Information security professionals change positions with great frequency, because in our experience, they are constantly...
in search of new challenges and opportunities to apply their skills to solve problems. While a new position may provide this type of opportunity, in most cases information security professionals change positions prematurely. Changing positions before you are able to extract maximum value in your role can be detrimental to your career development and execution of your long term information security career plan.
By leaving a position too soon, you risk forfeiting opportunities for promotions, developing new skills, or creating a brand as a risky employee (a job hopper). You could also create doubt in your abilities to execute and see a task to completion. Being viewed as an information security professional that runs from problems before they have been solved is a red flag for future employers.
In many cases, your best job is the one you have; it's the place where you can best apply your skills and develop new ones. This is especially true in information security where challenges constantly evolve. Considering the constant churn of new technology, new compliance requirements, and the talent shortage in many information security organizations, opportunities for professional growth are plentiful. The key for you is to recognize these opportunities and figure out how to insert yourself.
One of the better ways to do so is to be recognized with your company's internal system for honoring top performers. By doing so, you build a reputation of trust and confidence with people who can accelerate your career and afford you more responsiblity. For example, if your can demonstrate to your manager that you can excel in computer forensics, they may provide you with the opportunity to help them develop the company's incident response plan. In many cases, information security professionals who build their brand as technically proficient are afforded the opportunity to evolve their skills towards areas of information risk management.
Awareness training is another opportunity for recognition and success. Because information security touches all aspects and functions of a corporation, you often have to evangelize the need for security. You must share you knowledge with employees who are not as aware of information security and risk-related issues. This internal need should provide information security professionals with a combination of personal opportunities.
The first is the development of non-technical skills, such as communication, public speaking and teaching. By placing yourself in a position to educate others, you will have an opportunity to build these skills and become more effective communicators, which is key, especially as you move into information security leadership roles.
The second are sales skills and persuasion; like it or not, these are important tools for any security leader. In order to be successful, you will need to have the ability to lead and motivate others by influence and persuasion. Volunteering for activities that enable you to educate others who may be reluctant to receive the message will provide you with a unique challenge. If you are able to convince unwilling parties about the importance of security and effect measurable organizational change, you may find yourself being offered the opportunity to respond to other information security challenges.
Although information security and information technology may be second nature to you, it is challenging to others. Many business leaders do not understand technology, and their experiences with information security may not always have been positive. It is important for information security professionals to make themselves available to others who may require their assistance. Whether it's the executive assistant or CEO, people are people. Providing assistance to others to ease their frustration, or expertise to help solve a problem, is appreciated.
By providing value to these diverse teams, you have the ability to learn about different components of the business, that you can apply to your main role. Injecting yourself this way also helps provide key reference points when employers are considering internal promotions and succession plans. Many times being helpful and having a positive attitude, can serve as key differentiator when these career enhancing decisions are made.
Your current position often holds many hidden opportunities for career development if you seek them out. By leveraging your current position to build other skills, you provide yourself with opportunities to showcase your abilities to your current employer and demonstrate your value on a daily basis. If you are successful in doing this, you may find yourself in a situation where you do not have to look elsewhere to find a role to develop the skills you require to achieve your long term goals.
This may sound funny coming from an information security recruiter, but this would be an optimal situation.
Send comments on this column to firstname.lastname@example.org.
Lee Kushner is the president of LJ Kushner and Associates an information security recruitment firm and co-founder of InfoSecLeaders.com, an information security career content website.
Mike Murray has spent his entire career in information security and currently leads the delivery arm of MAD Security. He is co-founder of InfoSecLeaders.com where he writes and talks about the skills and strategies for building a long-term career in information security.