Advice to a young security professional

Radioteacher — Mon, 11 Mar 2019 15:22:34 GMT

I have met the person that sent this tweet at BSides San Antonio last year and I give him advice from time to time. The thread of replies are really well thought out and it is a very nice discussion.

https://twitter.com/the_warboy_nux/status/1104166992783831042

Many of us have decades of experience in systems and security. I know the CISSP is not only for managers because I am not a manager. My work focuses on security engineering and I have no direct reports. Below is the reply I sent to him via Direct Message.

Reply.......

I have reinvented my job about 5 times in 25 years. During that time I have used certifications in two ways. 1. As validation that I learned a topic well enough to pass the test. 2. To prepare for the jump to the next job.

I am a VP at a bank but I am not management. I have no employees that report to me. I focus on security engineering so it is a technical job, not management. That being said, I love my job and find it fascinating everyday.

Just because you have a CISSP does not automatically put you in line for management. The study and passing of the CISSP helped me discuss security using a common vocabulary that anyone can understand.

Many people I have known have had interesting jobs. I know a person that has a PhD in Nuclear Science and worked at Oak Ridge Labs for 14 years. They never enjoyed their job and their favorite day was payday. One would think they would have considered the work an education that like would do before spending almost 2 decades working towards and in an unloved job.

When I studied and passed the CISSP my coworkers noticed that my mindset and vocabulary on security changed. I now could present a security topic to executives without talking about configurations and products. I could put it in terms that they understand.

In short, if you can take and pass the CISSP, you should.

You have a degree and I do not. I continue to get overlooked for positions and by hiring managers because I do not have a degree.

At a minimum a maintained CISSP checks a box for hiring managers and that will make more likely to get the interview and the job you change to in the future.

...................

One thing is certain when working with information systems, change. Make sure you are ready when it happens.

Follow up.

In the end, they will be working to pass certifications that they are excited about but it does not include the CISSP. They do current hold an (ISC)2 SSCP.

Paul

Re: Advice to a young security professional

rslade — Mon, 11 Mar 2019 18:18:53 GMT

> Radioteacher (Contributor I) posted a new topic in Career on 03-10-2019 11:34 AM

> I have reinvented my job about 5
> times in 25 years.

Sounds about right ...

> One thing is
> certain when working with information systems, change. Make sure you are
> ready when it happens.

Yeah, taking the CISSP is a pretty good preparation for change. As long as you
keep up ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Fools ignore complexity. Pragmatists suffer it. Some can avoid
it. Geniuses remove it. - Alan Perlis
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

topic Advice to a young security professional in Career Discussions

Advice to a young security professional

Re: Advice to a young security professional