Like any good incident-response-planning engagement, preparing for a career incident begins with an assessment, in this case of one's current employment situation. It is important to understand the company's overall health, the importance of the information security function, and where you stack up against your peers. Generally speaking, if the company is doing well and information security is a key component to the business, infosec pros are considered valuable team members and there should be little to worry about. However, if there's a decrease in corporate earnings, if your information security projects are being placed on hold, and peers are regularly outperforming you, a career incident may be a possibility.
If you believe your position may be in jeopardy, it is critical to immediately try to solidify it. Granted, it may be unreasonable to increase corporate earnings or information security budgets, but it is always possible to improve one's standing within an organization. In order to do this, it is important to demonstrate your value in ways that will make others think twice before letting you go.
A reduction in staff may only affect some of the members of your team, so the first thing you can do is outshine your peers. Simply coming to work an hour earlier and being the last one to leave the office can be a great help. People notice who's there to help when problems arise during off hours. Also consider taking on additional assignments and volunteer for the less-desirable projects. Ideally, it would be optimal to creatively solve an existing problem in a way that saves the company money. Anything that you can do to be seen as more valuable than your co-workers should help increase your chances of survival.
Creating positive awareness as a result of your contributions is a good start. However, it is not enough to just be recognized. It is essential to create recognition among the people who ultimately control your future with the company. You need to figure out who these decision makers are, and try to gain as much positive exposure to them as you can. Once these decision makers have been identified, make an effort to become involved in projects that affect their core areas of responsibility, and make a positive impact.
In addition, it's important to take stock of the company's overall financial situation and recognize some personal career goals may need to be set aside for the time being. This is definitely not the time to ask for a promotion, raise or bonus. It is also not the time to go away on an extended vacation. Demonstrating this understanding to an employer illustrates the importance of being a team player and an awareness that the current situation is much bigger than any one individual. The hope of course is that such sensitivity will be recognized in the future, and those who maintain a positive attitude will be rewarded in better times.
Among information security professionals, it is accepted that a proactive approach is more beneficial than a reactive one. In the job market place of today, you must continue to develop your skills and demonstrate your professional value at all times. It is not always possible to prevent a "career incident." By taking a proactive approach to managing your career, however, you should be able to minimize the possibility.
About the authors:
The columnists, Lee Kushner and Mike Murray, bring with them different perspectives on career related topics. Together Lee and Mike have advised many information security professionals in various stages of their career development and are regular speakers at industry conferences on information security career-related topics. Their blog can be found at www.infosecleaders.com.
Lee Kushner is the President of LJ Kushner and Associates, an executive search firm that has been dedicated to the information security profession since 1999.
Mike Murray is an information security professional and career coach. Mike has held leadership positions in environments that include professional services, security product vendors, and corporate environments.
This was first published in July 2009