This article can also be found in the Premium Editorial Download "Information Security magazine: Exclusive: Security salary and careers guide."
Download it now to read this article plus other related content.
|Easy climb to the top|
Want to move up the corporate ladder? Here are some skills that you will need to enter the C-suite.
These days, another must-have component to any infosecurity résumé is compliance experience. Eighty-eight percent of those surveyed think that surviving an audit and meeting regulatory demands are extremely important or very important skills to have.
"Security is all about compliance. It's difficult to find companies that are not directly or indirectly asked to comply with some regulation that touches the technology in their business," says Gregory. "You need to understand auditing and put compliance high up on your résumé."
"It's a differentiator," says one security executive at a large healthcare solutions company. "It takes true grit to go through a compliance effort. It's a stressful process."
While compliance is a sought-after skill, be careful when you sprinkle your résumé with acronyms and security lingo, say executives. Filling up on buzzwords can be a red flag.
"You need to ascertain whether candidates have been reinventing themselves or are really doing something in security," says one executive at a healthcare solutions firm. "If they have the buzzwords in there, there had better be descriptors to back it up."
A sure-fire way to poke holes in a résumé is to ask job candidates to describe the acronyms. "I tend to pick the most obscure and least popular platform or acronym to wire in on. If you can't speak to it from hands-on experience, don't put it on your résumé--you might get called on it. This is where things start falling apart during an interview," says Byram Healthcare's Entrup.
Do you want to end your job search before it begins? Brag about your glory days as a black hat. Hiring managers value a security manager's personal integrity above all else; 93 percent cite it as extremely important.
"If you were to boast that you've been a hacker or cracker, I would say, 'Have a nice day,'" says Gregory. There are other ways to get those skills. Hacking contests can prove your worth, but if it is unethical, we're not interested, says one security executive.
More information from SearchSecurity.com
Do you have what it takes to be an information security manager? Find out in this excerpt from Charles Cresson Wood's Information Security Roles and Responsibilities Made Easy, Version 2.
Security practitioners in the trenches sound off on what newcomers need to know.
Experts weigh in on what it takes to move beyond a cubicle to the C-suite.
"You've got to be discreet, willing to take a stand and be someone a CIO can really can count on," says Hobart West's Harenchar. She adds, "Security is not for the faint of heart."
This was first published in July 2006