This article can also be found in the Premium Editorial Download "Information Security magazine: Exclusive: Security salary and careers guide."
Download it now to read this article plus other related content.
Want to build your (personal) networks?
Developing strong professional relationships often helps you land a new job. The following organizations are good places to get together with other security pros.
Information Systems Audit and Control Association (ISACA)
A professional organization for information governance, control, security and audit professionals that has more than 50,000 members.
Institute of Electrical and Electronics Engineers (IEEE)
A professional association with more than 365,000 members promoting the engineering process and knowledge about electric and information technologies.
Information Systems Security Association (ISSA)
A not-for-profit international organization of information security professionals and practitioners.
An association of businesses, academic institutions, and state and local law enforcement agencies dedicated to sharing information and intelligence to prevent attacks against the U.S. InfraGard chapters are geographically linked with FBI field office territories.
Get Your Hands Dirty
On-the-job training beats any certification or diploma hands down, according to our research. Ninety percent of those surveyed believe that practical experience is the most important characteristic when evaluating candidates for a security job.
The ability to prove that you have secured networks against external attacks and internal threats is also one of the top considerations. "Security people aren't made in universities, they are made in the workplace," says Gregory.
However, when asked to choose a candidate with a security certification or an MBA, nearly three-quarters of the C-level executives surveyed feel that a CISSP certification is more important. Certifications are a convenient and useful way to eliminate unqualified applicants, says Gregory. Adds Hobart West's Harenchar: "I won't talk to anyone who doesn't have a CISSP. I realize certifications aren't perfect, but they are a reasonable indicator."
No certification under your belt? Executives recommend that you position your skill set in line with what's required to earn one. "If [job candidates] don't have a certification, they should explain their job functions and put in their résumé 'CISSP-equivalent,'" says Craig Zachmann, e-information manager for Riverbank Business Center, a bank based in St. Paul, Minn.
"As an executive recruiter, I look for speaker's presentations, publications and industry participation," says Tracy Lenzner, CEO of LenznerGroup.
And an MBA? It's icing on the cake, says USi's Huegel.
This was first published in July 2006