As mentioned in my bio, I have been working in the infosec fields for more that a dozen years now. Throughout those years I changed from student, to trainee, junior, trainee supervisor, junior supervisor, senior, solo leader, apprentice supervisor (am I the only one getting a star war-y vibe here?), hiring manager, and currently manager of a small but super effective team. This gave me plenty of people to interact to and I would like to summarize below what I would be doing should I where to reset my career:
– Start with an apprenticeship (and please, please, be wary when selecting your supervisor): no school will *ever* teach you internal politics like you would experience it in real life.
– Vendor neutral certifications: This would be a more fitting use of your money and time* that academic schooling since it: 1. provides *bankable* academic knowledge, 2. Forces you to stay up to date (this blog may or may not provide me CPE to maintain my creds).
– Don’t forget that we walk on both legs (technical AND organizational). We all have our preferences (that might change in the course of your careers) but you need at the very least strong understanding of your minor**.
– Network, network, network: I am not talking about cable management here but getting to know your peers, asking them question, reading their books, listening to their podcasts… I will outline a list of recommendations.
– Switch to consultancy: It might break the heart of your former supervisor*** but switching to advisory/consultancy firms is the fasted way to farm “war stories”.
– Get mentorship if you can (I hear lots of growth being triggered on CISO getting mentored by other professions such as Legal or CFO.
– On the long run, don’t neglect management aspect of the job (budget forecast/management, HR, etc.).
* I may or may not have had to study most of my academic courses to get certifications (I am talking about you crazing never used in real life scenario legacy network technologies…).
** I might share (anonymized) “war stories” of peers that could have profit from having a less imbalance view on the whole technical VS organizational aspect of infosec.
*** Guillaume, Thomas, if you ever read this… I stay super grateful for the time we spent together and wish you all the best for your upcoming endeavors. Talk soon !
Leave a Reply