How to Invest in Your IT Security Career During Tough Times

When meeting someone new and describing my background in this industry I often say “I’ve seen the best of times, I’ve seen the worst of times and most of what falls in between.” I’ve been recruiting in Information Security long enough to have experienced the heady times of the dot.com boom and the dark days that followed after it all came crashing down. I’ve also been here as the industry has grown and evolved--sometimes as a result of and sometimes in spite of significant difficulties. This evolution leads to adaptation, and it’s the ability of people to adapt and rise above one challenge after another that makes our industry so dynamic.

Given what I do, communicating with and connecting people, I’ve offered both a shoulder to cry on and kick in the pants to those that need it--especially in uncertain times like the ones we’re facing. I don’t enjoy either situation. For the purpose of this column I wanted to offer some sound advice to those Information Security professionals who are concerned about the future of their jobs. Think of it as a general checklist of things that you probably should be doing all the time but need to devote some time and consideration to right now, especially if your future is uncertain.

First, know your differentiators. Understand what sets you apart from your peers and how you can use these qualities to best advantage. Similarly, think about your personal “brand”. If you had to describe to another person who you are, what you do and most importantly what problems you can solve, how would you do it? Develop a personal branding statement that will allow you to do this whether it’s in the elevator with your boss’s boss or on a job interview.

For example, I was speaking with a candidate who had very strong application security skills. She also had a great sense of humor and was a natural communicator. She was frustrated because she was falling behind in her work due to the number of times she was personally requested to sit in on IT project meetings. I laughed when I heard this because she didn’t realize what she was saying. The result was one more critical differentiator that strengthened her personal brand. So now, when somebody asks her what makes her stand out, she’ll tell them “Although my primary focus is application security risk assessment, I’m the person my company relies on to bridge the gap between business and security requirements and who gets everyone work and play well together.”

Second, find ways to leverage your differentiating qualities to add greater value to your current organization. By demonstrating the ability to provide solutions and solve problems important to your company you may just save your job, or at least postpone your departure. So find out what the hot buttons are--not just within security but with other areas of IT and within the business you support. There may be hidden opportunities where your perspective and experience could make a difference.

Third, work on strengthening your relationships with your management as well as other stakeholders or clients you support. Communication is key to accomplishing this. Developing an active and open rapport with others will help you better understand the big picture of what’s going on around you. It will also help you keep your cool and make informed decisions about your options while rumors at the water cooler are flying.

And finally, be ready to embrace change beyond your control. From a career perspective this means having your “personal marketing documents”, AKA resumes, references and professional certifications up to date. It also means communicating your interests and intentions to everyone you know who might be able to help you. This includes re-connecting with your recruiter, any mentors, past co-workers or clients with whom you’ve had positive experiences with in the past. It also means taking the time to catch up on the industry at large through reading trade journals, attending networking events and increasing your participation with industry organizations. Get the word out to your associations, organizations, friends and family that you are on the job market.

Lately, not a day goes by that someone doesn’t ask me what the future holds for our industry in these tough economic times. The truth is, nobody can tell. It’s a fact that in the short term, supply will likely outstrip demand especially for the most senior roles in our industry. The best and only way to adapt to change of this nature is to be prepared--mentally, materially and socially. We should know that we’re in for a marathon and not a sprint. Yet despite the challenges ahead I’m confident that our industry will continue to grow and thrive. We just need to put less stock in the markets and more stock in ourselves. ##

Jeff Combs is Practice Lead, Security and IT Risk Recruiting at Alta Associates.