10 valuable advices to land a job in Information Security

So, here we are: 2010 is here already! Several good thoughts and hopes of a better future flooded our minds during these past couple of days, so now it’s time to kick off and make all our wishes to realize. For many of us, 2010 renovates the perspective of finding a job if unemployed, or a better job in case you strive for different horizons. Regardless of what drives you, finding a new job sounds like a daunting task if you’re not prepared. So what about having a little help to give you the edge and make the hunting a bit easier?

Below I share a bit of my personal experience (and also of my close colleagues) that should help you put together your personal strategy to land a job. So get yourself ready, leave your comfort zone and let’s make our career resolutions come true!

1 – Leave your comfort zone

Economic downturn, unemployment numbers sky-rocketing, and so much other bad news have hit us during 2009. Popular advice is: “If you have a job, stick with it until the crisis is over”. Sure, this is definitely reasonable, but as the old motto says: With crisis comes opportunity”. Take advantage of the opportunity, leave your comfort zone!

Numbers in the past couple of quarters are signaling a recovery of the economy worldwide, and 2010 promises to be the ideal time to find a better job. As any other change in our life, this action might require a lot of effort and compromise, especially   if you find yourself in a very “comfortable zone”. The first question to ask yourself: Am I happy with my job? If your answer is anything but a resounding yes, it’s time to open up your eyes and ears for the market. In case you decide it’s time for a change in your life, it’s time to create a plan of action for 2010.

2 – Create a plan, and stick to it

If you are reading this tip, it means that you’ve decided that something needs to be changed in your life, work wise. First thing first, if you you’re not the sole decision maker in your house (meaning you have a family to care for), the first step to be taken is to get their buy in. You won’t get anywhere if your dear ones do not share your enthusiasm for a personal decision such as changing jobs.  Once they understand your position and push you forward, discuss with them the possibilities and try to picture where you all want to be by the end of this year.

The plan of choice can mean a simple departmental change, or beginning a whole new life in a foreign country.  In case you decide to move to a new position at work, it might involve building a better relationship with your potential new manager, get acquainted with the work to be done, and so on. In case you decide to move abroad, the process can be definitely painstakingly but as we risk managers know, the bigger the risk , the higher the profit (or loss, in case you fail to prepare a plan B).

Moving abroad might require you to capitalize yourself, apply for visas (can be an extremely long process), a previous psychological preparedness, notifying your kid’s school, etc. Hence, the recommendation is to write down what your mission is (in my case in particular, my plan for 2009 was to relocate to Australia). After that, break the plan down in smaller, manageable parts and, where possible, distribute some tasks among your family members so they all feel responsible and also rewarded once the plan turns out as a success!

3 – Maximize your network

How many times have you heard of “It’s not WHAT you know, but WHO you know.”? Believe me, it works (personal experience included!). So why not use the so called media networking to leverage your career?

Taking this blog as an example, everything started when I searched for a group on Infosec Professionals to join at LinkedIn. That was September 2008, when the crisis was at its peak, and reading through the groups I noticed countless talented Infosec Professionals looking for a new position after being retrenched. That’s when I was struck by an idea: creating a group that would bring Infosec Professionals and recruiters together, promoting their interaction and bringing both ends together.

Today, just a year later, the group counts with more than 3000 members, several topics are discussed on a daily basics and my number of connections grew from around 100 to 500+ (I’m not an open networker, by the way).

In my case, 200 of those 500 are RECRUITERS. Needless to say, I usually get to know about a position being opened BEFORE anyone else out there. Luckily for you, most of the positions I come through end up in this blog, so you can also benefit from it.

My modus operandi:

Facebook – friends and leisure, with a page about the blog.

LinkedIn – Business

Twitter – Business

Google Wave – going through the learning curve, I’m still not decided what to do with it

The underlying tip is: be proactive – search for like-minded people – expose your knowledge. Surround yourself with people who share a common interest.

4 – Invest in your career

Before anything else, allow me to open this advice with a very important statement: CISSP IS HARD. CISSP IS NOT IMPOSSIBLE. Before I took the CISSP exam around 4 years ago, I was one of the guys who would bow when meeting a CISSP, until I achieved it myself. The general perception is: everyone that takes the exam comes back home 99.9% sure they FAILED. So did I. And so did every friend of mine after the exam, and ALL OF THEM, MYSELF INCLUDED, PASSED.

That said, my personal recommendation is: Go for CISSP or any other certification/graduation in your area deemed hard. For example, you can go for a Masters degree in Information Technology. Just don’t make the matter bigger than it actually is.

Generally speaking, it’s quite likely that your company has cut the training budget this year, but that doesn’t mean that you should be at home, getting rusty and feeling incapable of improving your knowledge. There are many other forms of investing on your career other than attending a training sponsored by your boss (this certainly falls into the comfort zone we mentioned earlier on). Read a book, talk to your peers and other interesting people or put a small lab together at home, but the word is: DO NOT WAIT. Every step taken forward means a step closer to your objective. Take Action!

PS: For those convinced to write about Infosec/RM/Compliance Jobs/Career, I’m more than open to publish your article here.

5 – Consider becoming an expatriate

I would dare saying that the world nowadays is more accessible than ever if you want to move away from your old life and start from the scratch, perhaps in a paradisiacal country (very subjective concept ;) ) . Infosec professionals are a sought after species, and if you are good at what you do, you’ll certainly find a job abroad. This doesn’t mean that you should start sending out your CV to companies in Tahiti, Bahamas, UK, or Brazil. As mentioned before, PLAN.

In my case, I’m an expat moving from Brazil to the Czech Republic, and once again moving to Australia. But each move required months of planning, so to make my expatriate experience a pleasant one. Australia took me 1 1/2 years for the visa alone, since companies there do not hire if you don’t have the proper papers (in most cases).

But one thing is for sure, becoming an expat is not easy. You have to think about whether you speak the local language or if a drastic change of weather is a big deal for you (Finland is rated the #1 developed country, but since winters last nearly 4 months, would you want to move there?). Think it through and read more about it before making a decision!

Pages: 1 2

Filed Under: ArticlesFeaturedFrom me to youJob MarketMy career

Tags:

RSSComments (46)

Leave a Reply | Trackback URL

  1. [...] In a 2009 ranking of the 50 best jobs in America, the information technology sector accounted for 17 slots. Of these, information security jobs enjoyed some of the highest job growth, seeing a 27% increase in jobs over the past ten years, which should not be surprising since security threats and consequently stricter regulations are emerging all the time, all over the world. An information security career basically involves protecting one of the most valuable assets of a company or organization: Its information. The threats are countless: from malware to hackers, and unhappy employees to natural disasters. The career requires fine skills and can be very lucrative, with the top IT security professionals able to command big paychecks. One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  2. Professional Learner says:

    Thank you so much for this post. I was just laid off from a fortune 500 company and found myself getting very frustured with my job search. I have over 9 years in the IT industry; Info system, LAN admin and InfoSec. I have a BBA and MBA in IT. I have been running into barriers with not having any secuirty certs. I only have 3 yrs in Inforsec; which limits my chances to getting the CISSP. I can go for the GSEC but dont have $3000 to spend. This article help me to refocus and stay positive in my journey…THANK YOU!

  3. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  4. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  5. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is . To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  6. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  7. [...] to turn a successful professional, do it right: get yourself a little entrance turn certifications, land a confidence job, get experienced, as well as usually after go for [...]

  8. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  9. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  10. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  11. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  12. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  13. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  14. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  15. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  16. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  17. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  18. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  19. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  20. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  21. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  22. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  23. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  24. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  25. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  26. [...] want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for [...]

  27. [...] As I’ve mentioned sometime ago, my resume has been professionally redesigned/rewritten by a company which gave it a complete face lift and brought it in line with the current market requirements. I was simply amazed by the results, and since many of you asked me for the company name, I became one of their affiliates to extend their reach to other information security professionals around the world. As I know many of you are looking for jobs and ways to leverage your “employability”, I couldn’t let pass the opportunity to share my findings about the service in general. [...]

  28. [...] Security degree offer you?Information Security Job Market Report 2010Do you want to become an expat?10 valuable advices to land a job in 2010 February 16th, 2010 | Tags: Career, Certifications, Interview, Job Market, Objective, Security | [...]

  29. [...] presented in this article should broaden your field of sight about the way you conduct your career (even if you are unemployed), and will definitely give you the edge when the message they transmit are absorbed and put into [...]

  30. PRAJUL says:

    Hi Adriano
    I would really thank you for the post that u have made especially for entry level people in to infosec jobs. I totally agree upon my personal experience that its very hard to get in . But ur blog has made me think what to do plan next. I will try my level best to enter in to information security side as thats my dream . I want to really thank u again for posting such valuabe information . Pls do post valuable information like job sites too which will benefit extremly for entry level people .

  31. Hey mate. I don’t read many blogs, but yours is of thelittle I read.Have a awesome day!

  32. [...] One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan. [...]

  33. [...] to comments This post is on growth, whether career growth or personal growth, the following post http://www.myinfosecjob.com/2010/01/10-valuable-advices-to-land-a-job-in-2010/#more-438 has some great [...]

  34. Shawn says:

    Excellent article. Well done.

  35. [...] promised in our “10 advices to land a job in 2010” article, today I decided to open a space to Jeff Parker, an Infosec Professional and road warrior [...]

  36. shobha says:

    Thanks for the article, it helped me to give more thought on my future steps.

  37. rameshk says:

    Very useful article! worth reading multiple times!

  38. Gabriel says:

    Excellent article Adriano! I am starting my job search in Spain today (after relocating from the uk, looking for quality of life) and read this article first thing in the morning gives me a lot of enthusiam.

  39. saumya vishnoi says:

    very helpful!!
    thanx

  40. I can definetly say that this article is the nice one to kiddle our thoughts. Great effort dude.

    http://in.linkedin.com/in/balachandarnatarajan

  41. Excellent article Adriano !

    I’ve just moved with my whole family from Germany to Canada 5 weeks ago in goal to find a new job that suite my carrier path, and I am also doing my CISSP certification on my own expense in 5 weeks. I am fully convince of the value of my choice and investments. It’s not easy, needs a lot of family logistics, find right CISSP study time, discipline, discipline, discipline…, and… yes … keep the enthusiasm.

    Our Plan B is to keep up the Plan A. I try to apply on my personal life some high level key ideas of the famous PDCA concept. Let said that my own self esteem is my daily Auditor :-)

    All the Best to everyone in 2010 !!!

    Ralph

  42. Wonderful article and it’s really helpful…
    Thanks a lot for this wonderful work…
    –Mayank

  43. Great!. Good recommendations.
    Thanks

  44. Adriano,

    I wanted to let you know about the great job you did with this article, hopefully people out there will read it and obtain the inspiration you planted with this words of wisdom. Look forward to keep in touch in 2010 and beyond!

    Gene

Leave a Reply