March 13, 2012
I am writing you because I find my professional and my personal life colliding and I would like some advice on how to handle this.
I am currently engaged in an interview process with a company that is based in Northern California. The opportunity itself is based where I live – but the final interview will take place at the corporate headquarters. The plan is for me to fly out on a Thursday and interview on Friday.
When my girlfriend learned of this, the wheels began turning. She has always wanted to go to San Francisco and she thought that this would be a great opportunity to do so, considering that my airfare would be paid, and that one night in the hotel would be taken care of by the company. She is very excited about the trip – but unfortunately I am growing concerned.
The opportunity that I am interviewing for would be a pretty big step for me in my career. I am currently an engineer and the role is to be an information security architect. I expect the interviews to be very technical and I know that I am going to need to be at the top of my game in order to successfully compete.
Having my girlfriend with me on the plane, planning our “leisure activities” and just distracting me – is something that I just do not need, if I am going to give myself the best chance of success.
Do you have any advice on how I can handle this in a way that will keep me happy both professionally and personally.
Good for you for realizing that this is a bad idea.
Without question there is a different mindset for a business trip (which this is) and a vacation (which is what your girlfriend is planning).
My suggestion and response is very simple and should address your problem so that you can accomplish both your goals.
Ask your girlfriend to fly out on Friday – so that she lands about the time that your interview is completed You may even want to give yourself some time if you are invited for a “happy hour” or team activity afterwards.
I would then arrange for an additional vacation day for Monday and possibly Tuesday, so that you will be able to give yourself the necessary time to enjoy San Francisco with your girlfriend and so that your vacation extends longer than if she came with you as originally planned.
I would also advise to change hotels – just to make sure that there are not any possible “overlaps” of business and personal expenses. Also, I would make sure that you could have the option of switching your plane ticket – or subsidizing the cost of the difference in fares., for the same reasons.
I also think that you should explain to her that this is important to your future and possibly your collective futures together, and ask her to be supportive and to think about the bigger picture. Let her know that you will have the opportunity to do all of the things that she would like to do during your time in San Francisco.
Hopefully this will enable you to go to the interview with a clear head and that your girlfriend will be happy with your suggested compromise.
If she gives you a hard time, don’t take her at all. In addition, you may want to think about finding another girlfriend, if she cannot understand where you are coming from.
(But please do not look for that kind of advice from me, that is way outside of my core expertise!)
Let me know how it turns out – on both fronts!
February 27, 2012
Good morning Infosecleaders community!
I am looking forward to an exciting two days at Security BSides, and meeting many of you whom I have communicated with about your Information Security careers over the past year(s).
If you are not in attendance, you can view my presentations and all of the content at #BSidesSF live stream:
Track 1 - http://www.ustream.tv/channel/bsidessf-track1
Track 2 – http://www.ustream.tv/channel/bsidessf-track2
My presentations are scheduled as follows:
Monday (Today) February 27 - Track 1 – 9:40PST/12:40 EDT – 10:00PST/ 1:00PST
B-Sides Welcome Address –
It is such an honor to have been asked by the folks at B-Sides to give the welcome address. I plan to share some of my thoughts about the importance of community in the development of a successful Information Security Career.
Lenny Zeltser and I take a look at the recruitment and hiring process from two unique angles – the hiring manager (Lenny) and the information security professional/ job candidate (Lee). The presentation is designed to provide the attendees some insight into the minds of the other party – in the simultaneous pursuit of talent and opportunity.
Tuesday – February 28th Tracks 1 and 2 Career Advice Tuesday – Live
12 noon PST/3:00PM EDT – 1PM PST/4:00PM EDT
This is the opportunity to ask your information security career questions live. You can ask them either as yourself or anonymously – and I will answer them live. If you would like to ask your questions prior to the sessions - follow these instructions – or come see me at BSides today.
Enjoy the Conference. Make the Most of It!
February 7, 2012
I have a specific question regarding my personal situation. I am an information security professional and I am currently working in the US on an H1-B Visa. I have recently grown dissatisfied with my current company and I am looking for new challenges.
From listening to my colleagues (also working on H1-B Visa’s) discuss their personal information security job search experiences, I have learned that many companies are unwilling to sponsor or transfer the sponsorship of candidates working on H1-B Visa’s due to corporate human resources policy.
What I wanted to ask you, was when should I reveal my work status to perspective employers? My feeling is that I should wait until I am deep in the interview process, so that they can judge me for my skills and not work status. Am I wrong to think that with the right skills, I can convince a company to change their policies.
Dear “Temp Res”
I will be the first person to tell you that I am not an expert on H-1 B and Visa issues. However, over the course of my career I have worked with many candidates who have had to face this issue at some point during their recruitment process and their careers.
Basically, when we work with clients looking for talent, they fall into two distinct categories, those who are willing and equipped to sponsor candidates, and those who are unwilling to do so. In my years of doing this, while I have seen many instances where clients who were willing to sponsor candidates, decide that they no longer would, there has only been one instance where I have witnessed a client augment their policy to enable a candidate to be sponsored. In this situation, the candidate was a noted authority on a specific subject matter, had written books on the topic, and the CISO was fully empowered to make this exception. When they did apply for the exception, the CISO had to make a business case and the exception had to be approved by the corporation’s global head of human resources.
With this in mind, my best guidance for you would be to reveal your work status at the onset of the interview process, and that you will require sponsorship. I believe this for two key reasons – the value of time and integrity. Plain and simple, timing is a key element of any interview process. If you find yourself focusing on opportunities that cannot come to fruition (based on a known factor), then you may be distracting yourself from opportunities that could be both interesting and possible. I also think that for candidates in your situation it is important to join companies that have hiring processes that embrace employees who are not US Citizens. Companies that have cultures that encourage this type of hiring, often are more knowledgeable of these issues, are more supportive in the Green Card process, and have employees in leadership positions that have been through this very same process.
In addition, as an information security professional you are often judged on integrity, honesty, and openness. Failing to inform a prospective employer of your work status, may be considered a form of misrepresentation. I use the work “may”, because, like in all processes, you are at the whim of the opinions of the decision maker or makers. Letting everyone know at the onset that this is a potential issue, enables the prospective employer to plan accordingly, budget the necessary costs, and engage the proper internal parties. By doing this, you set the foundation for a future work relationship, by letting your future employer know that sponsorship is an important issue for you, and a critical component to your future career.
Again, there are many more experienced in these matters, so please treat my response that way. Independent, I do know that no one ever lost an opportunity for being too honest and forthcoming!
Hope this helps,
February 1, 2012
Instead of the traditional Career Advice Tuesday, I wanted to use the blog today to let the information security community and the Infosecleaders.com audience, why events like B-Sides are important to me, and why I made the decision to provide the event the necessary financial support to insure that it would take place as planned.
1) Attending Information Security Conferences Made A Huge Impact on My Own Career.
While attending my first information security conferences, DefCon 5 (at the old Aladdin) and RSA 1997 (where it rained all week), I learned very quickly that information security professionals were an accepting bunch. Although I was a recruiter (or “job whore”/”talent pimp”- as some called me) I found that as long as I had something meaningful to say or a unique perspective to share, that most of the attendees would include me in their conversations. Being included in these discussions and “allowing” me to ask questions and listen to the responses (without ridicule), provided me with the foundation for my professional education. Still to this very day, I often reference these experiences when training new employees for my team, or speaking with information security professionals about the value of opening themselves up to new professional relationships.
2) Some of the most important personal relationships I have made in my life happened because of information security conferences.
At that first DefCon, I was briefly introduced to a sharp guy, who was very smart and quite blunt. In traditional “hacker” style, he was skeptical of my motivations, and may have actually introduced me to the term “talent pimp.” During the following years, we ran into each other at other DefCon’s. The conversations were never long, but we always acknowledged each other. He then became an employee at one of my clients, and we got to know each other better personally. After the company he worked at was sold, I was able to help him locate a good position at a company. Through that process, we became friends. It is now fifteen years later, and I consider him family. In no other universe would our worlds have collided, but thanks to this industry, in Ralph Logan, I have a “brother” whom I can count on for anything.
In addition to this, I met Mike Murray, the co-founder of Infosecleaders, in an elevator at the Mirage, and as we walked over to Black Hat. Through our friendship, (and Infosecleaders), Mike has taught me many things and has opened up my mind and challenged me on my thought processes. ( Mike, I hope that I have done the same) Although Mike and I could not have more opposite work styles and competencies, information security events have brought together our passions of helping people, and for this I could not be more thankful.
Finally, and most important, if it was not for Information Security conferences, I may have not met my wife Michele. In 1997 on my way back from RSA, I met a woman named Nicole Schmidt, who was the CIBC information security analyst, on my flight home. We struck up a conversation and exchanged numbers, and became friends. Seven years later, Nicole made a suggestion that I go on a date with her best friend Michele. Michele and I have been married for five years. We have a son, Brodie, who will turn 4 tomorrow. I am also known as “Uncle Lee” to Nicole’s little boy, Lucca.
3) In the end, the only thing that matters is “people”.
In the wake of the messages I saw on Sunday while checking my Twitter stream, the only thought racing through my mind was “what about the people.” The first “people” that I thought of were the organizers of B-Sides. I know Mike Dahn since he trusted me with his career about 8 years ago, and we have been friendly ever since. I know that B-Sides is run by members of the community, so I could only think of how all of the effort and energy of the volunteers could possibly go to waste, and that they may be facing a huge bill due to previously made financial commitments (as a business owner, I know some things about event contracts) .
My mind then jumped to all of the information security professionals that I know who are big fans of B-Sides and have made plans to come to the event. My assumption is that most of the B-Sides attendees are coming to try to better their careers – either through learning or networking. I also assume that the reason they choose B-Sides is the price – and due to the fact that their employers do not have ample training budgets. I assume that many have already taken vacation days and personally incurred the cost of travel. The thought of all of their plans being ruined, and their money lost, was not acceptable to me, and did not sit right.
When I got home, I called Mike and texted, I asked him how much money he needed to insure that the event would take place. The amount that he provided me was manageable. Knowing that Infosecleaders.com does not and has never had any involvement with the RSA Conference, I knew that I was in a position to help without any impediments or restrictions.
Over the last 24 hours, I have been blown away by the reaction, the e-mails, and the tweets. My only response to this is that I do not feel that I deserve any additional accolades. I believe that I only did what any other member of our community would have done, if they had the financial resources at their disposal. Having the opportunity to give back to our community and provide for others, is a “mitzvah” and a blessing.
It is with great pride that I consider myself a member of the information security community, and to have had the privilege of being associated with such a great collection of talent, personality, and passion.
Looking forward to seeing everyone at B-Sides.
December 6, 2011
About six months ago, I accepted an information security position that was presented to me with a 20-25% travel requirement. I felt that the position was a good match for me, as I would be able to use some of my past skills, and pick up some new experience in security technologies that included GRC and SIEM tools.
For the first three months of my new position, the travel requirement held true. I was traveling on average about five days away from home per month. In addition, a good bulk of the travel was geared toward attending training on the newer technologies. All was good.
However, in month four my new company won a large engagement to help a Fortune 500 client implement some of these new tools. The location is about two hours away from my home, so given the work hours it is impossible to commute on a regular basis. I find myself staying away from home – a minimum of three days a week – or about 60-70% of the time.
I reminded my manager who hired me about the discussion we had about the travel requirements and his response was less than satisfying. He told me that this was the only client that I could be placed on, and that if I did not want to travel – that I could commute, if I desired.
The long and short of it, is that although I like learning the new skills, I feel that I was lied to. Technically, they may be correct, and I do not have to “travel”, but in essence I feel they misrepresented the opportunity.
Being on the road for extensive time periods takes me away from my family, lessens my quality of life, and just does not work for me.
Any suggestions would be appreciated.
Dear Willie –
The best advice that I can give you is to use the job to pick up as many skills as possible, and begin to plan your exit strategy. The fact is that if you are building information security skills in the areas of GRC and SIEM technology, you are developing experience that has external market value that can serve as your parachute to new opportunity.
I will tell you (and others who are reading) that a big mistake for anyone going into a professional services environment or consulting environment is the illusions that you can limit your travel to less than 50% or that you can control the location of your future customers. The only exception to this would be is your consulting position enables you to do a bulk of your work remotely – like penetration testing.
The nature of the professional services business is client service. Clients dictate the engagements and they dictate the requirements. Your main value to your employer is your utilization and chargeability. In the end, if you are restricted in your ability to travel, and this is the only work where you can be utilized, you are placing yourself in an unsustainable situation, which will not end happily.
Getting back to your situation Willie, I think that your manager reaction is the real indicator of the company’s attitude about your request to reduce your travel. From what you have shared this is not a battle that you can win.
In the end, when accepting a new position it is essential that you understand all of the requirements that can effect your quality of life – commute, travel, compensation, work hours – and the personal sacrifices you are willing to undertake in order to perform the position requirements correctly.
Hope this helps,
August 2, 2011
The other day I learned that my information security program will be going through a reorganization.
The good news is that as a result, I am receiving increased responsibility, visibility and exposure. The bad news is that I am getting more work, more headaches, and I am not receiving any additional compensation.
Needless to say, I am angry.
I really like my employer, but I consistently fight battles with management and human resources about my compensation. Last year I received an “over market” increase (according to HR), which from my perspective was underwhelming, and did not reflect may contributions. When I brought them “data” about compensation, they dismissed it.
Here I am again. The pattern is repeating itself. I am planning on putting my thoughts down in writing, in a very direct letter to both may management and human resources, documenting and reflecting my feelings.
Do you approve of this approach?
Before you decide to put your thoughts down in paper or in an e-mail, you need to ask yourself, “How good of a writer am I?” By writing a note, your thoughts are going to be contained forever, and can always be referenced. If your note takes an angry tone, it can be viewed as a line in the sand to your current manager and employer, and it can force an action – which may or may not be worth the risk.
Personally, I believe that you should express your opinions verbally, in a meeting setting with both your manager and human resources present. I think that you should set the tone of the meeting, by first letting them know that you appreciate their recognition of your contributions, by providing you with additional responsibility.
Once this point is conveyed, you should let them know that your expectation would be that once your prove yourself in this new capacity, that you be compensated commensurate with others across the organization who hold the same titles and responsibility. During this meeting, you should ask your manager to establish specific metrics on how your performance will be evaluated. In front of HR, you should ask for a follow up meeting so that these can be reviewed, and set up a timetable for an initial review (6 months may be ample time). In these 6 months, you should work your butt off, to overachieve, to show them that they made the correct choice in giving you this opportunity.
By handling it this way, you are demonstrating maturity in your approach. It is a common mistake for people to ask for money once given an “opportunity”, but the fact is that the extra money is earned once you prove that you can perform at this newly elevated level.
When the review cycle comes around, one of two things will happen – you will either be happy with you new position and increase, or your will be polishing off your resume, looking for an employer that appreciates your experience and newly learned skills.
Hope this helps,
Lee and Mike
July 27, 2011
Dear Infosecleader Community:
For the past couple of years Mike and I have written about information security career topics and spoken about the importance of leadership, in all forms. One of the things that we have suggested in many of our posts, has been to find opportunities to demonstrate leadership outside of the work environment.
Recently, I have decided to follow my advice, and take a leadership role in the origination of a charity event that blends a number of things that I am passionate about: Children, Community, and Athletics.
For the past three years I have been playing in an over-35 fast pitch softball league, called MVP Softball, where I play on the Central Jersey Trees. About a year ago, we began discussing the concept of joining together and putting together a softball charity event that could benefit needy, local families and children in our community.
After agreeing on the idea, we began thinking about charities that we could support that could accomplish our mission. In the end, we decided upon two charities – the Monmouth County Challenger Leagues (Freehold and CYSP of Lincroft) and The Chariot Riders.
Here is a brief synopsis - The Challenger Sports Programs are designed to provide sports programs and activities for children who are both physically and mentally challenged. The local challenger programs participate in sports that include baseball, basketball, soccer, tennis, golf, and cheer leading.
The Chariot Riders program provides therapeutic horseback riding for physically and mentally challenged children and adults to improve the quality of their physical, emotional, mental and social well-being.
After selecting our charities, we partnered with a local volunteer organization named Play2Win Foundation, who has a mission statement that aligns with our event. Play2Win is a 5013c entity, and takes absolutely no money in administrative fees. They have been instrumental in providing us with the infrastructure and operational help to pull the event together.
The Event itself is titled the Extrainnings Classic. The event has 4 key components -
2) A Youth Skills Competition Called “The Baseball/Softball Olympics” – where children of all abilities, including the Challenger Athletes, will compete side by side in a series of baseball/softball skills challenges – in hitting, running, and throwing events. We received sponsorship from a local baseball facility to help with the operations and the coaching.
3) The Challenger Baseball Exhibition – both of the Challenger Leagues will participate in an hour long exhibition that showcases the abilities of these special athletes. The game will be the showcase of the event.
4) The Home Run Derby – where some of the leagues big hitters will test their skills in a “All-Star” Game style Home Run Derby - as a point of note – I have been installed as the morning line favorite.
The main purpose behind this blog entry is to ask for your help in supporting these events. Personally, I have made it a goal of mine to raise up to $5000 for the event – and the only way that I can accomplish this is with your support.
I would like to ask anyone who received some good, useful advice from the blog or from our research to help me support these great causes, and pledge a donation – per inning of the softball game. (Very similar to sponsoring someone per mile for a marathon or bicycle race)
$1 per inning = $100
$.50 per inning = $50
$.25 per inning = $25
$.10 per inning $10
My goal is to raise $2500 in contributions, and then I will write a matching check to the charities for any amount that is donated.
All donations are tax deductible to the fullest extent allowed by law – (disclaimer – I am not an accountant).
Donations can be made by clicking on my donation page on the Extrainnings Classic website, through either a CC or PayPal account. If you would prefer, you could always write a check to Play2Win Foundation, and mail it to my office at 36 West Main Street, Suite 302, Freehold NJ 07728.
I really appreciate any support that you can provide for these worthy charities, the families, and most importantly the children.
Thank you for listening,
Central Jersey Trees, 1st Base, #33
March 18, 2011
Mike and I want everyone to know that we are off to a very good start for the “Value of Certification Survey We are steadily approaching 750 responses, but we have lofty goals. The data that we have collected so far, the responses have been very interesting and eye-opening.
Again, the survey is independent and open to any and all information security professionals, at any stage of their infosec career. All opinions are welcomed – whether you hold information security certifications or do not.
We are hoping that our readers will continue to promote the survey to their peers, on their blogs, twitter feeds,podcast, and mailing lists – so that we can provide as much relevant data as possible, when we reveal the results around Black Hat.
Thanks for your continued support,
Lee and Mike
March 15, 2011
It appears that my work life and my home life have officially collided.
I am an information security professional by trade and have been working in my field for close to 8 years. I am also happily married, we have a daughter – and have a very good relationship with my spouse, who also has a career. I am a little further advanced in my career than my spouse is – however my spouse has more traditional education.
My issue is this, I have been offered an external opportunity that really moves me closer to my long term career goal as a CISO, and my spouse does not want me to take the job. The reason given is that my spouse believes that I will be required to work more hours, travel a little more (about 10%), and have more stress.
My spouse’s lack of support is a very big setback.
I know that the opportunity is not without downside risk, but it is the job that I need to advance my career and it is with a company that I feel very good about joining. The job does pay more money – but it does require more time and sacrifice. I do not think that this is a once in a lifetime opportunity –but I do believe it is a real career accelerator.
Can you help me convince my spouse to support my decision?
“Two Worlds Colliding”
This is the first time that we have been called on for some marriage therapy – so please understand that we do not claim to be experts in this area.
Our initial thought is very simple; it is much easier to find a good information security opportunity, than it is to find a good life partner/spouse.
This being said, I think that your question lies in the extent of sacrifice that you are willing to take to achieve your long term career goals. It is clear that you personally understand what is necessary to be successful in your career pursuits and are willing to go after them, however your spouse does not seem to share your willingness to sacrifice.
What you may or may not realize that in a committed relationsip, sacrifice is shared and collective.
One thing that you mentioned is that your spouse also has a career, and just like your career is valuable to you – your spouse’s career is valuable to them. Your spouse may think that the extra commitment that you have in your role, may detract from their ability to maximize their career goals and aspirations. It could also be that they feel that you will have additional responsibilities – and the burden of the home front will fall on their shoulders.
The problem that you are dealing with is a situation that many dual income families have to deal with, when they are balancing both of their careers and their parental and marital responsibilities.
The best advice that we can give you is to talk things through with your spouse and appeal to them on a very personal level and explain to them why the job is important and critical. You may also provide your spouse with some recourse if the job does change your home life, and commit that you will find another role if this new position affects your relationship with each other and your child.
In the end, if your spouse objects strongly, and provides you with logic that you can live with, then I would respect their opinion, and turn down the opportunity. However, before you do, you should ask your spouse to provide you with acceptable criteria that you can apply to a future job search.
This way, you will have their buy in and support from the beginning.
Hope this helps,
Mike and Lee
March 9, 2011
We recently wrote an article that is featured in the March issue of Information Security Magazine about developing a framework for success in your current Information Security position. The article points out 4 particular concepts that can be applied to any information security role – whether you are a CISO or you are in an entry level information security position.
Let us know what you think. Follow up questions can be answered on Career Advice Tuesday.
Lee and Mike