Career Advice Tuesday – “Resume Hurdle”

September 27, 2011

Dear Infosecleaders:

I am writing to see if you can help me with a situation that seems to be haunting me as I look for a new job.

I have been working as an information security engineer for the past 10 years, mostly on long term contracts.  Each of my contract assignments for the past five years are through the same contracting firm.  During these past five years, I have supported over 8 different Fortune 500 customers, in the implementation of various security technologies ranging from IDS, Firewalls, SIEM, DLP, etc.  Each of the assignments have spanned from 4 months (shortest) to 16 months (longest).    On my resume, I outline each of these projects, listing the customer, the scope fo the project, the duration, and the impact of my efforts.  

Now that I am looking for a full time job, in my opinion my resume makes my employment look inconsistent, although I have been working for the same employer (contracting agency) for the past five years. 

Do you have any tips on what I can do to overcome this hurdle?


Edwin Moses


Dear Edwin:

This may turn out to be our shortest response, but your answer is a simple one.

What you need to do is to create a resume entry, before the projects, demonstrating that you worked with the same company for the past five years.   (2-3 lines).  Underneath the employer and the date,, you should write a short term description about the company and the nature of your work as a security consultant servicing Fortune clients.

Your resume should read no different then a person who has worked as an information security consultant for for a large consultancy – like a Big X or a large systems integrator – with the exception of being able to demonstrate career progression or titles.

If you are able to place this experience under the larger umbrella, it will let employers know that you are both loyal and have a good deal of diverse information security experience.

That should lift some of your hurdles and help you in your transition.

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Interviewing, Resume, Skills | 1 Comment 

Career Advice Tuesday – “Adoro la seguridad de información (I Love InfoSec)”

September 20, 2011

Dear Infosecleaders:

I graduated college with a B.A. in Spanish. However, I find myself intrigued by the Information Security field as I love a challenge and I am a problem-solver with an analytical mind. I am looking into Master’s programs for IS, but I am worried about finding a job with a Master’s and no relevant IS experience upon graduating.

Can you please offer me any advice? I really see myself enjoying a career in IS.


Quiero ser un pirata informático


Dear “Pirata”:

The best way to respond is that your professional career will most likely span between 30-40 years, so you have a long time to make the transition that you desire. At this point in your career, your decision to study Spanish in college as opposed to information security or computer science, should not be viewed as an impediment to your future career, in fact you should figure out how to utilize this knowledge as a future enhancement.

The first piece of advice I would like to give to you is to not go back to school to get a  Masters degree.  Instead, what I would suggest would be to either go back to school to take some technology related classes and look into an eduational program that will provide you with some first hand experience working in technololgy.   You should be able to take some of these clasess concurrently.    Simultaneously, you should attempt to find an entry level position – even part time – to do some computer related work, so that you can get some exposure and practical knowledge.  This can include roles like working in a computer lab, working third shift in a network or security operations center, or something of that sort.    Once you feel comfortable with a base line of knowledge, maybe in about 18 months – you can attempt to attain an information security certification – something that reflects your technical knowledge.    This will help provide you with some external branding as an information security professional.

Once this is completed, my advice to you is to combine your experiences – your newly created technical skills and your Spanish undergraduate degree.   Due to the growing Spanish population and the global economy, being able to communicate in Spanish (or any foreign language)  is a unique skill that will differentiate you from others.  In fact, it is likely that you will be more attractive to company’s doing business with Spanish speaking customers than more qualified information security professionals without ability to communciate.     When you begin to look for jobs, it is these companies and these geographies that you should focus your search.

I would not be surprised if you could find a company that would give you the opportuntiy to serve as a conduit between a technical information security function with any of their Spanish speaking business units.

In the end, please let us know if it is easier to teach a Spanish major information security, or an information security professional Spanish.

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday, Planning, Skills | Comments Off 

Career Advice Tuesday – “Eight Is Enough”

September 13, 2011

Dear Infosecleaders:

I am writing to ask you a question about my current interview process and I hope that you can help.   To provide some context, I am interviewing for a senior information security management role, and the compensation package is targeted around 200K.

The crux of my issue is that my interview process has been going on for an extended and I am losing my patience.   Over the past two months I have utilized four vacation days, missed parts of five days off of work,  gone on a total of eight interviews (in person and via phone), met with over 15 people (from infosec engineers to executive management), and have subjected myself to a half day of psychological testing, and I still do not know where I stand.

It has been a week since my last meeting and I have not received any communication from my potential “future” employer.   It has really left me confused and frustrated, which leads to my questions:

First, how can I get an answer from the company?  Next, if they offer me the position, do I really want it?  How should I interpret this behavior?  Should I doubt their confidence in my ability to do perform in the role?

Any help I can get would be appreciated.


Dick Van Patten


Dear Dick:

The first thing I would tell you is that a lengthy interview process for a CISO or an Information Security leadership position is commonplace.  It is often difficult to coordinate schedules for the necessary decision makers, especially during the summer time months when many are on vacation.

All this being said, eight separate interviews is excessive.  I think that it is important for all “candidates” to make themselves available for interviews, but to communicate to the hiring party, that it is their expectation that their time be maximized when scheduling.

I will also say this, that when a senior candidate is “too accommodating” and always adjusts their calendars to accommodate the interviewers, it is sometimes interpreted as a sign of weakness senior level decision makers.

As far as interpreting this behavior, I think that you were fine, until the last delay in your process. When you are receiving “dead air” from the hiring party after 8 interviews and a week since your last conversation, you are most likely either going to be rejected, or they are stalling you, waiting for a decision from another candidate, whom they like better.    It is the lack of information that should be very concerning, and should serve as an indication that they are not sure that you are the correct fit, or they believe that there are better options.   In the end, if they do hire you, and your do not live up to expectations or if there is a security issue, they are going to second guess themselves, and more than likely “reevaluate” your hiring.

As far as forcing a decision, I think it becomes a question of how assertive you would like to be, and if you would like to regain control over the interview process – independent of the outcome.  At this point, I do not believe you have anything to lose.

If you really want to know how they feel about you, call the internal HR person until you speak with them, and let them know that you need to have an answer, based on a new development in your current position.  Tell them that you will need to have an answer on their direction “by the end of the week”, or you will have to remove yourself from consideration.

I do believe that by doing this, you are going to receive closure, and they will either reveal the truth (that you are a second choice), or that they do not believe that you are the right person for their role.

Again, without knowing all the details or the hiring party, I cannot be 100% accurate, but based on my experience this is the best guidance that I am able to provide.

Good luck in your continued pursuits.   Let us know the outcome.

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday, Interviewing, Position Selection, Recruiting, Uncategorized | 1 Comment 

Career Advice Tuesday – “Under Pressure”

September 6, 2011

Dear Infosecleaders:

I have a simple question for you and I hope you can provide some guidance for me.

I have been passively looking for a new information security opportunity.  It is not that my current job is a bad one, but it has just gotten stale and I am looking for some new challenges.

Through this process, I have found a few opportunities that have had some initial appeal, and I have progressed through their interview processes.  One of the opportunities has greater appeal than the others, and I have been told that I will be receiving an offer during the next few days.   I have also been told, that they are interviewing other candidates, and they would expect me to make a commitment to the within 48 hours of receiving the offer.

The truth is that although the opportunity is interesting to me, and I believe it is better than my current role, I am not sure it is the right opportunity to me.   I would really like to vet it against other opportunities that are either less far along, or I have yet to uncover. 

Can you provide me with any advice on how to stall the current suitor, to provide me with enough time to make the correct choice? 


David Bowie


Dear Mr. Bowie:

As far as your current situation is concerned, I am not sure if I can provide you with any advice at this time that will help extend your decision making process beyond an extra couple of days, so I believe that you are going to have to make a determination  if the offer with this new company, is something that you are really excited and passionate about.

From the tone of your e-mail, my feeling is that this is not exactly what you are looking for.  Considering that this is the case, I would like for you to consider calling up your suitor, and telling them how you feel, before they get you the offer in writing.

What I would do, would be to write the hiring manager (whomever you would be working for), and let them know the following –

1) You are sincerely interested in their company

2) You respect the fact that they need to make a quick decision and fill the role

3) You believe that this could be a very good long term match

4) You are not prepared to make a decision in the time frame that they have outlined.

By getting in front of the situation, and dealing with the hiring manager directly (you should CC your  internal and external recruiter – if they are involved) – you will find out exactly how interested they are in your candidacy.

By engaging the hiring manager, you may get a positive response that may include the following-

1) What other information would you like to discuss?

2) How much more time do you think you will need?

3) Would you like to speak with others in the company?  -

All of these will allow you to receive more information and get more comfortable in your decision making process.

Conversely,  you may also receive a negative response that would include the following:

1) Why did you waste my time?

2) What does this say about your ability to make a decision?

3) How could you not want to work here, what is wrong with you?

Receiving a response like this, will also enable you to receive more information about the company and the opportunity, and provide you with reassurance that you made a good decision by not receiving the offer

In the future, what you may want to do if you are looking at multiple opportunities, is to establish a consistent timeline for decision making with all of your potential employers.  You may say, I am looking to begin my new opportunity in about 2 months, and I would like to make a decision in six weeks..  By doing this,  you allow yourself to pace the interviews, communicate clearly, and set expectations,  It also demonstrates planning, thoughtfulness, and professionalism – which are all good qualities in information security professionals.

Let us know how it goes.

Lee and Mike


Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Interviewing, Position Selection, Recruiting | 3 Comments