If you're an experienced information security professional thinking of making a job change, or a recent graduate with an academic focus on information security looking to start your career, you're not alone.
See Also: 2016 Social Engineering Report
As the recession recedes, many people are actively exploring the job market. And while an array of information security jobs are available, landing the right one in this competitive job market will require strategic thinking and a concerted effort.
Being snarky, quirky, cavalier or even super mysterious about what you do will not help you get positive attention.
Here's a game plan to help you get started.
Get Your Head in the Game
Every information security job is likely to be fiercely competitive, so you'll need to stand out from the crowd. My advice is to use your analytical capabilities to determine your strengths, weaknesses, opportunities and threats.
Strengths could be specialized experience, such as a focus on insider threats or advanced persistent threats, or maybe you have broad subject matter expertise and have developed the overall strategy for an IT security program. It's vitally important that you identify what sets you apart.
A recent candidate that I introduced to a global corporation for a director of IT security role was eliminated from job consideration after his first interview. The hiring manager said the candidate's lack of concrete examples made it impossible for him to evaluate the individual's capabilities and contributions. If you sense an interviewer is asking for a detailed response, it's vitally important to be responsive. The view from 30,000 feet won't get you the job.
If you have any shortfalls or weaknesses in your profile, you will have to be prepared to confront them and be ready to counter them. Acknowledging a shortfall is the first step to removing it.
In a recent job interview, a potential forensics examiner candidate mentioned he did not have an undergraduate degree, but was enrolled in a degree-granting program and was nearing completion. That level of detail in his resume allowed him to continue in the interview process.
Opportunities could be the potential roles you may learn about and target, trends you may have discerned, or connections you may be able to leverage. Think broadly about what and where the opportunities for you are and devise your tactics to exploit the opportunities accordingly.
Threats are the obstacles in your way. Some of them may be self-imposed. For example, I have many candidates who limit their job search to their current location, and that's fine, but you have to realize it limits your options. Other threats can be externally driven and may include other job seekers, salary limitations or timing.
Focus on Resume and Employer Needs
It's important to realize that your next job in information security will focus on what your employer needs, not necessarily on what you want to do.
In a recent search for an IT security manager role, I encountered a candidate who wanted the job, but did not want to manage others on the team. That's not how the role was structured, so our conversation came to an end fairly quickly. It's important to be pragmatic and have realistic expectations; a good attitude is crucial in this job market. Employers have many choices and these days they are extremely selective.
Also, your resume has to draw the reader in. Make sure your resume communicates your technical capabilities in a way that non-technical folks can understand. Almost every resume I receive for a technical role is difficult to understand, except to others with a similar technical background. Avoid the technical jargon and heavy reliance on acronyms. Write in clear and concise English and you will stand out from the pack.
Leverage Social Media and Networks
Your profile needs to be up-to-date and, as with a regular resume, your value proposition and your information security capabilities need to be crystal clear. I have seen information security people on LinkedIn refer to themselves as everything from 'Internet garbage collector' to 'data cop.' Being snarky, quirky, cavalier, or even super mysterious about what you do will not help you get positive attention.
You're much more likely to find your next job by networking, so attend meetings of professional groups, training sessions, any event where you will interact with your peers in information security.
I filled a chief security officer role for a global company not long ago after attending a professional event. If you take the time to attend conferences and events, you will hear about jobs that have just opened up, or haven't been advertised, and you can strengthen peer relationships that can pave the way for meetings, interviews and ultimately your next professional challenge.
Don't waste your time applying for jobs you're intrigued by, but for which you don't have the qualifications. If you lack a critical technical requirement, try to find a way to gain that experience in your current environment or take a course in your spare time to gain the necessary knowledge.
Lavinder is the executive director of Security & Investigative Placement Consultants, LLC. She has more than a decade of recruiting experience that focuses on placing investigative and security management specialists in large corporations and consulting firms.