Career Advice Tuesday – “Selecting Proper Representation”
November 15, 2011
Dear Infosecleaders:
I have a question that is more for Lee, than for Mike, given that it has to do with a recruitment process that I am currently involved in.
About three weeks ago, I was contacted by an information security recruiter who whom was referred to me by a close colleague, about an opportunity in my geography that I found interesting. I spent a good deal of time with the recruiter, asking questions about the company, the hiring manager, and the position. The recruiter suggested that I revise my resume to help address some of the specifics of the opportunity, to align more closely with the needs of the position.
During the time that I was reformatting my resume, I got contacted on Linked IN, by a recruiter whom I had never interacted. The recruiter sent me a job description, similar to the one that I had learned about from the other recruitment professional. This individual refused to share with me the name of the company that they were representing, and pressured me to send a generic resume.
My gut feeling is that it is the same position – do you have any advice on how I should handle my discussions with both parties? Is there anything that could jeopardize my recruitment process?
Any help would be appreciated.
Signed,
“Derek Fisher”
Dear “Derek”:
Well, it is good to know that you are popular – so you have that going for you. The first thing that I will say is that many recruitment firms (including LJ Kushner and Associates) utilize LinkedIn as a form of candidate profiling. Although many people think that we know “everyone” in the industry, it is just not possible, and Linked IN provides recruitment firm’s access to information security professionals (job candidates) that we do not have deep relationships with.
That being said, the first thing that I would tell you would be that you should never trust a recruitment firm that is not willing to share the name of their client with you. The two main reasons for this are as follows – first, it shows that they do not trust you. If they share the name of their client with you – there is an outside chance that you will go to the client directly, and cut them out of the recruitment process – so they are going to wait until they have your resume, to spring this on you. Personally, I find this very shady – it is akin to saying – “Please trust me with your career and your livelihood” – but “I am not going to return that trust by sharing the company where the job is located”.
Secondly, by not sharing the name of their client, you give up control of the dissemination of your resume. By providing you with a generic, broad base job description, you are basically giving them carte blanche to send your resume anywhere. This could mean that your resume could wind up in the hands, of somewhere that you have already worked for (it makes you look foolish), somewhere you already interviewing with (it makes you look unorganized and unprofessional), and even possibly your current employer (which can be a disaster for obvious reasons)
Don’t laugh, this does happen – and in the aftermath is not pretty.
In regards to your current situation, you should work with the recruitment firm that you trust the most and the one that you believe has the best chance of helping you navigate the interview process for the specific job and company that you are interested in. In your case, it appears to be the first one that you spoke with.
What I would do with the second recruiter, would be to first call them and ask them whom the opportunity is with. If they refuse to share this with you, I would tell them politely that you are not interested in working together with them. If they do share the information, and it is the same company that the other firm introduced, then I would simply tell them that you are already engaged on the opportunity, are being represented by another recruitment firm, and that your resume has already been submitted for consideration. You could end the conversation, by saying that if they have other opportunities, and are willing to reveal the name of the employers, you would be happy to consider them.
I will say in closing that the “Rules of Engagement” for determining candidate representation are very tricky, and it is very important that you control your resume when you conduct any interview process. Selecting the wrong recruitment firm, or “representation” – can greatly affect the perception of your candidacy for any opportunity.
As a rule, your caliber of representation is a reflection of your brand, and your level of professionalism.
Hope this helps,
Lee Kushner
PS – “Derek Fisher” is a reference –not the name of the advice seeker
Posted by lee | Filed Under Advice, Behavior, Branding, Career Advice Tuesday, Interviewing, Planning, Recruiting | Comments Off
Career Advice Tuesday – “Change In Command”
October 4, 2011
Dear Infosecleaders:
I recently have found myself in a precarious situation and I am hoping that you can help me get through this.
Recently, about four months ago, I accepted a Director of Information Security position, reporting into the CISO of a 10,000 person company. The position that I left to accept the role, Manager of Policy and Compliance, I held for 18 months. While I was not looking for a new job at the time, the Director role was too good to pass up, both from a career and a financial perspective.
Six weeks ago, I received an e-mail from the General Counsel letting me know that the CISO, who just hired me, was “relieved” of his duties and would no longer be working at the company. The CISO was one of the main reasons that I accepted the position, and in a short time I had established a good working relationship and I respected his management style.
The search for the new CISO is currently underway, and they are interviewing potential successors. – both internal and external. I have met the final two candidates, and quite frankly I am not pleased with either of the options. Their backgrounds and views on information security are much different than mine and I just do not get a good vibe.
Additionally, I am well aware that if they get hired, they will most likely be able to select their teams and their direct reports, so my time here is probably limited.
Any advice on how I can deal with this situation? If I am forced to leave, how can I explain the fact that my last two jobs lasted for such a short period of time?
Sincerely,
Gomer Pyle
Dear Gomer:
The best thing that I can tell you is that you need to accept that change is coming, and you need to figure out a way to deal with it and make the best of things. The way that I would look at this is as an opportunity to hone your interpersonal communication and relationship skills.
The truth is that at your level of seniority, you cannot really afford another short stint of employment, especially after an implied promotion. If you can not show some accomplishments in this current role, future employers will most likely look at this as a failure, no matter how you spin it. (Personally, I think this is unfair, but those are the rules of the game that we play by – and perception is often viewed as reality)
Whomever they decide to hire, I think that you should embrace and support with your fullest ability. I think that a good way to demonstrate this is to attempt to relate to your new manager (CISO) on a personal level, letting them know that you are both in the same boat (as new employees), and by demonstrating as much willingness and flexibility as possible to help them out. The best way to do this is to go outside your job description, and take on additional responsibilities that may be in your current sphere of knowledge, or from previous professional experience.
In addition, you should plan to demonstrate your work ethic, your integrity, and support at any opportunity. This should include coming early, staying late, accepting unpopular assignments, whatever it takes. By demonstrating this level of leadership and commitment, you are going to win this new person over – and they will have no other choice to view you as a valuable asset.
If you can win them over, and convince the new manager (CISO) that you make his job and his life easier, he will have no choice but to keep you.
If you are able to accomplish this, you will not have to explain your short duration of employment. If it is all right with you, we will save that question/answer for another Tuesday.
Hope this helps,
Lee and Mike
Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Leadership, Planning, Position Selection | 1 Comment
Career Advice Tuesday – “Resume Hurdle”
September 27, 2011
Dear Infosecleaders:
I am writing to see if you can help me with a situation that seems to be haunting me as I look for a new job.
I have been working as an information security engineer for the past 10 years, mostly on long term contracts. Each of my contract assignments for the past five years are through the same contracting firm. During these past five years, I have supported over 8 different Fortune 500 customers, in the implementation of various security technologies ranging from IDS, Firewalls, SIEM, DLP, etc. Each of the assignments have spanned from 4 months (shortest) to 16 months (longest). On my resume, I outline each of these projects, listing the customer, the scope fo the project, the duration, and the impact of my efforts.
Now that I am looking for a full time job, in my opinion my resume makes my employment look inconsistent, although I have been working for the same employer (contracting agency) for the past five years.
Do you have any tips on what I can do to overcome this hurdle?
Signed,
Edwin Moses
Dear Edwin:
This may turn out to be our shortest response, but your answer is a simple one.
What you need to do is to create a resume entry, before the projects, demonstrating that you worked with the same company for the past five years. (2-3 lines). Underneath the employer and the date,, you should write a short term description about the company and the nature of your work as a security consultant servicing Fortune clients.
Your resume should read no different then a person who has worked as an information security consultant for for a large consultancy – like a Big X or a large systems integrator – with the exception of being able to demonstrate career progression or titles.
If you are able to place this experience under the larger umbrella, it will let employers know that you are both loyal and have a good deal of diverse information security experience.
That should lift some of your hurdles and help you in your transition.
Hope this helps,
Lee and Mike
Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Interviewing, Resume, Skills | 1 Comment
Career Advice Tuesday – “Advice For Starting An Infosec Consultancy”
August 16, 2011
Dear Infosecleaders:
I hate to bring up what seems to be the elephant in the room within information security and penetration testing in particular, but how exactly are people getting the gigs doing this. Personally, I have tons of training, 15+ years experience in the realm, business experience to match and every time I ask this question, nobody seems to want to answer/discuss it.
It is a known fact that the big companies (IBM, the Big X, large telcos,etc) sell it as a service to existing companies but there are A LOT of two-three man pen testing teams that seem to stay busy constantly. I understand that people don’t want to give out there client attraction methods and strategy but I have yet to see this topic covered. There has to be a lot of others with the necessary experience asking the same thing.
Anyway, just can’t seem to tackle the elephant in the room. Nobody wants to cover it.
Thanks guys and unique blog for the infosec community.
Signed,
The ZooKeeper
Dear Zookeeper-
To be candid, I had to look at your question a number of times before I was able to formulate a response. It is my interpretation that the crux of your question is, how do you begin your own information security consulting business – particularly in the field of penetration testing. In addition, you would like to know why others are successful, and why some (you) can’t seem to get off the ground.
First of all, I should start by telling you that all businesses are similar – and beginning a penetration testing consulting business is no different than starting any other services business – such as lawn care, pool service, or home painting. When people decide to buy any service, they look for certain elements – experience, competency, price, and reliability. Anyone who has been successful in beginning a small information security business has been able to personally demonstrate these qualities in their previous life, prior to forming their own company. It is from this reputation and personal brand, that they are able to attract some of their initial customers, which provide them with experience and references, which they should be able to leverage into new business opportunities.
Another essential component of any business (and career) is the ability to sell and market ones services and one’s self. It is this skill that often separates the successful from the remainder of the pack. Selling ones talents and branding ones skills in the marketplace and information security is often overlooked as the key factor in determining success. Many information security professionals have focused their professional development on their technical skills, but at the same time they have neglected to attempt to develop their business/sales/presentation skills.
Long and short, there are many technical “rock stars” that have failed on their own as business people, but once partnered with competent business people, have achieved great things.
I have learned over the years that business is about surrounding yourself with great people who compliment your strengths. Maybe it would be best for you to find someone who can help “open some doors” and help sell your talents. Or, maybe you need to reevaluate your assessment of your business skills, and try to honestly assess some of the obstacles that are standing in your way in getting your business off the ground.
Understand that it is easy to prove technical competency, but in the world of business, the proof of competency solely lies in the color of the ink – “red” or “black”.
In closing, our note does not mean to come across as harsh, but it is meant to be direct.
Hopefully some of this advice and insight helps, and your infosec consulting business will get off the ground soon.
Hope this helps,
Lee and Mike
Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Security Industry, Skills, Uncategorized | Comments Off
Career Advice Tuesday – “Black Hat Preview – Professional Development Workshop”
July 26, 2011
For today’s Career Advice Tuesday – we wanted to share a more detailed look at our Black Hat Professional Development workshop. The workshop will take place on Thursday afternoon – from 1:45 – 6:00PM. Anyone in attendance can come to either any individual session or stay for the whole program.
If you are at Black Hat, please come by and introduce yourselves.
InfoSec 2001 – A Career Odyssey
The Professional Development workshop is a half-day program that is designed to inspire the Black Hat attendee to think about their career as an information security professional and assist them in their journey towards the achievement of their long term career goals.
The Professional Development workshop will be divided into five (5) unique information security career topics that will be linked by a common theme – Skill Development and Differentiation.
The program will consist of the following:
1) “The Value of Information Security Certifications Survey” – Research Revealed – 1350 information security professionals responded to an independent survey on the topic – the research will be revealed
2) “Second Place Sucks” – A presentation geared toward differentiating yourself from your peers (and your competition)
3) The Information Security Leader of The Future” - a presentation that will outline the skills that employers are looking for when identifying and selecting their information security leaders.
4) “The Other Side of The Desk” – a panel that will explore the different attitudes and beliefs by job applicant and employer during the interview process
5) “Future Predictions” and “Career Advice Tuesday- Live” – Future trends will be discussed and explored – and attendees will have the opportunity to ask questions about infosec related career topics
The workshop is designed as an interactive forum that should inspire some shared thought and debate between audience members and the presenters.
Attendees should understand that they can elect to either participate in the entire workshop, or to pick and choose from select sessions that have a particular interest to them.
Session Previews:
Session 1 – 1:45 – 3:00
“The Value of Information Security Certifications Survey”
Presenters – Mike Murray and Lee Kushner – Infosecleaders.com
In February of 2011, Infosecleaders.com launched an independent survey on the value of information security certifications. The value of InfoSec certifications is a highly debated topic in the industry, and this is the first independent survey that asks questions to information security professionals (certified or not) – their opinions on topics that include – the motivations for certifications, the impression of the certification bodies, the value of skills vs. certifications, and certifications effect on employment. With over 1350 respondents, the results should be revealing and eye-opening.
Second Place Sucks -
Presenter – Mike Murray
So, if certifications are no longer the magic bullet to get you to your career goals, then what is. The topic of strategic career investments and personal branding will be the focus of this presentation. The presentation will be spent on how you can plan and execute on career investment strategies that will enable you to differentiate from your peers and successfully compete for promotions and external information security leadership opportunities.
(15 minute break)
Session 2 – 3:15 – 4:45PM
3:15 – 3:45PM
“The Information Security Leader of the Future” –
Presenter – Lee Kushner
The skills for information security leaders are changing quite rapidly. As many companies are aligning information security with their core business and branding, information security professionals will need to evolve as well. The presentation will break down the core skill components of what information security professional will need to acquire and demonstrate to be considered for leadership roles in the future.
3:45PM – 4:45PM
The Other Side of the Desk – Different Perspectives on the Interview Process
Moderator – Mike Murray
Candidate Perspective – Lee Kushner
Hiring Managers Perspective –
Bill Phelps, Executive Director Accenture
Justin Somaini, CISO at Yahoo!
Abstract:
There are two parties involved in every interview process, the information security professional (the applicant) and the hiring manager (the decision maker). While in essence, both parties ultimately desire the same outcome, their motivations lie in different places. This portion of the presentation will present to the audience the perspective of the candidate and the perspective of the hiring manager, in a way that will educate both parties and enable them to social engineer the interview process, to work to their personal advantage.
Bill Phelps:
Bill Phelps is an Executive Director in Accenture’s security practice, and has spent the past 25 years in technology services. In the past decade, Bill has been a practice leader, company founder, board member and trusted advisor helping organizations with complex management and technology challenges in the areas of information security, data center transformation and technology strategy. Bill currently has overall responsibility for Accenture’s security business in North America. Bill is aggressively growing Accenture’s security team, and plans to hire over security 200 professionals in the coming year.
Justin Somaini:
Justin Somaini is the Chief Information Security Officer at Yahoo! where he’s responsible for all aspects of Yahoo!’s Information Security strategy. With over 15 years of Information Security experience he’s seen as a leader in industry by promoting an evolution of the security and risk management models. Through his public speaking and industry involvement he’s given extensive talks and interviews on the threat landscape, public policy, security management and risk management. Prior to joining Yahoo!, Justin was the CISO at Symantec. Justin has also held security leadership roles at VeriSign, Charles Schwab and PricewaterhouseCoopers LLP.
4:45 – 6:00PM
Predictions for the Future and Career Advice Tuesday – “Live”
Presenters – Lee Kushner and Mike Murray
The employment market is dramatically changing – and the closing session will begin with information security employment predictions (based on experience and research) for the next ten years. Once completed, this will be followed by a version of “Career Advice Tuesday” – “Live”. All attendees can have their personal information security career questions answered in an open forum. Topics will include skill development, compensation negotiation, career investments, career planning, and anything else you want to ask about your Information Security Career.
Posted by lee | Filed Under "The Other Side of The Desk", Advice, Behavior, Branding, Career Advice Tuesday, Compensation, Interviewing, Networking, Planning, Position Selection, Presentation, Recruiting, Resume, Security Industry, Skills, Survey, Uncategorized | 1 Comment
Career Advice Tueday – “Advice for Job Hoppers”
May 24, 2011
Dear Infosecleaders:
I have been working in a company for over two (2) years now, and for the last eighteen months I have been focused on Privacy Controls Implementation.
Plain and simple, I find this work to be boring. I have a difficult focusing on my current job and I feel that my work is suffering due to my lack of enthusiasm and the loss of passion.
My initial goal would be to remain with my company, but my manager is not open to my request and simply told me to “keep my head down” and focus on my current project.
I would really like to begin a search for another employer, and to find an opportunity that lets me shift my focus, and let me utilize some of my other skills as an information security professional. However, I have a history of changing positions every two years, and I have run into the obstacle of being labeled as a “job hopper”.
For the record – I have worked for six companies in my 14 year information security career.
I am not sure how to overcome this obstacle, and progress toward my career goal. Do you have any suggestions on how I can implement a strategy to change roles and overcome the perception of my lack of commitment?
Any ideas would be welcomed.
Sincerely,
“Frog Man”
Dear “Froggy”:
Unfortunately, we do not have much help for you. The best that I can offer is to utilize your experience to help others, so that they can utilize this as a learning tool for their own careers.
The fact is that history is a very good predictor of future results, and to any new employer it is logical for them to assume that you will only remain at your current position for two years (or slightly more) at a time. The fact that this is a repeatable pattern – not just once, twice or three times – but six times – is a good indication that you will not stay with your next employer much longer.
In this day and age, hiring managers are facing greater scrutiny when hiring external resources, and if they decide to provide you with an opportunity for employment it is likely that their judgment is going to come into question by their managers. Many hiring mangers are unwilling to take this risk, as the competition for their jobs is greater.
Therefore your dilemma, Froggy.
If any of you beginning information security professionals are reading this, this should be a lesson and a situation that you need to avoid. You have to understand that your career and your career choices tell a story, and are a reflection of your decision making, your intangibles, and your personal make-up. It is often very easy to pick up and leave your employer, however the decision that provides you with instant gratification, often has longer term implications. This will limit your choices and create an obstacle that you may not be able to overcome.
Take a lesson from Froggy – and try to make sure that you exhaust all internal options prior to making a career decision. Understand that when you decide to change jobs, try to determine if there is room for growth, and work with your manager to determine the best way to develop your skills and create opportunities for yourself that challenge you and grow.
Back to you Froggy – you are going to have to grit it out- and try your best to convince your manager to provide you with an opportunity that will renew your passion. You need to demonstrate this by finding it within yourself to become the best Privacy Controls Implementation professional possible, and seek out opportunities that allow you to leverage this expertise into new roles with your current employer.
Give yourself an additional year to do this, and see how it turns out. In the meantime, take the year to make some personal career investments that may align with your future goals. When the time is right to go for another interview, you can tell a better story – about how you “stuck it out”, “tried your best to make it work” – and rededicated yourself to your career - that is a powerful story that any progressive hiring manager will like to hear – and can sell to their management when asked about your employment history and ”job hopping”.
Write us in a year, let us know how this turns out.
Wish we could be more immediate help,
Lee and Mike
Posted by lee | Filed Under Advice, Behavior, Branding, Career Advice Tuesday, Planning, Position Selection, Uncategorized | 2 Comments
Career Advice Tuesday – “A Sense of En-”TITLE”-Ment”
April 5, 2011
Dear Infosecleaders:
I am in the middle of contemplating a job change and I am looking for some guidance. The new opportunity is really an ideal one for me, with the exception of one component, the job title.
For the past three years, and currently I hold the title of Manager. The “Manager” title refers to the fact that I manage technical security projects, but in a hands on capacity. I do not have direct staff (matrixed), I cannot hire or fire, and I do not have budget responsibility – but nonetheless, I am still a Manager. I consider myself a technical security professional – and have some strong architecture experience and some detailed knowledge in working with information security tools. However, one of my long-term goals is to become more involved with risk management and compliance. I am happy in my job, but the future for professional growth is questionable.
This brings me to my new opportunity.
The new role is to become one of the lead junior security architects for this company. The company has just hired a new dynamic CISO (whom I met with), has a big commitment to security, and there is a great deal of opportunity. They have even offered me a position that has increased my total compensation by 15%. In addition to this, the CISO told me that after 18 months, I would be given the opportunity to transition to the “GRC” side, if I chose to and could prove that I was capable.
There is one catch. The title of the job is “Senior Engineer”.
I asked HR if they could change the title and they told me that the work that I would be doing in their organization was one of “Senior Engineer” and not one of Manager. The CISO said that if I could prove my skills at a Manager level, he would be happy to promote me when I was successful in demonstrating this.
This is a big dilemma for me. The job is great – but I feel I am heading in their wrong direction. Can you help me?
Regards,
“Working Title”
Dear “WT”:
I do not know how to be more clear when I say this but “Take The Job!”
Titles are probably the least significant attribute of a successful career. Most people place way too much stock in their title, because of what they believe others will think – this group includes their peers, co-workers, friends, and family.
The fact is that titles are not transferable. Different organizations have different titles that apply to their organization or industry. (My guess is that you are not just changing jobs, but changing industries as well.) This is done primarily to create standardization within the HR function. I would think that Senior Engineer would apply to all IT skills – including security, software development, infrastructure, etc.
Here are the things that you have told me that I believe make this job good:
1) You are entering an opportunity where they are building an information security program. There is always a good amount of opportunity in this environment that will appear once you begin working.
2) The CISO is progressive – and told you first hand that if you want to expand your skills, he would provide you with the opportunity.
3) The CISO is honest. He said that you would have to prove your skills as a Manager in order to be promoted. He did not promise you a promotion, he promised you the opportunity. By making a statement based on conditions, it means that he will value effort and results. The rest is up to you.
4) They are paying you 15% more as a Senior Engineer than your current company is as a Manager. That should speak clearly about commitment.
5) You said that your future for professional growth is questionable. (That should be enough on its own.)
Very simple, you have many of the components of what appears to be a great opportunity. Do not let your preconceived notions or pride get in the way, for something as meaningless as a job title.
In the end, you will get your next role (internally or externally) and accelerate your career based on what you have done, not what you are called.
Hope this helps,
Lee and Mike
Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Interviewing, Position Selection, Skills | 2 Comments
Infosecleaders at OWASP NJ/NJ – Tuesday and Wednesday
March 28, 2011
Wanted to let everyone know that I will be presenting the “CEO of You, Inc. – Your Career Is Your Business” presentation at OWASP NYNJ Metro chapters on Tuesday and Wednesday of this week. On Wednesday, I will be speaking toward the beginning fo the agenda – so definitely get there early if you can.
The presentation is designed to help you, the information security professional manage your career as if it were your business, and you were the CEO.
Here is the full abstract:
The information security profession is becoming increasingly competitive. In the employment market place of the future,certifications and education alone will not be enough to ensure achievement of your long term career goals. The increasing popularityof the profession and the competence of your competition will require that you take the reins of your career.
As companies focus more on profits and revenues, they are diverting resources away from the development of their employees. This attitude has greatly impacted the shared loyalty between employee and employer. In the future, the more effective you are in the management of your information security career, the greater the likelihood that you will achieve professional satisfaction. In essence, your career will be your business, and you will be the CEO.
The goal of this session will be to provide you with a framework for managing your information security career. By relating the different components of career management to traditional business functions, you will get a detailed understanding of how your career should be managed and how you can move past your peers by more than just luck. Subjects covered will include career planning, career investments, effective career marketing and branding, position selection and compensation negotiation.
You will leave the session with a solid foundation to enable you to better achieve your long term career goals and increase your satisfaction with both your current job and with the jobs you select in the future.
I will be happy to take questions during the meeting and after my presentations, provided that time allows.
Hope to see you all there.
Lee
Posted by lee | Filed Under Branding, Compensation, Interviewing, Planning, Presentation, Security Industry | 1 Comment
Career Advice Tuesday – “Fashion Advice from Infosecleaders”
January 18, 2011
Dear Infosecleaders:
My question may seem simple, but I would like to have your opinion. To give you some background, I am currently a Senior Security Architect at a large Fortune size company where I manager a team of 12 technical security architects, with various skill and in varying information security disciplines.
If you told me 20 years ago that I would be working for “The Man”, and am actually “The Man” to some of my employees I would not have believed you for a second. However, this is now the case. I grew up in the technical food chain, working as a systems and network admin, worked for some professional services companies providing technical security architecture services for my customers, and now I find myself in a corporate position.
Truth be told, I like it a great deal. However, I have one major problem….
I do not look the part.
What I mean by this is that I am not going to step from the pages of GQ any time soon. It is a real personal chore for me to get into a suit, tie, and wingtips for senior level briefings and meetings. Generally, my work attire is a collared shirt, khakis and some comfortable shoes, I generally wait a long time to get a haircut and have a strong desire to wear my DC and HOPE t-shirts.
Many in my company (mostly the technical team) do not have an issue with this, and they see me as one of their own. However, when I get into those meetings with management, I stick out like a sore thumb. You can tell, that my appearance has some effect on how they view my opinions and contributions.
As much as I want to change this, something inside of me rejects it (and it appears every morning when I go to my closet). Do you think it is possible for me to advance in my position by maintaining my current dress code? If not, do you have any words of wisdom that can help me find some middle ground?
Thank you for your help,
“George Quackenbush”
Dear “GQ”:
The simple answer to your question is, “Yes, you need to play by the rules!” If management in your company has a higher level of respect for professionals who dress like the way that “they” do, and you desire a future with the company – that includes more responsibility, promotion, and advancement, you will have to conform to the system in place.
Before I go on, I do not want for you to interpret this in a way that means you have to lose your identity, or lose some of the things that are unique to your personal presentation, however you have to recognize what elements of your professional dress are important and which ones have less meaning. For example, upgrading your khakis to dressier pants should not be that much of an issue (in all of my time have never found a work environment that was “pants optional”). Also, if you bring a sport jacket into work and keep in your closet, or on the back of your chair, you can always have it handy for impromptu meetings. You may not need to wear this all of the time, like when you are working with your technical brethren, but having it available to wear during a Senior Management meeting, should not be too much of a sacrifice.
Now, on to the big one, Your Hair!
I know that people get very sensitive about their hair, but understand that it is quite visible and constant. I think that you may be able to get away with keeping your hair longer than the others, but you have to make sure that it is neat and not overly visible. I think that the barometer for this is to not make it a conversation point or a distraction.
Like it or not, your personal presentation is an important part of your career and your image. People are judging you at all times, in your current role, in the industry, on the web, and in social settings – the key is to make sure that you portray a professional appearance that maps with your career goals and enables you to maximize your impact in your current information security role.
Hopefully we will see you “On the red carpet”!
Lee and Mike
Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Personal | 1 Comment
Nothing Says “ I Love You” Like an Information Security Career Development Seminar – RSA -Feb 14, 2011
January 7, 2011
The RSA Conference is traditionally known as one of the marquee information security conferences in the United States. This year, the conference organizers have decided to create a pre conference seminar that is focused exclusively on the information security professional’s career development. The seminar is included with all paid conference admissions. Personally I was honored when the program committee asked me to co-host the event and contribute to the content of the agenda.
Different then past RSA events, the Seminar is scheduled outside of the main conference tracks, where it does not compete with the highly technical presentations or the key notes. By doing this, they have enabled all delegates to dedicate time to focus on their careers – and to learn how to best maximize their current positions and strive to attain their long term career aspirations. The program is designed to take the Information Security professionals through a journey that will provide them with both content and context for managing their careers.
The Seminar will take place on Monday afternoon, February 14th from 12:30 – 5:00PM.
On the upcoming Fridays leading up to the conference, The InfoSec Leaders blog will feature an in depth abstract and preview to the content of the panels and the individual presentations.
The agenda for the seminar will be as follows:
A panel discussion, moderated by seminar co-host Mike Gentile, that will address current state of the information security market, the skills that employers are looking for, and trends in today’s employment market.
An individual presentation from InfoSecLeaders’ Mike Murray on Career Planning. This presentation will help guide the attendees through some basic steps to create a career plan tailored to achieving their long term information security career and life goals.
A presentation given by Jeff Combs focusing on differentiation and personal brand development. Jeff will utilize his decade long experience as an Information Security executive recruiter to illustrate to the attendees how to make themselves more marketable and attractive – to both their current employers and future ones.
A presentation by me, Lee Kushner, that will focus on the skill requirements for the CISO of the future. From our Infosecleaders survey we learned that 37% of the respondents aspired to become a CSO/CISO. This presentation will outline the real skills that company’s are requiring and demanding from their Information Security Leaders of the future.
The seminar will then conclude with a panel discussion (moderated by me) of three current Information Security Leaders – Stephen Scharf, CSO Experian, Patrick Heim, CISO Kaiser Permanente, and John Kirkwood, Global CISO of Royal Ahold who will discuss their own careers paths and progressions, how they select and identify future information security leaders, what skills and attributes they search for in employees, and where they are heading next in their careers. The panel will allow questions from the audience.
Posted by lee | Filed Under Behavior, Branding, Networking, Planning, Security Industry, Skills, Uncategorized | Comments Off