Get started Bring yourself up to speed with our introductory content.

Develop an effective information security career plan

A successful career in information security requires an effective information security career plan

Editor's note: Information Security magazine's mission is to provide security professionals with the strategic...

and technical vision around products and industry trends to help you do your job better. Starting this month, we're also going to help you nurture your career development. We've asked experts Lee Kushner and Mike Murray, co-founders of, to contribute a bi-monthly column focused on helping you shape your skills to meet your career objectives, all within context of what's happening within the security industry. Their column starts this month with a detailed look at the importance of developing a formal career plan, to serve as your personal road map to follow as you strive to achieve your long term career objectives and professional goals. We're anxious for your feedback, please send any comments to [email protected]

We spend a great portion of our lives dedicating ourselves to our information security careers. Few can argue that as a group, information security professionals are knowledgeable, passionate and dedicated to our profession. Yet for the amount of time we spend working "in" our careers, we spend proportionately less time working "on" our careers. As a result, we ignore the bigger picture: planning our careers.

The importance of career planning encompasses many of life's key components including intellectual stimulation, personal satisfaction and financial reward. Spending time developing a written career plan can provide you with an effective reference tool in your journey toward career satisfaction and professional goal attainment.

A written career plan is your personal road map designed to assist you in getting from your current information security position to your career destination. In its basic form it should consist of a baseline (your current skills and experience), a long term career goal, and an understanding of the skill development and career experiences necessary to receive consideration for attaining your goal. The complexity of the information security profession is the primary reason that a career plan is necessary. The information security profession offers distinct work environments and skill specialties that provide information security professionals with many career choices.

The development of our profession can be summarized into four distinct employment segments:

  • those providing information security directly to corporations
  • those providing information security to the government,
  • those providing information security consulting services,
  • those who work for information security product companies.

Since each of these specific entities have different missions, skills do not transfer that easily. There are many skill criteria that would enable someone to succeed in one of these sectors, but could work against them in another. By taking time to plan your information security career, you can determine the work environments that align best with your career goals, personal characteristics, and provide yourself with the most flexibility for personal career choices.

In addition to the diverse work environments, the information security profession is the intersection of people, process, technology, and business. Any of these items would be difficult to master, however the information security professionals are expected to be competent in all of them. Factor in differing industry regulations, evolving technologies, diverse personalities, and distinct businesses and an information security professional is left with many choices on where to focus their time and energy.

The development of a written career plan should help an individual identify areas of personal interest and correlate these interests with career choices that provide them with the best chance of achieving their long term career goals.

A career plan can also provide you with some guidelines for making career decisions and assessing specific career opportunities. As your information security career progresses, you will be presented with a variety of different opportunities to either utilize your current skill or develop new ones. Some of these positions can help accelerate your career progression while others may cause you to detour. In many cases the excitement caused by the introduction of a new challenge or a new environment can cloud your judgment. When these opportunities arise, you will have the ability to consult your career plan to determine how the framework of the particular opportunity will help you address your "career gaps." Filling a career gap by developing those technical, management, leadership or general business skills you need to learn to accomplish a long-term goal willl enhance your chances of reaching it.

Your career plan will enable you to think more clearly about the opportunity and its benefits, and hopefully enable you to make a better informed decision about your future and position choice.

A career plan will enable you to figure out which specific information security skill you need to develop and what experience you need to acquire. It is often easy to say that "I want to become a chief information security officer," but it is another thing to fully understand the skills and experience necessary to be considered for such a position.

When you develop your career plan and identify your goal, you will need to go through a "career gap assessment." A career gap assessment will begin with an honest assessment of your current skills and experiences. This honest assessment should help you determine your personal strengths and weaknesses.

After this personal assessment is complete, you should research which skills, education, and experience would be required to achieve the position that you desire. Upon completion, you should be left with an understanding of where you are currently and what kind of commitment, sacrifice, and personal investment you would need to make in order to achieve your long term career goal.

At the end of this exercise, you will be able to determine your personal willingness to attempt to achieve this goal. If you determine that you are unwilling to put in the necessary work and professional development to achieve this goal, you should select another goal that is better aligned with your personal level of commitment. Keep in mind that developing career goals is easy, achieving them requires a great deal of hard work.

Taking the necessary time to plan your information security career can have a dramatic impact on your professional happiness. Your career plan will serve as your personal "road map" to follow and should enable you to make rational career decisions that will accelerate your journey towards accomplishing your long term information security career goals.

Lee Kushner is the president of LJ Kushner and Associates an information security recruitment firm and co-founder of, an information security career content website.

Mike Murray has spent his entire career in information security and currently leads the delivery arm of MAD Security. He is co-founder of where he writes and talks about the skills and strategies for building a long-term career in information security.

Dig Deeper on Information security certifications, training and jobs