IT security experts are among the most sought-after professionals in technology, with the demand and pay for certified security pros surpassing those of other IT professionals by some margin.
An increase in relevance means a higher demand.
And what does that lead to?
Higher salaries, fewer layoffs.
Professionals are thus looking for a foothold in IT Security. Because, well, it seems secure.
Are you one among those looking to get into the IT security industry?
Or are you already a part of it?
No matter where you stand in the sector, here are a few tips and some dos and don’ts.
Ways to Quickly Ruin Your Career
Number 1: Failing to Stay Ahead of the Curve
However, we recommend otherwise. No matter what your value is in the industry, you need to stay relevant. No relevance means no job. You cannot work with information that is outdated.
If you look around at other security practitioners, they are always reading. Why? Because they need to stay relevant. They subscribe to top blogs, stay up-to-date with the latest research, read industry magazines, and constantly update their technical skills.
Information security is an industry that moves very quickly. Exploits are discovered every minute of every day, and best practices are on a constant change. Every year, there is always something new, a new trend, a new way.
If you fail to keep ahead of the curve, and top up your skills and knowledge, it won’t be a matter of time till the industry shuts its doors on you.
Number 2: Taking No Responsibility for What Happens Inside the Firewall
Staff in the industry are often poorly trained in best practices of security, and software or hardware is left for trial and error, and plastering over any weaknesses. The most capable information security professionals understand that all aspects of business are incorporated in information security.
This usually means guaranteeing that all the employees are using software safely, that the developers are trained well in the best practices, the important hardware and software is kept updated, and penetration tests are completed on a regular basis, and also inculcate the thought that security is a key part of a company’s processes and not just an afterthought.
Number 3: Blaming Other People for Security Failings
It is part of the learning process to take responsibility of security failings. When an employee makes mistakes, it holds to be your mistake as well as theirs. The top information security practitioners always take responsibility for the security risks or the breaches that occur, and utilize their best efforts to minimize them.
If you are one who plays the blame game, this industry is not fit for you. You are failing to understand what your responsibilities are.
Number 4: Speaking Only in Bits and Bytes, and Not About Business
Isn’t that what someone trying to ruin their career would do?
To be a successful information security professional, talking only about technical details isn’t enough. You will need to learn to talk about the business impacts and benefits of things as well. When you have meetings with senior executives or professionals who aren’t very well-versed in information security, you will need to be able to explain the situation in their language, not just yours.
Plenty of people in fields related to technology fall into this trap of speaking a language that most people cannot comprehend. This is an easy way to seem irrelevant.
Number 5: Talking Down to Your Peers
Though most of us tend to do this, it is wrong, and is definitely the easiest way to mark an end to your IT security career is looking or talking down on people who are not part of the security world. No matter how easy it is to lose yourself in that security bubble, you need to remember that talking down to people who do not understand security concepts will get you nowhere.
It is important to be clear and concise in way you talk to others, and resist that strong urge to talk down to people.
Common Mistakes to Avoid
Csoonline spoke to CISOs around the world and collected their inputs to list out mistakes that are usually made during interviews. So for new aspirants in the field of Information Security, here are some common mistakes to avoid:
Number 1: Failing to Show Yourself as a Team Player
A lot of hiring executives around the world say that personality of an employee most often trumps that of technical assets. This is true since more roles in information security interface with the rest of the business. It is crucial that the applicants be themselves – articulate and amiable. They should be able to prove that they are flexible and can work within the different areas of the organization.
Number 2: Selling Yourself as the Jack of All Trades
Boris Sverdlik, Head of Security at Oscar Insurance says, “Entry level applicants across almost all verticals of information security make the mistake of trying to be a one-size-fits-all candidate. Security is broken up across many verticals and even among those who are experienced, it's almost impossible to be well-versed in all aspects.”
Brian Martin, founder at Digital Trust, LLC says, “The most annoying candidate is the arrogant know-it-all. I don't mind arrogance when it's earned, but not in a kid who's never been tested. In cases where we've tried to work with these types, it hasn’t ended well.”
If your interest lies in various skills under the information security domain, highlight the ones that best meet the demands of the organization. Like these leaders stated, nobody likes a know it all.
Number 3: Failing at the Basics
Many CISOs like Martin Fisher, the manager of IT security at Northside Hospital, believe it to be common for potential hires to make basic blunders. He says, “On resumes, misspell HIPAA, and I’ll toss the resume. Too often encounter typos, punctuation errors, and resumes laden with information that's not relevant to the role being offered.”
Mike Kearn, principal security architect at the US Bank, cited what job seekers don’t do when it comes to the basics of interviewing. “When I offer them an opportunity near the end of the interview to ask me anything, and I emphasize the word “anything”, the majority ask me softball kinds of questions about culture or why I like working there. Missed opportunity on their part,” he says.
Any other dos and don’ts you know of? We’d love to hear them, and so would our readers.
And don’t forget – get certified, and get ahead. Simplilearn offers courses in IT Security management. So get out there and stay relevant.