On Monday I posted a quick review of top recommended certifications for 2012. One of the points that I tried to make in that article was that certifications aren’t everything. I proposed that certifications only make up maybe 10% of what security professionals should be focusing on in managing their career. In the end I pondered what makes up the other 90%. Well in today’s post I hope to answer that question.
(Note: As part of a campaign to bring forward some of our older posts that we feel still benefit the community, we’ve added this article to our Best Of category that will periodically get tweeted out. Please mention it to me on Twitter or contact us if there are any other posts you feel we should include in this category. This post was previously categorized under Career Development. -@grecs)
The analogy that I’ve seen elsewhere is a canopy tent with a center pole (see pic above). Certifications may represent one of the poles. The shorter the pole the less it can hold up. So they all kind of have to balance each other out. If one is too low and there isn’t a counterbalance, then the entire tent (i.e., your career) may flounder. This suggests that you need to establish a minimum level in all five areas with maybe one or two that you excel in (i.e., the center pole).
So the question remains … what are the other four poles? Although there are no guarantees, here are my thoughts.
Formal Education to Lay Theory Foundation: Yeah this is the thing that may professionals have been brainwashed into thinking is absolutely necessary for any chance of success. As one of the brainwashed one, I feel you need to lay a good theoretical foundation down first before getting out into the real world. In the end although your degree may have nothing to do with security, it at least “suggests discipline, drive and commitment” as @stevewerby mentioned a while ago. Additionally, it provides a reference of at least one type of theoretical framework. Even if you are later in your career, it’s never too late to go back and strengthen the foundation previously only supported by theory extracted from practical experiences. This dovetails nicely into the possible next pole … continuous learning.
Continuous Learning to Keep Ahead: If you want to keep up and maybe even get ahead in your field, you MUST NEVER stop learning. Opportunities for continuous learning are everywhere. It could be just researching a topic you are interested in or maybe even something more formal like taking a class or attending a conference. But don’t forget the less expensive options. Listening to podcasts or attending local meetups are great ways to keep your knowledge on the cutting edge. Let me just say this … if you are just eking out enough credits towards your CISSP CPE requirements, you’re doing it all wrong.
Strong Communication to Push Your Ideas: Communication includes everything from writing and presenting to knowing how to talk the customer’s/management’s language. I’ve always said that the difference between a “good” engineer and a “great” engineer is the ability to communicate effectively. You can come up with the greatest ideas in the world however if you can’t communicate or convince someone it is a great idea, then it’s useless. Taking some basic writing and speaking courses at your local community college could definitely assist here.
Expansive Networking to Make Connections: From a networking perspective get out there and get involved. If you are weak in the certification or degree departments but know someone on the inside and they know you are good, then you have a pretty good shot of getting past those pesky minimum requirements. My recommendation is to get involved in some local meetups or create one yourself if there isn’t one in your area. Volunteering at conferences is not only a way to save some money, it’s also a great way to meet and network with new people.
Are there any other tent poles you feel should be mentioned above? Let us know in the comments below. Today’s post image is from Promotents.biz.