Information security professionals have not been immune to the effects of the economic downturn in the past 18 months. Tightened budgets and reduced head counts have forced many information security professionals to demonstrate their relevance and fight for their professional survival.
Unfortunately, even putting up a fight and demonstrating relevance has often not been enough to keep a job. This month's career tip will demonstrate some of the critical career survival tips that will hopefully make your information security job recession resistant.
Career survival tips: Understand value to employer
Information security professionals must have a clear understanding of the specific value that they provide to employers. If possible, demonstrate skills that are directly related to cost savings, (i.e. by not having to engage an external security services firm).
By understanding which skills have immediate value to employers, infosec pros are able to identify opportunities within the company to exhibit these proficiencies and demonstrate value. For example, an application security specialist may elect to spend additional time working with the software development team, lending expertise to one of their projects that has a fast approaching deadline. Demonstrating the capacity to work with both the information security management team and the software engineering group conveys increased value, which others (security professionals or software developers) may not be able to demonstrate.
As management takes notice of your overall value to the company, they will think favorably about your willingness to contribute to the success of the organization as a whole, not just your specific job function. Everyone likes a team player, and this behavior usually bodes well for those who exhibit it.
Career survival tips: Outshine your peers
When a company decides to reduce its information security staff, management traditionally begins by evaluating each employee. In addition to information security skills, employers will also consider intangibles like work ethic and attitude in making these decisions.
Before a company downsizing happens, it is critical to do the little things that demonstrate a willingness to work harder and accept more responsibility. This can include something as simple as volunteering for additional information security projects, coming to work an hour early and staying late, or making an effort to help develop junior information security staff. Conversely, this is not the time to take vacation, ask for additional compensation, or complain about workloads. Going the extra mile, especially when others don't, should offer an edge in avoiding staff reductions.
Career survival tips: Open the lines of communication
Those who have trepidation about their job security may want to consider initiating a candid conversation with a manager. The best way to do this is on a more personal level, sharing your concerns. Hopefully, the manager will have enough respect for you to communicate openly and share the likelihood of your position being eliminated. If this can be addressed head on, you will have a better idea of where you stand. If he or she avoids this conversation and is evasive in response, you should grow more concerned. At this point, it would be a good idea to update your resume and begin thinking about your future employment options. Based on the outcome of this conversation, you may get a better sense of whether your job really is recession resistant.
Career survival tips: Create information security market awareness
If you believe the situation has taken a turn for the worse, it is important to research potential employment options in the information security market. First, figure out which organizations would be logical fits for the skills that you currently possess. For example, if you are responsible for the security architecture of a large financial services environment, identify which other large financial services firms may be in need of someone with your skills. Also think of other employment alternatives where your skills could transfer. In the above example, this could include a smaller financial services firm, a large company in a different industry, or a professional services firm (especially one that provides services to the financial services industry).
In addition, another key step would be to begin to strengthen your information security career networking efforts and make your career network members aware of your personal situation. Hopefully, you have been consistently working on developing these professional relationships. If that is the case, mobilizing your network should be easier, and through these relationships you can gain exposure to potential information security market opportunities more quickly.
Concurrent with these efforts, consider reopening relationships with recruiters (both executive and corporate) that you have worked with in the past and who understand your skills and background. This can provide additional avenues to understand some of the less publicized opportunities that align with your skills and career path.
One word of warning: Whether you find yourself suddenly without a job or simply fear you soon will be, do not panic. Unnecessary panic can cause knee-jerk reactions and lead to decisions that are not in the best interest of achieving long-term career goals. One way to avoid panic is to develop an emergency savings fund. Having this financial parachute should enable you to make better decisions about your current position and your future without having to immediately worry about paying the bills.
Many believe that the worst economic struggles are behind us and opportunities for talented information security professionals will increase in the immediate future. Hopefully we can apply the lessons of the past to our current career, and make our information security careers more recession resistant.
This was first published in April 2010