• United States




4 tips to keep your career relevant

Sep 14, 20154 mins
CareersInternet SecurityIT Jobs

Remaining relevant within the information security industry extends beyond bits, bytes, and technical certifications. In fact, business acumen was recently overwhelmingly identified as the single greatest skill gap facing our industry.

My entry into the information security (cyber) domain was abrupt. After 12 years within the information technology industry, my employer selected me to specialize in cyber network defense. It sounded cool and I honestly believed it was a strategic opportunity that would turbocharge my career. Since that day, my life has changed dramatically.

Over the next four months my peers and I received the best training money could buy. We were required to assimilate knowledge at the speed of water from a fire hose. Then (to our frustration) they expected us to be able to apply that knowledge in various capture the flag and laboratory exercises. Completing such a difficult course felt exhilarating and empowering; I was ready to conquer cyber miscreants, and I would be unstoppable.

[ ALSO ON CSO: How to be a successful CISO without a ‘real’ cybersecurity budget ]

Reality set in and I realized I had a long way to go. I had a lot of knowledge but was inexperienced in real world application. Furthermore, staying current in terms of skills and present trends seemed like a futile effort. With some of the most desirable and challenging certifications after my name, I was officially burned out. I had no idea how I could remain relevant and useful within my new specialty.

After stepping away and taking some time to think strategically, the solution has presented itself. The answer lies in identifying market needs, organizational needs, and strategically tailoring a continuing education program that supports both the individual and the organization. To maximize your impact within the information security domain consider these four ideas.

1. Do you understand the business?

In their latest report (State of Cybersecurity: Implications for 2015), Cyber Security Nexus conducted a survey. Seventy-two percent of respondents identified the “ability to understand business” as a skills gap. In my mind, this is very significant because it means we (information security professionals) don’t speak the organizational language. Perhaps this is why (in a recent BlackHat survey) spending priorities did not align with the top three concerns of security professionals. It is imperative we view our security efforts as means to the desired business end.

2. Are your skills up to par?

46 percent of the security professionals surveyed indicated a technical skills gap as their second concern. Good security training is expensive and often requires time off, travel, and hotel accommodations as well. Taking random classes without a clear plan is a terrible idea. If you understand the organization’s risk profile and the associated technical skills needed to mitigate those risks you can build a much more effective training program.

3. Are you communicating effectively?

I wish I had a dollar for every time I brilliantly explained something and the receivers were just too dumb to catch on. Please excuse my sarcasm but I thought this way early on in my career. After much frustration (it seemed like there was a plethora of dumb people) I finally realized my lack of ability was the problem. Not my lack of technical skill but my lack of ability to communicate with users, leaders, and clients. Our success depends on influencing diverse groups of people to take action or adopt a particular opinion. Each group is stakeholders with their interests and agendas. Effective communication is tailored specifically to the receiver.

4. Are you willing to put your money where your mouth is?

Quality security training is not cheap, and the effort required to pass quality industry certification exams is significant. Not to mention the time, effort, and money needed to maintain them as well. In a recent survey almost 19 percent of security professionals reported their organization spent no more than $100,000 on continuing education, 212 said their organization paid no greater than $20,000, and 23 percent reported spending between $1,000 and $5,000. I believe the onus lies with the individual and the organization to develop and fund an effective continuing education plan.

Whether you’re a solo practitioner or the CISO for a large conglomerate; maintaining a relevant and reliable stable of professionals is the underpinning of your success. A one size fits all solution does not address the particular needs of your organization. If you want to turbocharge the impact of your information security personnel begin crafting a strategy specific to your organization.


TJ Trent is an expert in organizational compliance and governance for organizations in the cyber universe. His focus is on people, processes, and systems, which provides the foundation for understanding the true place of technology in the cyber world.

TJ works fiercely and passionately to prevent, detect, and eradicate cyber threats. ​During his 13 year career he has witnessed the information technology field burgeon into a powerhouse industry intertwined ​with the fabric of our lives. ​As the lines have blurred between technology and our lives, cyber security and cyber awareness are at the forefront of media attention. The last two years we have been inundated with breach after breach. From healthcare and banking violations to our most sensitive and private photographs. It seems like nothing is safe anymore.​

A super high achiever dedicated to learning and continually improving. TJ has been able to rise to the elite levels of success in his career. With over nine years of leadership experience, TJ has helped many organizations and individuals reach milestones within their careers. As a result, he is also uniquely suited to help you turbo charge your career within the information technology field.

TJ's credentials include a Bachelors of Science-Information Systems Security, Certified Information Systems Security Professional, GIAC Security Essentials (SANS 401), GIAC Certified Enterprise Defender (SANS 501), GIAC Certified Incident Handler (SANS 504), GIAC Certified Intrusion Analyst (SANS 503), GIAC Certified Forensic Examiner (SANS 408), GIAC Certified Critical Controls (SANS 566), and GIAC Certified Network Systems Auditor (AUD 507). TJ will complete his Masters of Business Administration-Technology Management in February 2016.

The opinions expressed in this blog are those of TJ Trent and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.