Surviving Layoffs: Five Career Lessons from the Security Trenches

Company politics, stonewalling, layoffs -- sometimes it's part and parcel of the security job. Here are one CISO's takeaways.

Sitting on the plane coming back home to the U.S. from our head office in Europe, I had a good deal of time to reflect upon my current employment situation and, consequently, what will most likely be my sixth employer change in the past 10 years.

As tough as this has been, there is a great deal that I've learned from each path traveled. And while some of these paths were voluntarily taken, the majority weren't. Considering the average stay at a company in our field is approximately 18 months, there are a lot of us that have been forced in another career direction within the past few years [see also: Job Seekers: Get Ready for the 'Character' Interview]. If I had a dollar for every time a recruiter or human resource person asked about my "sketchy" job history, I'd be a very rich man [see also: 10 Dos and Don'ts for Security Job Interviews]. By the same token, I know of very few people who have been fortunate enough to have lasted five or more years in a strictly information security-related function at one company. There are many times I've thought about getting out of security altogether, but opening a dollar store and raising alpacas seemed like more trouble than it's worth.

Having said this, each career change has brought about a unique learning opportunity. These are experiences that you won't find in any book nor learn at any business school. Sometimes the school of hard knocks can be the best teacher.

Lesson 1: Look before you leap
The grass isn't always greener on the other side. This is a common phrase that we hear from time to time and one that definitely had more than a ring of truth to it in the late 1990s. I had left the relatively safe pastures of Microsoft to pursue an opportunity as CISO at a startup company for twice the salary, stock options and other associated dotcom perks of the era. While I managed to ask all the typical geek questions in interviews, such as about the technology, personnel and relevant strategies, it didn't occur to me at the time to ask the tougher questions such as capital run and burn rate, attrition, company finances, etc. Had I known the incredible burn rate on capital before and predicted the dry-up in venture capital funds that year, I never would have left Microsoft. And, as I found out much later in an interview, once you leave Microsoft you can never go back. Learn to ask the hard questions and know what you don't know. Lesson: Do the math. Consult a mentor, financial consultant or career coach if you are unsure of how to ask about a company's long-term viability.