• Novices probably should aim for at least one type of formal qualification. Be it CISSP or something else, it will be your key to unlock the IT Security market for you, and in the near future may become a formal requirement for the more senior positions. Start networking. If you do have a technical background, aim for managerial courses and possibly mid- to long-term for the proverbial MBA (Master of Business Administration).
• Experienced practitioners need to consider the direction in which they want to develop themselves. Get an advanced degree but stay focused. Are you a jack of all trades and a master of none? I hope not. If you haven’t built a good network by now, it’s high time. It doesn’t matter so much where you get your benchmark from as long as you are in touch with your peer group. It will gain you a reference point and keep you sane.
• Senior IT Security people, you may be on top of your game but do you have an exit strategy for when the market matures? Will you be able to defend your role against younger incumbents? At what level can you function as a line manager or in another staff function?

You have all the qualifications you will need and you will have built a strong network. It will be hard for you to bid good-bye to it all, but brace yourself for moving on. Be prepared to prove your value, your proficiency and your potential definitely at every point.

In a nutshell, build your career plan on your strengths and ambitions. Decide early on whether you want to be a top expert or a good manager and stick to your strategy. Adapt and maintain it with reason, and don’t confuse hedging your bets with keeping all options open. Progress requires focus.


On a related note, make a conscious decision to stay open-minded. More important than climbing the ladder fastest is the ability to grow as a person and take new perspectives.

The hallmark of a true leader is not just the ability to influence, but openness to learn from others. Good luck!