Six Tips for Protecting Your CareerExperts Say Security Field Evolving Toward Specialization As financial institutions and other organizations continue to lay off professionals in this economic recession, the ones left standing face the big question: How do I protect my career?
Jennifer Bayuk, former CISO at Bear Stearns & Co., became an independent consultant after the company was acquired by JPMorgan Chase last year. She says information security professionals must understand that "We are all desperately needed to secure organizations, implement effective IT/security controls and, above all, bring value to the business side by understanding business processes and effective handling of data."
It is just a matter of time before capable and qualified security professionals will find their right fit in organizations, Bayuk says.
Protecting your information security career requires a much deeper understanding of the information security function itself and how it is evolving. In this context, Bayuk refers to an article titled "Integrity vs. Accuracy" written by John R. Rossi, Professor of Systems Management / Information Assurance, US National Defense University. In the article, Rossi emphasizes the need for specialization and equates security profession to medical practitioners and lawyers. Rossi says both the medical and legal fields have grown from basic and generic needs to very specialized fields. Each area today is handled by a specialist. "If this happens in the security business, we will develop highly specialized experts in securing individual functional areas," Rossi writes. "This may increase the overall level of protection quality. Such an evolution may be inevitable."
Bayuk agrees with Rossi's vision of the future of information security profession and says that" I am sure as a profession, we will all be moving in the direction he envisions".
As advice to security professionals, Bayuk stresses the significance of being prepared for the future. Including investing time and effort in understanding data handling and classification from a business perspective and focusing on the business need for securing data. "A business understanding of security is crucial in today's marketplace and goes a long way in making individuals valuable to their organizations."
Further, Mark A. Lobel, CISSP, CISM, CISA, Principal, Advisory Services, PricewaterhouseCoopers LLP adds that "being employed as a security professional in these tough times can be challenging and requires the individual to have a vision of success for the company, a strong individual accountability and initiative toward sound career investment."
Lee Kushner, President, L.J. Kushner and Associates, LLC, an executive search firm dedicated exclusively to the Information Security industry and its professionals, says "Today, getting a basic security certification is not enough to differentiate; security professionals need to differentiate themselves through outstanding performance and internal branding".
Both Kushner and Lobel provide few pointers to security professionals who want to invest and be prepared to manage their career:
1. Align priorities with the business goals and information security within the company. Understand how your day-to-day work is contributing to the long-term goals of the business. What security protection is most beneficial to the organization from a business perspective? What are the realistic assessment of objectives, risks and controls within the company?
2. Understand how management views performance. Security professionals need to understand how management measures performance. How does the organization characterize performance? How do they value contribution? What is their interpretation of a valued employee?
3. Invest in internal branding. Security professionals need to know how they project themselves to their colleagues and management team. What is the impression of them and their work?
4. Do your homework and add value in every conversation and discussion. Security practitioners need to invest in effective reading both on industry trends and security initiatives within the company. They need to think creatively about how security can help in new types of transactions and positively affect the revenue stream of the company and share their thoughts, ideas and engage in meaningful discussions with the management team on an on going basis.
5. Have a positive attitude, willing to enable change and initiate new projects. Security professionals need to keep up with their systems and engage in open and fruitful discussions with the C-level executives, saying, "Okay, here's what I think you want to do going forward, and here is what I think the goals are; here is what I think the mission is; here is what I think we can do to support and initiate new projects and align it with the revenue stream of our business."
6. Invest in yourself through education and certification: Tight economic times have made companies demand more in existing and new employees, thereby forcing security professionals to invest in their career by getting discipline-specific certifications. Career investment is definitely an area which professionals should think about seriously in order to protect their job and career.