Career Advice Tuesday – ” Better Job, Less $$$”

April 24, 2012

Dear Infosecleaders:

I wanted to ask a question about compensation as it relates to an opportunity that I am currently pursuing.  First I would like to describe my current situation –

Right now I have a position that I do not enjoy very much.  I work as an identity and access management consultant where I implement enterprise technologies at large companies.  I have been working in this capacity for the past five years.  I travel a great deal (about 80%) – basically every Monday through Thursday.

Due to a combination of my technical skills, my willingness to travel, and my ability to communicate to senior management at my clients I have been paid quite well.  My current compensation is about 200K.  In addition, since I have been traveling so much, I have been able to reduce my living expenses considerably allowing me to save about 300K.

Recently my life has changed a bit.  I have met someone and I want to settle down and find a position that allows me to stay in one place and at the same time challenges me.   Through my network of friends and colleagues, I have located a position that accomplishes these objectives.

There is one catch.  The compensation.

The position pays  a salary of 135K and does not have a bonus. 

I would really like to accept the position but I am having a hard time getting over this hurdle.  In addition, I am not sure how to answer the employers question about my willingness to accept 1/3 less compensation than my current role. 

Any advice would be appreciated,

Settling Dan


Dear Dan:

Let me answer your second question first – the best way to answer your future employer about your willingness to accept considerably less compensation is honestly.    I would explain to them very simply that you understood that your past role was more of a 1099 assignment as opposed to a full time position – where you were receiving a 33% premium for your skill and willingness to live on an airplane.

You should explain to them that you had come to terms with yourself that you were going to sacrifice your personal life in exchange for the ability to save money and develop skill.  In addition, you can explain to them that by being financially responsible you have put yourself in a situation where you could focus on your career – and not be as concerned about money.    If you would like, you could also explain to them that you have met a significant other, and your desire to spend more time with your partner outweighs your desire to earn an additional 65K

This being said, you need to make sure that you are careful to let your future employer know that your drive and your desire to produce excellent results remains with you, and that your work ethic will not change, although you have more of a financial cushion.  The best way to do this would be to demonstrate some examples from your past that can illustrate this characteristic in both personal and professional environments.

To answer your question about money, my feeling is that this is a very personal choice and one that you, yourself will need to deal with and come to terms with .  65K is a large sum of money, however the only positions that will enable you to maintain your compensation will be ones that place you in the same environment as your current role.

If you are offered the role, (before you accept it) – I would like for you to make a list of the things in your life that you will be able to take advantage of with the new role, and to make a list of the things that you will be giving up without the 65K.  In addition, you should also look five and ten years into the future, to see if by accepting this new role, you can place yourself on a trajectory to recapture these earnings in the future.

In the end, if you want to, you can always get back on the airplane, and do the consulting.  My advice is to make the most of your relationship, and to see if you can excel in a new environment better suited for your new life.

Hope this helps,

Lee Kushner

Posted by lee | Filed Under Advice, Career Advice Tuesday, Compensation, Position Selection, Skills, Uncategorized | Comments Off 

Career Advice Tuesday – “ I Have Nothing Against Profit”

April 17, 2012

Dear Infosecleaders:

I am writing to you because I would like some advice on how to make a transition as an Information Security leader from a non-profit entity to a large enterprise.

For the past five years, I have been the Information Security leader for a Non-Profit Healthcare centric entity.  In the beginning, the role was exciting, as the company did not have any information security program.  Although the opportunity was a challenge for my skill set at the time, I jumped at the opportunity and believe I made the most of the experience.  In addition to building the program, I have gotten a masters degree, additional certifications, and made additional career investments.

That being said, the opportunity has run its course.  The program that I have led/built is sufficient for the organization’s risk tolerance.  I am not able to secure budget for new technology expenditures and due to the economy, we have not replaced the staff that we were forced to let go. 

I would like to parlay my leadership skills into a large entity at a leadership level, preferably as a CISO.   I believe that the mix of my healthcare knowledge and track record would make me a viable candidate,

Can you suggest a methodology for my search?


Warren Buffet


Dear Warren:

Profit is a good thing, and I admire your pursuit of an entity that makes money.

You are correct, the transition that you are attempting to make is indeed a difficult one, however it is not an impossible task. Hopefully, this will give you some ideas on how to leverage your skills.

First of all, you need to understand your most marketable skills and determine what types of organizations they would be appealing to.  From your note, three things come to mind -1) you have built a program from inception 2) you have had leadership responsibilities for all facets  – giving you broad experience 3) you have experience in healthcare and security issues facing this industry.

You need to accept the fact that you are not going to become the CISO of a Fortune 500 company immediately, but there could be other organizations that could serve as logical places for your skills – and roles that you would be an excellent candidate for.

For example, there are many professional services firms – such as law firms or large groups of physicians who are awakening to the need to establish an information security program – your skills could have value to these types of entities.

You can also look at the healthcare vertical market and look for organizations that have considerable exposure to HIPAA.   These could include for profit healthcare firms, biotech, pharmaceuticals, or insurance.  Your domain expertise and leadership would be quite applicable.    What may be the best fit for you would be to enter into these organizations at a BISO (Business Information Security Officer) – where you could have leadership for a business unit of a larger entity.

Finally, you could always consider professional services – working within one of the larger consulting firm’s information security and privacy consulting practices – could be a good match.  Granted you would have to accept travel, but they would be happy to leverage your experience with their healthcare clients, – and in turn you may get exposure to other industries like financial services, media, retail, etc.   In addition, the large consulting firm’s provide environments that enable people to utilize a broad range of skills, but also develop specific areas of expertise – this blend could serve you well.

In general, I think you will need to accept that you will initially not have the same level of authority and may not have the same level of compensation, however you need to look at the big picture

Down the road, your experience in the non-profit and your new role should build a skill and experience matrix that will open doors for you and exposure you to bigger leadership roles in larger organizations.

Hope this helps,


Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Leadership, Planning, Position Selection, Skills | Comments Off 

Career Advice Tuesday – “Resisting Temptation”

April 10, 2012

Dear Infosecleaders:

About a year ago I changed information security positions and left the world of internal information security to become an information security consultant.   The year could have not gone any better.  I really enjoy my position, the people I work with, and the company that I work for. 

The consulting position has been “as advertised”.  I have built skills, acquired certifications, and have increased my compensation based on the achievement of utilization targets.  The travel has been manageable and in line with expectations.

That being said, I actively monitor the job boards and I have been seeing some very interesting opportunities that I believe I am qualified for.   The companies that interest me, range from large banks, to progressive high tech companies, and the opportunities sound appealing.

One part of me would like to investigate these opportunities in earnest, while another part of me believes I should stay put, and continue developing my skills in my current environment.

Do you have any advice?




Dear Eve:

The best advice that I often give people is to remain in their current position, and this is the advice that I am going to share with you.

First of all, you seem to enjoy your position.  Your employer has provided you with an environment that has helped you grow your skills, gain exposure to different problems, and compensated you fairly.  In addition, they have delivered on the things that they had promised you – certifications, managed travel, incentive bonuses.  Considering these factors, I cannot see why you would want to leave a role like this, no matter how appealing the postings are on the internet.

Secondly, you have only been in your role for a year’s time, and quite frankly that is not enough time to maximize the benefits of the opportunity.  Now that you have been at your employer for a year, you are more likely to be trusted with bigger projects, more interesting clients, and better leadership opportunities.   Leaving your position now, before you give yourself the opportunity to extract this potential is unfair to you and your career (and your employer).

I also think that after being at a job for only a year, (and leaving it) you provide employers with the opportunity to question your loyalty, decision making, and conviction.

Understand that it is natural to be curious, and these roles may be hard to resist.  My advice is to give your current position at least another six months – and benchmark your progress and development.  If you still feel the same way, and your are interested in looking outside, select one or two opportunities (not more)  and pursue them in earnest.  See what the outcome is, and then benchmark them against the trajectory of your current role.

That should enable you to better determine if you should remain with your employer or move to a new one.  Be careful, because if you decide to move, you should expect to remain at the new employer for at least a period of 2.5 to 3 years –as you do not want to be labeled as a “job hopper”.

If you follow this advice, you can remain in the garden!

Hope this helps,

Lee Kushner

Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Interviewing, Position Selection, Recruiting | Comments Off 

Career Advice Tuesday – “Did I Pull Out Too Early”

April 3, 2012

Dear Infosecleaders:

I am currently engaged in an interview process and I am getting some mixed feelings about the position.  Initially I was a bit hesitant about engaging in the opportunity, but I had the opportunity to meet with the hiring manager, and the meeting was a great success, and we really hit it off, I felt that they could be a great mentor.  In addition, they made the position sound really appealing and more strategic than my initial impression.

After that meeting, I was asked to come back and meet with some other members of the team whom I would be working with.  During that meeting, I received a different interpretation about the role that I would be filling.,  and they made the role seem to be more tactical than I was searching for.   Quite frankly, although I liked the people,   the meeting was a complete turn off and I decided to make a decision to remove myself from consideration.

When the news of my decision got back to the hiring manager, they asked if  I would reconsider, and have lunch, in order to address my concerns. 

I am inclined to not go through with the meeting, as I think it is a bad use of time.  However, I wanted to know what you thought, and if you think that I am making a mistake?


Nolonga Interested


Dear Nolonga:

I think that you are making a mistake.

One of the best pieces of advice that I have ever received is that you always take a meeting, even if you think that the meeting is not going to produce your desired result.  Over the course of fifteen years of working in this industry, I can count a number of times when a job candidate initially decided to end their interview process, only to be convinced to keep an open mind, and hearing out the hiring manager.   In a majority of these occurrences, the candidate went on to accept the position, and greatly accelerated their career.

The opportunity to spend additional time with the hiring manager and potential mentor can only be a good thing.  First of all, since you have already “turned down” the role, you have inadvertently shifted some of the balance of power in the interview process.  You have forced the hiring manager to show their hand, and demonstrate that they want you as part of their team.  This should be able to give you more comfort in the interview process, and enable you to ask questions about career goals, professional development, and mentorship.   You can have a free discussion on the importance of this role, how your skills will be utilized, and if you are successful where this position will lead.

In addition to this, you will also have time to ask the hiring manager why they believe that you are a good match for the role, why they believe these skills are important, and why this roll could be a good accelerator in your career progression.

If you like the hiring manager, you can also pick their brain on their personal experiences and see if you can draw some correlations between your career and theirs (this should show you if the person could be a good mentor).

Another reason to take the meeting is that the second group of people whom you interviewed with might not understand the hiring manager’s vision for the role.  What they may understand the role to be, could be significantly different to how the hiring manager views the role .  It is possible that their vision of the role could be how things “used to be done”, while the hiring manager in recruiting for this position may be searching for a different skill matrix so that the position/function could be elevated and enhanced.  Chances are that your initial read from your interview with  the hiring manager was the correct one

Too many times information security professionals get caught up in the details of a job description and do not look at the big picture for their careers.  It is logical that any role will have a blend of strategic and tactical work – but more important than the “task” – is the person whom you will be working for, as they will be the one who ultimately creates the environment for your success.

Without  a doubt, take the meeting.  You have very little to lose, and  potentially plenty to gain.

Hope this helps,

Lee Kushner

Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Interviewing, Leadership, Networking, Planning, Position Selection, Recruiting | 1 Comment