Monday, July 9, 2012

3 Tips for IT Security Pros to Land the Right Job

The Recruiter's View

If you're an experienced information security professional thinking of making a job change, or a recent graduate with an academic focus on information security looking to start your career, you're not alone.

As the recession recedes, many people are actively exploring the job market. And while an array of information security jobs are available, landing the right one in this competitive job market will require strategic thinking and a concerted effort.

Here's a game plan to help you get started.

Get Your Head in the Game

Every information security job is likely to be fiercely competitive, so you'll need to stand out from the crowd. My advice is to use your analytical capabilities to determine your strengths, weaknesses, opportunities and threats.

Strengths could be specialized experience, such as a focus on insider threats or advanced persistent threats, or maybe you have broad subject matter expertise and have developed the overall strategy for an IT security program. It's vitally important that you identify what sets you apart.

If you have any shortfalls or weaknesses in your profile, you will have to be prepared to confront them and be ready to counter them. Acknowledging a shortfall is the first step to removing it.

Opportunities could be the potential roles you may learn about and target, trends you may have discerned, or connections you may be able to leverage. Think broadly about what and where the opportunities for you are and devise your tactics to exploit the opportunities accordingly.

Threats are the obstacles in your way. Some of them may be self-imposed. Other threats can be externally driven and may include other job seekers, salary limitations or timing.

Focus on Resume and Employer Needs

It's important to realize that your next job in information security will focus on what your employer needs, not necessarily on what you want to do. In a recent search for an IT security manager role, I encountered a candidate who wanted the job, but did not want to manage others on the team.

That's not how the role was structured, so our conversation came to an end fairly quickly. It's important to be pragmatic and have realistic expectations; a good attitude is crucial in this job market. Employers have many choices and these days they are extremely selective.

Also, your resume has to draw the reader in. Make sure your resume communicates your technical capabilities in a way that non-technical folks can understand. Almost every resume I receive for a technical role is difficult to understand, except to others with a similar technical background.

Avoid the technical jargon and heavy reliance on acronyms. Write in clear and concise English and you will stand out from the pack.

Leverage Social Media and Networks

Social media are among the best tools you have for finding your next opportunity. In-house and external recruiters use LinkedIn extensively, so you need to be on LinkedIn.

Your profile needs to be up-to-date and, as with a regular resume, your value proposition and your information security capabilities need to be crystal clear. I have seen information security people on LinkedIn refer to themselves as everything from 'Internet garbage collector' to 'data cop.'

Being snarky, quirky, cavalier, or even super mysterious about what you do will not help you get positive attention. You're much more likely to find your next job by networking, so attend meetings of professional groups, training sessions, any event where you will interact with your peers in information security.

No comments: