Dream Information Security Job: Career Guidance – Part 2
What are the 10 key steps to your dream Information Security Job? Here is a practical insight, that will be pathbreaking for freshers and pioneers in the industry, who are aspiring to be future information security leaders.
What can set you apart from the rest? What will take you to your dream information security job? Those CISOs and Security experts at critical positions and at the helm of prestigious institutions reached there by sheer luck, or did they do anything differently?
It is quite apparent that Information Security Job is one of the hottest in the market now, but at the same time is a very challenging one too. Tremendous demand still exists for those who can excel in the field, with the right attitude, technical skills, communication ability and business acumen.
This analysis looks into some critical steps that a professional shall follow to achieve their objectives and to get into their dream information security job.
It may not have to be very systematic, but overall it shall be in the back of your mind while attempting and while working towards your target and to grab your dream information security job.
This article brings forward some of the exciting tips that may help you to develop and grow yourself in this most exciting area of work.
Apparently, some key personal attributes one possesses also is essential for success, which includes passion, positive attitude, integrity, discipline, smart working, and persistence, etc.
Most of the listed points are relevant for any jobs, but the focus and target audience in this article is Information Security Professionals.
Let us have a quick look into those areas which will be an excellent aide to launch and grow into your cybersecurity career aspirations.
#1. Basic Education – Qualification
It is always great to have the right qualification to start any career, which is the same if you are targeting your dream information security job. Although in certain cases and several firms are not very particular on this, especially when you have enough experience and unique skillset.
Still, it is always better to have the efforts focused on a field of study that is relevant to the Information Security domain. For example, it may not be a great idea to join for a medical course, when your passion is Information Security and wants to be an expert in the field.
Discuss with your family and friends who are exposed to the Information security field, to choose the right courses that match to your dream information security job. Those who did non-related courses don’t have to lose their heart, but compliment your existing qualifications, with relevant training and certifications, to get insight into the field, on which you may need to put additional effort, to match up to your competitions.
#2. Knowledge Attainment
Read, Research, Analyze – Knowledge, and skill can be acquired, for which you don’t have to enter into the best university and without working formally in an organization.
Read as much as you can, but focused on the subject that is relevant to your objectives. Extensive resources are available, including on the Internet, where the quality material is easily accessible.
But at the same time, Information overflow is a challenge that needs to be tackled smartly by choosing what and from where to read. Focus the knowledge and skills required to take you to your dream information security job.
#3. Training & Certifications
Identify all sources of training, which fits into the targeted job profile and lead to your dream information security job. It may not have to be only the specific technical training, but anything that develops you as a professional. A successful information security career will be built on multi-faceted skill set.
Basic technology understanding and training also will add to a security professional’s arsenal. Networking, desktop/server functioning, and programming concepts, etc. will be a definite plus.
When you are a security expert, your competence will be much stronger if you had chances of undergoing the essential technical, project management, soft skills, and business-related training. Grab as much knowledge as possible, all of them will be at your fingertips when required.
Identify and work towards relevant certifications. Selection of the certification path shall be based on which area of information security is your interest. If it is governance side, CISM, CISSP, CISA, & C|CISO, etc., are good options.
If your interest is ethical hacking, forensic investigation, application security, security analysis, etc. there are many certifications available like CEH, CHFI, ECSA, CSSLP, and SSCP. Project Management certifications like PMP, PRINCE, etc. will be beneficial, once you are into Information Security Project management, as an executor or as a leader.
In general, although Certifications only will not help you in landing the right job, lack of certifications may be a disadvantage to you when compared to those who have. Also, what you learned in training will be cemented in your mind, when you prepare for the certification exams, which will help you incorporate those thoughts in your mind when you have to deal with practical scenarios in your job.
There are short-term and medium-term courses like Certified Information Security Consultant from NII Consulting, which claims to be designed to convert an amateur into an information security professional. There are many similar courses, that will give useful insights and entry into the field to take you to your dram information security job.
Obviously, it is crucial to have experience, as much as possible – at your job, or what you gained outside your job. If you are not in a job, find out options to do freelancing, online, or apprenticeship. If possible, set up a lab at home and try out different aspects of security.
Also, there are online labs and test environments that may be used to get some hands-on experience, even if you are having difficulty in entering into your first job. Freelance offering websites are available like Fiverr.com, Freelancer.com, etc.
You may try to gain experience through these forums. Some firms may look for resources who can work from home, for specific projects like documentation, penetration testing, etc. Try to explore those ways.
Also, there are many information security related work, like research, analysis, and blogging etc. that can be done without being on an office job. Explore the possibilities of gaining knowledge and experience that can help to get into your dream information security job.
If you are a fresher, I would recommend not to worry about the money during the initial period, if you get to experience through apprenticeship, or as trainees to enter into the field. Once you acquire some experience, and if you get the right breaks, by proving your credentials, money will come automatically.
#5. Professional Networking
Build the relationship with the professional community. Be genuine in your interactions. Don’t blindly request for a job, before even having a mutual communication, exchange of thoughts. Similarly, don’t spam your contacts with unsolicited emails or messages with CV.
First, build your reputation, and demonstrate your critical skills and knowledge through positive approaches. LinkedIn is one of the best social media sites for any professionals. Your knowledge, experience, and skillset will be a pivotal force to get respect and attention. Review, analyze, follow and emulate key information security leaders you found to be your role model, that can be a good starting point for assisting you with your dream information security job. But again try not to overdo this. Be yourself, and emulate the skills, approaches, credentials and other professional attributes of your role models.
What you can achieve through hard work will bear fruits when you interact and exchange ideas and thoughts, which will help to build your relationship. Write articles, blogs, share thoughts and ideas with the professional community, by which automatically you will develop your reputation and relationship. Also join related Information Security Groups on LinkedIn, WhatsApp, and other social media platforms.
#6. Conferences & Seminars
Find out Information/Cybersecurity conferences, and you may be able to attend paid or as the special guest invitee. These participations may be the best opportunity to interact with experts, and thought leaders in security, get exposure to different viewpoints.
Your friends in the security field may be getting a lot of free invites and passes to these events, try to get into these events, where you will have a chance to gain a lot of knowledge and contacts. New thoughts and ideas could strike your mind, that will enable you to develop your horizon.
If you have passion, expertise and has potentials as a speaker, try to work on specific interesting topics, and discuss with your friends in the industry, and conference organizers to see you can get an opportunity to speak in these events. Delivering these speeches will give an immense boost to your profile and also the preparation will enlighten you enormously.
You may contact Webinar and Podcast organizers (E.g. BrightTalk) to speak on various topics of interest, which can do at the convenience of your home, and will be a good starting point. Podcasts and Webinars can be done by yourself by creating your channel, web portal or social media profiles. These are excellent tools to drive you to your dream information security job.
#7. Social Media Profile
Build an excellent profile, with genuine, but relevant information including your achievements. Demonstrate your skills and capabilities in a sincere and profound manner.
Request for recommendations from your professional associates highlighting your capability and achievements. The profile shall be very refined, and apt to your objectives. Professional language and approach shall be chosen to present facts and credentials. Achievements and aspirations can be included, without disclosing sensitive personal or business information.
If you publish your organizational internal or sensitive information, that itself will negatively impact your credentials as a security professional. You need to build the profile, which reflects your capability, and achievements without disclosing sensitive details. Get connected to reputed industry experts, through formal and professional methods that will enable you to build your social media presence. But be genuine, and present facts and realities only.
An elegant, comprehensive, and crisp resume is a key for any job search. It shall not be very short, and it cannot be very long. Identify an innovative but elegant template and formulate one.
Language should be very formal, use active sentences, do proper grammar and spell checks. The first impression is the best impression, and a well-crafted CV will do a lot of good for an aspiring candidate. Another approach which is found to be very useful is to create a one-page executive summary or brief profile of critical elements of your cv, that can be attached to the detailed CV also.
Those who want to have a quick look (executives mostly enjoys to see a 1-page profile), the brief profile will be good enough. Once they are interested in your profile, the detailed CV will be a good reference. Overall, the CV format shall be innovative, elegant, readable, with a minimal number of colors, and the single type of font.
Sections shall be segregated and arranged in the order of significance and tied to your career story. Key points to be highlighted for quick attention. Ensure adequate spacing between the sections and sentences.
#9. Research before Interview/Meeting
Research the company you have applied for your dream information security job and the persons you are trying to be interacting with your professional associations. You may find a lot of details on the internet, and also from other employees working there or with them, if you can find out.
Understand the threat vector of the organizations, risks and challenges, and management teams, styles, etc. If you know, who is the interviewer, management team, reporting lines, etc. try to find about them from the Internet or social media.
These insights will help you to be better prepared and respond in alignment with the expectations of the other party. You may be able to tailor your answer by applying your experience and knowledge to the relevant environment of the organization or people you are meeting. But use genuine and authorized methods and approaches only, and avoid overdoing this. This may be called social engineering – for a positive outcome!
#10. Prepare for the first 10 Minute Introduction
Write a 10-minute profile about you – that will be your Introduction, during your interview. In most cases, the interviewer will start by asking a brief introduction as part of the ice breaking process. The intro will set the tone for the interview. Make sure to write down a well-formulated introduction to your career with critical achievements, deliverables, ambition, and aspirations. Make sure to include your fundamental skills, that are relevant to the job you are applied subtly. But when you present, it shall be naturally done and avoid being artificial.
Don’t attempt to bad mouth the previous employer/colleagues or disclosing sensitive information about them. Start with the recent experience and go back to the relevant experience. This introduction shall be tailored and refined in such a way that, when you are delivering it shall be very natural, crisp, but focus on demonstrating your skills that are relevant to the roles and addressing the expectations of the interviewer.
Also, make sure not to include anything which you are not confident about, or you don’t have knowledge or experience. The good, confident and composed beginning will help you to demonstrate your capability successfully, and that can impress the interview team. Remember the organizations and interview team are not assessing your technical skills only, but how good you fit into the organization, group, and goals.
About the Author
Illyas Kooliyankal is a well-known Cyber Security Expert, currently working as the CISO at a prominent bank in UAE and serving as Vice President of ISC2 (UAE Chapter). He has won many international awards, including the ECCouncil (USA) Global CISO Award (Runner-Up), ISACA CISO and Emirates Airlines CISM Award. He is a well-received keynote speaker at many international conferences in the USA, UK, Singapore, Dubai, etc.