Career Advice Tuesday – “Three Experiences – One Resume”

January 10, 2012

Dear Infosecleaders:

I am embarking on a job search and I am looking for some help.  My first ten years of my information security career has placed me in some interesting environments – serving as a technical information security engineer, working as an information security professional services practice in the area of risk and compliance, and working as a pre-sales engineer for a large information security product vendor. 

The truth is, I have enjoyed all of these three roles, and I am interested in a wide variety of opportunities.  I feel that my experience and versatility is a good thing, and it allows me to investigate many different career paths.

The question that I have, relates to my resume.  Do you have any advice for me on how to craft my resume – to both illustrate my versatility and breadth of experience, and to accurately align my skills and qualifications simultaneously with different opportunities?

Sincerely,

Ralph Furley

 

Dear Mr. Furley:

Good for you for having three unique and successful career experiences at this point in your career.  I can only imagine that you have developed and maintained a set of skills that include technical expertise, customer skills, and persuasive communication and presentation skills.

If my assumption is accurate, you are correct that these skills are in high demand and will appeal to many diverse environments.    Since you will be applying to roles in these different types of environments – I will make two suggestions regarding your resume –

The first being that you can write three separate resumes – one tailored to internal information security engineering roles, one tailored to professional services/consulting opportunities, and one tailored to pre-sales opportunities.    If you decide to go this route, what I would do, would be to keep the qualifications of the position you are applying for in mind, as you create each resume and highlight the skills that you have acquired in your three different roles.    Ideally, each resume will have a “theme” to it, which will align with the specific role that you are attempting to pursue.

For example, if you apply for an internal technical information security position,  I would make sure that you make your bullets from your sales engineering role are technical in nature.  I would try to find a way to point out the depth of your technical skills in the context of that role.

The second option that you can have would be to utilize the same resume, but to write three unique objective statements that can align with the types of roles that you are applying for.   What I would do in each of these statements, would be to allude to the facts that your diverse experiences has provided you with unique perspectives on how information security problems are solved – from an internal perspective, from an external perspective, and with the aid of information security products.      By demonstrating these three different perspectives in the body of your resume, and associating your skills with each of your three roles, should create a consistent overall theme.

In closing, having three diverse experiences and perspectives as an information security professional is a very good thing, and provides you with a great foundation

The combination of a well-written resume, and an astute employer who can connect the dots, should provide you with access to many roles that could serve as a springboard to the next stage of your information security career.

Good luck in your job search,

Lee Kushner

Posted by lee | Filed Under Advice, Career Advice Tuesday, Planning, Position Selection, Resume, Skills | Comments Off 

CAT – Clearing Some Things Up – Advice and Predictions for 2012

January 3, 2012

Recently, I was cited in an article for Search Security , where I was asked about my opinions for the information security industry employment market for 2012 .   I will say that the author did not misquote me at all, however, upon reading the article I felt that it was necessary to clear up some things that I found inaccurate – and I wanted to make sure that the Infosecleaders.com audience knows exactly where I stand on the topics covered.

Here are my thoughts:

While I agree that Mobile Security is going to be an information security skill in demand, I do not believe it is the only skill that companies will look for in 2012.   Have no fear – companies will still have a high level of demand for knowledge in the areas of Cloud, GRC, SIEM, DLP, PCI, Software Security, Identity Management, and overall IT Risk Management.  In addition, while I do believe that it is a good idea to have a blend of technology and business skills, there is still a very strong market for information security professionals that have hard core technical skills – and that should never be forgotten or overlooked.  The technical information security professionals with developed knowledge and enterprise experience in securing networks, operating systems, applications and databases will do just fine as well.  Also, all of the penetration testers out there can sleep easy your skills will still be needed and remain in demand.
Below you will find my biggest objection – and probably the information that I find to be the most inaccurate.

Here are my disclaimers -

I would like to state that I do not personally know Mr. Snyder, nor have I had any dealings with him.  

I have read his securityrecruiter.com blog on a number of occasions, and I find his perspectives to be both unique and entertaining.

To my knowledge, Mr. Snyder and my firm do not compete within any of my recruitment customers, and although we are in the same profession and industry, our paths do not seem to cross, except when quoted in articles about information security careers.

As per the author of the Tech Target article – please find a quote from Mr. Snyder -

“When companies are using a search firm to fill a position, then they’re going to usually expect that a candidate’s going to have industry experience,” he said. “In other words, if it’s a bank, they want someone who’s coming out of a bank; if it’s a retailer, they want someone coming out of retail; and if somebody’s going after that job on their own, then the bar isn’t usually sent quite as high.”  – Jeff Snyder

The Accuracy

The main point of the quote is accurate.  When companies are looking to find information security leaders, independent of the source, they ideally would like to locate people who possess applicable industry knowledge.  This is generally one of the core criteria of an information security leadership or CISO level search.

Like Mr. Snyder points out – a retail organization would ideally like to hire an information security professional who understands the information security challenges that a retail business faces and who has experience solving those problems.   You can apply the same logic to industries that include health care, high technology, manufacturing, financial services, media and entertainment, and any other business.

The Inaccuracy -

Mr. Snyder’s quote infers that a company has more stringent requirements when they engage an executive search firm.   His statement that  ” …..if somebody’s going after that job on their own, then the bar isn’t usually sent quite as high.”  - can be interpreted in a way that leads information security professionals to believe that they can afford to be less qualified, if they decide to apply for positions on their own – and not through an executive search firm.

THIS IS DEAD WRONG

First of all, the decision to engage an executive search firm is generally based on a company’s desire to insure that they get access to a qualified candidate pool in a time efficient manner.  The business decision to engage a search firm is the same type of decision making methodology that can be applied to engaging a professional services firm to provide a service that the company does not believe that they can perform effectively with internal resources.  The budgets for engaging executive search firms either come from a general corporate budget or from a specific business unit who can justify the value and the return on investment for the cost associated with the search firm’s fee.    In addition, the amount of the search fee does not have any impact on the compensation offered to the candidate.

Mr. Snyder is correct in his inference, that when companies engage an executive search firm, they are expecting to get value for their dollars.  This will take the form of, industry intelligence, compensation data, a professionally managed recruitment process, and eventually the placement of a successful candidate to fill the duties of the information security leadership role.   In exchange for money, the companies are going to expect an executive recruitment firm to deliver a candidate who is going to match the key criteria that they have outlined for the position.

Just like anyone who pays for a service, companies who engage executive search firms have the right to have realistic expectations of competence and results when retaining them to help fill a position.  However, in my 15 years of experience, I have never witnessed a situation where a company that is committed to recruiting the correct information security leader, will agree to hire a less competent candidate, solely because they were introduced to them directly, and not through an executive search process.

In 2012, and in the future, completion for Information Security leadership roles is going to intensify,  Companies are going to continue set the bar high for finding the correct  talent match, no matter what method they select to recruit for these positions.  In addition, the more influence and importance that an information security role has to an organization, the more detailed the requirements will be and the more demanding the interview process.

To all current and aspiring information security leaders, for 2012, I am urging you to take a proactive approach to developing a career plan, honing your skills, investing in yourself, and make wise choices about selecting the right positions to help accomplish your career and life goals.

Happy and Healthy New Year,

Lee Kushner

 

 

 

Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Interviewing, Leadership, Recruiting, Security Industry, Skills, Uncategorized | 1 Comment 

Career Advice Tuesday – “Resume Hurdle”

September 27, 2011

Dear Infosecleaders:

I am writing to see if you can help me with a situation that seems to be haunting me as I look for a new job.

I have been working as an information security engineer for the past 10 years, mostly on long term contracts.  Each of my contract assignments for the past five years are through the same contracting firm.  During these past five years, I have supported over 8 different Fortune 500 customers, in the implementation of various security technologies ranging from IDS, Firewalls, SIEM, DLP, etc.  Each of the assignments have spanned from 4 months (shortest) to 16 months (longest).    On my resume, I outline each of these projects, listing the customer, the scope fo the project, the duration, and the impact of my efforts.  

Now that I am looking for a full time job, in my opinion my resume makes my employment look inconsistent, although I have been working for the same employer (contracting agency) for the past five years. 

Do you have any tips on what I can do to overcome this hurdle?

Signed,

Edwin Moses

 

Dear Edwin:

This may turn out to be our shortest response, but your answer is a simple one.

What you need to do is to create a resume entry, before the projects, demonstrating that you worked with the same company for the past five years.   (2-3 lines).  Underneath the employer and the date,, you should write a short term description about the company and the nature of your work as a security consultant servicing Fortune clients.

Your resume should read no different then a person who has worked as an information security consultant for for a large consultancy – like a Big X or a large systems integrator – with the exception of being able to demonstrate career progression or titles.

If you are able to place this experience under the larger umbrella, it will let employers know that you are both loyal and have a good deal of diverse information security experience.

That should lift some of your hurdles and help you in your transition.

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Interviewing, Resume, Skills | 1 Comment 

Career Advice Tuesday – “Adoro la seguridad de información (I Love InfoSec)”

September 20, 2011

Dear Infosecleaders:

I graduated college with a B.A. in Spanish. However, I find myself intrigued by the Information Security field as I love a challenge and I am a problem-solver with an analytical mind. I am looking into Master’s programs for IS, but I am worried about finding a job with a Master’s and no relevant IS experience upon graduating.

Can you please offer me any advice? I really see myself enjoying a career in IS.

Signed,

Quiero ser un pirata informático

 

Dear “Pirata”:

The best way to respond is that your professional career will most likely span between 30-40 years, so you have a long time to make the transition that you desire. At this point in your career, your decision to study Spanish in college as opposed to information security or computer science, should not be viewed as an impediment to your future career, in fact you should figure out how to utilize this knowledge as a future enhancement.

The first piece of advice I would like to give to you is to not go back to school to get a  Masters degree.  Instead, what I would suggest would be to either go back to school to take some technology related classes and look into an eduational program that will provide you with some first hand experience working in technololgy.   You should be able to take some of these clasess concurrently.    Simultaneously, you should attempt to find an entry level position – even part time – to do some computer related work, so that you can get some exposure and practical knowledge.  This can include roles like working in a computer lab, working third shift in a network or security operations center, or something of that sort.    Once you feel comfortable with a base line of knowledge, maybe in about 18 months – you can attempt to attain an information security certification – something that reflects your technical knowledge.    This will help provide you with some external branding as an information security professional.

Once this is completed, my advice to you is to combine your experiences – your newly created technical skills and your Spanish undergraduate degree.   Due to the growing Spanish population and the global economy, being able to communicate in Spanish (or any foreign language)  is a unique skill that will differentiate you from others.  In fact, it is likely that you will be more attractive to company’s doing business with Spanish speaking customers than more qualified information security professionals without ability to communciate.     When you begin to look for jobs, it is these companies and these geographies that you should focus your search.

I would not be surprised if you could find a company that would give you the opportuntiy to serve as a conduit between a technical information security function with any of their Spanish speaking business units.

In the end, please let us know if it is easier to teach a Spanish major information security, or an information security professional Spanish.

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday, Planning, Skills | Comments Off 

Career Advice Tuesday – “Fork In The Road”

August 30, 2011

Due to the Hurricane, we are publishing a Career Advice Tuesday that we wrote for Tech Target – and our monthly advice column.  Below you will find the unedited version of our column.

Dear InfoSec Leaders:

I am writing to you with the hope of getting some career advice. I am consultant for one of the leading security vendors’ GRC products. I help customers set up their compliance programs with the product as the backbone. It’s been about 4 years of doing this and I now feel it’s time for a change. My career goal is to become a CISO someday and want to work towards that. I have two very different job opportunities and would like your thoughts as to which one aligns well with my goals.

One is that of a Product Manager with the same vendor for the same product. The position will give me immense exposure to senior security management folks across customers. I will also help me gain understating of their GRC efforts and pain points. The other position is that of a Security Architect with a large retailer. This team has been recently formed in the organization and is doing some exciting stuff. This position could possibly give me exposure across different security areas beyond GRC. Both these positions have pros and cons, for e.g. I’m not sure if staying with a vendor is a good career move or is the other side of the table a better option.

As you can tell, I have a lot of questions and very few convincing answers. I’m not sure if I should specialize in the GRC space (via the vendor) or gain exposure to have a holistic view of security.

I’d appreciate any words of wisdom you can send my way.

Signed,

“Fork in the Road”

Dear Fork:

Please understand that before we start, the advice that we are giving is based exclusively on the information that you have provided to us in your note, and that we do not have any additional background.

Based on your career goal to become a CISO, we believe that it would best for you to leave the product arena and accept the job as an Information Security Architect with the large retailer that has been recently formed.   Our answer is based on the following reasons, that coincide with your long term career goal.

1)   The group is newly formed

When someone tells us this, the first thing that comes to my mind is opportunity.  Newly formed information security functions generally provide environments for information security professionals opportunities to leverage their current areas of expertise (in your case GRC) to develop broader skills in other areas.   The biggest mistake that many infosec pros make when entering into a organization in this state, is to limit their contributions to their “job description”, and opportunity like one the one that you described should provide you with  the framework  to push yourself to develop new areas of expertise, as opposed to limiting yourself to the world of GRC.

2)   Retail experience should be valuable in the future

Due to the importance of PCI, many retailers and e-tailers are placing increased emphasis and dedicating additional resources toward information security programs.   Currently, many retailers are not making past “retail” experience a job requirement, however this will most likely change in the next few years.  Having this industry knowledge as part of your skill matrix, could become a differentiating factor when looking at the next step in your career.

3)   Product Management is not a requirement to become a CISO
There is no doubt that working as a Product Manager will help you develop skills that could be advantageous as a CISO – included customer skills, presentation skills, sales skills, market knowledge, and subject matter expertise.   However, when making a transition toward a CISO career path, you will encounter people in the hiring process who will have built in prejudices against hiring candidates who come from the “Product/Vendor” side at a high entry point.   For you to make this direct transition, you are going to have to find yourself a forward thinking CISO who will value this experience, and believe that the skills as a Product Manager will directly translate to their environment.   Our belief is that if you remain as a Product Manager , you will eventually have to make the transition toward an internal infosec role, (in your case – architect) at some point in time, so why delay.   You have the opportunity in front of you, now is the time to determine if transitioning to corporate information security function is right for you.

Again, our advice is based exclusively on the information that you have provided from your note, and based on generalities.

If you would like to contact us directly via phone to discuss your particular circumstances we welcome you to do so.

Good luck in making your decision.

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday, Planning, Position Selection, Security Industry, Skills, Uncategorized | Comments Off 

Career Advice Tuesday – “Advice For Starting An Infosec Consultancy”

August 16, 2011

Dear Infosecleaders:

I hate to bring up what seems to be the elephant in the room within information security and penetration testing in particular, but how exactly are people getting the gigs doing this.  Personally, I have tons of training, 15+ years experience in the realm, business experience to match and every time I ask this question, nobody seems to want to answer/discuss it.

It is a known fact that the big companies (IBM, the Big X, large telcos,etc) sell it as a service to existing companies but there are A LOT of two-three man pen testing teams that seem to stay busy constantly. I understand that people don’t want to give out there client attraction methods and strategy but I have yet to see this topic covered. There has to be a lot of others with the necessary experience asking the same thing.

Anyway, just can’t seem to tackle the elephant in the room. Nobody wants to cover it. 

Thanks guys and unique blog for the infosec community.

Signed,

The ZooKeeper

 

Dear Zookeeper-

To be candid, I had to look at your question a number of times before I was able to formulate a response.  It is my interpretation that the crux of your question is, how do you begin your own information security consulting business – particularly in the field of penetration testing.  In addition, you would like to know why others are successful,  and why some (you) can’t seem to get off the ground.

First of all, I should start by telling you that all businesses are similar – and beginning a penetration testing consulting business is no different than starting any other services business – such as lawn care, pool service, or home painting.   When people decide to buy any service, they look for certain elements – experience, competency, price, and reliability.    Anyone who has been successful in beginning a small information security business has been able to personally demonstrate these qualities in their previous life, prior to forming their own company.  It is from this reputation and personal brand, that they are able to attract some of their initial customers, which provide them with experience and references, which they should be able to leverage into new business opportunities.

Another essential component of any business (and career) is the ability to sell and market ones services and one’s self.   It is this skill that often separates the successful from the remainder of the pack.  Selling ones talents and branding ones skills in the marketplace and information security is often overlooked as the key factor in determining success.   Many information security professionals have focused their professional development on their technical skills, but at the same time they have neglected to attempt to develop their business/sales/presentation skills.

Long and short, there are many technical “rock stars” that have failed on their own as business people, but once partnered with competent business people, have achieved great things.

I have learned over the years that business is about surrounding yourself with great people who compliment your strengths.  Maybe it would be best for you to find someone who can help “open some doors” and help sell your talents.  Or, maybe you need to reevaluate your assessment of your business skills, and try to honestly assess some of the obstacles that are standing in your way in getting your business off the ground.

Understand that it is easy to prove technical competency, but in the world of business, the proof of competency solely lies in the color of the ink – “red” or “black”.

In closing, our note does not mean to come across as harsh, but it is meant to be direct.

Hopefully some of this advice and insight helps, and your infosec consulting business will get off the ground soon.

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Security Industry, Skills, Uncategorized | Comments Off 

Career Advice Tuesday – “Should More Work Mean More Pay?”

August 2, 2011

Dear Infosecleaders:

The other day I learned that my information security program will be going through a reorganization. 

The good news is that as a result, I am receiving increased responsibility, visibility and exposure.  The bad news is that I am getting more work, more headaches, and I am not receiving any additional compensation.   

Needless to say, I am angry.

I really like my employer, but I consistently fight battles with management and human resources about my compensation.   Last year I received an “over market” increase (according to HR), which from my perspective was underwhelming, and did not reflect may contributions.    When I brought them “data” about compensation, they dismissed it.

Here I am again.  The pattern is repeating itself.   I am planning on putting my thoughts down in writing, in  a very direct letter to both may management and human resources, documenting and reflecting my feelings.

Do you approve of this approach?

Sincerely,

“Caesar Chavez”

 

Dear Caesar:

Before you decide to put your thoughts down in paper or in an e-mail, you need to ask yourself, “How good of a writer am I?”  By writing a note, your thoughts are going to be contained forever, and can always be referenced.  If your note takes an angry tone,  it can be viewed as a line in the sand to your current manager and employer, and it can force an action – which may or may not be worth the risk.

Personally, I believe that you should express your opinions verbally, in a meeting setting with both your manager and human resources present.  I think that you should set the tone of the meeting, by first letting them know that you appreciate their recognition of your contributions, by providing you with additional responsibility.

Once this point is conveyed, you should let them know that your expectation would be that once your prove yourself in this new capacity, that you be compensated commensurate with others across the organization who hold the same titles and responsibility.   During this meeting, you should ask your manager to establish specific metrics on how your performance will be evaluated.  In front of HR, you should ask for a follow up meeting so that these can be reviewed, and set up a timetable for an initial review (6 months may be ample time).  In these 6 months, you should work your butt off, to overachieve, to show them that they made the correct choice in giving you this opportunity.

By handling it this way, you are demonstrating maturity in your approach.  It is a common mistake for people to ask for money once given an “opportunity”, but the fact is that the extra money is earned once you prove that you can perform at this newly elevated level.

When the review cycle comes around, one of two things will happen – you will either be happy with you new position and increase, or your will be polishing off your resume, looking for an employer that appreciates your experience and newly learned skills.

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Advice, Career Advice Tuesday, Compensation, Personal, Security Industry, Skills | 1 Comment 

“Value of InfoSec Certification Survey” – Results Preview Featured in Dark Reading

July 28, 2011

Last year at RSA, we launched the “Value of Info Sec Certification” Survey.

A preview of the results are featured in today’s issue of Dark Reading, in an article by Kelly Jackson Higgins.

On Thursday, August 4th, at 1:45 PM PST,  as the first part of our Professional Development Workshop at Black Hat, we are going to announce the full results.

We were very happy to receive 1349 respondents to the survey, and from reviewing the background of the respondents we find it to be a very good sampling of the Information Security industry:

2/3 of the respondents have worked in information security for more than 6 years

25% of the respondents have worked in the industry for more than 12 years

1000 of our respondents either hold or have held an information security certification  (Yes, exactly 1000)

699 of the respondents hold or have held the CISSP  (667 current/ 32 no longer)

50% percent of the respondents earn 100K or more

35% have a long term career goal of becoming a CISO or CSO, an additional 10% aspire to be a CTO or CIO – (Competition should remain fierce for these roles!)

25% of the respondents said that they had a Written Career Plan – (which means that we are making progress)

These results are just the tip of the iceberg – you will have to come to our session at Black Hat if you want the full release.   Anyone who is not in attendance at the conference and would like a copy of the results after the conference, you can sign up at Infosecleaders – Research – shortly after the release.

A special thanks to all of those who participated.  Thanks for making this a great success.    Stay tuned for our next industry survey!

Regards,

Lee and Mike

 

Posted by lee | Filed Under Behavior, Planning, Resume, Security Industry, Skills, Survey | 2 Comments 

Career Advice Tuesday – “Black Hat Preview – Professional Development Workshop”

July 26, 2011

For today’s Career Advice Tuesday – we wanted to share a more detailed look at our Black Hat Professional Development workshop.  The workshop will take place on Thursday afternoon – from 1:45 – 6:00PM.    Anyone in attendance can come to either any individual session or stay for the whole program.

If you are at Black Hat, please come by and introduce yourselves.

 

InfoSec 2001 – A Career Odyssey

The Professional Development workshop is a half-day program that is designed to inspire the Black Hat attendee to think about their career as an information security professional and assist them in their journey towards the achievement of their long term career goals.

The Professional Development workshop will be divided into five (5) unique information security career topics that will be linked by a common theme – Skill Development and Differentiation.

The program will consist of the following:

1)    “The Value of Information Security Certifications Survey” – Research Revealed – 1350 information security professionals responded to an independent survey on the topic – the research will be revealed

2)   “Second Place Sucks” – A presentation geared toward differentiating yourself from your peers (and your competition)

3)   The Information Security Leader of The Future” -  a presentation that will outline the skills that employers are looking for when identifying and selecting their information security leaders.

4)   “The Other Side of The Desk” – a panel that will explore the different attitudes and beliefs by job applicant and employer during the interview process

5)   “Future Predictions” and “Career Advice Tuesday- Live” – Future trends will be discussed and explored – and attendees will have the opportunity to ask questions about infosec related career topics

The workshop is designed as an interactive forum that should inspire some shared thought and debate between audience members and the presenters.

Attendees should understand that they can elect to either participate in the entire workshop, or to pick and choose from select sessions that have a particular interest to them.


Session Previews:

Session 1  – 1:45 – 3:00

“The Value of Information Security Certifications Survey”

Presenters – Mike Murray and Lee Kushner – Infosecleaders.com  

In February of 2011, Infosecleaders.com launched an independent survey on the value of information security certifications.   The value of InfoSec certifications is a highly debated topic in the industry, and this is the first independent survey that asks questions to information security professionals (certified or not) – their opinions on topics that include – the motivations for certifications, the impression of the certification bodies, the value of skills vs. certifications, and certifications effect on employment.  With over 1350 respondents, the results should be revealing and eye-opening.

Second Place Sucks -

Presenter – Mike Murray

So, if certifications are no longer the magic bullet to get you to your career goals, then what is.  The topic of strategic career investments and personal branding will be the focus of this presentation.  The presentation will be spent on how you can plan and execute on career investment strategies that will enable you to differentiate from your peers and successfully compete for promotions and external information security leadership opportunities.

(15 minute break)

Session 2 – 3:15 – 4:45PM

3:15 – 3:45PM

“The Information Security Leader of the Future” –

Presenter – Lee Kushner

The skills for information security leaders are changing quite rapidly.  As many companies are aligning information security with their core business and branding, information security professionals will need to evolve as well.  The presentation will break down the core skill components of what information security professional will need to acquire and demonstrate to be considered for leadership roles in the future.

 

3:45PM – 4:45PM

The Other Side of the Desk – Different Perspectives on the Interview Process

Moderator – Mike Murray

Candidate Perspective – Lee Kushner

Hiring Managers Perspective –    

Bill Phelps, Executive Director Accenture  

Justin Somaini, CISO at Yahoo!

Abstract:

There are two parties involved in every interview process, the information security professional (the applicant) and the hiring manager (the decision maker).   While in essence, both parties ultimately desire the same outcome, their motivations lie in different places.   This portion of the presentation will present to the audience the perspective of the candidate and the perspective of the hiring manager, in a way that will educate both parties and enable them to social engineer the interview process, to work to their personal advantage.

Bill Phelps:

Bill Phelps is an Executive Director in Accenture’s security practice, and has spent the past 25 years in technology services.  In the past decade, Bill has been a practice leader, company founder, board member and trusted advisor helping organizations with complex management and technology challenges in the areas of information security, data center transformation and technology strategy.     Bill currently has overall responsibility for Accenture’s security business in North America.  Bill is aggressively growing Accenture’s security team, and plans to hire over security 200 professionals in the coming year.

Justin Somaini:

Justin Somaini is the Chief Information Security Officer at Yahoo! where he’s responsible for all aspects of Yahoo!’s Information Security strategy.  With over 15 years of Information Security experience he’s seen as a leader in industry by promoting an evolution of the security and risk management models.  Through his public speaking and industry involvement he’s given extensive talks and interviews on the threat landscape, public policy, security management and risk management.  Prior to joining Yahoo!, Justin was the CISO at Symantec.  Justin has also held security leadership roles at VeriSign, Charles Schwab and PricewaterhouseCoopers LLP.

4:45 – 6:00PM

Predictions for the Future and Career Advice Tuesday – “Live”

Presenters – Lee Kushner and Mike Murray

The employment market is dramatically changing – and the closing session will begin with information security employment predictions (based on experience and research) for the next ten years.  Once completed, this will be followed by a version of “Career Advice Tuesday” – “Live”.   All attendees can have their personal information security career questions answered in an open forum.   Topics will include skill development, compensation negotiation, career investments, career planning, and anything else you want to ask about your Information Security Career.

Posted by lee | Filed Under "The Other Side of The Desk", Advice, Behavior, Branding, Career Advice Tuesday, Compensation, Interviewing, Networking, Planning, Position Selection, Presentation, Recruiting, Resume, Security Industry, Skills, Survey, Uncategorized | 1 Comment 

Career Opportuntiy For Aspiring InfoSec Leader – NY City

July 14, 2011

There is a good deal of discussion on this site about the lack of good “entry” level opportunities in the information security professional.   Recently, we were just engaged on a role that I think would be excellent for a “Future Infomration Security Leader” – who may be long on passion, but short on experience.

The role has all the elements for career development and success -fair compensation,  training budget, education assistance (which is getting more rare nowadays), good benefits, and a stable/socially responsible organization.

In addition, I know the CISO for about a decade, he is a class act, down to earth, and is committed to developing his people.

Below, you will find the description.

New York City – Midtown –    

The person that I am looking for would have about 2-4 years of work experience, and have an appetite for learning.  Ideally they would come from a technical background – in either security,consulting, systems administration, development, etc – but have a real passion for information security – and be open to learning/operating – information security tools (DLP, Vuln Management, Encryption, etc.)  – and have a desire to eventually learn more about risk assessment, risk management, governance and compliance.

Compensation is fair – about 75-90K with a small bonus.  No Travel.

 10K annually in tuition reimbursement – for undergrad or masters.  Very good healthcare benefits.

CISO will support one major training/conference a year – SANS/BH etc, and anything local to NY (OWASP/ISSA/CitySec)  Vendor/Product training as well.

If anyone, who meets these qualifications and currently lives in commuting distance of mid-town NYC, is interested, please e-mail our office = lee@ljkushner.com with  NY Security Position – in the subject line.

Anyone whose resume reflects the qualifications contained in the e-mail, will be contacted within 2 business days of receipt – by either me or one of my Senior Information Security recruitment professionals.

Posted by lee | Filed Under Recruiting, Skills | 1 Comment 

« Previous PageNext Page »