I marked this article over at GovInfoSecurity titled “Why IT Security Careers Remain Hot” a few weeks back and finally got a chance to read it a little closer and listen to the related podcast. I found it very interesting, especially for those mid-career pros like myself that are looking for the next step. Traditional advice usually included either digging deeper into a specific niche or leaving technology altogether and start working your way up the management chain.
(Note: As part of a campaign to bring forward some of our older posts that we feel still benefit the community, we’ve added this article to our Best Of category that will periodically get tweeted out. Please mention it to me on Twitter or contact us if there are any other posts you feel we should include in this category. This post was previously categorized under Career Development. [email protected]grecs)
Based on research of over 40,000 of their partner organizations the study’s author came up with some surprising recommendations … at least for those in my shoes. They advise stressing less on getting deeper into a specific infosec niche or working towards additional certifications and more on becoming multi-dimensionally skilled so you can solve those very complex problems that organizations are currently addressing. Basically, instead of a narrow and deep focus in a specific infosec area, they recommend a broader and more shallow set of skills and experiences.
In terms of being multidimensional they propose:
- Developing Hands-On Tech Skills;
- Learning the Non-Technical Aspects of Infosec (e.g., policies and procedures);
- Improving Your Communication Skills (e.g., knowing how to write, present, and market yourself);
- Learning to Talk Business (e.g., ability to influence and present/speak to a business audience as well as translate technical risk into business risk);
- Knowing Your Vertical Well & the Problems They Face (e.g., federal government, banking, and health);
- Formulating Your Own Career Path (most companies don’t have plans for our calling); and
- Focusing on Growing Areas (e.g., specifically mentions mobile threat vectors)
Careers in IT security remain hot, says David Foote, noted researcher and analyst of IT workforce trends. But there’s a disconnect between current job opportunities and the talent pool looking to fill them.
There are many reasons why the demand for IT security pros remains high. “We’ve got all this stuff coming at us – enormous quantities of data; we’ve got platform issues, particularly around mobile. And we’ve got all this stuff we’ve been working on for years: compliance, regulation. Basically, there’s a lot of work to be done in security.”
Yet, there’s one big reason why so many of these jobs go unfilled. “The expectation of employers is that they want very experienced, seasoned people to handle a lot of really tough, complex problems,” Foote says. “But what they’re getting in the marketplace are a lot of people – and some of them are certified, but they don’t really know enough. They’re not experienced enough or don’t possess these multi-dimensional technology skills, or communications skills, the ability to influence or to present …”
During the audio interview, it sounded like this researcher had some previous interviews with the folks over at GovInfoSecurity.com on similar topics … so you might want to check them out as well. See ya!