Ron Woerner is an experienced security leader who now prepares future professionals for the security industry. As such, he knows what it’s like for professionals looking for talent and students and others trying to get into security. It’s unique perspective to help build a better pathway.
This is part of the focus on the pathway to the talent we crave (link) in the Leading Security Change series (link). A multimedia exploration of challenges and opportunities in the security industry. Each series brings together a panel of experienced security leaders to share the mindset and approach we need for success. The result is a complete package to engage others, strengthen your leadership, and accelerate the change we need for better security.
5 Questions with Ron Woerner
1. How do people get the experience they need to build a resume that gets noticed?
Experience and career building can seem like a catch-22 situation. Many people believe they can’t land a job without experience and cannot build experience outside of work. This preconception is incorrect. There are many ways you can develop yourself outside of a formal work environment.
One is to volunteer on an open source project. A simple search on “open source projects list” yields many opportunities. This allows you to gain experience on viable projects with like-minded developers of all experience levels.
Another is to be involved in cyber competitions as a participant or mentor. CyberCompEx provides a list of competitions that are both in person and online. You can find one(s) that fit your experience, interest, and time schedule. These allow hands-on activities to test your knowledge, skills, and abilities. You can also mentor junior professionals or high school students in competitions like CyberPatriot. All of these directly apply to critical information security job skills.
Lastly, I recommend blogging. When you start, you may feel that you’re only writing for yourself and that no one will ever read your work. However, over time you can build a following. It also demonstrates both communications and technical abilities to employers.
2. What about volunteering? Is this a good way to get noticed?
Volunteering should be considered an investment in your future, not an unpaid job.
It’s a simple way to give back to others while building yourself. Many organizations need IT and cybersecurity help, such as churches, community centers, kids clubs (e.g., Boys & Girls Club). They know they need to build capabilities and enhance security, but don’t know how to do it. They are also looking for instructors to train on online safety along with using technologies.
Through these, you learn problem solving skills, working with a variety of people, and can get hands-on experience with multiple technologies. Plus, a great way to learn something deeply is to teach someone else. Additionally, you can often list that experience directly on a resume and potentially use the people you help as references.
3. How can we help people get meaningful experience while addressing liability issues?
In volunteering, you need to be cognizant of potential liability associated with your actions. You want to protect yourself and limit your should something go wrong. For example, you’re helping a small community group fix their computers and there’s an unrecoverable crash. In this case, I recommend being up front and honest before you start about it being best effort and that you cannot offer guarantees on success or failure.
You can also consider joining a well-known organization that vets its members and volunteers like Infragard, (ISC)2 Safe & Secure Online and US CyberPatriot. They perform basic background checks to confirm members identities and general trustworthiness. This is especially important if you’re working with youths. Never put yourself in a situation where you are alone with child or are conversing one-on-one with him/her online. Use the two-person rule and include another trusted adult. This protects everyone.
4. How can someone interested in making the move to cybersecurity use priority experience, even if it seems unrelated?
Information security is a broad field without a single career path. Many established professionals enter it from other industries. (Side note: this is a great ice-breaker at conferences. Ask attendees how they got into security and see the differences for yourself.) To be successful in it you need experience in technologies, communications, conflict management, business, legal, etc. That means it takes exposure to a variety of situations.
All past experiences are learning opportunities. Use them as such in building your cybersecurity career. As a soccer referee, you learn conflict resolution, people skills, and compliance with rules. As a volunteer paramedic or firefighter you learn to work under pressure and thinking on your feet. In Toastmasters, you learn not only how to communicate, but also how to give worthwhile feedback. Lastly, business experience often translates into cybersecurity with risk management, project management, and governance.
5. What can people do to learn information security on their own?
There are many activities you can do on your own to learn about information security and build your skills. First you need to read, a lot. Fortunately, there are many websites, forums, and journals available at no cost. Follow security leaders (like Michael ), and read not only what they’re currently saying, but also what they’ve said in the past. For a list of my ideas, check out My Security Bookshelf.
You also need to practice technical skills. Develop your own home lab with VMWare or VirtualBox, a Linux distribution and a set of security tools. Many basic security tools are also available for free. See my post, What’s in Your [Security] Wallet?. It describes tools you should have on hand as a security professional. Like any tool, you need to practice using it to become proficient. There are many tutorials on YouTube, HowToGeek, and LifeHacker.
One HUGE caveat is to only practice on things you own. Don’t accidentally cross onto another’s systems causing issues.
About Ron Woerner
Ron Woerner is the Director of Cybersecurity Studies at Bellevue University. He has over 25 years of corporate and military experience in IT and Security and has worked for HDR, TD Ameritrade, ConAgra Foods, Mutual of Omaha, CSG Systems and the State of Nebraska.
Ron earned a B.S. from Michigan State University and a M.S. from Syracuse University. He was awarded the Certified Information Systems Security Professional (CISSP) in 2001, the Certified Information Security Manager (CISM) in 2014, the Certified Ethical Hacker (CEH) and Toastmasters Advanced Communicator and Leader designations. He is the Air Force Association CyberPatriot 2013-2014 Mentor of the Year for his work with high school cybersecurity competitions. He loves to talk to others who are passionate about security and privacy.
Ron is also part of the IDG Contributor Network - and you can read his insights here: http://www.csoonline.com/author/Ron-Woerner/