The security job market is experiencing a classic case of supply versus demand. As an increasing number of certified security professionals browse the want ads, the pay for such positions is decreasing. As a result, competition is tougher. One way to get your resume noticed – and move up the security career ladder – is to hone your project management skills, experts say.
Project management skills, such as value and risk analysis, relationship management and communications, can make all the difference. "They help me to align business needs with security needs," said Tom Bowers, a manager of security operations at a pharmaceutical company. "They bridge a lot of the gaps from a security standpoint. I can literally go to our drug research folks and we can talk the same language." Bowers holds several certifications including the
Jerry Brennan, managing director of Jeffersonton, Va.-based recruiting firm Security Management Resources Inc., says his clients look for applicants who are responsive to business needs and can interact cross-functionally across the organization.
"Project management skills will ultimately get you further in your career than just being a technician. You're always working with teams of people. There are fewer and fewer lone IT people," said David Foote, president and chief research officer of New Canaan, Conn.-based Foote Partners, LLC. In Foote Partners' latest round of compensation and workforce trends data, released last month, both security and project management made the "Tech Skills Watch List." While certifications for both are declining in value, they are still paying above average, and non-certified project-based security skills are increasing in value.
These changes are the result of project management's maturation within IT security's work ranks. The skills are becoming a condition of job responsibilities and are therefore contributing to base pay instead of bonus pay, Foote explains. Employers are insisting on basic project management skills for security and other IT positions.
"Everything we do in security evolves around projects," Bowers said. From the smaller tasks, like audits, to larger technical deployments, everything is "projectized," he said. "The rule is you're going to do project management versus the exception."
Organization, setting realistic expectations and planning a course of action are all vital to a project's success, said Donald Donzal, editor of The Certified Security Professional Online Magazine. Missing one step can have a negative impact on the entire project. "Within a project that includes security, testing is of particular importance. If you install a Snort IDS without fully testing the results of filter rules, you may inadvertently kill legitimate traffic, leading to lost revenue," he said. "When considering all that needs to be done within any given project, project management skills keep you on track and focused."
In addition to certifications such as the PMP and the CompTIA IT Project+ Certification, security practitioners can develop project management skills on the job, by reading books and consulting resources like those produced by the American Management Association.
When highlighting project management skills in a resume, experts recommend candidates go beyond listing certifications and explain how they've acquired and practiced on-the-job project management skills. "Sometimes candidates try to punch tickets, so to speak. And after so many punches, they think, 'Now I'm ready to go to the next level.' But they're punching tickets too literally," said Brennan. Experience should demonstrate an understanding of business needs and the soft skills that come into play when meeting those needs.