Career Advice Tuesday – “First Time Job Changer Seeks Advice”
January 26, 2010
Dear Infosecleaders:
I am hoping for some guidance on how to approach my first professional information security job change. First, here is some background – I was recruited out of college to go work for the security consulting practice of a Big X firm. I have spent the past three years working on many different clients and some pretty interesting projects. In addition to developing some of my technical skills – assessments, forensics, network design – I have also developed some good skills in the area of project management (rudimentary), client presentations, written communication (we write a lot of reports) and verbal communications.
I will say that the Big X experience has been good for me, but I have determined that my long term career goal lies in working in an internal security program, actually doing secruity work, as opposed to selling it.
My concern about pursuing a corporate information security career is based on the fact that I fear that a corporate environment may limit my professional growth. I want to make sure that if I move to a corporate info sec function that I do not get boxed in to performing one task, as opposed to the diversity of challenges that I have experienced in consulting.
Can you help me try to avoid making this mistake?
Signed,
“First Time Job Changer”
Dear “First Timer”:
I believe that for many people the first job change is the most difficult and the one that causes information security professionals the greatest apprehension. The main reason is that you are choosing to give up the safety and “security” of a position that you enjoy, for the unknown.
I guess that the best thing that I can tell you is that you should not worry if your new job does not work out. Here are a few reasons why: from what you described, you have developed a good skill foundation that will be valued by other companies (both consulting and corporate), you represent good value (the Big X develops great talent but they pay relatively poorly at junior levels), and you have three years of experience with one respected employer (even if the next job only last 6 months, you would not be labeled a job hopper – it will be viewed as simply a mistake). Hopefully, this will make you breathe a bit easier.
The best way to avoid being “pigeon holed” by your next employer is to make sure that you identify components of the employer that will lend to your professional development and skill diversification. It will be your responsibility to figure this out in the interview process.
Do not expect the interviewers to willfully divulge this information, you are going to have to make sure that you ask probing questions to get the answers to help you arrive at your conclusion.
The first thing that I would find is an employer where information security is a key component of their business strategy. Generally speaking, the more serious an employer takes security, the better it is for the information security professional. This can be demonstrated by asking questions during your interview about current security initiatives, training budgets, and tools.
The next thing that I would look for would be a company that is either looking to formally develop an information security function or a company that is looking to upgrade their information security posture. If you can find a company that is building something new, or trying to fix something that is broken – there will be opportunity for you to use more of your skills and take on more responsibility. Conversely, if you find a company that has a well developed program, they will most likely be relying on you for one specific skill that you possess. Generally, this is not a bad thing, but for the sake of your question I would avoid these companies.
The last thing that I would look for would be a company that has smart people that you can learn from and emulate. I would ask your interviewers about their backgrounds, why they enjoy working at the company, and their attitude toward sharing information security knowledge. You can also see if they are willing to share any stories during the interview about current (or past) information security employees career development. If you can find an environment where you can learn from talented, experienced information security professionals who are willing to share their knowledge with you, it should accelerate your professional development (just like it did in the Big X firm).
After you formal interview is complete, you should do some digging on your own. You should reach out to your network to see if you can attain a credible, unfiltered, and unbiased account of what it is like to work at the new company.
In closing, the best advice that I can give you (and all first time job changers) is do not be afraid to take a chance. Many first time job changers look for guarantees (that do not exist) and often reject well suited career opportunities because they want everything spelled out to them during the interview process.
Whenever you do arrive at your decision to switch positions, make the most of your new opportunity!
Go with your gut. Trust your instincts. Don’t look back.
Hope this helps and best of luck,
Mike and Lee
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Career Advice Tuesday – “Aspiring CISO”
January 19, 2010
Dear Infosecleaders:
I have gone through your blog, its fascinating advice you have given to others queries.
Am seeking your opinion and help on getting where i really want to go…
My Aim: To be a CISO / CIO.
My Professional Background: Was into BCP / DRP kind of projects most of the time. Little exposure to Information Security.
Education: Commerce, MBA, CISA, now pursing CISM.
Strengths: Creative, Learning, Fascinated towards security loopholes, judgemental, and a good devils advocate.
Weaknesses: Not a tech pro, but can grasp and understand. No exposure to practical side of networks, applications, admin, etc.
With the given details, could you guide me and help me as to how I can achieve my goal. Without practical exposure to tech side, how feasible is to get such role, if not feasible, then what are the area of improvement and other workarounds if any… 
Regards,
The Aspirant
Dear “Aspiring CISO”:
Before we get into the meat of your question, I want to start out by saying that you have the ability to accomplish any goal that you can set your mind to, if you are willing to put in the hard work in order to achieve it.
It is great that you aspire to be a CISO, if you have goals, they should be big ones. In addition, I think that it is very important that you have identified your strengths and your weaknesses. The main weakness that you state is the “lack of exposure to the practical side of technology,” which can be a huge obstacle. There are some CISO positions that will deemphasize your degree of technical skill, but I would say that having some technical competency will be required to successfully interact with the Senior technical stakeholders and inspire confidence in your leadership from your technically focused direct reports.
The best thing about accurately defining your weakness is that you have the ability to do something about it. This can be done either formally (through education/training) or informally (through reading, webinars, conferences, etc). I would begin this process by identifying a few key areas that both interest you and that are considered important to the role of CISO. Set a goal to learn as much as you can about these topics in first a six month period, then a year. As you learn more about these topics, begin to volunteer your insight to security related projects in your current position, where you feel comfortable and confident that your opinion would have meaning and potential impact. If you can do this, you will find that you will be developing some practical experience, outside your regular responsibilities. Due to the background that you have (MBA, CISA, expected CISM) and your “fascination towards security loopholes,” I believe that you will be convincing enough to create this opportunity for yourself.
If you are able to pull this off, you should be able to create some good momentum for yourself when you have the chance to interview for a CISO role.
When you do eventually begin to search for this type of opportunity I would provide the following guidance. The first would be to find an organization that will emphasize your non technical strengths as more key component of their CISO position. The second would be to make sure that you can effectively compete with anyone else who possesses similar skills. The reasoning for this is that if you find an organization that relies on technology for their CISO role, you will be quickly dismissed based upon your degree of technical experience. In addition, when you are competing for your CISO role (and believe me there will be a great deal of competition), you want to make sure that you come out on top in any candidate comparison, when it comes to your less technical security skills ( policy, compliance, governance, risk, management, etc.) or the intangible skills that you would define as your strengths. In closing, in addition to developing your weakness, make sure that you spend additional time enhancing your competencies.
Beauty is in the eye of the beholder, and there are many skills that comprise effective CISO’s. You just need to find someone who thinks that your are beautiful – and the right person for their CISO role.
Keep following your dreams and pursuing your goal!
Hope this helps,
Lee and Mike
Building Your Personal Brand
October 14, 2009
We talk a lot about personal branding – this month’s SearchSecurity column focuses on the things that you need to do to build and improve your personal brand.
As always, feel free to ask us any questions you have about personal branding.
Also: we’re going to be doing a special question and answer session in our SearchSecurity column next month: if you want to end up in the column, feel free to mail the editors.
Career Advice Tuesday – “Maintaining That “New Job” Feeling”
September 15, 2009
Dear Mike and Lee:
Near the beginning of the year I graduated from ITT Tech with a degree in information security (4.0 GPA!) and last month just started a new job doing information security monitoring for a university. So far I absolutely love my job with the new skills I’m picking up and the challenge of the problems I’m being asked to solve. Every job I’ve had previous to this one got stagnant very quickly, what can I do to keep the enthusiasm I currently feel for this job going a year from now or five? Right now I look forward to going into work the next day, what can someone do to keep from losing that as they get settled into a position? Also, do you have any other tips for someone right after they land that great job?
Signed,
“Freshness Guaranteed?”
Dear “Freshness Guaranteed?” :
It is very nice to hear from someone that is so excited about their current (new) role.
Nothing can compare to the excitement that one gets when beginning a new role. This especially holds true for someone who has just completed a degree program, where your career investment has been rewarded and has resulted in a new opportunity that will utilize the skills that you have developed. The challenge of keeping a job ”fresh” is one that everyone faces, especially after routine sets in, and the initial “shine” wears off.
The best way to keep a job fresh is by keeping yourself challenged and motivated. Keep looking for ways to add value, learn more, and be needed. I would advise you to work on building relationships with other members of your company, and try to volunteer yourself on projects where you can be of assistance. If you are successful in doing this, you will always have several new “mini-jobs” within the context of your main role.
Keep in mind, five weeks and five years are two entire different time periods. Look at your role in four month increments, and make sure that you are continuing to learn new things and acquire more skills. If two consecutive four (4) month periods pass, and you have not grown professionally – it may be time to look for something that will inspire the same feelings you currently possess.
Let me close by saying that if you have a strong passion for what you do, you will always feel fulfilled in your career. Generally speaking, the more passion you have – the less your job will feel like work.
Hope this helps,
Lee and Mike
Career Advice Tuesday – “It’s Tough Being A One Man Show”
September 1, 2009
Dear Mike and Lee:
I have been in various roles as an IT pro for 12 years or so. The last 3 years have been in management roles both in Operations & Security more recently. Being a one man show building a security organization it’s not very difficult to stay technically engaged but as the team grows, or as I move on to work for other companies and larger teams, what advice do you have for keeping your hands in tech as much as you can? I’m pretty well headed down the management track but I think we all need to keep our heads out of the clouds when we manage technical teams. What advice do you guys have for staying in touch with the guys in the trenches & touching the tech without falling short on your leadership role?
Signed – “One Man Show”
Dear “One Man Show”:
You are correct in your statement that being a one man show is no easy task for any information security professional. Many information security professionals in your situation get caught up in the breadth of responsibilities of their current position and neglect the development of specific skills that will differentiate them in the market. Since you are functioning as a team of one – you will appear to lack people management skills (due to size), and if you choose to let your technical skills lapse – you may have a hard time proving your value to external employers if your skills are deficient in both areas.
In a competitive situation - you will most likely always be out shined by people with greater management experience, and you will lose out to engineers and architects who have not had the responsibilities of management.
Fear not – all is not lost. The technically competent manager is always in great demand. Companies always believe that they can develop managers, but it is mostly the information security professionals responsibility to keep their technical skills sharp.
If you have ever heard me speak, one of my favorite lines is that “In thirteen years of recruiting information security professionals, I have never received interview feedback that one of my candidates had too much technical competency.” (Which is true!)
Although remaining technically sharp is essential to an information security professional’s long term career success., it is not easy and requires extra effort. As your position leads you into other areas, you have to remain conscious about the depth of your technical skills, and make sure that you allocate proper time and training to maintain them. There are many information security professionals that have neglected these skills, and are now no longer relevant, because the industry has surpassed them.
Keeping yourself technically sharp is difficult. It takes extra time and takes extra effort. However, if you are able to stay on top of the current technical trends and industry developments, it will enhance your credentials as a manager and a leader.
It is possible to become overwhelmed by amount of technical challenges that we face as information security professionals. If it helps, focus your efforts and education on two or three topics that have an interest to you, are important to your current role, and are recognized by the information security industry as a whole as “growing trends.” Some technical areas that I see emerging are “cloud computing,” the technical aspects of PCI, security event management, and green computing.
Try to leverage and direct the responsibilities of your current role so that it requires you to become more educated on these topics, therefore more marketable and relevant. This approach may enable you to allocate your time better – and “kill two birds with one stone.”
It is never easy being a “one man show,” but at least you get to make all the decisions!
Hope this helps,
Lee and Mike
Career Advice Tuesday – Does The InfoSec Profession Give Second Chances
August 11, 2009
Dear Mike and Lee:
I have not been able to get what I feel is full/good advice in my attempt to enter the Infosec career. I have a felony record here in the US. The crime was when I was younger and I have since(11years now) proven that I have changed my ways and that the whole issue actually helped me get on the straight and narrow.
My question is: Can a person in my situation expect to enter and survive in an Infosec career? I was reading a book titled “Infosec Career Hacking”. It said, if you have a felony record, you can forget a career in this field. That was not a direct quote but the point clearly stated the same thought. Is this true?
I have worked my way up the IT ladder and currently fill an Enterprise Architect position for a government contractor on a government contract. I have not achieved the clearance that I need yet. I do have a chance to voice my opinion on security issues in my current role, but I would like security to be a main focus for me. Do you have any insight into this?
Signed,
Changed Man
Dear “Changed Man”:
You are definitely facing an uphill battle.
First of all, I think that blanket statements are bad – and I do believe that it is possible to get a career in information security even if you have a criminal record. I have seen it done before and have worked with a few candidates that have had to overcome this obstacle.
In order to accomplish this, you are going to require a combination of candor, excellent skills, reformed character , open-minded hiring managers, and some old fashioned “good luck”.
I am not saying that it will be easy, but it is definitely possible. I also believe that you may find more acceptance in the commercial/corporate world, then you would find in the public sector (Government roles).
Here are some guidelines for you to consider:
1) Full Disclosure – Make sure during the initial part of the interview process, you reveal that you have a felony. No matter how embarrassing, tell them what happened, what you learned, and how your reformed.
Many people believe that a past transgression alone will disqualify them for a position, and choose not to reveal that to the hiring party. That is the worst possible thing that you can do! More people lose opportunity due to the “cover-up” as opposed to the offense.
It turns out that many people have open minds and are willing to forgive past transgressions. When you choose not to tackle this type of situation head on and address it, you appear to be dishonest and deceitful, which are not positive attributes for any Information Security professional.
2) Demonstrate Examples From The Past 11 Years That Enforce Your Character – I would give examples of how you have given back, made restitution, and changed your life to reflect the code of ethics required to be an Information Security Professional. This is critical. It is one thing to say that you have reformed, it is another thing to have proven it with tangible examples.
One of the best ways to do this is to volunteer your time – either at schools or public gatherings, and help educate others on computer security. You can speak about relevant topics that could include on-line safety, protecting your personal information, or the negative consequences of hacking.
3) Outshine Your Competition – Because of this felony, you will have to be that much better than your competition – so make sure you blow them away during the interview. This is essential, since you enter the interview process in a less than enviable position.
As we learn by examples in society, people with special talent usually receive some preferential treatment, and are more likely to receive the “benefit of the doubt.” (I am not saying I agree with this, but it happens to be the case.)
Make sure that your talent is indeed special. Become great at something and develop expertise that can demonstrate your value to your employer. If you indeed are exceptional, chances are they may become a stronger advocate of your hiring, and you may be more than likely to overcome this obstacle.
I wish you well in your pursuits and appreciate your bravery by asking this question. I do not believe that your situation is unique in the Information Security profession.
I hope that your future employers have the ability to see the “changed man” in front of them, and not the “foolish teenager” of 11 years prior.
Good luck to you.
Mike and Lee
Career Advice Tuesday- When The Economy Negatively Impacts Your “Good Job”
July 21, 2009
Dear Lee and Mike:
The ongoing hardships caused by this lovely economy have now really
started to impact our company culture. Things are now quite strained.
We’re not getting any raises, no empty positions are being filled,
everyone’s doing extra work, training budget has been killed off. In
short, it’s getting fairly grim.
In spite of it all, I’d honestly like to stay at this job. I
strongly believe in our mission, and I’m friends with most of the
coworkers, but things are souring… what can I do to re-sweeten
things? Or am I simply holding onto past glories?
Signed, Conflicted
Dear Conflicted:
Let me start by saying that you are not alone. Many of your peers are experiencing some of the same things due to economic issues. The loss of corporate revenue has negatively impacted training budgets, technology advancements, raises, and bonuses across the board. Unfortunately, as professionals we have grown a bit accustomed to the perks attached to our position. When employers begin to tighten the purse strings are we are asked to share in the burden, it becomes a bit uncomfortable.
From what you have described it appears that you particularly have a couple of good things going for you:
1) Although you are currently experiencing some short term discomfort, it appears that your company has a track record in the past for “doing the right thing” by making solid investments in the Information Security program and the staff.
2) It also appears that some of the core values that relate to your situation remain intact. You believe in what the company is doing, you have solid peer relationships, and my guess is that you are well thought of, and your opinions are well respected. All of these things are positive.
My advice to you (and your peers) is to give your current employer the benefit of the doubt, in the near term, and utilize this as an opportunity to attempt to creatively solve your problems and build your personal brand.
Here are a couple of examples :
When a department is understaffed, and are not adding new personnel, there is usually an opportunity for work that is outside of your traditional comfort zone. Try to volunteer for some of this newer work, so that you can develop a new skill or perfect an existing one. If you can utilize this opportunity to build more skills, your future value and marketability will increase, whether you choose to remain at your current employer or move on.
Regarding training, I believe this is when you need to utilize your creativity to continue receiving training but at a lesser cost. This is the time that you can get together with your team and figure out some solutions and present them together to management. Remember, there is always strength in numbers, and you may achieve a greater impact if you address this with your manager in collective fashion.
Here are some suggestions that may provide a lower cost option to training:
1) Build an Info Sec Library – Ask your employer if they will reimburse the purchase of information security related books, that can be kept as a corporate reference guide.
2) Volume Discounts – Call up some of the traditional training programs and conferences and ask for volume discounts. These folks are in business too, and they may be flexible. They are facing some of the same economic issues.
3) Invite Guest Speakers – Many people in Information Security like to share their knowledge. Create a guest speaker program where you can bring in an external speaker (you may have to cover some travel expense and meal) once a month, to address a specific topic.
Unfortunately, I do not have any solutions for bonuses or raises. If money is the main motivator, you may be forced to begin looking for a new role.
In closing, I believe that you will benefit for exhibiting a little bit of patience with your current employer. However, if things do not change in three – six months, and you are still having the same feelings, you may have to begin looking elsewhere.
Hope this helps.
Lee and Mike
Selecting a Recruiter – Follow Up
July 16, 2009
Last week, I posted some guidelines about selecting a recruiter, and I wanted to add to that post. I have recently spoken with a number of Information Security leaders that have told me that they have been told about opportunities, but that the recruiter would not reveal the name of the employer.
There is not any excuse for a reputable recruiter to operate in this manner. I would challenge anyone to come up with a reason, that this practice would be beneficial to you, as a candidate for an Information Security opportunity.
My advice would be to steer clear of any recruiter or recruitment firm that utilizes these practices.
Here are my reasons:
1) Trust : The recruiter/candidate relationship is based on trust and professionalism. If a recruiter can not even reveal the name of their client, it simply means that they do not trust you with this information. What they are really saying is, “If I tell you who my client is, you may send them your resume by yourself and cut me out of the picture.”
Conversely, you are supposed to trust them with your career.
Something here just is not right.
2) Authorization:The recruiter might not even have a working agreement with the client or be authorized to present candidates. Since many jobs are posted on the internet, recruiters have access to these job descriptions, and search for profiles that appear to fit. It is a common practice for recruitment firms’ to “market candidates” in the hopes of gaining a formal recruitment agreement with a new client. As a the owner of a business I do not begrudge anyone from trying to build new client relationships, however as an information security professional I would prefer that my career not be a guinea pig for someone else’s business development experiment.
3) Control – If your recruiter does not reveal who their client is, you have basically given them permission to send your resume to anywhere that they deem fit. By allowing someone to “wallpaper” the world with your resume, you will most likely waste significant time interviewing for opportunities that could benefit the recruiter, but have no benefit to you. The surrendering of control over the distribution of your resume, could lead to ……
4) Exposure - When anyone is more interested in quantity, and opposed to quality, details sometimes get overlooked. In this case, the detail may include having your resume sent to your current employer (unfortunately I am not making this up) or people with big mouths (who will notify your current employer)
Use your imagination to consider all of the potential consequences of this.
5) First Impression - If more than one recruitment firm submits your resume to a particular opportunity it makes you look unorganized in the eyes of the prospective employer. Your recruitment process is the first window into how you operate and communicate. Failure to properly manage this process is not the first impression you want to make on a new employer.
When speaking with a recruiter, you need to demand transparency to insure that you understand which company you are applying to and where your resume is being sent. You should also verbalize with your recruiter that you resume should not be sent to any third party without your consent and knowledge.
Your career is important, make sure that you use good judgement in whom you trust it to.
InfoSec Leaders on PaulDotCom Tonight
July 9, 2009
Have to say that we are quite excited about our appearance on PaulDotCom this evening beginning at 7:00PM EDT.
The topics that we will be discussing will be:
1) Breaking In To The Security Profession – We have received many questions from Future Information Security Leaders about how to go about getting their first security role and making information security a larger part of their current responsibilities. We will answer these questions and provide guidance on “what to do” and more importantly “what not to do” to help land your first role.
2) Hitting the technical glass ceiling - Many information security professionals have selected a career path, where they would like to remain focused on delivering technical information security solutions. Unfortunately many organizations cap pay and career growth for these individuals. We will talk about the reality of this situation, how to build additional skills that will compliment a technical career path, and how to recognize which organizations are best suited for you.
3) Career Incident Response - Information Security professionals are not immune to the effects of the economy and unfortunately many have fallen victim to a “career incident.” We will provide an overview of our Career Incident Response Podcast Series, and provide an overview of how to best deal with a “Career Incident.”
4) We will also be previewing our 1/2 day DefCon presentation/seminar – “Effective Information Security Career Planning”
Hope that you tune in.
Lee and Mike
Career Advice Tuesday: Working in the US for Canadians
June 30, 2009
Hi Lee and Mike,
I am an Information Security professional with over 10 years of experience. I have heard about the TN-1 visa which allows for Canadians to work in the U.S. Can you put me in touch with recruiters in the U.S. who specialize in placing Canadians in U.S. companies and are familiar with the TN-1 visa process?
Thank you,
Looking to Expatriate
Hi Future Expat,
Mike here – I’m taking lead on this one, as this is a subject that is near and dear to my heart, being a Canadian and having been in the USA on nearly every visa classification allowable. Neither of us is a lawyer, and you should have legal counsel when dealing with these issues, but I’ll give the layman’s interpretation.
Let’s start with the basics. The US government has a non-immigrant visa program that allows US companies to hire workers that have skills that they can’t find in the USA. The goal of the program is to allow people who have qualifications that can’t be matched by an American citizen to come to the US and work in their chosen field.
There are two programs: the original, normal visa program, and the special programs available to Canadian and Mexican citizens under NAFTA. I’ll give an overview of each category that is relevant to the information security pro:
1. H-1B – This is the most popular visa for non-immigrant workers from any company. The H-1B requires that the company offers the job to a US citizen (usually through public postings in classified ads and the like), that they pay the worker a “competitive wage”. The visa is valid for 3 year terms, renewable once – after six years, a visa holder either has to return to their original company or apply for immigrant (i.e. Green Card) status. Note that the H-1B is the only “transferable” visa – you can switch companies on an H-1B, unlike the other two visa categories I’ll mention.
2. L-1A – This is an “intracompany transfer” visa. If you work for a multi-national company, you can transfer from the foreign division of the company to the US version. Note that this visa is not transferable, so once you’re in the US, you can’t then change companies. However, this is a “dual-intent” visa like the H-1B – once in the US on an L-1A, you are able to apply for immigrant status.
3. TN – The TN is a visa category available to Canadian and Mexican citizens under NAFTA. It was originally a one-year renewable visa, but has been expanded to three years (to the utter relief of all TN visa holders). The Visa isn’t transferable, so you have to apply for a new one each time you join a new company. This can be a pretty intense experience – I have had a border guard yell and taunt me for being “stupid” because my lawyer used the wrong job title in one paragraph of my letter.
Unlike the H-1B and L-1A, the application criteria for TN visas are very narrow – it is not enough to prove that the hiring company needs you, but that you fit in a particular “category” for the visa. The three that usually apply to information security professionals are:
- Software Systems Analyst – requires a 4-year degree in software engineering or computer science. The job category requires that you will work in direct support of a computer and software system. This is easiest to fit if your job is likely to involve application security or application penetration testing.
- Software Engineer – requires a 4-year degree in software engineering or computer science. Related experience may or may not be considered, but the job description needs to be tailored to show how the job is related to software engineering.
- Scientific Technologist – For those that don’t have a degree in computer science, the Scientific Technologist is the only option. Unfortunately, it’s an ugly category – it requires that the applicant will be working in direct support of a professional engineer and learning the disciplines of engineering. If your boss doesn’t have a formal degree in engineering, this one won’t work.
The TN is unlike the other two visas in that it is a “single intent” visa – you have to maintain proof that you intend to return to Canada at the conclusion of your visa. This usually involves having a permanent mailing address in Canada, a bank account, etc. While this may not seem like an issue, it’s worth noting – as someone who fell in love with an American, being on a TN would have kept us from getting married as it would have caused the TN to be invalid (we solved that by getting married while we worked in Canada for a couple of years, and getting the green card once we came back).
As far as recruiters, you don’t need one who specializes. Any recruiter who has been around for a while has dealt with the process for a candidate – I’ve had two different well-known infosec recruiters (Lee is one) deal with my TN process over the years. And most companies don’t care: in the 10 years I’ve been in the industry, I have had only a single company decide that they didn’t want to deal with the visa process, and that was because they had multiple qualified candidates. If you’re qualified for the job and you’re a great fit, the visa process is a very simple and relatively inexpensive one for the company to go through (< $10,000 total). Even if they’ve never done it, the lawyer you get will walk them through the process.
The real key will be to find a company that wants you aboard – the visa is going to be an after-thought in most situations.
Mike & Lee