I\u2019ve been in an IT career since 1987, starting as a PC troubleshooter and security consultant. Then I went on to be a trainer, network technician, network supervisor, director of networks and technology, VP of IT, principal security architect and finally evangelist. I changed companies along the way and sometimes stuck it out for over a decade with the same company. I\u2019ve hired hundreds of people, read thousands of resumes, and fired a few dozen people. I\u2019ve had success and luck through most of it.Though not a career expert, I\u2019ve been around long enough, as both an employee and a boss, to see what qualifications and traits allow a person to have a long, successful, gratifying IT security career. Here are the seven I think are most important:1. Be a self-starterHiring managers have a bare minimum set of qualifications that a prospective job candidate must possess to make it to the in-person interview. Once you are sitting in that interview chair, whether you are hired comes down to a trait that you either have or you don\u2019t, and that is whether you are a self-starter.All hirers want to think that the person they are hiring for the position can be told what needs to be done and have it done well without a lot of handholding. If I interview someone and feel that they are not only smart and capable but will make my life easier for hiring them, I try my best to make them an employee. These prized candidates bring me a history of success, don\u2019t blame others for failures, and can hit the ground running.I\u2019ve often hired people who didn\u2019t have all the necessary skills or knowledge because I knew they could get up and running quickly, and once they had the necessary skills and knowledge would excel. Employers want to hire go-getters, who once you give the orders to know how to carry out the job and don\u2019t need to be told to get started.2. Learn the trade and show what you knowThis comes down to education or certifications. How about a little bit of both? Employers want to know that the person they hired is knowledgeable about the job and tasks they are going to do. Most employers, once past the prerequisites, want knowledge and experience, and I don\u2019t know a single employer who is locked into only approving one type of learning.I do think a degree or certification tells an employer something that self-study learning and experience doesn\u2019t. A degree or cert doesn\u2019t mean the person who obtained them is smarter in a particular subject, but it does show some propensity to goal setting, project management, and success. Those qualities aren\u2019t hurtful. \u00a0Also, the best employees hang out with people smarter than themselves in their intended field of knowledge. It\u2019s easier today than ever. Whatever your security field of interest is, you can join multiple groups, blogs, websites and chat rooms that have many professionals discussing related topics. Even if you don\u2019t think they know more than you about something, there is always something to learn. You want to get smarter? Hang out with smarter people.3. Re-invent your skills every five to ten yearsThis is one of the most important recommendations. Twenty-five years ago, I was great at disassembling DOS computer viruses into assembly language. Then I became a master of macro and email viruses in the 1990s. In the 2000s I learned all I could about Windows viruses. In 2010, I started to concentrate on advanced persistent threats (APTs), crimeware and Active Directory security, moving on to cloud security as cloud technologies started to take over.The IT world completely changes about every five to ten years. So, too, should your skills. It will ensure that you are one of the go-to people on the latest trends. This can be tricky. Not all fads become long-lasting trends \u2014 like when Apple and Microsoft got into mobile devices in the 1990s. (Remember the Apple Newton and Microsoft Windows CE clamshell devices?)The trick is in figuring out what technology is going to have staying power. My rule of thumb is that when multiple companies are spending billions on something (e.g., virtualization or cloud), then there\u2019s a good chance the fad is going to become a long-term trend. Following this advice, you might not always be right, but you\u2019ll be right most of the time.Want a good emerging example that is playing out today? Quantum computing. You\u2019ve got hundreds of companies and a dozen countries spending billions on quantum computing. Another example? Containers and microservices. Every new emerging technology brings its own security issues and challenges, and if you get ahead of the curve you can become an expert in that technology \u2014 and that expertise commands top dollar.4. Hone your communication skillsIt goes without saying that having good verbal and written communication skills makes you more valuable than someone who doesn\u2019t have them. Warren Buffett heavily recommends it. If you\u2019re a geek, you can still get a job if you\u2019re a bad communicator, but your potential employer has to overlook and figure how to work around that fact to hire you.I\u2019ve written 10 books and over 1,000 magazine articles on computer security. Initially, I started writing because I was a horrible writer. I had an early employer tell me so. I still need heavy editing, and you won\u2019t get an email from me without multiple typos, but the process of having to write has made me a better written communicator. Plus, when you write about computer security, it forces you to learn more about what you\u2019re writing about.5. Understand the importance of securityIt\u2019s important to understand the real role of computer security in the grand scheme of things. In our sometimes myopic view of the world, all we see is heightened risk and people ignoring our best efforts to better secure them and their data. If only all these people would listen to us more, they would be better protected.Once you learn that computer security isn\u2019t the primary concern of most organizations or people, you\u2019ll be able to understand the business behind everything that you do. Look at the way we handle the vast majority of financial transactions in our lives. We pull out a credit card and insert it into the reader. That\u2019s it. That\u2019s all it takes. Maybe you will be required to sign something, which is a signature that no one will ever look at or contest. It\u2019s pure security theater. Banks and nearly every financial institution accepting that card allow you to spend money using the barest of validations. For the most part it works.There\u2019s lots of security looking over those transactions, of course, and it\u2019s very good. If the credit card company sees a suspicious transaction, it halts the transaction and asks for more validation. The bank is far more interested in keeping you happy and using its card than they are in catching 100 percent of the fraudulent transactions.Understand that business exists to do business. It wants and needs computer security, but not as the number one goal. The number one goal is revenue and everything else is secondary, including computer security. In fact, business really doesn\u2019t value computer security at all until some lesson forces consideration. The sooner you realize this fact, the better your career will be. The best IT security people recognize when they need to speak up and when they need to listen.6. Pick your battlesYou will be faced with frequent security\/usability trade-offs, many times feeling that the organization short-shrifted security in the name of revenue. I can\u2019t tell you how many times I vigorously disagreed with a business decision that I felt did not adequately account for the security risk.Rarely did that \u201cwrong\u201d business decision lead to a security event. Security is not binary. It\u2019s all about risk tradeoffs. If you believe in something, make your pitch. Then live with the business decision regardless of your beliefs. Only fight when you are absolutely ready to expend political capital (you never have as much as you think) and learn when to back down even then.I\u2019ve been surrounded by countless super-intelligent computer security people who tenaciously fought every fight they thought was worth fighting. No matter how smart they were, they usually fight themselves out of a job. They either get fired or quit in frustration. If you want a new job every few months, fight every battle. Otherwise, pick your battles and enjoy longer longevity.7. Enjoy what you doYou have a lot of ways to make money in computer security. My number one advice is to pick a field that you really, really like. You\u2019ll not only do better at it but on all those days when you\u2019re doing something boring (like paperwork, budgets or sitting in meetings) the parts you like will keep you going for the long term. People rarely get to do what they want to do (otherwise our professional football and baseball teams would be much larger), but you can pick your favorite part of the career you decide to be in for a lifetime.I\u2019m lucky. I\u2019ve followed or learned these keys to a successful IT career. Sometimes I\u2019ve learned them ahead of time and others I\u2019ve learned through the experience of many hard lessons. If you take them to heart, I know you\u2019ll have a long and successful career that you enjoy. Good luck.