Problem solve Get help with specific problems with your technologies, process and projects.

Networking for career success in the information security industry

Networking for career success in information security can be a difficult task. In this month's infosec career tip, learn how to build an effective information security career network, and why doing so can enhance your career.

As a group, information security professionals generally excel at connecting with each other personally. Conversely, we do a below average job in converting these connections to meaningful career-enhancing relationships. It is one thing to use your professional network to find a job similar to your own; it is entirely different to leverage your network to find an opportunity that will accelerate your career development. In this two-part tip series, we will provide tips on building an effective career network to help information security pros enhance their security careers. This month's tip will define what an effective career network is, and its composition.

Why do you need an effective career network?

The goal of every information security professional should be to build an effective career network that can assist in career development and the achievement of one's long-term career goals. Building an effective career network in the security industry is not an easy task. Due to the fact that the infosec industry is comprised of individuals who possess specialized skills, it is often difficult to locate the correct group of people that can truly help guide you in pursuing career goals. It takes time and effort to build the necessary professional relationships that will enable your network to have a significant impact on your career.

More from Lee and Mike

Want more advice on how to get the infosec job you're looking for?

Read all of Lee Kushner and Mike Murray's Information Security Career Advisor tips at

The old cliché is: "It's not what you know, it's who you know." Unfortunately, more often than not that sentiment is true. In our experience, people in the security industry are a tightly knit group and reach out to help when assistance is needed. For example, Mike's company does a lot of penetration testing. Mike's career network is full of the best penetration testers in the industry, so when he or his team has a problem, he will often reach out to that network of friends and acquaintances for help. Conversely, he can help when acquaintances reach out to him as well.

Sometimes it's difficult to know exactly what qualities to look for in choosing members of your network. Here are some questions to ask yourself about each person in your career, to judge whether they would be good additions to your network.

  • How quickly do they return my phone calls and emails?
  • When they do return them, do I value what they say?
  • Would I be willing to pay for their advice if I had to?
  • Do they have my best interest at heart?
  • Do I understand and agree with their code of ethics and values?
  • Can they serve as a professional reference?
  • Can they help me gain similar or superior employment?
  • If I was in a career crisis, could/would they help me?
  • Can I answer each of these questions positively in the reverse (i.e.: Can I help them as much as they can help me?)

How many people in your career could provide you with suitable answers to 70% or more of these questions? It is these people who comprise your true professional network. More importantly, how many of these people could suitably answer those questions about you? Don't get carried away with numbers, either. Your network should be effective due to quality, not quantity.

What makes a career network effective?

Many information security professionals describe the people they have met through their career as members of their professional network. These professional contacts consist of colleagues at work, past co-workers and managers who now work at other companies, people encountered at industry conferences, connections on LinkedIn or vendors.

The most critical component of your information security career network is its composition. There are some core traits that all members of your career network will need to share to be successful.

First, members of your network need to have your best interest at heart. This is crucial, because if you are going to utilize your network for career advice, you must make sure those providing you with advice have your best intentions in mind, coupled with practical experience and relevant knowledge to support their advice, which we'll touch upon later.

About the authors

The columnists, Lee Kushner and Mike Murray, bring with them different perspectives on career related topics. Together Lee and Mike have advised many information security professionals in various stages of their career development and are regular speakers at industry conferences on information security career-related topics.

Their blog can be found at

Lee Kushner is the President of LJ Kushner and Associates, an executive search firm that has been dedicated to the information security profession since 1999.

Mike Murray is an information security professional and career coach. Mike has held leadership positions in environments that include professional services, security product vendors, and corporate environments.

Second, members of your network should share your ethics and values. These shared values will provide the foundation for the advice they provide, and you won't feel uncomfortable accepting their ideas. By sharing the same ethics and values, it will be easier to trust that the advice and guidance you receive will align with your personal career motivations.

Finally, when you develop your network, you will need to feel comfortable with each member's personal brand, or how they conduct and market themselves within the industry. Considering that you will become regularly associated with people whom you confide in, you will want to make sure that people outside your network regard your associations favorably.

Your information security career network selection process

As important as it is for your network's members to share the same values and character, it is equally as important that they have different skills, levels of experience and different perspectives. For instance, if everyone in your career network has the same skills, are at similar stages of their careers, and have the same types of experiences, what you have developed is a great peer group, not an effective career network.

An effective career network should have one person who has accomplished your long-term career goal. If your desire is to be a chief information security officer, you need to make sure that you have one in your network. This is critical because you will be able to draw on his or her experiences and learn from his or her mistakes to make better decisions regarding your own career. Having such a person as a reference also could be vital in the pursuit of your next career-enhancing opportunity.

In addition, your career network should consist of an information security peer that has a similar job function and level of responsibility as you. Including this person provides a sounding board and perspective regarding your current work challenges and skill development. Also, including a peer in your network should encourage some friendly competition as you pursue your career goals, perhaps providing more motivation as well.

Another critical member of your network should be someone from a different segment of the information security industry. For example, if you work at an information security consulting firm, your network should have someone from either an information security software company, a corporate information security professional, or the government. This different perspective will give you exposure to how other businesses view security and go about solving information security problems. This perspective could be valuable down the road if you choose to move into a different sector.

An additional member of your network should be someone that can provide you with direct assistance in the development of your career. This can either be a career coach, an executive recruiter, or human resources professional. The main criteria for these individuals are that they are knowledgeable enough to provide information security-specific career guidance that takes into account the nuances of the information security profession. This person can provide tips on interview strategies, position selection, resume preparation and professional development that can further increase your chance at accomplishing your long-term career goal.

Please understand that your information security career network does not have to be limited to the people that are described above. The examples that are provided should serve as a foundation and guide as you determine who you should include to help you build your career.

As you select the people in your information security career network, think about how the people you have selected can provide a meaningful and measureable impact in your pursuit of your long-term career goals. In addition, in order for a network to truly be effective, it has to "run both ways;" in other words, the members of your network have to be able to rely on you to provide knowledge and accelerate their information security career as well.

Next month we will outline some tips on attracting these information security professionals to your network, give examples of activities that will help you further develop these relationships, and demonstrate how to enhance your career and help you achieve your long-term career goals.

This was last published in February 2010

Dig Deeper on Information security certifications, training and jobs

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.