Key Steps to a Successful Security Career

A consultant is laying out the elements of a successful career in information security at this week's RSA Conference. Are you on track for a long, prosperous journey or are you being short-sighted?
Posted February 13, 2006
By

Sharon Gaudin


Information security is different today than it was just five years ago. And how you go about having a successful career as an IT security professional is different, as well.

Kevin Beaver, an information security consultant with Atlanta, Ga.-based Principle Logic, LLC, says the industry has shifted so much in the last several years that even the way people perceive success has changed. Today, it's no longer all about the technology. It's just as much about using IT to create customer loyalty and to out-wit competitors.

Today, the successful IT professional also is a savvy business person.

''It used to be more about what protocols you know, what firewalls are you expert on, what encryption algorithms do you understand,'' Beaver, who will be speaking at the RSA Conference in San Jose this week, told Datamation. ''Now the bigger focus is on IT governance and the business side of security. That's where the value is.

''And it's obviously affecting how people set their goals, how they sell security to upper management, and the continuing education that they receive,'' he adds.

With IT professionals increasingly being expected to join business teams and work on business projects, knowing the technology is becoming a smaller and smaller part of the job. Beaver says it's a mistake to focus solely on the technology, and it's a mistake that can drag down a security career.

''I think the successful security professional will focus more on the career side than on the technical side,'' says Beaver. ''Technology is just a small component of the career now. It's more about the business side of things -- risk management; policies; being able to tie business goals and security goals together; having metrics to make sure that security projects are successful in terms of what the business needs.''

Beavers offers up a set of tips to the IT professional looking to build a strong career. Some of the elements to success are:

  • Enhance Your Soft Skills -- Soft skills, which veer away from technical skills, include communication skills, relationships with others, time management and people management skills. ''I still see a lot of security people pigeon-holing themselves,'' Beaver tells Datamation. ''They know the techie stuff but they're not focusing on what will actually give them a successful career. They fall into the trap of not having time to focus on the soft skills.''
    But the big question is how do IT professionals find the time to bone up on relationship building and communication skills when they have countless fires to put out on the network.
    Beaver says the trick is to simply carve the time into your schedule, whether it's scheduling a lunch meeting with a business-savvy mentor or taking a class on the weekends. If it's tough to find the time to do it, simply worker harder at making the time.
    ''They're just fighting fires and catching every ball that's thrown their way,'' says Beaver. ''They should be spending a certain amount of time working on soft skills. It needs to be done continuously. Listen to audio books, go to training. Do something weekly or quarterly. Take some time off to do it, or study before or after work. I know that's the kind of stuff that has helped me.''

  • Find Your Specialty -- Information security is a broad field to be working in, so people need to make sure they have a specialty -- preferably a very marketable specialty. Beaver advices people to pick up their heads and take a serious look at the industry. Don't just look at what technologies are hot right now, or what skills are in demand now. What is coming down the road? Study the field and try to get your skills out in front of what's coming.
    ''You could be managing policies, performing audits and being a forensics investigator,'' he adds. ''I see a lot of people trying to become experts in every area related to security and it's not really possible. It's such a complex field and it has too many areas to specialize in. You can't be everything to everybody. Pick one area and focus on it, whether it be audits or forensics.''
    But how do you make sure that what you specialize in isn't about to become antiquated? How do you make sure you're not specializing yourself right out of a job?
    Planning. Beaver says it all comes down to planning ahead.

  • Continuously Educate Yourself -- ''I read a whole lot of stuff,'' says Beaver. ''Keep up with the trends and make sure you know where they're headed. Be proactive so you don't get stuck in an area that is no longer needed. You have to focus on the longer term.''

  • Know the Legal Side of Security -- Beaver recommends that IT professionals know the laws and the regulations that apply to information security and to the particular industry they're working in. Understand human resource issues, especially as they relate to employee privacy and monitoring. Data retention has a lot of legal issues, as well, he points out.
    ''Know corporate security policies, contracts and service-level agreements,'' Beaver says. ''The risk is that you're either left behind, or you're not going to know what your competitors, your coworkers and your peers are learning. Upper management will see them as more effective. You need to be able to offer business value.
    ''And if you don't know the legal side, you could be putting yourself or your organization at risk,'' he adds. ''If you're retaining data incorrectly or monitoring employees incorrectly, you're putting a lot at risk.''

    Overall, Beaver recommends that people think long-term. While someone may be very focused and efficient when it comes to dealing with daily crises, they're not doing any favors for their careers.

    ''If you focus solely on putting out fires, you're going to get burned out,'' he notes. ''Your skill sets are going to become stale because you're only focusing on the stuff that's already in place and you're not exploring new technologies and new methodologies. Look up and see what else is going on.''






  • 0 Comments (click to add your comment)
    Comment and Contribute

     


    (Maximum characters: 1200). You have characters left.