I am in a bit of a dilemma and I am seeking advice from the community.
I am a 40+ security professional wondering whether it is worth it pursuing a Doctor of Philosophy in Information Security. I graduated with a Masters degree in information security a couple of years ago, and since then, I can not seem to find a job that matches with my qualifications. Even the additional certifications do not seem to help ...
I know it is a very costly venture, but is it worth the dare just for job satisfaction ?
@emb021 It really shows the mentality of a company. One places wants to find a person who knows EXACTLY what they need, which rarely happens. Then better companies understand that if a person knows one firewall, but it's not there firewall the clearly understand all the concepts and and learn their firewall easily, or they look at your background and see all that you know and all that you have done and get that you have done enough so you can learn and do anything that is needed! These companies looking for these perfect UNICORNS will rarely find them and if they do they don't want to pay them! Deidra Diamond founder of CyberSN has been doing a good job simplifying job descriptions and streamlining things. Her only problem is that she need to be in more areas! Do more fast Deidra! hahah
> CISOScott (Community Champion) posted a new reply in Career on 07-10-2020 09:42
> If you thinking that getting a PHD is going to get you a job you will be
> disappointed. A degree may fill a required checkbox but your personality and job
> skills is what usually get you the position.
I was asked to give a "what to expect from the job market" type speech to a class from [fairly famous school].
I started out by asking how many want jobs in tech support.
I told them that nobody would much care if they went to [fairly famous school]: they just wanted warm bodies, good diagnosis and communications skills.
How many wanted jobs in network admin?
I told them that some companies *might* care that they went to [fairly famous school].
How many wanted jobs in programming/development?
I told them that nobody would care that they went to [fairly famous school], they would all want to see code. So how many had developed a program they could show off?
Almost nobody ...
@rslade Funny you say that, when I lived in Boston I was at a women focused meeting at the CIC (Cambridge Innovation Center) and the talked about the difference between how men present to VC opposed to women. They said men basically walk in toss stuff on the wall and say give me money, where as the women tend to take the time to cross the Ts and dot the Is, so what you said makes a lot of sense. I think the difference is it sounds like you created the job posting yourself opposed to having a recruiter do it, and this put you ahead of most! I saw a cop description just lately where in it said in one part you needed to know how to migrate checkpoint firewalls, but then in the requirements they said you needed to know Palo Alto, umm ok, so which is it? I want to say if they list just what is need and what is a plus it would be so much easier, but like you said you will still get unqualified people applying. I guess I would rather deal with weeding out unqualified people opposed to scaring away great people over an extreme description.
@JKWiniger It really shows the mentality of a company. One places wants to find a person who knows EXACTLY what they need, which rarely happens. Then better companies understand that if a person knows one firewall, but it's not there firewall the clearly understand all the concepts and and learn their firewall easily, or they look at your background and see all that you know and all that you have done and get that you have done enough so you can learn and do anything that is needed! These companies looking for these perfect UNICORNS will rarely find them and if they do they don't want to pay them!
Actually, my example was worse then that.
I'm pretty good about putting my skills in my resume. Never having worked with firewalls, there is no mention of them in my resume, which is why when the company's "technical recruiter" (yes, that was his position) I was a little taken aback.
I was a bit miffed about being rejected for what I figured was a minor thing AND if this was such a critical must have skill, it should have been so noted.
A few months later I was chatting with the guy who got the position (yeah, I know a lot of folks in the local infosec community, and so either know or have met people who got the jobs I tried for and sometimes even interviewed for. I get along with many of them). Anyway, I told him of my experiences with this recruiter, and about the rejection over firewalls. He then tells me the position has nothing to do with firewalls and was all about IT Risk, which I do a lot with. So don't know if the recruiter was an idiot or using the firewall thing as an excuse to get rid of me as a candidate. But I've seen similar stupid behavior with many companies. I've come to call it the porridge syndrome. You know, 'too hot, too cold'. I've gotten that I'm too security, too risk, or too compliance when it came to certain roles. Whatever.
@emb021 I think the "technical recruiter" title was an attempt at having a recruiter who actually understands some of the technology they are hiring for. From what I have heard a lot gets lost going from the hiring manager to HR to the recruiter. It seems to be hard to find good recruiters. I had a recruiter contact me about a position and I said yes please submit me. After some time I still had not been submitted and asked why. I finally found out that they had sent a bunch of candidates before who had all been rejected so they were a bit slow to submit now. They waited so long the job got pulled.They should really make a job description like we make a resume, when listing things start with the most important at the top and go down from there.
I remember seeing something on how all the weird interview questions used by places like Google yelled no actual results and did not improve retention. I think it comes down to is a person a good culture fit within the company, are they honest and can be trusted, and do they have a willingness to learn what is needed, that's it. Back in the day it was possible to find a really close match but now a days things are so diverse I think they need to realize if they get people who simply have the fundament knowledge in the required area they will be ahead, or maybe directly match a few area but don't have others. What make it really laughable is they make these crazy description but them don't want to pay for it! It really kills me when I see higher level management positions and they are looking to pay less that they are paying lower level positions!
I guess I should digress because it seems that for both of us and probably many others the broken recruiter situation can easier get one a bit heated... give me a recruiter who knows that BIND and DNS are basically the same thing or that the CISSP is a management certification so don't ask for it for an engineer position... silly people...
@emb021 It's just sticking with my that the firewall issue is a pain point for you, so let play a little game as I will call it...
Do you understand and grasp...
NAT - you can have 1 public IP that can be translated into a lot of private IPs
Ports - different programs run on different ports to keep things separate
Ports can be changed so that incoming port 8080 can be converted to port 80 at a certain internal IP
If a connection starts from inside the firewall the response will be allowed to come back in
You can allow things to come in and be directed to certain IPs and ports
It's just some quick things off the top of my head, but if you understand those things I would say you would understand firewalls and it wouldn't take much to have you fully understand the brand that is used. I have been certified on Checkpoint, yes it's now an outdated certification and version, but the basics will always be the same with just different topping on top. To me it's less about knowing the exact details and more about understanding the basics and fundamentals.
Those are some good points there. A lot of companies need to collaborate with the HR departments to seek the IT personnel they want. I got some really good skilled friends of mine still job hunting ... Why? Because HR want a candidate who is anti-kryptonite material.
Superman too had weaknesses .... Kryptonite and Louis Lane.
Some changes, I pray got to happen.
All a very good set of points, I also considered doing at PhD myself, but from a personal note, having gone through a hybrid MSc/MBA, which one could either tackle it from the technical end or from the business end to the other side. Working in collaboration with the sponsoring organisation for three years and coming out successfully. I learnt a great deal, but it took a personal toil on my family at the time. Resulting in a break up. So this alone put me off not doing a PhD I have also observed others who have committed them to four years of long weekends, and again seen the personal effects on the family.
However, one of the best skills I learnt via the Open University, due to the fact I was travelling for years, was Richard Checkland's Soft Systems Thinking Methodology. I was very fortunate to be taught be the Professor himself. This has been invaluable throughout my career. https://link.springer.com/chapter/10.1007/978-3-319-07635-5_48
The same methodology was again promoted in the my MSc, and actively applied to different scenarios.
I think you have to want to work as a dedicated researcher, or an inventor to put that PhD to work.
But personally I have seen a change in attitude within organisations, the drive towards immediate skills, based, on short courses, Agile, Cognitive thinking, Hybrid Cloud, People skills and emotional intelligence being the immediate soft skills that are required right now at the moment. The use of Augmented Intelligence and Machine Learning, and New Collar Workers, being taught side by side, gaining skills on the job and through mentoring. Then we have edge computing, IoT, cloud migration, and applying these to digital transformation and consultancy, 5G and many other facets which keep spinning out. So by the time, a certain young person I know currently who is doing a PhD on 23 Cm aerial design, we will be carrying out 6G design factoring, and beyond. I do not regret my decision not to pursue a PhD, I know I have the ability, and I have the support, but simply do not have the time to balance the family and dedicate myself to the task.
@JKWiniger "It's just sticking with my that the firewall issue is a pain point for you, so let play a little game as I will call it..."
Actually, its not the 'firewall issue' that is the pain point for me, but how it was used.
I was asked if I had worked with firewalls, not if I understood them. Since I have not worked with firewalls, which to me means either setting up one or maybe reviewing the firewall rules, I had to be honest and said "no". Had I been asked if I understood their purpose, I would have given a high level answer.
My issue with the exchange was that this recruiter pulled out something I hadn't worked with, then when I said I had no experience with, said that since they had spoken with the hiring manager, and thus knew exactly what they wanted, that this particular skill was a 'must have' for the position, and rejected me.
Then when I spoke with the person who got the job, found that the position had nothing to do with this so called must have skill.
So I have to wonder why the recruiter did this? Were they looking for something they could use to reject me? They probably assumed I wouldn't find out.
This more points to some of the lousy behavior I've seen with too many recruiters and hiring managers then a lack of skill/knowledge on my part.