Career Advice Tuesday – “Help Me Convert”
March 9, 2010
Dear Infosecleaders:
This past year I began working for a company as a consultant. Although I was pursuing full time employment, the company at that time was not able to add full time headcount, so they offered me an hourly position. This was not my first choice, however the money was really good and the they guaranteed me a minimum amount of hours per month. All in all, I was comfortable with the arrangement so I accepted the role.
Well, do to the need for the information security specific work that I was performing (security event management software implementation) my company was asking me to work 40+ hours a week. This has progressed for the past six months – and the money has been fantastic – almost twice the amount I was earning in my last job.
Last week, I was called into the office by my manager and she told me that they wanted to convert me to a full time employee. Although I will receive benefits, the pay will be about 60% of what I was earning as a consultant.
I believe that this is just too little and I feel that I am being taken advantage of and am inclined to reject their offer. Do you have any advice on how to handle this situation? Do you have any thoughts on what fair pay would be if I were to convert?
Sincerely,
Resiting Conversion
Dear Unwilling Convert:
It is clear that there are two big concerns that you have regarding this matter: your pride and your wallet.
It appears to me that you have a big problem with the way that your employer (contracting firm) has been treating you. From what you have told me, they seem to do what is best for them, as opposed to what is best for you. Unfortunately, this is the nature of a contracting relationship and is typical business practice for firms that utilize information security professionals who consent to this type of business relationship. The fact of the matter is that they are not an employer in the true sense of the world, they hold the contract or contracts that you are working under.
I liken the relationship that you described to the one that a host shares with a parasite – let me explain:
In this relationship, you are the host, and they are the parasite. As long as you are working on their engagements, they are able to make money off of your work (feed off of you). Once you stop working and performing, they will either cease to exist (lose the contract) or find themselves another host (someone else with your skills). However, as you know, if the parasite kills the host, both parties will die, so they have incentive to retain your services and keep both you (and the customer) happy.
Since you have already determined the nature of the relationship, what you have to find is the necessary balance that you require to continue working and feel good about going to work. In the case of a contracting relationship, the more money you earn, the better that you will feel.
The way to do this would be to figure out a fair salary for you to convert to a full time employee or reducing your contract price to ensure that the relationship still works for your contracting firm (employer). The best guidance that I can give you is that contractors are usually compensated at a rate of anywhere between 1.33X and 1.66X of a full time equivalent. If we took the average which is 1.5X that could be the multiplier.
For example - if you are earning 200K as a contractor - a reasonable salary would be $133,333.00. If you are earning 100K as a contractor the reasonable salary would be $66,667.00.
In your note, you stated that your compensation was over 2X the amount of your last full time salary. If that is the case, I can see why the amount that they are paying you is drawing some attention. You also stated that they offered you about 60% of your contract pay - which would make sense if your plugged the numbers into the equation.
I would try to use the parameters that are described above to determine a fair compensation package – either as an employee or as a contractor – whichever way works best for you. You should try to be fair in these discussions, but now that you are a proven “commodity” you have some additional value and you should exploit this with your employer/contract firm, just as they have attempted to exploit your talents by offering you compensation at the lower end of the scale.
Let us know how this turns out.
Hope this helps,
Lee and Mike
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Career Advice Tuesday – “Making The Case For Conference Attendance”
March 2, 2010
Dear Infosecleaders:
I believe that attending information security conferences is an important part of my career development. I see a tremendous value in attending conferences both for myself and for my employer. My problem is that my employer does not believe that attending these events are a valuable use of my time, and he refuses to allocate any additional monies or time for my attendance. I have tried many times to state my case and demonstrate the value of these conferences but these attempts have been quickly dismissed.
The RSA Conference is approaching and I would like to attend. It has been three years since I last attended ( the year before I started my new position) and I would really like to go this year.
Do you have any advice on how I can get there?
Signed,
“Do You Know The Way To RSA”
Dear “Do You Know The Way”:
I am not sure if this advice is going to be helpful for this year’s event, but maybe it can help you get permission to attend future events.
From the situation that you have presented there are a couple of things that are apparent to me: first your boss is a not a fan of conferences and he believes that they are not a good use of time, the second is that you have not done a very good job of articulating and explaining the return on investment in terms that he can endorse and appreciate.
I would first accept the fact that you are most likely not going to change your boss’ mind about the value of conferences (his opinion on conference attendance was probably formed long before he met you), but you may be able to pick and choose your battles and zero in on a select conference to make your case.
In order to do this, I think that you have to understand that there are two potential costs to your employer: the cost for conference attendance (the conference, travel, meals, etc.) and the cost of you not being available that week ( your salary). The first thing that I would do is to determine exactly what this value is (in dollars). When you come up with that number, your job is to demonstrate to your boss how by allowing you to attend, they will be able to recoup that investment. You are going to have to be creative in your approach but I would focus on three areas: knowledge acquisition and transfer, cost/time savings, and retention.
Here are a few ideas on how to articulate this:
Knowledge - you should first demonstrate to your boss the specific knowledge that you are hoping to learn at the conference and illustrate to him how what you learn will enable you address issues that your internal security team is facing. In addition, you can also outline how you will share this information with your other team members as a regular work activity. This can take the form of a “lunch and learn” session where you lead discussions with your information security co-workers. By sharing this information with others, you can make the argument that the cost should actually be divided by the number of all team members. Also, when you lead these sessions, you will be developing your business communication and presentation skills.
Cost Savings – You have to think of how your attendance will save your manager money and time. One of the things you can do is use the time to meet with vendors and to provide a report upon your return of any products that you may be evaluating for corporate use. This will need to be detailed so that your manager will be able to utilize the information to make better purchasing decisions. If you think about how much time it would take your boss to attend all of these meetings, it may be easy to justify.
Employee Retention: This may be your most valuable weapon, however it can also be the most deadly. I think that if you tell your boss that you consider attending conferences as part of your professional development and an element of job satisfaction. You can also inform your boss that your peers at other companies are allowed to attend one conference a year, and you are hoping for the same benefit. In bringing up your peers and policies of their employers, you may want to be careful and tactful in your approach, because your boss may believe that this is an attempt at conference by extortion, However, if you do this in a respectful manner, your boss may look at this as a cost effective way to retain your service and keep you happy in your role.
Although these are many ways that could be helpful to you to gain approval, my best piece of advice would be to fund your conference attendance out of your own pocket and take the necessary vacation if you really want to attend. Since we can no longer count on our employers to fund our career development, we have to take the matter into our own hands. Ultimately you will benefit. It is also great to not have any strings attached to an aspect of your professional development.
In closing, it is quite possible that if you demonstrate to your boss that you are willing to fund this effort yourself and use your personal vacation time, your conviction will serve as an illustration of the importance of conference attendance. After they witness your resolve, maybe they will surprise you and reimburse you somewhat for your efforts.
Hope to see you at RSA in 2011!
Mike and Lee
Career Advice Tuesday -”Unfavorable Reference Hindering My Job Search”
February 23, 2010
Dear Infosecleaders:
I am hoping for some advice on how to deal with a situation that has been hindering my current job search.
From before, I had a ‘career incident’ in 2008. Last week, I got shut out of an excellent Security Architect position because my former agency’s HR head is the only person in the agency who can give a reference for me – none of my former supervisors can, because of the terms of the settlement I signed.
In essence, her ‘neutral’ comments and the fact that the hiring manager was referred to HR when he called, amounted to a red flag, as he told me and the proverbial ‘kiss of death’.
If I’d known the import of signing-away my rights on this, I never would have settled and my attorney sure didn’t help me!
Since hiring managers can’t directly talk to any internal people except the head of HR, how can I get around this roadblock? I’m going to ask HR for a copy of my personnel file so I can have access to all my stellar performance evaluations to present to hiring managers in lieu of direct contact with former supervisors.
It seems my former agency is being malicious because of the settlement and they want to ‘pay me back’.
Thanks for your thoughts!
Signed,
“If you do not have nice things to say ……”
Dear “If you do not have nice things to say”:
Before I begin with your individual advice, I would like to make a point about “termination settlements”. When people leave companies under adverse situations, it is traditional for employers to ask their former employees to sign a release in exchange for a sum of money and a quiet exit.
To be clear, signing this document is to the long term benefit of the employer not the employee.
When you sign this document what you are doing is forfeiting all of your future rights in exchange for a short term payout and benefits. Granted when you are terminated, any monies or additional compensation may help in the short term, but generally speaking this is not a wise decision.
To all those that face this decision, here are two pieces of advice:
1) Seek an attorney that specializes in employment law, so that they can help you understand fully what you are consenting to.
2) Use this opportunity to attach your own contingencies to the agreement that you will be signing. They may or may not do it. But, you never know what your company will agree to, unless you ask them.
Now lets address your current situation:
The first thing that I would do is recognize that you had a problem with your past employer and realize that this can be an issue as you pursue future employment. It appears to me that by asking the question, that you have done this and understand the issue at hand, whatever it may be.
There are two ways to handle this situation that I think can work out to your benefit. The first suggestion that I would make would be to compile a list of references from other employers, peers, and customers that you have worked with in the past. This list of references should include people with significant seniority (CIO, CISO), people who can speak to your character (an industry association, a charitable organization that you have been involved with, clergy) and if possible, in your case, a human resources professional from another employer (since that is the source of your problem). By compiling this list, and presenting it to your future employer, it should show a pattern of professionalism, ethics, and solid work performance. By demonstrating this pattern, you may overpower any one potential ”negative reference” that can surface, and a future employer may treat it as an anomaly. If three (3) is the standard number of references that most people ask for, you may want to provide up to six (6) but not more.
The next piece of advice that I can give you is to be candid with your future employer toward the end of the interview process, and discuss the situation with them. If you decide to do this, I would make sure that you accept accountability for your actions and demonstrate how you have grown since the “incident”. You have learned that they are not going to hear the entire account when they call your past employer, so by proactively explaining this, you will have taken the mystery out of the situation. Your future employer can now make a more informed decision about how to treat your candidacy.
I have found that as a rule, that employers are much more understanding when an employee proactively addresses a potential “red flag” in their background or work history, as opposed to having it discovered through another channel.
Let me caution you by saying that these actions will be helpful but they may not be fool proof. In today’s economic conditions, hiring managers are being extra careful about the risks that they are taking in hiring new employees,since bad judgment could lead to their own career incident! In a competitive situation where you possess similar skills and experiences as other candidates, this situation may be a “deal killer”.
Hopefully, your future employer will make their decision based on your entire body of work, not just one isolated incident.
Hope this helps,
Lee and Mike
Career Advice Tuesday – “My Manager Won’t Let Me Go”
February 16, 2010
Dear Infosecleaders:
I’m currently working as a system administrator in huge networked environment. Good place, good team, fair compensation. Although I have enjoyed my current position, I am getting burnt out on doing systems administration and operations work. My passion lies in security and recently I received an invitation to join the information security team, that I accepted.
However my boss (operations head) wont’ let me go easily. And he told me: “If you think this is the right move I won’t stand in your way”.
I attempted to tell him that this is my passion and what I like to do. However he keeps giving me new projects and new work thinking that I will get the idea out of my mind. He is wrong. The more work that he gives me, the more frustrated I become.
I really would like need some advice in demonstrating to my current boss that a move into information security is both a good move for me and a good move for the company.
How can I go about doing this is a way that will accomplish my goal and not hurt his pride?
Signed,
“Career Captive”
Dear “Career Captive”:
I appreciate your sense of loyalty to your manager but I want you to understand that he has made it clear that he is more concerned with his own career than yours. As soon as you become aware that he is not looking out for your personal best interests, I believer the more comfortable you will become in being more direct about your intentions to transition to information security.
The bottom line here is that information security is your passion. You have been rewarded (by the company) for doing a good job in operations, by getting the opportunity to transition to information security. It is clear that there is someone (positioned higher than your boss) that understands the value of good employees and the cost of losing them. I think that it is time that you made your manager aware of this, in a more direct, and clear manner.
The first thing that I want you to do is to set up a meeting with your manager during non work business hours. This can be in the early AM, lunch time (if you go to a place off campus), or after work – whatever your manager prefers. Prior to this meeting, I want you to write a letter that explains your contributions to the company and your current team. In that letter I want you to explain your career goals and your passion for information security.
When the meeting comes, you should begin the meeting by saying that you have been very disappointed by his recent demands and his attempts for holding you back. (This will be difficult, but lets face it the first time you tried it did not sink in.) You should explain to him that out of respect for him, you have delayed your transition, but out of respect for you, he should allow it to happen and support your efforts. At this time, you can reference all of the recent successes that you have had working for him and the company in your operations role. You can then explain to your manager that if the internal transfer opportunity did not come about, you were going to begin to look outside the company for an information security role. The internal transfer enables you to stay with the company (a good thing for everyone) and pursue your career goals and passions (which is a good thing for everyone – but him). At this time, he should realize this, and provide you his blessings. If he does not, this is where you can hand him the hand written note. A handwritten note is a powerful tool – it is more permanent than e-mail Ask him to read it at night, and see if it changes his mind the next day.
At the end of this exercise, if this does not sink in, and he does not provide you with his blessing to transition, I would get the new manager involved. I would explain to your new manager that he needs to step in to expedite your transition to the information security team. I am pretty confident that this should end your time in “career purgatory”.
Also, as a side note, good for you to transition your career from systems administration/ops to security – you have built a great foundation of skills for an information security professional. We have seen many talented information security professionals begin their careers this way!
Hope this helps,
Lee and Mike
Career Advice Tuesday – “Indentured Servitude By Tuition Reimbursement”
February 9, 2010
Dear InfoSec Leaders:
I am looking for some advice about funding an investment in my career. Let me explain the situation. I am a technical information security professional that has been striving to transition my career to become more of an Information Security business leader. I have identified getting an MBA from a good school as part of that goal. The cost of this investment is about $75,000 plus my time. At this point, I am willing to commit the time, but the cost is a bit prohibitive. One way that I have thought about supplementing the cost was to find an employer that is willing to provide tuition reimbursement as part of their benefit program, since my current employer does not.
Well, after months of searching I have found an employer that has such a program and a role that is suited to help me accomplish a near term career goal. (That is the good part.)
Here lies the catch. First, the position is a good one for my career now, but I do not see more than a 3 year life expectancy for me in the company or the role for various reasons. The 3 years will enable me the time to begin and complete my MBA program. However, the tuition reimbursement program will require me to reimburse my employer the amount of the tuition if I leave the company any time within 2 years of participation.
If my plan plays out, and I remain for 3 years, I will owe my employer about $50,000. If I do not want to reimburse my employer, I will have to remain for an additional 2 years - which may cause me to miss out on career opportunities that my MBA and my experience will have prepared me for.
Can you advise me on how I should proceed with my career and if I should accept this new role or not?
Regards,
“Indentured Servant”
Dear “Indentured Servant”:
Let me first applaud you for clearly thinking about your career and attempting to plan your career in a logical fashion. It is great that you have taken the time to look at your new employment situation from all angles – the pros and the cons – prior to making this decision.
Here are the questions that you should ask yourself:
1) If the new employer did not offer tuition reimbursement would I accept the position?
By removing the added benefit from the equation you can look at the job without prejudice which will provide you a good foundation for your decision.
2) Is it possible that I will remain at the company for more than 3 years?
I find it very interesting that before you have even accepted your new position you have already predetermined your exit. I am not sure that this is fair to you, your career, or your employer. If you do accept the position, one of your goals could be to create a career opportunity that will provide you with leadership opportunities that go beyond three years. Even if the role lasts 4 years, you would have saved $25,000 more than you had originally planned.
3) Would I be willing to pay $50,000 for the MBA program that you have been accepted to?
In this day and age, $50,000 for an MBA from a well respected university seems to be a good deal. However, I think that the item that you have to make peace with is the fact that you may be on the hook for $50,000 if you decide to leave your company during that time. One way you can look at this, will be how quickly will this added MBA credential enable you to recoup your investment (in terms of compensation). You may want to get outside advice so that you have a realistic expectation. You should get comfortable with the required time frame.
Whatever you do, do not go into this thinking that your future employer will reimburse these monies – and if they do, it will most likely be under the same “indentured servant” contract conditions.
Here are some other things to think about:
If you do leave the employer how quickly will they require you to pay the money back?
If you have to pay it back immediately, you will need to plan to save a certain portion of your income.
What are the tax implications of accepting tuition reimbursement?
Seek professional advice from your accountant.
How will your salary increases/bonuses be affected by this benefit?
For example, if they know you can not afford to leave, they may take advantage of the situation (there is no real way of knowing – so you need to come to peace with this).
In general, my belief is that if you want to pursue your MBA (or any career investment) do so because you believe in its value. If you can find someone to pay for it – even better.
Tuition reimbursement programs can be an excellent benefit, provided that you do not allow them to turn into an albatross that hinders your career growth.
Hope this helps,
Lee and Mike
Career Advice Tuesday – “Career Rebuild”
February 2, 2010
Dear Infosecleaders:
I have more than 15 years of experience in the IT Application Development area. As part of my career, I was an ’Applications Solution Architect’ as well. I am seeking to switch into IT Security area. How do I go about and where do I start? I do not want to give up my existing experience, I want to do some which will complement my App dev and Architect experience.
One person suggested getting a CISSP. Another suggested that I begin wtih some penetration testing, gravitate toward wireless security and then take the CISSP.
Can you please advise me on how I should go about rebuilding my career with a focus on information security. I am unemployed now and I could really use some sound advice.
Signed,
“Career Re-Builder”
Dear “Re-Builder”:
When anyone who has 15 years of work experience thinks about making a career transition, the best advice is to attempt to leverage your past experience the best way possible. You state that you have spent your first 15 years as an application developer and application architect – so figure out a way to use those skills – and apply them to information security.
There are many information security roles that focus on the broad topic of “application security” – I would try to figure out which of these roles would best utilize your past experiences. After I understood where the needs were, I would do all that I could to learn about security concepts that are critical to succeed in these roles. I would then aggressively pursue these roles and companies that are attempting to solve these problems.
You may also consider to apply for pure application development roles that have an information security component. These particular roles will allow you to hone and develop your information security skills so that in the future you may be able to attain a role that is 100% security centric.
One thing that is great about security is that it touches all areas of technology. The fact that you have deep experience in application development (coupled with your new security knowledge) may place you at an advantage when competing against others that do not possess your depth of application development subject matter knowledge.
As you get settled and back on your feet, you can always go after a CISSP or maybe a SANS certification to provide you with additional credentials if that is your desire. However, before you spend money and time on any certification, make sure that it is geared toward a subject matter that you would like to learn more about and enhance your new career direction.
Hope this helps,
Lee and Mike
Career Advice Tuesday – “Feeling Short-Changed”
January 12, 2010
Dear Mike and Lee:
I would like to let you both know about a situation that I just experienced, in the hope that you can propose some advice so that others do not suffer the same fate.
I am an experienced information security leader and am a direct report to the CSO of my current company, a large Financial Services firm. Recently, I was approached by an internal recruiter of another company searching for a CISO. I believed that it was a good opportunity, and my next logical career step so I decided to pursue. Early in my conversations with the internal recruiter, the subject of compensation came up. I shared with the recruiter my current compensation (all components – base salary, bonus, and equity) and they told me that my compensation was in line with their expectations.
I then proceeded to go through a series of seven different interviews and I met with many senior executives of the potential new company. Due to scheduling, this process consumed about 10 weeks, and I utilized 4 vacation days to make the interviews happen. After the final interview, I received a call to inform me that I had been selected and an offer would be formulated. I was very excited.
I received a call from the HR/internal recruiter the next day with the verbal offer. To my dismay, the total compensation package was well below my current levels. I asked if the offer was correct, and they said it was. I informed the HR person that this was unacceptable and I was surprised considering the assurances that I was provided. The HR person went back to “sweeten the pot”, but even then the second offer was substandard.
In the end, I declined the position and felt that my time had been wasted, and I left upset because I felt that I could have done something different. Can you suggest some ways that I (and others) could avoid this situation in the future?
Sincerely,
“Feeling Short Changed”
Dear “Short Changed”:
Compensation is always a sticky subject especially during the initial courting stage. As in your case, discussing compensation early on, prior to undertaking a job search, is an important step in determining baselines and starting points. I believe that you did the right thing by informing your suitor the value of your compensation. I strongly believe ( and as you later found out) there is not any reason to invest the time in an interview process if there is not a possibility of a mutually beneficial outcome.
As far as what you could have done differently, I think there are a couple of things. First is that you could have attempted to get some advice earlier on in the process, from someone who was a bit removed from the process and had some real experience negotiating an employment contract. This could have been helpful because it may have provided you some perspective and with an idea of how the “new company” would value your compensation. Sometimes, the way that an individual values their bonus and their equity is different then an outsider would value it. (Salary is pretty black and white)
The other thing that you may have done differently is to discuss compensation at different points, as you got deeper involved in the interview process and interest began to grow. Since you did not have an advocate working for you, you had to rely on the internal corporate recruiter to represent your interests – which is a contradiction becasue they work for the company (not you). Realizing that compensation is a delicate item, and that you do not want to appear purely motivated by money, you need to be tactful in your approach.
One way to go about doing this is initially by sending a friendly e-mail to the human resources/internal recruiter in writing that begins to outline your expectations. The initial e-mails can be general, and sometimes they can just serve as documentation of your original discussion. The reason that you put things in e-mail is because they can be referenced and forwarded. It makes everyone accountable.
As you go on in the process, and interest is increased you can become more specific, becoming a bit more assertive and specific in your approach. Your e-mail can state that you are hopeful that the process will conclude positively for both parties and that you want to make sure that both parties are on the same page as you continue to move forward. Again, this provides an additional data point, and begins to discuss not only your baselines, but what it would take for you to accept the position. You may also decide to include the hiring manager on the e-mail if you feel comfortable.
Finally, as you near the end of the interview process and get to the last interviews, you should begin to have a better sense of comfort with the people you will be working with. At that time, you can ask them questions about components of the compensation and the history of achieving these milestones (bonus, equity, other). You can also close those discussions by stating that on a “number of occasions” you have shared with the internal recruiter/HR professional your compensation expectations.
At the end, what you have done is build a case for yourself during your interview process. More importantly your case will have gotten stronger as the interview process has progressed. If you communicate this clearly (and in writing) the internal recruiter will have some explaining to do for wasting the hiring manager and other executives time, if your candidacy can not be brought to closure.
In general, we often are afraid of discussing compensation, and we should not. If compensation is a main criteria, you have to be assertive and tactful in discussing it.
Hopefully it will work out better next time.
Mike and Lee
P.S. Sorry about the lost vacation – however there are always some opportunity costs in pursuing your career goals.
Career Advice Tuesday – “Reflection”
January 5, 2010
Dear Mike and Lee:
I have spent the past two weeks reflecting on both my career as an information security professional and my life in general, and I am hoping for some advice.
I have spent the past six years of my career as an information security consultant, primarily perfoming penetration tests. My first 2 years were performing network pen test, and my next 4 years have been performing Web-App pen tests. I have traveled to some fun places, met some very smart people, and have had the chance to do a bunch of “cool work’ (we’ll leave it at that).
I am now close to 30. My friends outside of the industry are beginning to settle down, have families, advance in their field, and have “normal lives”. Granted, I would not trade my past experiences for theirs (I am the interesting one when we all get together), but I will admit that I am getting a bit envious.
The last two weeks I have given some thought about changing my career, and my life for that matter – but I am not sure where to begin and what I am truly qualified to do (beyond pen testing). I do not want to earn less money and I do not want a boring job – can you give me some advice.
Signed,
At a Crossroads
Dear Crossroads:
I am glad that your time of reflection provided you with a clear direction.
Congratulations, you are on the right path! You have identified your problem and are ready to make some adjustments to accomplish your short term goal. I think that there are many people out there that believe that their career problems will just go away without any effort. You have a journey ahead of you, but at least you know where you want to head – and that is the most important part of the battle.
I will be candid with you, the life of a security consultant/penetration tester is an exciting one, for the reasons that you outlined. When you are young, and responsible to only yourself, it is a great way to see the world, get exposure, and meet all types of people. However, the trade off for all of the frequent flier miles, the hotel reward points, and the atypical hours - are the regular aspects of life ( that it appears that your friends enjoy). The fact is that you most likely will never experience this type of “professional thrill” again in your career – will be something you should be willing to accept before your transition.
Once you have accepted this, you have to plan your transition. I think that it is important to understand that just because you have come to this personal revelation over the past 2 weeks – it does not mean that finding nirvana will be as quick of a journey.
A career transition usually takes some time – especially if you are looking for an opportunity that is a departure from your current role. (For example – I am sure that you could find a pen testing/consulting job in less than 30 days). You also may have to come to grips with the fact that you will have to accept a more junior role, take orders for someone less qualified then you, or take a reduction in pay – to achieve the lifestyle that you desire. However, this is up to you.
One of my favorite quotes is that “Life is always a series of trade-offs.” You will have to figure out which ones are worth making.
You should think of the skills that you already possess and can apply to the position (and environment) that you would ultimately like to be in. Whatever those skills are, you should spend the time developing, refining, and enhancing them. You should also be using this time to reach out to your professional network and past clients ( in environments that interest you) and see if they have opportunities that would align with your new career direction.
The best pieces of advice that I can give to you are as follows:
1) Remain Focused on your Goal (This will be harder the longer it takes)
2) Do Not Settle For New Position Where You Will Be Miserable (This will be easier the longer it takes)
Hope this helps,
Lee and Mike
Career Advice Tuesday – New Year’s
December 29, 2009
Due to the holiday, the number of questions we received in the last week has been pretty light. So, instead of doing a question this week, we’re going to do a quick post on the year end.
First, let me say that I hate New Year’s “Resolutions” – the idea of becoming resolute based on a date is a recipe for failure. (And research shows that 78% fail in that)
But the end of the year is often a good time for planning and thinking. It’s a time of year spent around family and a time where work in our industry often takes a slight lull. And Lee and I both use this time to take stock of our lives and our plans for the coming year.
So, we’d urge you to make this a time for career planning. As we said in our Defcon talk, our survey from last year showed that career planning matters – those with a written career plan are about 25% more likely to make more than $120K/year than those that don’t have a plan.
As far as what we’re planning for 2010, you can expect a lot from InfoSecLeaders. The results for that survey will be fully available in the immediate future, as well as a bunch more surveys in the coming months. Additionally, we’ll be continuing our articles in Search Security and be announcing other relationships with other publications. We’ll be speaking at conferences. And we’ll be releasing more online courses (like our Career Incident Response Series) soon as well.
And Career Advice Tuesday will continue. Ask your questions here.
Career Advice Tuesday – ” The Waiting Is The Hardest Part”
December 22, 2009
Dear Infosecleaders:
As I am writing to you, I find myself in the middle of an interview process and I am hoping for some advice.
Let me describe my process to you thus far – first I had a phone interview with the human resources person, then I had a phone conversation with a person to gauge my information security experience, I then had a phone conversation with the head of the information security consulting practice. At the conclusion of the phone conversation with the hiring manager (the consulting leader) , I was told that I had performed well, and I would be hearing from the internal recruitment person to coordinate an in-house visit.
As I write to you, I am now on my tenth day of waiting, and I have not heard a response. I have placed phone calls to the human resources person, I have sent e-mails to the hiring manager, I have even tried contacting a “Linked IN” acquaintance about trying to help me.
None of these angles have worked and now I am writing you guys for help.
Can you give me any advice on how to handle this situation? Should I write them off completely? Any guidance you guys can give me would be appreciated.
Sincerely,
Tom Petty
Dear “Tom Petty”:
I would tell you first that I believe that you have done everything correctly and within the bounds of expectations to show your interest in the opportunity and your intent to continue on in the interview process with this company. The fact that none of your overtures have been returned can be interpreted in one of two ways – “lack of interest” or “rudeness.”
If they are not interested in your candidacy, I would think that at the very least they would be able to communicate to you their reasoning for ending your interview process and provide you with the simple courtesy of closure. Many times, people involved in the interview process are not comfortable in providing bad news, or direct negative feedback. They believe that by withholding this information, they are doing you a favor. However, what they do not realize is that “interview purgatory” is a lot worse than providing you the closure that you need to forget about the opportunity, develop your interview skills, and move on to exploring other options.
On the other hand, if all of the parties that you interacted with have not returned your voice mails or responded to your e-mails, that is purely a sign of rudeness and a good inclination of how you would be treated and communicated with if you were to go to work at the company. If they exhibit this poor behavior while they are courting you, can you imagine how you will be treated once you have already committed to join them.
Consider the fact that you are able to witness this behavior prior to joining them as a blessing.
At this point, even if they come back to you and apologize for their behavior, I would think really hard about reengaging in an interview process and entertaining employment. If they are coming back to you after a long pause, (without any communication) you were most likely a second or third option, and they are only coming back to you because they have been rejected by the others.
Our best advice is to move on and find a company that deserves you and will treat you with some professional courtesy. The information security community is a small place, and it does not take much for a company to acquire a bad reputation for how they treat people in the interview process.
Hope this helps,
Lee and Mike