VACANCY: Information Security Professionals Wanted In Zim (101 Career Advice) – Part 2

This is the second installment of a 2 part article on choosing an Information Security career. The first installment was posted last week and can be read here.

Certification is not a Silver Bullet

Last week I listed a few examples of certifications (there are thousands of them out there). Over the years I learnt one thing that once you get one cert you keep accumulating more.  This is good for the industry and the individual as it shows that one keeps learning new things and new ways, but this is not a silver bullet to a successful career. Certifications alone will not take you anywhere.

As a security professional there are other skills that are required. These include excellent communication, leaderships, project management, team, business planning, strategy and financial management skills. I also recommend that Certifications should be coupled with hands on experience.

Some examples of ‘cool’ security Jobs (This is not an exhaustive list)

• Information Security Analyst/Consultant
• Security Architect
• Security Auditor
• Software Security Architect/Analyst
• System, Network, and/or Web Penetration Tester
• Information Security Risk/Governance Manager
• Information Technology  Risk and Assurance
• Web/Application Security Engineer/Analyst
• Database Security Engineer/Analyst
• Security Incident Responder / Computer Crime Investigator
• Vulnerability and Malware Analyst
• Network Security Engineer
• Chief Information Security officer
• Director of Security, Risk and Compliance

What’s the market value?

We all want to be rewarded well especially for our skills and work experience; this is especially true for Zim chaps. There are several factors that determine the monetary value of the various security jobs. Various job sites list some of the top paying security jobs or certifications, but when taking these into consideration, please note some of the factors mentioned above  play a big role in determining your $$$$ value.

Therefore, in order to align compensation ($$$$$ + benefits + worth) expectations appropriately with your skills and experience to a viable employer, you must understand at least the following factors:

• The importance of security to the organisation
• The sharpness of your security skills/experience
• Talent: Supply and demand
• The value you can add to the organisation
• Market value

Build up a career network…..This is vital for infosec professionals

“Twitter lets me hear from a lot of people in a very short period of time.” – Robert Scoble, blogger

“A networker likes to meet people. I don’t. I like accomplishing things in the world. You meet people when you want to accomplish something” – Reid Hoffman.

The above quotes say it all…spot on. As a group, information security professionals generally excel at connecting with each other personally. Conversely, we do a below-average job in converting these connections to meaningful career-enhancing relationships.

A good network is great for building, enhancing and learning new skills from peers. It also opens a plethora of opportunities too.  The most critical component of your information security career network is its composition.  An additional member of your network should be someone that can provide you with direct assistance in the development of your career. This can either be a career coach, an executive recruiter, or human resources professional.

Prepare for a career: Information Security is a hard career

Security is an interesting discipline – the threat landscape is always changing and we’re forced to keep up constantly. The simple reason behind that change is that security is ultimately a quality issue. What’s interesting about quality is that issues in product quality are heavily front-loaded: as a product matures, the number of newly discovered quality issues decreases.

Thus the security issues are almost always within the newest technologies. This forces security professionals to be always conversant on the newest technologies. They say learning never stops, so if you don’t keep yourself abreast you risk becoming functionally incompetent.

Here is a good example: back in time no one bothered about Cloud Computing or Virtualisation, but now there are so many security concerns and issues about these things coupled with the presence of social media risk. So as a  security professional you should be abreast with the delivery of security solutions to your organisation if there are to invest in  these technologies…..and be prepared to handle any change that may come in the next 10-15 years.

This makes it extremely difficult to create a long-term career in infosec – the moment one stops being conversant in the newest technologies is the moment that they become functionally obsolete. So, one has to be willing to make a long-term commitment to their own growth and investment. You have to study to continue to grow every day lest you be left behind.

Also be prepared for unplanned extreme occurrences/incidents remember the threat landscape is ever changing. Failure to handle an extreme security attack is usually frustrating and may result in a career setback, though it doesn’t mean the end of the world.

Above all, this one of the most fascinating, diverse, adventurous, dynamic, fulfilling, challenging and entertaining career options within the IT field.

image source: www.career-world.co.uk