Career Advice Tuesday – Special Addition – Live At Black Hat – Your Questions Are Welcomed
July 26, 2010
On Thursday, July 29th, at The Black Hat Briefings, we are presenting a live version of “Career Advice Tuesday” at the conference. The session, “Things You Wanted To Know, But Were Afraid to Ask, About Managing Your Information Security Career”, will enable any attendee to have their career questions answered directly. It is a part of the Special Events Track, in Forum 25, from 1:45 – 3:00PM.
During the session, we will address any career related topic. It will be completely up to the audience – there are not any boundaries.
Topics covered will include the following:
Career Planning
Career Investment Strategies
Position Selection
Networking and Personal Branding
Interview Tips and Techniques
Compensation Negotiation
Employee/Employer Relations
We realize that many of our readers are attending the conference, but may elect to attend a different session or may want to ask their question anonymously. If this is the case, we welcome you to submit your question to the website, and include in your question that you will be in attendance at Black Hat. We will do our best to have your questions answered during the session. All questions that are asked, during the presentation or via the website, will be transcribed and featured in future Career Advice Tuesday’s.
We will return next week with an enhanced version of our regular Career Advice Tuesday segment.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Career Advice Tuesday – “Advice on Negotiating Compensation”
July 13, 2010
Dear Infosecleaders:
I’m an avid follower of your blog, and have enjoyed the security career planning sessions you have presented at the last few DEFCONs. I thought this question, and your thoughts on the topic, may be of interest to the broader community, especially given the amount of job movement I see going on in the security field today.
I’m progressing through the interview process and hope to soon have an offer in hand. I’d really like to work for this company, assuming the compensation is right. From a negotiating perspective, I feel like I am in a position of strength for a couple reasons. One is that I’m relatively comfortable where I am – good job with good compensation, challenges, career advancement, etc. I don’t have to go anywhere if the parameters aren’t favorable. In addition, my combination of skills is in demand, and is particularly needed by this company at this time.
What advice would you offer someone about to enter the compensation negotiation phase of the job search? How can I maximize my financial compensation without straining the relationship with my potential future boss? From your perspectives, what works, and what should be avoided?
The Negotiator
Dear “Negotiator”:
Thanks for the question and we are glad that you enjoy the blog. Before I address your questions on how to handle your negotiation, I would like to begin by asking you to think about your personal motivations, by asking yourself the following questions:
1) Independent of money, what will you gain from this position that you do not have in your current role?
2)If the jobs paid the same and you had no history at your current employer which position would you rather have? Why?
3) Does this new company want your skills, or do they want you?
Now for the advice -
The first thing that I would do in this situation is to communicate to my new hiring manager that you do want role and to be clear that if the compensation is acceptable that you will accept the position. What this will do is to confirm your interest, and let the hiring manager know that if they are able to meet your requests they will be able to bring you on board. This will provide them with the necessary information to make a business decision regarding the value of your skill.
The next thing that I would do is to determine what salary amount you would require to change positions. In determining this amount, I would use logic in selecting this number. The first data point that I would utilize is my current compensation – which should serve as a starting point. I would then try to speak with some of my peers, with similar positions/experiences at similar types of companies (in similar locations), to better understand the market value for my skills. Then I would try to figure out what kind of premium I would expect to leave my “comfortable, challenging, progressive, and fairly compensated” current role.
As soon as I determined that number, I would set up either a phone conversation or an in person meeting with my suitor and provide them with both the salary that you require and your logic behind arriving at your number. By providing the logic behind your thought process, it will give insight into your framework for making decisions. It should also demonstrate your judgment, reasoning ability, and appreciation for fairness. This should provide reinforcement to your future employer that they are making a good decision by attempting to hire you into their company.
When having this discussion you should avoid saying things that make it appear that you are playing hard to get. For example you should not say things like, “ I was not really looking”, or “You called me, I did not call you”, or “I am perfectly happy where I am at” – saying any of these things can make it look like you are not interested in the position and only interested in the money. It can also make it appear to your potential employer that you are not sincere about your intentions – and are on a fishing expedition.
When you provide your employer with the number, and if they come back with offer terms that meet your demands, your should accept the position immediately, without any hesitation. This will demonstrate that your word is good – and that you are honorable. I would definitely avoid making any last minute requests once agreement has been reached. In my experience, this is a sure fire way to sour the relationship between you and your new manager.
In closing, I think that if you are at the stage of negotiating compensation, you should be at point where you have arrived at the decision that you want the new position. If you are in doubt, the best advice that I could give to you would be to thank the potential new employer for their interest, and ask them if you could keep the door open for the future.
If they resist, it is more likely that they are only interested in your skill. If they consent, it is more than likely that they are interested in you!
Hope this helps,
Lee and Mike
Career Advice Tuesday – “Referral Bonus Etiquette”
July 6, 2010
Dear Infosecleaders:
I am not sure if this falls into the advice category, but I am hoping that you may provide me with some guidance. Here is the situation:
I was recently recruited to a new position by a former manager. He just landed an information security director role with a new company, and part of his position was to build a team. We had worked together before, and it was a good professional experience. I went through an abbreviated interview process, and was offered the position. When the offer came, I was a little underwhelmed. Considering that I was a known commodity, and I was hand-picked by my manager.
I called my manager to discuss my options and concern. He told me that he would check and see what he could do. In the end, he was not able to make any adjustments based upon their internal compensation scale. I asked for salary, sign-on bonus, stock, vacation days – and every request was met by a dead end. In the end, I decided to accept the position knowing that the job was good, and I had grown in the environment that my manager had created. I was comfortable with my decision and I made peace with my disappointment surrounding the compensation.
When I began work, I sat through the HR presentation in orientation and I learned that the company had a policy to pay referral bonuses for incoming employees. The bonus associated with employees at my compensation level was about 5K. I was also told that managers are eligible for this bonus.
After learning this I was upset. It was confusing to learn that my manager had profited from my hiring, especially when he knew that I was unhappy with my compensation. Given the fact that he earned 5K for bringing me on board, I thought that at most, he could have asked HR to transfer this recruitment bonus to a sign-on bonus, or at least offer to split the amount in half (2.5K each) considering that he would ultimately benefit from my work product.
Can you provide me with some advice.
Signed,
Feeling Cheated
Dear Feeling Cheated:
I believe that your feelings are quite valid and I think that you have every right to be upset, considering that you sacrificed and your manager profited.
Although your feelings are correct, let me share some things about standard professional etiquette in these types of situations:
1) Managers should not received recruiting bonuses for building their teams.
By definition, team building is a component of being a manager. This includes all aspects of team building – recruitment, training, development, retention, and succession planning. Even if it is offered, for your manager to accept these monies is poor judgment on his behalf. This type of decision does not reflect management level thinking or actions.
As it relates to your situation, I think that this lack of judgment is magnified. Considering that you attempted to negotiate a better compensation package, your manager should have recognized that your hiring may have been in jeopardy. A savvy manager would have worked with HR to secure an additional 5K in sign on money – even if it meant surrendering it from his own personal compensation.
2) The handling of referral bonuses.
My belief is that in any professional relationship that requires equal participation by two parties, that the consideration should be equal to both parties. This particularly holds true in a scenario where a “Referral Bonus” is offered. I think that if a referral bonus is offered by a company, and you reach out to a professional friend to “refer” them to the position, then you should be willing to split the financial reward with your professional friend.
One thing that people may consider when they do this the amount of the reward and the depth of their friendship with the other party. For example, if the relationship is important to you, and the role does not work out, then it is possible that your friendship could be damaged and potentially destroyed. If someone takes a position because of you, you may feel a certain amount of obligation and responsibility, if you profit from the event. You have to determine if the risk is worth the reward.
If you are offered a referral bonus, you may want to have a conversation with the person that you are referring and set up some guidelines for the relationship. This way, both parties can fully understand the boundaries of the relationship and be comfortable with their individual obligations and risk.
I believe that if your manager had had this conversation with you, you would not be experiencing the same feelings that you have right now. If the relationship that you had with your manager is good enough to accept a job based on his suggestion, then I think that you should confront him with how you feel, and see if he can provide you with some resolution.
Generally, referral bonuses are tied to a minimum duration of employment. If you leave within 90 days, chances are he would have to return the referral bonus. Since we have already determined that he is motivated by money, now all you have to do is negotiate the price.
Let us know how this works out for you.
MIke and Lee
Career Advice Tuesday – “Don’t Quit Your Day Job!”
June 29, 2010
Career Advice Tuesday – “Access Denied”
June 22, 2010
Dear Infosecleaders:
A few months ago I accepted an IT Security job with an organization I will refer to as company X. In my interview process I was asked a number of very technical questions, as well as questions regarding my experience with policy. The position is a brand new position, having never had a dedicated security person. Traditionally the network group has managed these tasks and have implemented a number of effective technical security controls with serious gaps on the policy, process maturity, security testing and risk management side of the house. I accepted the position after reviewing the position description as it was a more purely security focused role than my previous job and it appeared from the description that I would be engaged in a security operations role.
Unknown to me, this position was originally slated to report to the network manager and was reworked to report to another group within IT that is more focused on administrative tasks. Having started the new position several months ago, I have still not been granted access to the resources I need to do my job as laid out in my position description and it appears that the network group would like me to be a policy drone. The network manager is very overprotective, and since I do not report to him, he sees me as a threat to his network dominance.
I have been unable to garner management support to push the issue as his superiors find themselves in a position where he is the sole source of much of the knowledge about the environment and are afraid if they upset him he will leave. he has threatened to do so in the past and they have caved in to his every demand. Even for his own staff, the vetting period before he trusts them enough for access seems to be in the neighborhood of 3 to 5 years. One network admin I spoke to had been there for 5 years and did not have the passwords for the switches, access points or routers. The network manager would change a password temporarily, grant access to the admin, and then change them back when the work was done. To make things worse, his level of understanding of technology is very outdated and his lack of faith in the technical staff and his extreme reliance on contractors and VAR guidance has lead to some questionable purchases. I see great potential in this position for a number of reasons, but this is a major roadblock for me.
If you could help me out I’d be most appreciative.
Sincerely,
“Access Denied”
Dear “Access Denied”
It appears to us that you find yourself in a position where the position that you felt that you were originally signing up for is not the one that your encoutered when you began working. Unfortunately, you are not alone – many information security professionals fall victim to this for a variety of reason – some within their control and some outside of it.
The first thing that we can give you credit for is assessing the situation and understanding the lay of the land. It appears that you have identified your major issue, the person who holds the key to your job satisfaction, and the obstacles that you may need to overcome in order to recognize the full value in your current opportunity.
Here is some advice on how to handle them:
1) Your issue – You are having a hard time getting the support and resources that you need to do your job – and your employer wants to limit your influence.
The best advice we can give on this is to focus on the tasks that you are given and do an outstanding job. In doing this, you will demonstrate to everyone your level of competence and the quality of your work. You will begin building your internal brand as someone who is a “credible resource” and people will respect your thoughts and decisions – especially upper management. By building the credibility, you should find yourself in a position where the “controlling” network manager may be forced to grant you some access and listen to your opinions.
2) The Person – The overprotective network manager
Like it or not, you are going to have to adapt your style to work with this person – if you have any desire to remain at the company. We all have to deal with difficult people in our jobs, our success and satisfaction is often determined by the way that we handle these relationships and figure out ways to have them work to our advantage. It becomes a simple case of, “if you can’t beat ‘em, join ‘em.”
Our advice would be to go out of your way to be helpful to the “network manager”, and perform this work on his terms. Regardless of your opinion, you should defer to his and demonstrate both loyalty and value. At some point, you will gain their confidence and build some level of trust. At that time, he may begin to be receptive to your ideas and grant you access, considering he will believe that your intentions are pure.
This is going to take time and a concentrated effort. You will have frustrations and you may have to bite your tongue, but only you will be able to determine if the value of the opportunity is worth the work. You may begin attempting this, and get frustrated. If you do and decide that this is more trouble than it is worth, you should begin to look for another position. But you owe it to yourself and your career to give this your best shot.
One thing that I think you need to accept is that you are not going to change anyone who is set in their ways and their personality. You may be able to change some of their behaviors – but that will only happen if they see a personal benefit to their own job and success.
It would be good to look at your sitaution as an opoortunity for personal growth to see if you can change the culture of the organization and build a relationship of mutual respect between yourself and the network manager.
Good luck – hopefully you will get the result and the access that you desire to make your role a success.
Mike and Lee
Career Advice Tuesday – My Specialty
June 15, 2010
This one didn’t come in via email but through a conversation I was having with someone I was coaching through some career questions….
“I want to be a penetration tester, but I’m not sure what I should specialize in within the field. I mean, should I be a network penetration tester, a web app penetration tester? Perhaps focus on physical penetration testing and social engineering?
How do I decide what to focus on? How do I know what I want to be when I grow up?”
My answer was exactly the opposite of what Anton said in a post a few months ago:
“Don’t specialize. At least, not yet.”
I find far too many people in this industry try to specialize in something very narrow early in their careers. Here’s the thing: for the first few years of your career, you’re still attempting to learn about the field you’re in and how your personal aptitudes, skills and desires fit within that career. The person who I was giving advice to has been around long enough to figure out that he likes breaking in to things, but he’s still figuring out what he wants to do with that. And people around him are already pushing him toward a specialty within an already narrow part of this industry.
Here’s the trick (and Anton did call this out): penetration testing is a relatively specialized part of the security industry. And, at least for the first few years, I (as someone who runs a company that does penetration tests and a site that trains penetration testers) want to see someone gather a whole lot of skills.
One of my biggest frustrations in hiring testers is to find that they’re only useful on a very small number of engagements. For example, the tester who is amazing at running network and system penetration tests but couldn’t find a cross-site scripting hole in a web server to save her life. Or the tester who knows web apps backwards and forwards but can’t explain how TCP/IP works.
In my experience, it’s almost always easier to gather a significant amount of general knowledge and then specialize than it is to acquire a deep specialty in an area and attempt to generalize afterwards. So, my advice to my friend was this:
While you’re still early in your career, spend at least a year or two gathering experience in many different areas of the field. At some point, as you gather that experience, you may find yourself gravitating to a specialty – but you can’t possibly know what that specialty will be until you’ve got enough experience in all of the facets of penetration testing to give you enough experience to get over the awkwardness of the initial learning within those facets.
Of course, if you’re not a penetration tester, that advice doesn’t apply to you. ;-)
Career Advice Tuesday – “Circumventing the Chain of Command”
June 8, 2010
Dear Infosec Leaders:
The time I’ve been with my company, I can absolutely state that I am very comfortable interacting with my boss. The only challenge I and several others in my department have had with him is his ability to do what he says he will do. This behavior has unfortunately spread to other areas that rely on his support and leadership and have also started to complain about his lack of leadership, support and strategic engagement.
On several occasions I have tried emphasizing to him (note that I have stressed this in the collective vs. pointing him out as the sole problem) that people are not happy with our department as a service provider to the company due to a lack of execution. He also received his leadership survey results a few months ago which made him feel very bad but he saw it through and tried to make some changes…the changes lasted for a few weeks then started to dwindle again.
Recently I felt trapped as I started to get a lot of heat from the rest of the business and decided to finally go to my boss’s boss (my second level manager) and asked him for advice and hopefully provide some advice and guidance to my boss to finally rectify these issues. My intentions were purely supportive and not vindictive in any way.
At this stage my second level manger has decided to be straight with my boss and tell him that his own department had expressed concerns about his lack of execution (which makes me nervous but understand he needs the feedback directly) which mirrors other complaints he (my boss’s boss) has received from the rest of the company. I know this is the right thing to do, but wonder if it was the best thing to do…it had to be done, otherwise my boss (who I think highly of as a person) would eventually fail which none of us want for him.
Did I do the right thing by eventually going to my second-level manager?
Look forward to any thoughts you may have for me.
Sincerely,
“Over His Head”
Dear “Over His Head”:
We appreciate your question, but it can be interpreted to mean two different things, so allow us to address them in this manner – and rephrase the question.
1) As it relates to the effectiveness of our information security function, did I do the right thing by going over my bosses’ head?
If this is the reason for your actions then we would be inclined to confirm your actions and assert that you did do the right thing. It appears that in listening to your situation that your direct manager is a nice guy, but he an ineffective leader, and is in the process of losing his team. Going to your “second level manager”, to make them aware of the situation probably will have a positive impact on the security of your company’s information, and may provide your direct manager with the chance of saving their job. However, it appears that from what you have explained, it is recognized throughout the company that he is not capable of leading the information security organization, it is my feeling that his days may be numbered, independent of your actions.
2) Did I do the right thing by my manager, by going over his head, and speaking with my second level manager?
The answer to this question is clear, NO! I do believe that by circumventing your boss and going over his head, will have consequences for both you and your boss in the context of your current organization. As it relates to your boss, your circumvention of the “chain of command” reveals his inability to lead your organization and communicate with his team. I think that if I was your manager, I would be looking for another position.
In addition, I believe that your manager will have a difficult time in trusting you in the future. If he remains with the company in his current capacity he is most likely going to be very cautious about what he exposes you to and he may likely be very careful about the opportunities for professional development that he makes available to you. I also believe that there could be some backlash from both your team members (who may not have endorsed your actions) and potentially from your second level manager, who may question your ability to address a problem and arrive at a solution without going outside the chain of command.
Now if your concerns were on target and undeniable, then you may not have an issue, however if it is determined that they could have been resolved in the course of standard business practices, your second level manager may question both your judgement and intentions for handling the problem the way that you elected to. He may even think that he better watch himself in his actions, or you may go to your third level manager (his boss) to criticize his ability to perform his role.
I believe that in the course of our daily work we are faced with certain decisions that will impact both our personal and professional relationships. Without question, you should be lauded for the sense of responsibility that you have to protecting your company’s information, however you should also think real hard if you did everything in your power to settle the issue the correct way, as opposed to the path that you ultimately decided to pursue.
If you are comfortable with both your decisions and your motivations, then you have your answer to your question.
In closing, independent of which question you intended to ask, I believe that ultimately, in this situation one of two things have to happen – either your manager leaves the company, or if they remain, you begin to look for another position working for an information security leader that you can believe in and respect. I do not believe that your working relationship will be the same and I believe it will be difficult for either of you maximize your effectiveness in your current roles.
Hope this helps,
Mike and Lee
Career Advice Tuesday – “Managing Multiple Offers”
June 1, 2010
Dear Infosecleaders:
I am in the process of changing positions and I have been simultaneously involved in multiple interview processes. The three opportunities are quite different – two are quite similar, while the third one would be a bit of a stretch for my current skills.
Here is where I need your help – the interview processes are at different stages and I am trying to manage them to the best of my ability, without turning any of them off. One of the companies informed me that they are going to make me an offer next week, one of the other companies (the similar one) the interview process will take 2 additional weeks, as I still have to meet with others, and the third opportunity (the stretch) may take 6 weeks to finish.
Can you give me any advice on how I should handle this?
Sincerely,
“Info Sec Pro In Demand”
Dear “In Demand”:
While it is nice to be “In Demand”, I think that you have to take a good look at your situation and figure out how “In Demand” you truly are. Let me explain.
The way that I interpret your situation is that you have one solid opportunity that is going to make you an offer, one that is still vetting your talents, and the other that is most likely not to come to fruition. Keep in mind, just as you are looking at other opportunities, the employers are looking at other information security professionals that most likely have similar skills and credentials. Granted, they may all materialize, right now you only have one firm commitment – and that should be your focus.
The first thing that I would do would be to evaluate if the offer that you have coming this week . I would ask myself he following questions: is the opportunity that is better than your current position, is the opportunity will enhance your career, is the compensation is fair, and is the company is a place where you would like to work. If the answer to all of those questions are “Yes”, then I believe that you should express your interest in earnest, and get the offer in your possession.
When you are speaking with the company, you should feel comfortable enough to let them know that you are actively interviewing, this may or may not have an effect on the aggressiveness of the financial terms of the offer. If you do let them know that you are looking, you should be prepared for the following questions:
1) Is there a certain amount where you will discontinue all other interview processes? If you do get asked this question – you should be prepared to have a reasonable number to share with the employer.
2) When are you planning to make a decision? This is a key question. How you answer it may either result in the company delaying their offer to you (and continue interviewing other candidates) or they may send you the offer and provide you with additional time to make your decision. You should be prepared for either result – but understand that there may be consequences if you delay – (remember this is the only company that has expressed that they would like to make you a commitment).
As it relates to your other suitors, I think that it is up to you to inform the other parties about your new accelerated time table for decision making and ask them to make adjustments to their interview processes. If they are willing to do so, chances are they believe that you are a leading candidate and they do not want to lose the chance of employing you. However, if they drag their feet – and do not make an attempt to expedite their process, there inactivity is telling you something about either their perception of your skills or how they view the urgency of recruiting talent.
Please keep in mind – you should separate lack of desire and lack of possibility (i.e. decision makers on vacation). Sometimes no matter the intent, accelerating a recruitment process is just not possible due to external factors.
You can also take this opportunity to let these other suitors know the details of your offer from the original company. For example, if your current offer (from the first suitor) is greater than the others have allocated for their positions, they may share tell you that they can not match the terms and encourage you to accept the other one.
In closing, I would advise you to prioritize the opportunities. It appears that two of the offers are similar- so I would try to see if I could rank them. If they turn out to be basically even, I would go with the one that has made you a commitment, and thank the other one for their time and interest.
Also, while it would always be advantageous to have the details of as many offers as possible, sometimes it is just not practical. I would never advise anyone to jeopardize a solid opportunity for one that may not materialize.
Remember the old adage .. ” A Bird in the Hand is Worth Two in the Bush”. This applies to information security careers as well.
Hope this helps,
Lee and Mike
Career Advice Tuesday – “When Good Mentors Go Bad”
May 25, 2010
Dear Infosecleaders:
I am writing you because I recently have been placed in a difficult situation by the person who I least expected – my mentor.
Here is the back story – my mentor is someone that I have known for about 10 years. When I was first starting out in information security, he was my a client of mine on my first consulting job. After about a year of working together, he offered me a position for an entry level position on his staff. For the next eight years, I have been working for him – initially indirectly – and now I am a direct report who manages 5 other information security engineers.
As our relationship progressed, we developed a closer relationship. I was a sponge, and he was willing to teach me. He is quite credible within the industry and was well respected. He helped guide me in my career, and supported my training and my professional development. Everything was going great. Our relationship became more than professional – we often socialized with each other outside of work, and invited each other to family functions.
Everything was going smoothly at work and recently a problem arose in our information security function. When the problem had surfaced, my mentor (manager) directed me to handle the situation in a specific way. I did not 100% agree with his direction, but I proceeded as directed – both out of respect and because he is my manager and mentor. In the end, his direction proved wrong. As a result, the situation escalated and his manager (the CIO) became involved. As a note, my mentor has a very close relationship with the CIO (quite similar to my relationship wtih my mentor).
When the subject was addressed, my mentor told the CIO that I acted “on my own” and disregarded his directions as it related to the problem. Not only did he make the argument during the meeting – but he was quite persuasive. During the meeting I did not defend myself (I basically froze). I just accepted the wrath of the CIO – thinking that if I did not take responsibility I could be fired on the spot (it was that grave).
The good thing is that I still have my position but nothing will ever be the same. I have not even spoken with my mentor about this – considering that I believe that he does know the truth.
Do you have any advice for me? How can I remain in my current position when I can no longer trust my mentor? I have been questioning all of his guidance that he gave me through the years – I do not know what I should believe and what was self serving.
Any help would be appreciated.
Signed,
“Mentee Interrupted”
Dear Mentee:
Wow! How can we possibly answer a question that is rooted in deception of someone that you have respected, admired, and trusted. I can tell that you have valued this relationship beyond the work environment – so this must hurt you both professionally and personally.
At this point, my best advice to you would be to separate the two issues. I would prioritize the work relationship, considering that has the most impact to your career (and we are career advisers not psychiatrists). Believe it or not, I agree with your decision to take the heat and not deflect blame during the meeting with the CIO. By not saying anything, you avoided acting emotionally and saying some things that you may have regretted in what appears to be an “unwinnable” situation. You have remained employed and now you have the ability to think clearly and act rationally.
I think that first you should replay the situation and see if your “mentor’s” interpretation of the facts are valid. I would check for some e-mail or correspondence that would validate that you acted as directed and not outside of your mentor’s guidance. Once you are sure that this is the case, my advice would be to begin looking for another suitable position.
The reason for this, is that you have the ability to go out on a relative high note and at the same time remain in your mentor’s good graces. Although the two of you will know what actually did go down, you would be better served in your career to have your mentor on your side (since he is well respected in the community) and to be able to utilize him as a professional reference.
I also think that you should go back over ther guidance that your mentor has given you during your career development and reassess if any of this advice could be construed as self-serving to their best interests (as opposed to yours). As you go back, what you will most likely find that your mentor most likely advised you with good intentions through the 10 years that you know him, and this was an isolated incident. At some point in time, when you look back on the situation, you may even realize that your mentors action (albeit self serving) may have protected both you and he. However, I still would not stick around to find this out first hand.
In closing, there is not any way to guide you through your bad feelings towards your mentor. You most likely feel betrayed, taken advantage of, and misguided. All of your feelings are valid. Over the course of time, your disappointment will probably dissipate. However, you should never forget that this happened and you should not stick around long enough to see if it happens again and potentially has a bigger negative impact on your career and your life.
I realize that you have seen the worst in your mentor, hopefully one day you will again see the best in them – and he will have a chance to somewhat redeem himself.
Unfortunately, please accept that your relationship will never be the same. You can never fully rebuild the trust that you have lost.
There are more mentors out there – apply what you have learned and choose wisely.
Hope this helps,
Lee and Mike
Career Advice Tuesday – “A Tale of Two Cities”
May 11, 2010
Dear Infosecleaders:
I am hoping for some advice on how to handle my current employment search. I am an information security professional with a technical background in computer science. I have done some penetration testing, some technical security assessments, and have a good background in developing and securing web applications. Currently I have a position where I travel a great deal across the country performing this work.
My situation is as follows. I currently live in one city and my girlfriend (we are quite serious) lives in another city where she has a solid career that is dependent on her current location (she can not relocate). I am thinking about changing positions, where I can find work in an organization that will help me develop additional skills that will help me on the path to my career goal, of chief security architect.
Right now I am not sure if I want to move to where she lives considering that I am not aware of many information security opportunities that will help me take the next step in my career. Basically, I am trying to figure out how to search for a new position. I would like to explore opportunities but I do not know where to search, my current city or hers. I want to be fair to myself and potentially my future employer.
Can you provide me with some guidance on how to handle my job search?
Thanks,
Charles Dickens
Dear Chuck:
At some point in many people’s career they have to make choices between their personal life and their professional life. Without knowing your currnet situation in depth (we provide career advice not relationship counseling) it is difficult to offer advice without potentially damaging your personal relationship with your girlfriend.
What I will tell you is that before you embark on a search for a new position, you need to figure out where you want to live. I think that if you begin to search for a position and then you decide that you do not want to live there, you can lose a great deal of credibility with the companies that you are pursuing. This indecision will definitely come out in the interview process, and it may effect how these companies view your candidacy and will most likely reflect poorly on your ability to prioritize your career. Plain and simple, you do not want to give the impression to potential employers that you are on a “fishing expedition” and lack the commitment necessary to pursue your next career opportunity.
I think that the best advice is to come to a conclusion on where you want to live and then focus your job search on that geography. If you delay your job search, the worst thing that can happen would be is that you would gain additional experience and become a more proficient information security professional within the framework that your current job provides. In the big picture, this is not that big of deal.
This extra time may also provide you with the necessary time to figure out the level of your relationship with your girlfriend and if your current relationship is worth the short term career sacrifice.
Speaking from our own personal experience, we can tell you that finding the right life partner is much more important that finding the right “next job”. I can say with great confidence that there are many more good jobs, then there are great life partners!
Good luck in the pursuit of both of your passions!
Lee and Mike