Friday, June 18, 2021

Key Steps to a Successful Security Career

Information security is different today than it was just five years ago.

And how you go about having a successful career as an IT security

professional is different, as well.

Kevin Beaver, an information security consultant with Atlanta, Ga.-based

Principle Logic, LLC, says the industry has shifted so much in the last

several years that even the way people perceive success has changed.

Today, it’s no longer all about the technology. It’s just as much about

using IT to create customer loyalty and to out-wit competitors.

Today, the successful IT professional also is a savvy business person.

”It used to be more about what protocols you know, what firewalls are

you expert on, what encryption algorithms do you understand,” Beaver,

who will be speaking at the RSA Conference in San Jose this week, told

Datamation. ”Now the bigger focus is on IT governance and the

business side of security. That’s where the value is.

”And it’s obviously affecting how people set their goals, how they sell

security to upper management, and the continuing education that they

receive,” he adds.

With IT professionals increasingly being expected to join business teams

and work on business projects, knowing the technology is becoming a

smaller and smaller part of the job. Beaver says it’s a mistake to focus

solely on the technology, and it’s a mistake that can drag down a

security career.

”I think the successful security professional will focus more on the

career side than on the technical side,” says Beaver. ”Technology is

just a small component of the career now. It’s more about the business

side of things — risk management; policies; being able to tie business

goals and security goals together; having metrics to make sure that

security projects are successful in terms of what the business needs.”

Beavers offers up a set of tips to the IT professional looking to build a

strong career. Some of the elements to success are:

  • Enhance Your Soft Skills — Soft skills, which veer away from

    technical skills, include communication skills, relationships with

    others, time management and people management skills. ”I still see a lot

    of security people pigeon-holing themselves,” Beaver tells

    Datamation. ”They know the techie stuff but they’re not focusing

    on what will actually give them a successful career. They fall into the

    trap of not having time to focus on the soft skills.”

    But the big question is how do IT professionals find the time to bone up

    on relationship building and communication skills when they have

    countless fires to put out on the network.


    Beaver says the trick is to simply carve the time into your schedule,

    whether it’s scheduling a lunch meeting with a business-savvy mentor or

    taking a class on the weekends. If it’s tough to find the time to do it,

    simply worker harder at making the time.

    ”They’re just fighting fires and catching every ball that’s thrown their

    way,” says Beaver. ”They should be spending a certain amount of time

    working on soft skills. It needs to be done continuously. Listen to audio

    books, go to training. Do something weekly or quarterly. Take some time

    off to do it, or study before or after work. I know that’s the kind of

    stuff that has helped me.”

  • Find Your Specialty — Information security is a broad field to

    be working in, so people need to make sure they have a specialty —

    preferably a very marketable specialty. Beaver advices people to pick up

    their heads and take a serious look at the industry. Don’t just look at

    what technologies are hot right now, or what skills are in demand now.

    What is coming down the road? Study the field and try to get your skills

    out in front of what’s coming.

    ”You could be managing policies, performing audits and being a forensics

    investigator,” he adds. ”I see a lot of people trying to become experts

    in every area related to security and it’s not really possible. It’s such

    a complex field and it has too many areas to specialize in. You can’t be

    everything to everybody. Pick one area and focus on it, whether it be

    audits or forensics.”

    But how do you make sure that what you specialize in isn’t about to

    become antiquated? How do you make sure you’re not specializing yourself

    right out of a job?

    Planning. Beaver says it all comes down to planning ahead.

  • Continuously Educate Yourself — ”I read a whole lot of

    stuff,” says Beaver. ”Keep up with the trends and make sure you know

    where they’re headed. Be proactive so you don’t get stuck in an area that

    is no longer needed. You have to focus on the longer term.”

  • Know the Legal Side of Security — Beaver recommends that IT

    professionals know the laws and the regulations that apply to information

    security and to the particular industry they’re working in. Understand

    human resource issues, especially as they relate to employee privacy and

    monitoring. Data retention has a lot of legal issues, as well, he points

    out.

    ”Know corporate security policies, contracts and service-level

    agreements,” Beaver says. ”The risk is that you’re either left behind,

    or you’re not going to know what your competitors, your coworkers and

    your peers are learning. Upper management will see them as more

    effective. You need to be able to offer business value.

    ”And if you don’t know the legal side, you could be putting yourself or

    your organization at risk,” he adds. ”If you’re retaining data

    incorrectly or monitoring employees incorrectly, you’re putting a lot at

    risk.”

    Overall, Beaver recommends that people think long-term. While someone may

    be very focused and efficient when it comes to dealing with daily crises,

    they’re not doing any favors for their careers.

    ”If you focus solely on putting out fires, you’re going to get burned

    out,” he notes. ”Your skill sets are going to become stale because

    you’re only focusing on the stuff that’s already in place and you’re not

    exploring new technologies and new methodologies. Look up and see what

    else is going on.”

  • Similar articles

    Latest Articles

    GDPR Compliance & Requirements...

    The General Data Protection Regulation (GDPR) has positioned itself as one of the strictest laws for the privacy of consumer data, and it's still...

    HIPAA Compliance & Regulations...

    The Health Insurance Portability and Accountability Act (HIPAA) is one of the most well-known pieces of legislation in health care and related industries. But...

    Top Data Visualization Tools...

    The amount of data generated and consumed by organizations is growing at an astounding rate. The total volume of data and information worldwide has...

    The Data Capture Market

    Data capture is the process of collecting, ingesting, or otherwise acquiring structured and unstructured data and either converting it into a data format usable...