Transcript Managing Your InfoSec Career

Managing Your InfoSec Career
An Employers Perspective
Presented by Mark D’Ermes
Director of Recruiting
Wednesday May 16th, 2012
This document is confidential and is intended solely for the use and
information of the client to whom it is addressed.
1
At Booz Allen, Information Security is central to the
services we offer across federal and commercial markets
We deliver a Dynamic Defense methodology to our
government and commercial clients, providing Threat Vector
Intelligence, Rapid Response, Pre-emptive Response and
Integration Remediation capabilities across the markets. Our
clients utilize Booz Allen solutions to construct a holistic
program of cybersecurity for their entities and businesses
Today’s presentation will focus on managing your career in Information
Security:
 Marketability
 Best Practices
Filename/RPS Number
2
While our view of the InfoSec talent market is not THE
MARKET, it offers a broad view of marketability that can
provide context
high
Neutral Marketability
Talent supply
•
•
•
•
Medium Marketability
•
•
•
•
Certified Business Continuity Planner (CBCP)
Master Business Continuity Planner (MBCP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Medium Marketability
•
•
•
•
•
•
•
•
High Marketability
Global Information Assurance Certification (GIAC)
GIAC Security Essentials Certification (GSEC)
Security Certified Network Architect (SCNA)
Security Certified Network Professional (SCNP)
Computer Hacking Forensic Investigator (CHFI)
Certified Wireless Security Professional (CWSP)
Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)
•
•
•
•
•
•
•
•
•
•
low
CompTIA Security +
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Cisco Certified Security Professional (CCSP)
Demand
Certified Information Systems Security Professional
(CISSP)
Certification and Accreditation Professional (CAP CM)
Systems Security Certified Practitioner (SSCP)
Certified Secured Software Lifecycle Professional (CSSLP)
Certified Ethical Hacker (CEH)
CERT Certified Computer Security Incident Handler (CSIH)
Certified Protection Professional (CPP)
Information Systems Security Architecture Professional
(ISSAP)
Information Systems Security Management Professional
(ISSMP)
Information Systems Security Engineering Professional
(ISSEP)
high
3
Beyond certifications, employers assess candidates based
on their functional knowledge skills and abilities, then
factor in key differentiators
Don’t overlook other differentiators!
Certifications
Functional Experience
•
•
•
•
•
•
Leadership
Client management
Problem solving
Security clearances
Domain expertise
Relevant education
Other Differentiators
Use these criteria to evaluate your own marketability
Filename/RPS Number
4
Begin your process with an objective self assessment to
optimize your present level of marketability while
developing your pathway for moving forward
• Skills become obsolete in a hurry - Have you stayed current in your
functional area of expertise?
• Have realistic expectations about what you bring to the table – How
unique is your skill set?
• Learning fast is a valuable skill that enhances marketability,
particularly in the commercial market. Have you factored that into
the way you present yourself?
• Stay current on the threat level of sophistication and origin.
Research and read the most current info available and speak on it.
• In terms of communicating your expertise, focus on
accomplishments, be able to say “these are the things I’ve done in
the last five years”
• “Functional must be fungible” to take skills across functional arenas.
Filename/RPS Number
5
When it comes to career management, maintain a broad
perspective and avoid common pitfalls in order to maximize
your marketability.
Common InfoSec career
pitfalls
Suggestions on how to
avoid the pitfalls
Doing work that doesn’t work
“for you”
Make sure your work is in
InfoSec
Resting on your current skill set
while InfoSec skills become
obsolete at an alarming rate
Stay up on the latest
marketable skills available and
go after them
Having unrealistic personal
expectations about
marketability
Learn about real demand for
your skills and set expectations
accordingly
Narrowly defining your
expertise
Functional expertise crosses
domain boundaries, so expand
the work you pursue across
industries
Filename/RPS Number
6
Focused education is the key driver toward an effective
skill set that fulfills the requirements of the industry’s
leading edge
Top Bachelors degrees in
the industry:
• Computer science
• MIS
• Cyber security
Degree relevance varies with
business’ expectations:
•
Government – labor
standards
•
Consulting – overall
qualifications
•
Leadership – taking
leadership roles
A master’s degree in any of
these concentrations would be
an added plus, especially for
individuals targeting mid to
upper level management
positions
The InfoSec Institutes top 5
most requested training
courses:
• Ethical Hacking 5-day Course
with CEH and CPT exams
• Advanced Ethical Hacking 5-day
Course with CEPT exam
• CISSP Boot Camp 6-day
Course with optional CISSP
exam
• CCNA/CCENT/CCDA/CCNA
Security 7-day Course with
these 4 exams
• Security+ Boot Camp 5-day
Course with Security+ exam
The ideal list on
which to base
your foundation
or elevate your
cadre of
personal
InfoSec
credentials
Often-times certifications are
more important than degrees
7
Best Practices for the active job seeker
For the active job seeker
• Leverage your mentors and talent communicators
• Be aware that research shows that it takes over 20 sent
resumes to any job, not only your optimum choice
• Your personal and professional network is your best
friend
• Career changers, have a strategy to change your path
while maintaining income level. Be ready for difficult
choices
Resume Tips:
• Focus accomplishments, not responsibilities
• Accountability is key, “I was accountable for…”
• Quantify the impact of your accomplishments
Interview Tips – make a strong statement
• “This is what is found when I got there”
• “This is what I did”
• “These were the results”
Filename/RPS Number
8
Always maintain a dynamic networking strategy utilizing all
available avenues in order to take advantage of the best
available opportunity
Search Firms
Educational Channels
Industry Activities
Filename/RPS Number
Internal Talent Communities
Professional Associations
9
Key Takeaways
•
Staying current, as InfoSec skills quickly become obsolete
•
A good mentor can help with focus once a certification is completed; help
coach on the best way to apply the knowledge
•
Research where to get certifications from reputable companies – some
companies issue certifications using outdated information, not worth the
paper its printed on in the real world. Talk to big companies to see who they
respect.
•
Make sure you have applied your certification in a real life situation and be
able to discuss “what you found, what you did, and what were the results.”
Be able to “walk the walk,” not just “talk the talk.”
•
•
•
Application is critical…a certification is like a degree…it validates that you
have the knowledge, not necessarily that you know how to apply or use the
knowledge.
Credentials alone are not enough…important to have as a cost of
entry. Experience is king in demonstrating competency.
Filename/RPS Number
10