Over the past few weeks a few colleagues have reached out to me seeking advice on their Information Security career. Their questions range from:
- how to get that next job?
- what type of opportunity should I look for?
- how do I grow myself?
- but if I don’t have enough experience how I can’t find a security opportunity?
Perhaps it’s the time of year, contracts are ending, people are considering new challenges, exploring 2017 possibilities or its simply time for a change of scenery. Whatever the reason, speaking with these ladies these past few weeks prompted me to post my advice. I hope it helps others.
The first question I always ask them is, why Information Security? Is it because you want a 9-5 job, do you need something that simply pays the bills, do you want to further your career, do you enjoy learning and love challenging yourself? All these reasons are individual and I never judge anyone’s response as what is right for one person may not be for another.
Some of us have career aspirations of being the next security leader, security engineer, architect, CISO, CEO. The reality of it is that many of us simply move from job to job without thought of what we really want in our career.
Fortunately, most Information Security roles grow so dynamically that its rare you will be doing the same thing you were doing 12 months ago. Information Security is a quick moving stream and investing in you will allow you to keep up with change. This is the driver why so many of us are in this game. We thrive on the continuous change, the challenges, problem solving and putting ourselves on the line to learn new and emerging things. It’s not really a job in the traditional sense.
When you go to your job interview, keep the following in mind:
- Your industry knowledge is important, but show why you are passionate about security and what makes you different. Don’t leave it at the door!
- Don’t settle for a lower wage because you think you are not worth it or because you are a hard critic on yourself, do your homework and put forward the amount which is reflective of the job role and your experience.
- Never put yourself down in front your potential manager but admit your growth areas and be proud of what you have achieved in your career or personally.
- Select an opportunity and a manager who will support you in your professional growth whatever that aspiration might look like.
So how can you expand your security knowledge when your job doesn’t allow for growth or you’re currently not doing much in the security space? This is the main question I get asked all the time especially from University graduates. Some feel learning security is an expensive exercise! Trust me, this is furthest from the truth. It doesn’t take a lot of money to expand your security knowledge, it’s all about being resourceful and your willingness to find the answers you seek.
I am not telling people to give up their work life balance. As a full-time working mother of young twins, work-life balance is high on my priority list. My weekends are always busy and I rarely give up my precious moments with my family. However, just like finding time for exercise, eating well, whatever is important to you, you should find time to invest in you. Most of my outside learning happens travelling to work, meetups at lunch or when the kids are in bed, but case in point, you can always find time that fits into your schedule to reach your career goals.
For me personally information security is a love and hobby. There are so many ways to grow yourself and give back. Here are some of the low-cost ways to get started:
Subscribe to a security podcast. Many of us have between 45-60 min daily one-way commutes. Instead of checking in on your friends on Facebook status, listen to a Pauls Security Weekly, FireEye, Sophos, Security Now, SANs, TrustedSec, etc. There are so many great shows to listen to in the car, watch on train, whatever your mode of transport. Helps passes the time and you learn a lot too!
- Subscribe to a sans.org or a brighttalk and watch of the latest security webinars, some score you an instant CPE – winning!
- Read a white paper or write your own
- Build your own home lab, setup a virtual home network, build a firewall, buy a Raspberry PII, learn command line linux, pull apart your computer, sniff your traffic at home, teach yourself a language, setup a malware lab, experiment with technologies that you know little about, its all part of the fun.
- Signup to Github and checkout some of the open source projects, participate or contribute
- Take a security class, there are so many free classes online or ones that charge a small annual fee like ITPro.tv
- Attend a security conference
- Join a group of like-minded professionals and network, network network!
- Follow your favourite security professionals on twitter
The opportunities to expand your knowledge is sincerely endless and the above list is by no means exhaustive nor for everyone. Information Security is a large space and you can never know everything, but set yourself apart by learning something new, do some R&D, build upon what you know and follow an area that interest you.
Your professional development starts with you, so don’t forgot to show your potential employer your passion and what makes you great.