be good to utilize Career Advice Tuesday to provide our readers with some observations and what it means to you and your career as an information security professional.
1) Our industry has a short memory
Not too long ago, Mike and I were sitting together putting together the “Career Incident Response” Podcast series, because there were so many information security professionals who were getting outsourced, downsized, or laid off. How quickly things have changed. Prior to a the conference an article by Information Security Media Group claimed 0% unemployment and during the event the NSA announced it was going to use DefCon as a job fair as an attempt to hire 1500 information security professionals. Walking the trade show floor, Amazon.com dedicated their booth to recruiting members for their team, and many of the booths had signs that said “we are hiring”.
While we do not believe that there is 0% Infosec unemployment or that the audience at DefCon will have an easy time passing the NSA Background Check requirements, we do believe that the employment market is increasingly healthy. During the conference itself, I (Lee) personally had meetings with over 15 new entities (corporations, service providers, product companies) who would like to attempt to engage LJ Kushner & Associates’ services to help them recruit information security talent.
It is my belief that all of the recent events have awakened many to the fact that information security needs to be an element of their business and that hiring the right talent is a great challenge.
2) We Don’t Have A Quantity Problem, We Have A Quality Problem
Without question employers need to hire information security professionals. It is also clear that by the attendance at both Black Hat and DefCon, there are plenty of folks who are either information security professionals or who have an interest in becoming information security professionals. So, if that is the case, what is the issue – the hiring needs should be solved – but they are not.
What many do not understand is that there is a big difference between “people” and “talented people”, and there is bigger difference between a “job” and a “quality job”.
Information security professionals are operating under the misconception that just because they are in the field of infosec, that they are qualified for many of the positions that companies are looking to fill. The fact is, that although many information security pros are more than qualified to perform their same job at a different company, they are not viewed as qualified for information security opportunities that can be viewed as a “step-up” and will advance their careers. The main reason behind this is the lack of investment in their professional development beyond standard industry certifications.
On the flip side two things are happening. First, the positions that many company’s are advertising for are viewed by many information security professionals as “dead end” jobs, that on the surface do not provide the growth and career advancement opportunities that many are looking for. Secondly, when companies are looking for more talented and experienced professionals, they are creating job descriptions that require complex skill combination and experience requirements, without offering compensation packages that are consistent with their requests and reflect a “risk/recruitment” premium for the applicants that they are searching for.
Therefore their junior level roles go unfilled because no one wants them, and their senior level roles go unfilled because their skill requests lay outside their budget.
Something has to eventually give in this process – or the information security talent myth will continue to grow.
3) Outside Market Conditions and Industry Events Will Have An Effect on our Future
While we were attending BlackHat, the United States extended our debt ceiling, and then on Thursday, the stock market plummeted 500 points, which was followed on Monday with another 600 point decline.
We both do not claim to know anything about the stock market, but there is no question that if the world slips back into a global recession, the information security industry is not going to be immune to its effects. Now is the time for information security professionals to take a pro-active approach to insuring that that they do not become collateral damage if the economy begins to deteriorate.
The only sure way to insure your career is to continue to build your skills, stay current with technology, and demonstrate our value to your current employers. Now that times are good, and we are in demand, it is time to take advantage of the situation, and use your current role as a platform to exhibit your skills, your impact and your knowledge.
If any one of our readers have their own information security career observations from Black Hat, it would be great to hear from you.
Lee and Mike