But what can one do to change the perception of security as a technical problem? It has long been my conviction that in order to induce change in others, it is yourself who has to change. As a personal career decision and in order to be successful in my role, I decided to leave technology alone.
This can be surprisingly hard and to be honest, took me several years and one new employer (I’ll leave it to debate whether I’m quite through with it). It implies repositioning yourself and your role within your organization. It can be even harder to suppress your knowledge of solutions (which may still surpass your peers’ and subordinates’) and accept that from now on you will delegate technical problems in order to gain a comparative (and sometimes a competitive) advantage.
Focusing on management is certainly worthwhile and it can be fun to learn. Shortly after it became available, I obtained the ISSMP (Information Systems Security Management Professional) concentration on top of my CISSP certification. My motivation for this was different from the first time around. I no longer felt I had to prove anything to myself or others, but I wanted to use the Concentration to position myself within the field and increase the profile of my personal brand.
The public and private sectors put IT Security on top of their agenda these days, and, as a result, the IT and Information Security job market is growing. At some point though, the market will saturate as businesses seek to curb their investments, security services become more standardized and IT as a whole moves to a more service-oriented business model. Is your career strategy ready?
From my own experience, I see a certain logical sequence of actions in career progression:
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.