Information Security Career Tips by a Guru: Interview with Peter H. Gregory

How do you see your career in 10 years time?

I see myself in roles of information and business security management with increasing responsibilities. I love what I do, and want to continue in this role in the future.

How do you see the job market for Security professionals worldwide?

The need for security professionals will continue to increase. However, security professionals need to understand the shift to a risk-based control environment in organizations. In the 1990s, security management was often centered on the need to avoid negative events that were occurring, and the existence and acceptance of control frameworks was in its infancy.
Security managers also need to understand that the controls required by regulations are not always enough. Sound risk analysis and risk management is still needed to determine what controls are really needed to protect assets from real threats.

In the past, knowledge of security controls was sufficient for a security professional. Today, security professionals need that knowledge plus the know-how for understanding applicable regulations and practices.

What’s your tip for the job seekers out there?

Assess your portfolio of skills and knowledge. Find one or two mentors will not be afraid to speak the truth to you about your current capabilities, and whether your job seeking objectives are realistic. While we all aspire to grow, sometimes we get ahead of ourselves and believe that we are qualified for positions that we really aren’t ready for. Organizations usually tend to hire someone into a position that they have already done in the past, and after establishing a track record, will consider growing the right people. For example, an experienced Unix system administrator will have better success finding that same job title, rather than going for more-senior positions they have not done before. When hired as a Unix administrator, if they do well then they may be grown into positions of greater responsibility.

Be very careful with social networking. Prospective employers will look for job seekers’ online presence on LinkedIn, FaceBook, MySpace, Twitter, blogs, and others. Employers are reluctant to hire people who boast about their drinking soirees and other happenings. When you put your personal life online, you are making it your employers’ concern whether you like it or not. I advise that all security professionals draw a bright distinction between their public, professional online life and their private life. For example, if you use FaceBook for communicating with friends, keep your FaceBook profile strictly private (viewable by friends and people you *actually* known and trust) and keep your business associates out of it. Similarly, if you use LinkedIn as your online, living resume, limit your contacts to business associates (and, again, people you actually know and trust) and keep your friends out of it. Keep your LinkedIn strictly professional.

Job seekers need to conduct online searches on themselves to see what they can find. Prospective employers are going to do the same thing, and they often make interviewing decisions based on whether they find unflattering information.

While my advice here is applicable to job seekers in most lines of work, it is especially true for security professionals. In positions of responsibility, security professionals are often the ethical and moral leaders in their organizations. Security professionals are held to a higher standard of professional conduct than most other positions in an organization. Managing one’s online presence is a key element in a job search, and during active employment.

Finally, I recommend adopting the attitude of a servant leader in an organization. This helps the security professional focus on what is truly important: the protection of the employer’s (and, often, customers’ and constituents’) assets, and less on their own needs. Servant leadership also helps the security professional avoid the appearance of pride and arrogance – it’s not all about them, but about their role in helping to protect the business.

Pages: 1 2

Filed Under: ArticlesCertificationsFrom me to youJob MarketMy career

Tags:

RSSComments (12)

Leave a Reply | Trackback URL

  1. […] This article is also useful if you’re considering to career tips. […]

  2. […] This article is also useful if you’re considering to start your Information Security career or looking for some career tips. […]

  3. […] This article is also useful if you’re considering to start your Information Security career or looking for some career tips. […]

  4. […] This article is also useful if you’re considering to start your Information Security career or looking for some career tips. […]

  5. Jh0sz says:

    Really Good.!

    greetings from venezuela

  6. […] more than just knowing the bits or bytes, or the controls required by a given framework by heart. Being successful in your Information Security career requires you to have a deep understanding of the business needs […]

  7. Carroll B. Merriman says:

    Excellent Website!

  8. […] This article is also useful if you’re considering to start your Information Security career or looking for some career tips. […]

  9. […] a bit of researching on the topic and talks to successful professionals, I was able to put together some interesting […]

  10. […] more from the original source: Information Security Career tips « My Information Security Job Share and […]

  11. […] more here: Information Security Career tips « My Information Security Job tags: altiris, apple, cuts-desktop, eyes, includes-energy, kathleen, really-opened, root, […]

  12. […] the original: Information Security Career tips « My Information Security Job Share and […]

Leave a Reply