How To Win Friends And Influence People With IT Security Certifications
by Peter Berlich, CISSP-ISSMP - A member of the (ISC)2 European Advisory Board and the Information Security Forum Council - Tuesday, 6 June 2006.
Focusing on management is certainly worthwhile and it can be fun to learn. Shortly after it became available, I obtained the ISSMP (Information Systems Security Management Professional) concentration on top of my CISSP certification. My motivation for this was different from the first time around. I no longer felt I had to prove anything to myself or others, but I wanted to use the Concentration to position myself within the field and increase the profile of my personal brand.

Today, tomorrow

The public and private sectors put IT Security on top of their agenda these days, and, as a result, the IT and Information Security job market is growing. At some point though, the market will saturate as businesses seek to curb their investments, security services become more standardized and IT as a whole moves to a more service-oriented business model. Is your career strategy ready?

From my own experience, I see a certain logical sequence of actions in career progression:

  • Novices probably should aim for at least one type of formal qualification. Be it CISSP or something else, it will be your key to unlock the IT Security market for you, and in the near future may become a formal requirement for the more senior positions. Start networking. If you do have a technical background, aim for managerial courses and possibly mid- to long-term for the proverbial MBA (Master of Business Administration).
  • Experienced practitioners need to consider the direction in which they want to develop themselves. Get an advanced degree but stay focused. Are you a jack of all trades and a master of none? I hope not. If you havenít built a good network by now, itís high time. It doesnít matter so much where you get your benchmark from as long as you are in touch with your peer group. It will gain you a reference point and keep you sane.
  • Senior IT Security people, you may be on top of your game but do you have an exit strategy for when the market matures? Will you be able to defend your role against younger incumbents? At what level can you function as a line manager or in another staff function?
You have all the qualifications you will need and you will have built a strong network. It will be hard for you to bid good-bye to it all, but brace yourself for moving on. Be prepared to prove your value, your proficiency and your potential definitely at every point.

In a nutshell, build your career plan on your strengths and ambitions. Decide early on whether you want to be a top expert or a good manager and stick to your strategy. Adapt and maintain it with reason, and donít confuse hedging your bets with keeping all options open. Progress requires focus.

On a related note, make a conscious decision to stay open-minded. More important than climbing the ladder fastest is the ability to grow as a person and take new perspectives.

The hallmark of a true leader is not just the ability to influence, but openness to learn from others. Good luck!


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th