Infosecleaders at #BSidesSF

February 27, 2012

Good morning Infosecleaders community!

I am looking forward to an exciting two days at Security BSides, and meeting many of you whom I have communicated with about your Information Security careers over the past year(s).

If you are not in attendance, you can view my presentations and all of the content at #BSidesSF live stream:
Track 1 -
Track 2 –

My presentations are scheduled as follows:

Monday (Today) February 27   -  Track 1  – 9:40PST/12:40 EDT – 10:00PST/ 1:00PST

B-Sides Welcome Address –

It is such an honor to have been asked by the folks at B-Sides to give the welcome address.  I plan to share some of my thoughts about the importance of community in the development of a successful Information Security Career.

Tuesday – February 28th    Track 2    – 11:00AM PST/ 2:00PM EDT – 12 noon PST/3:00PM EDT

The Other Side of The Desk: Different Perspectives on The Interviewing/Recruitment Process  -

Lenny Zeltser and I take a look at the recruitment and hiring process from two unique angles – the hiring manager (Lenny) and the information security professional/ job candidate (Lee).  The presentation is designed to provide the attendees some insight into the minds of the other party – in the simultaneous pursuit of talent and opportunity.

Tuesday – February 28th   Tracks 1 and 2    Career Advice Tuesday  – Live

12 noon PST/3:00PM EDT – 1PM PST/4:00PM EDT

This is the opportunity to ask your information security career questions live.  You can ask them either as yourself or anonymously – and I will answer them live.  If you would like to ask your questions prior to the sessions -  follow these instructions – or come see me at BSides today.

Enjoy the Conference.  Make the Most of It!

Lee Kushner

Posted by lee | Filed Under "The Other Side of The Desk", Advice, Behavior, Personal, Position Selection, Presentation, Recruiting, Security Industry, Skills | Comments Off 

Career Advice Tueday “RFQ” – Request For Questions – Streaming Live From #BSidesSF

February 26, 2012

Would like the Infosecleaders community to know that I will be hosting a session of Career Advice Tuesday – “Live” – from SF Security B-Sides. The session will take place at 12:00 noon (PST) on Tuesday, February 28th.

In addition to accepting questions from the B-Sides attendees, I would like to give any Infosecleaders community members the opportunity to ask their career related questions, so that they may be shared with the audience. From what I understand the session will be streamed live from B-Sides.

Questions can included any Information Security career related topics – career planning, position selection, professional development, career investments, brand building, compensation, relationship with management– or anything else that may be appropriate.

Questions can be asked any of the following methods:

Go to the Infosecleaders Website and go to “Ask Lee and Mike”
Tweet or DM to @ljkush or @SecurityBSides
E-mail :

If you would like for your question to be asked anonymously, or if you would like to create your own pseudonym (as many of you have) please feel free to do so.

Thank you in advance for your participation. If you are in attendance at either B-Sides or RSA (Booth 650), please make sure that you come by and introduce yourself.

Posted by lee | Filed Under Advice, Career Advice Tuesday, Presentation, Security Industry, Social Media | 1 Comment 

Infosecleaders Professional Development Workshop Today at Black Hat

August 4, 2011

From my three days in Las Vegas, I am clear about one thing – there is an increasing demand for quality information security professionals and companies are having a very difficult time attracting Information Security professional to their teams.

On the surface, that should be great news.  However, with choices come decisions.    With decisions come mistakes.   It is our goal at Infosecleaders, to provide you with information and frameworks, to minimize your risks, and maximize your rewards!

Thanks to Jeff, Ping, and the folks  at Black Hat, today we have a platform to do this.

This afternoon, at the Black Hat Briefings in the Florentine Room – Mike and I are going to share our collected data on InfoSec Certifications (The Value of Cert Survey), help you beat out your competition for the “Good Jobs”  (Second Place Sucks),  provide you with a road map for developing your “future skills” (Infosec Leader of the Future), shed insight into the real world of hiring, recruiting, and interviewing  (The Other Side of The Desk), and  provide an open forum for you to ask your Information Security Career Questions (Career Advice Tuesday – Live – (in Vegas, it is always someone’s Tuesday).

Schedule- Florentine Room

1:45 – 3PM – Value of Certification Results & Second Place Sucks

3:15 – 4:45PM – InfoSec Leader of the Future & Other Side of the Desk

4:45 – 6PM – Career Advice Tuesday Live  and Predictions for the Future

We hope that if you are attending Black Hat, you choose to spend some of your afternoon with us, and take something away from the conference that you can apply to your professional growth and career development.

Look forward to seeing you,

Lee and Mike

Posted by lee | Filed Under Compensation, Interviewing, Position Selection, Presentation, Recruiting, Security Industry, Survey | 1 Comment 

Career Advice Tuesday – “Black Hat Preview – Professional Development Workshop”

July 26, 2011

For today’s Career Advice Tuesday – we wanted to share a more detailed look at our Black Hat Professional Development workshop.  The workshop will take place on Thursday afternoon – from 1:45 – 6:00PM.    Anyone in attendance can come to either any individual session or stay for the whole program.

If you are at Black Hat, please come by and introduce yourselves.


InfoSec 2001 – A Career Odyssey

The Professional Development workshop is a half-day program that is designed to inspire the Black Hat attendee to think about their career as an information security professional and assist them in their journey towards the achievement of their long term career goals.

The Professional Development workshop will be divided into five (5) unique information security career topics that will be linked by a common theme – Skill Development and Differentiation.

The program will consist of the following:

1)    “The Value of Information Security Certifications Survey” – Research Revealed – 1350 information security professionals responded to an independent survey on the topic – the research will be revealed

2)   “Second Place Sucks” – A presentation geared toward differentiating yourself from your peers (and your competition)

3)   The Information Security Leader of The Future” -  a presentation that will outline the skills that employers are looking for when identifying and selecting their information security leaders.

4)   “The Other Side of The Desk” – a panel that will explore the different attitudes and beliefs by job applicant and employer during the interview process

5)   “Future Predictions” and “Career Advice Tuesday- Live” – Future trends will be discussed and explored – and attendees will have the opportunity to ask questions about infosec related career topics

The workshop is designed as an interactive forum that should inspire some shared thought and debate between audience members and the presenters.

Attendees should understand that they can elect to either participate in the entire workshop, or to pick and choose from select sessions that have a particular interest to them.

Session Previews:

Session 1  – 1:45 – 3:00

“The Value of Information Security Certifications Survey”

Presenters – Mike Murray and Lee Kushner –  

In February of 2011, launched an independent survey on the value of information security certifications.   The value of InfoSec certifications is a highly debated topic in the industry, and this is the first independent survey that asks questions to information security professionals (certified or not) – their opinions on topics that include – the motivations for certifications, the impression of the certification bodies, the value of skills vs. certifications, and certifications effect on employment.  With over 1350 respondents, the results should be revealing and eye-opening.

Second Place Sucks -

Presenter – Mike Murray

So, if certifications are no longer the magic bullet to get you to your career goals, then what is.  The topic of strategic career investments and personal branding will be the focus of this presentation.  The presentation will be spent on how you can plan and execute on career investment strategies that will enable you to differentiate from your peers and successfully compete for promotions and external information security leadership opportunities.

(15 minute break)

Session 2 – 3:15 – 4:45PM

3:15 – 3:45PM

“The Information Security Leader of the Future” –

Presenter – Lee Kushner

The skills for information security leaders are changing quite rapidly.  As many companies are aligning information security with their core business and branding, information security professionals will need to evolve as well.  The presentation will break down the core skill components of what information security professional will need to acquire and demonstrate to be considered for leadership roles in the future.


3:45PM – 4:45PM

The Other Side of the Desk – Different Perspectives on the Interview Process

Moderator – Mike Murray

Candidate Perspective – Lee Kushner

Hiring Managers Perspective –    

Bill Phelps, Executive Director Accenture  

Justin Somaini, CISO at Yahoo!


There are two parties involved in every interview process, the information security professional (the applicant) and the hiring manager (the decision maker).   While in essence, both parties ultimately desire the same outcome, their motivations lie in different places.   This portion of the presentation will present to the audience the perspective of the candidate and the perspective of the hiring manager, in a way that will educate both parties and enable them to social engineer the interview process, to work to their personal advantage.

Bill Phelps:

Bill Phelps is an Executive Director in Accenture’s security practice, and has spent the past 25 years in technology services.  In the past decade, Bill has been a practice leader, company founder, board member and trusted advisor helping organizations with complex management and technology challenges in the areas of information security, data center transformation and technology strategy.     Bill currently has overall responsibility for Accenture’s security business in North America.  Bill is aggressively growing Accenture’s security team, and plans to hire over security 200 professionals in the coming year.

Justin Somaini:

Justin Somaini is the Chief Information Security Officer at Yahoo! where he’s responsible for all aspects of Yahoo!’s Information Security strategy.  With over 15 years of Information Security experience he’s seen as a leader in industry by promoting an evolution of the security and risk management models.  Through his public speaking and industry involvement he’s given extensive talks and interviews on the threat landscape, public policy, security management and risk management.  Prior to joining Yahoo!, Justin was the CISO at Symantec.  Justin has also held security leadership roles at VeriSign, Charles Schwab and PricewaterhouseCoopers LLP.

4:45 – 6:00PM

Predictions for the Future and Career Advice Tuesday – “Live”

Presenters – Lee Kushner and Mike Murray

The employment market is dramatically changing – and the closing session will begin with information security employment predictions (based on experience and research) for the next ten years.  Once completed, this will be followed by a version of “Career Advice Tuesday” – “Live”.   All attendees can have their personal information security career questions answered in an open forum.   Topics will include skill development, compensation negotiation, career investments, career planning, and anything else you want to ask about your Information Security Career.

Posted by lee | Filed Under "The Other Side of The Desk", Advice, Behavior, Branding, Career Advice Tuesday, Compensation, Interviewing, Networking, Planning, Position Selection, Presentation, Recruiting, Resume, Security Industry, Skills, Survey, Uncategorized | 1 Comment 

Infosecleaders at OWASP NJ/NJ – Tuesday and Wednesday

March 28, 2011

Wanted to let everyone know that I will be presenting the “CEO of You, Inc. – Your Career Is Your Business” presentation at OWASP NYNJ Metro chapters on Tuesday and Wednesday of this week.  On Wednesday, I will be speaking toward the beginning fo the agenda – so definitely get there early if you can.

The presentation is designed to help you, the information security professional manage your career as if it were your business, and you were the CEO.  

Here is the full abstract:

The information security profession is becoming increasingly competitive. In the employment market place of the future,certifications and education alone will not be enough to ensure achievement of your long term career goals. The increasing popularityof the profession and the competence of your competition will require that you take the reins of your career.

As companies focus more on profits and revenues, they are diverting resources away from the development of their employees. This attitude has greatly impacted the shared loyalty between employee and employer. In the future, the more effective you are in the management of your information security career, the greater the likelihood that you will achieve professional satisfaction. In essence, your career will be your business, and you will be the CEO.

The goal of this session will be to provide you with a framework for managing your information security career. By relating the different components of career management to traditional business functions, you will get a detailed understanding of how your career should be managed and how you can move past your peers by more than just luck. Subjects covered will include career planning, career investments, effective career marketing and branding, position selection and compensation negotiation.

You will leave the session with a solid foundation to enable you to better achieve your long term career goals and increase your satisfaction with both your current job and with the jobs you select in the future.

I will be happy to take questions during the meeting and after my presentations, provided that time allows.

Hope to see you all there.


Posted by lee | Filed Under Branding, Compensation, Interviewing, Planning, Presentation, Security Industry | 1 Comment 

RSA Professional Development Seminar – “The Top Of The Pyramid – Meet The CISO’s”

February 11, 2011

We are down the home stretch now, and the Professional Development Seminaris only a weekend away.   I can tell you that both Mike and I are very much looking forward to being a part of the program, and are expecting a great turn out.  If you plan to attend, please make sure to arrive early – we have been told that there has been a great deal of interest.

The Seminar will take place as follows:

Monday, February 14th , 12:30 – 5:00PM, Moscone Center – Orange Room 305

Then final panel will follow immediately after my presentation- – which begins at 3:30 – and will conclude at 5:00Pm.

The final presentation is really the showcase for the event.  The panel discussion will feature three accomplished Information Security Leaders, who will guide the audience through the evolution of their information security career, and provide insight and guidance to the audience on how to accelerate their own careers.

The participating CISO’s represent a variety of industry’s and have some very unique career progressions.  They include the following :

Patrick Heim - CISO Kaiser Permanente, former CISO McKesson

John Kirkwood- CISO Royal Ahold, fomer CISO American Express

Stephen Scharf - Global CISO Experian , former CSO Bloomberg

The topics that we will cover will include the following :

1) Key career decisions that impacted and accelerated their careers

2) How they select talent?  What they look for in interviews?  How they determine who gets promotions and more responsibility?

3) Their own professional development – through industry involvement, certifications, and advanced education and training

4) What the future holds for them?  What they see on the horizon?

5) General Advice to aspiring Information Security Leaders

All I can say is that it is very exciting to bring this panel to the RSA audience.  The opportunity to gain insight into the careers of successful information security leaders, and in an open forum where the audience can receive unfiltered advice and guidance is a unique opportunity.

For all of the aspiring information security leaders out there, this panel is worth the price of admission alone.

Look forward to seeing you all.  Safe travels!

Lee and Mike

Posted by lee | Filed Under Advice, Networking, Personal, Presentation, Recruiting, Security Industry, Skills, Uncategorized | Comments Off 

RSA Session Preview – “The CISO of the Future”

February 4, 2011

Session Logistics: Monday, Febrary 14th –  Time :  3:30-4:10PM  Location:  Orange Room 305

To many, the position of Chief Information Security Officer represents the pinnacle of our profession.  Achieving this title and this level of responsibility is the ultimate career destination for many security professionals.  In fact, when Infosecleaders conducted our survey of close to 1000 information security professionals, 37% responded that this was their ultimate career goal.  When any goal is viewed as this popular, it becomes increasingly difficult to achieve.

But what does it take to get there?

Many information security professionals believe that they have acquired the skills and experiences necessary to achieve this position, but few truly understand the skill matrix that companies search for in recruiting and locating this level of information security leader.   It may be shocking to learn, that many security professionals who believe they are qualified for these CISO roles, cannot even land an interview for consideration.  After this presentation, they will learn these answers.

The presentation at the RSA Conference is designed to give the attendees a view into the skill requirements for this role – not only for today, but in the future.  During the presentation, I will go over the key components of the CISO’s Skill Matrix and introduce to the audience strategies to build their own skills and enhance their changes of achieving this milestone.   Together, I will guide the audience through the creation of an actual job description for the CISO of the future.   Upon leaving the presentation, attendees should have a better understanding of what it actually takes to compete at this level of the information security food chain.

The session will be followed by a panel of leading CISO’s  – John Kirkwood, Royal Ahold, Patrick Heim, Kaiser Permanente, and Stephen Scharf, Experian – who will reflect on their own skill matrix, challenges and strategies for professional development reaching their own levels of professional success.

Posted by lee | Filed Under Advice, Interviewing, Planning, Presentation, Recruiting, Skills | Comments Off