Information Security

Defending the digital infrastructure


Get started Bring yourself up to speed with our introductory content.

A framework for information security career success

Here are four things you need to do in order to execute on your long-term career plan.

As important as it may be for information security professionals to develop a written career plan, executing on your plan is essential to accomplishing your career goal. Now is an opportune time to reflect and determine what you need to do to continue your progression as an information security leader.

Each individual's professional development will vary based on their level of experience, baseline of skills, and stage of their careers. However, the framework for implementing and demonstrating these qualities is consistent for all and consists of the following actions: lead; impact; learn; and assess.


The most important attribute information security professionals need to demonstrate is leadership. Leadership takes many forms, such as leadership over security technologies (i.e. application security, cloud computing, security event management), projects or organizational initiatives (i.e. PCI compliance, data loss prevention, identity management), people (including information security professionals and other staff), or an entire security function.

Wherever you are in your career, demonstrate your leadership and take ownership of a specific information security task where you can succeed. Grab the spotlight and showcase your skills to people who may be able to influence your career.

Successful execution of DLP, cloud or identity management projects, for example, will enhance your personal brand inside the company. This should earn you additional chances to demonstrate your talents and provide you with opportunities for advancement and promotion.


Information security leaders must create a measurable impact for the organization, such as cost savings or profitability, efficiency, enhanced security (no breaches), or organizational recognition. It is important for you to understand how your current employer measures contributions, and do your best to align the impact of your achievements to their desired currency.

For example, if your company values cost savings, you should try your best to complete your task under budget. If they value efficiency, you should do your best to complete your project early. And if they value excellence, you should make sure that your project exceeds the accepted baselines.

Exhibiting these results in terms your organization values provides your current manager and employer a view into your personal capabilities. It also gives them the confidence to assign you more advanced tasks that provide you with greater opportunities to demonstrate your leadership abilities to generate more recognizable results.


Opportunities to lead and impact should confirm your skills and strengths, and shed light on your deficiencies and weaknesses. Most importantly, by gaining exposure to newer technologies, more complex business problems, and different business and technology stakeholders, you should be able to gain insight into the current gaps in your skill matrix and make a strategic decision on what you need to learn in order to accelerate your career.

For example, you may find it to be more efficient to take a targeted course that will directly address your weakness in a short period of time, than to enroll in an Executive MBA program, that is time consuming and costly. Witnessing your shortcomings in a real-world environment can provide you with better context in the selection of specific career investments will provide you with more immediate results.


One of the underlying keys to the execution of a successful career plan is the ability and willingness to honestly assess your leadership, impact and learning progress throughout the year.

Keep a written diary of your accomplishments during the course of the year, making it easier to chart your progress and stay on track as you map toward your mid-range and long-term career goals. In addition, if you feel you have nothing to write down and you are not making any progress, it should serve as a personal wake-up call that others may be surpassing you.

The above framework should be applicable to all information security professionals who aspire to advance their careers. Identify and reach specific short term milestones and goals specific to your career. This will allow you to increase your marketability (to current and future employers) and provide you with a sense of progress and increased job satisfaction.

Demonstrating successful leadership, creating measurable impacts, and making strategic and meaningful career investments are the cornerstones to a successful career as an information security leader. It should be the goal of every information security professional to consistently seek out these opportunities and give yourself the chance to demonstrate your talents.


Lee Kushner's and Mike Murray's blog can be found at where they answer your career questions every Tuesday, or you can contact them via email.

Lee Kushner is the president of LJ Kushner and Associates an information security recruitment firm and co-founder of, an information security career content website.

Mike Murray has spent his entire career in information security and currently leads the delivery arm of MAD Security. He is co-founder of where he writes and talks about the skills and strategies for building a long-term career in information security.

Article 7 of 7

Dig Deeper on Information security certifications, training and jobs

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All