Career Advice Tuesday – “Programming My Future”

October 23, 2012

Dear Infosecleaders:

I write to you seeking career advice. I graduated from college in 2005 with a B.S. in Computer Science (programming). I was unable to timely find a job in my field of studies, so I accepted an offer to become an IT Auditor. I’ve been an IT Auditor ever since in two different business environments (banking and government).

Because of my background in programming, I absolutely enjoy undertaking tasks that are related to business analytics, data mining, re-performance, etc. However, my current line of work does not require or provide for that. In addition, I have become greatly interested in security, but while I feel that I am very capable of learning effectively and efficiently, I do not have a strong foundation on networks.

In order to push myself to strive for more, I have looked at the option of becoming CISSP certified. However, I am not sure if the SSCP would be a better choice for me based on my knowledge level.

I am currently CISA certified and know that having another, more technical certification, will better position me in my job or others.

What would you suggest? Thanks in advance for your help.

Sincerely,

Programming My Future

 

Dear “Programmer”:

The best suggestion that I have for you is not to pursue any certifications for the sake of positioning yourself in your current role or others.     The certification alone will not help you, finding an environment where your skills are valued for their unique combination is the best way to further your career.

To begin with you have a degree in Computer Science and a background in programming.   Next, you have 5-7 years of real world experience in IT Audit and you are a CISA.  On top of that, you have an interest in security, and you have a history of gravitating to more technical projects.

The combination of these skills and your interests are unique.   Your skills have a great deal of value to an organization who realizes how to utilize them and leverage them for their benefit.

Recently we have been engaged in a number of searches that are looking to find technical information security professionals to work in IT Audit environments.  The primary reason for this is that corporations are recognizing that it is critical for these two business functions to understand each other, and the key to this is to either have audit minded security professionals or technically and security astute IT Auditors.

This being said, it is good that you recognize that your lack of networking experience is a shortcoming and a potential skill gap.  My feeling would be for you to find a way to work on developing this skill and knowledge.  This could begin by reading some books on the topic, taking some vendor based training, and maybe eventually getting a certification that demonstrates and reinforces this knowledge.

If successful, this may be  2-3 year undertaking. If you begin down this road and it “does not take”, then I would suggest you refocus your energies on you’re the enhancement of your strengths – and maybe learn some new programming languages, application security, code review, or other related skills.

If you are interested in learning about some of these blended opportunities, do not hesitate to contact us at LJ Kushner (lee@ljkushner.com) . If you do so, in your e-mail please mention – Career Advice Tuesday!

Hope this helps,

Lee Kushner

Posted by lee | Filed Under Advice, Career Advice Tuesday, Career Investments, Planning, Position Selection, Security Industry, Skills 

Comments

One Response to “Career Advice Tuesday – “Programming My Future””

  1. Full Article on November 2nd, 2012 5:47 pm

    Yes! Finally something about ffdsdfswindowswireless internet
    usb.