Career Advice Tuesday – “ I Have Nothing Against Profit”
April 17, 2012
I am writing to you because I would like some advice on how to make a transition as an Information Security leader from a non-profit entity to a large enterprise.
For the past five years, I have been the Information Security leader for a Non-Profit Healthcare centric entity. In the beginning, the role was exciting, as the company did not have any information security program. Although the opportunity was a challenge for my skill set at the time, I jumped at the opportunity and believe I made the most of the experience. In addition to building the program, I have gotten a masters degree, additional certifications, and made additional career investments.
That being said, the opportunity has run its course. The program that I have led/built is sufficient for the organization’s risk tolerance. I am not able to secure budget for new technology expenditures and due to the economy, we have not replaced the staff that we were forced to let go.
I would like to parlay my leadership skills into a large entity at a leadership level, preferably as a CISO. I believe that the mix of my healthcare knowledge and track record would make me a viable candidate,
Can you suggest a methodology for my search?
Profit is a good thing, and I admire your pursuit of an entity that makes money.
You are correct, the transition that you are attempting to make is indeed a difficult one, however it is not an impossible task. Hopefully, this will give you some ideas on how to leverage your skills.
First of all, you need to understand your most marketable skills and determine what types of organizations they would be appealing to. From your note, three things come to mind -1) you have built a program from inception 2) you have had leadership responsibilities for all facets – giving you broad experience 3) you have experience in healthcare and security issues facing this industry.
You need to accept the fact that you are not going to become the CISO of a Fortune 500 company immediately, but there could be other organizations that could serve as logical places for your skills – and roles that you would be an excellent candidate for.
For example, there are many professional services firms – such as law firms or large groups of physicians who are awakening to the need to establish an information security program – your skills could have value to these types of entities.
You can also look at the healthcare vertical market and look for organizations that have considerable exposure to HIPAA. These could include for profit healthcare firms, biotech, pharmaceuticals, or insurance. Your domain expertise and leadership would be quite applicable. What may be the best fit for you would be to enter into these organizations at a BISO (Business Information Security Officer) – where you could have leadership for a business unit of a larger entity.
Finally, you could always consider professional services – working within one of the larger consulting firm’s information security and privacy consulting practices – could be a good match. Granted you would have to accept travel, but they would be happy to leverage your experience with their healthcare clients, – and in turn you may get exposure to other industries like financial services, media, retail, etc. In addition, the large consulting firm’s provide environments that enable people to utilize a broad range of skills, but also develop specific areas of expertise – this blend could serve you well.
In general, I think you will need to accept that you will initially not have the same level of authority and may not have the same level of compensation, however you need to look at the big picture
Down the road, your experience in the non-profit and your new role should build a skill and experience matrix that will open doors for you and exposure you to bigger leadership roles in larger organizations.
Hope this helps,