Building your security career takes time, dedication and a solid plan. I started my plan early on in my career, but it took some time and experience to know that there was a real career opportunity for me in security. I spent a long time thinking it was just a stepping stone industry, that is was temporary until my real career came along.
That was the wrong thinking, this was my real career, one where I could make a difference and help people, gain global recognition for my expertise, and make a very good living to support my family.
Below are some steps you may wish to consider on your journey?
Explore Areas of Interest
If you’re not sure what your goal is, start by exploring options in your field of interest. In the security world, there are so many areas of interest, taking some time to review the field broadly will often start you on your path.
- Read books and websites
- Listen to security podcasts
- Attend security conferences
- Interview people who are in the business to get their perspective
- Read job descriptions on websites like indeed, ASIS, ISSA etc.
- Search online for advice
Here are some things I am a fan of and that have definitely impacted on my career;
Other Security Websites/Resources
There are many others out there for you to consider, just spend a little time looking if you need more research.
Set a Goal
If you know your goal or your exploration has given you a direction, and you are ready to get started, then setting a career goal, in real concrete terms is important. This goal should be written and “SMART” – SMART stands for…..
Your goal needs to be specific – e.g.,
- I want to gain a promotion to site supervisor, so I can learn budgeting skills and gain more management experience, or
- I want to get a mentor who can guide me in my Cyber Security career growth
By March 30, 2019 I will have:
- Been promoted to supervisor
- Developed a five-year career roadmap and shared with my personal mentor
- Scheduled regular check in’s with who holds me accountable to progress
Goals should be attainable, but stretch you to succeed. This is a critical component because what you think you can achieve and what you likely can are two very different things. I had a high school diploma and lived in a relatively small area in Canada; I set my goals big and continually refined them and eventually attained an MBA, learned Cyber Security and became a Chief Information Security Officer in a Fortune 500 Company.
When I started with my first plan, I never thought I would get college-level education, much less a Master’s degree.
Measurable goals should focus on the outcomes, not the activities:
- Been promoted to supervisor – outcome is promotion
- Developed a five-year career roadmap and shared with my personal mentor – outcome is creation of the roadmap that's shared with mentor, so you can get better and get feedback
Should have specific time-bound dates – e.g.,
- By March 30, 2019, I will have…
Create the Plan
The plan itself needs to be in writing and consider your career aspirations and all supporting activities
What job is next on the list? What will be next to research?
Will formal education be needed?
What training can you take to help you achieve your goal?
- First – Cyber Security for Physical Security professionals – In plain English
- Next – Protecting Physical Security Systems from Cyber Attacks
What other training classes will help you in your goals?
Will you need more money or student loans to achieve your end goals?
Get a Mentor
Find a mentor who can help you build your career, it may be a coach, a family member who has been successful, a spiritual advisor, or friend. Maybe you need to reach out to your network of contacts to determine who might be a good person to approach as a mentor. Try attending a security association meeting to build your network! You can have more than one mentor, but one should be a coach to help you work your plan and hold you accountable for results.
Join and volunteer for a local chapter of a security associations
- You meet dozens of contacts
- Have a resource pool to ask questions
- Get career advice
- Find new jobs
Here are some popular associations that are well-worth considering:
- International Foundation of Protection Officers (IFPO)
- ASIS International
- Information Systems Security Association
- Information Security Audit and Control Association
- Cloud Security Alliance
- Global Security Risk Management Association
If your company requires workplace development plans or has you identify training plans for your growth during the year, be sure to identify programs that can increase your skills. Generally, as long as training programs are generally in your field, they are fair game for company sponsorship.
Never Give Up
No matter what people say to you, if you put your mind to it and invest in your career, you can achieve all your goals.
- I paid for my own training on credit cards
- Paid to attend conferences and work as a volunteer
- Paid for some of my education
- Worked after hours to get on the job training so I would get a promotion
All of these helped me make and exceed my career goals.