Greetings. I'm hoping I can lean on all of you for some advice. I'm in my 40's, began my infosec career in 1996, earned my CISSP in 2001, CISA in 2007, CISSP-ISSAP in 2015 and am preparing for the CISSP-CCSP exam. I've been out of work with a serious illness for almost two years.
When I started to get sick my long term health prospects were unknown and I made the mistake of confiding this in my then employer and was terminated the same day for "performance" reasons. Since I worked in an "at will" state in the US the lawyers I spoke with said it was unfair but expensive to pursue with no guaranteed positive outcome. While my health has returned my career has not. I simply can not get my foot in the door with any hiring managers or recruiters!
Have any of you been in a similar situation and if so how did you reenter the security and risk management fields? Any advice or thoughts would be most appreciated.
Clara
Hi Clara,
Glad you're health has returned!
When I was on the job hunt, I looked for a few weeks without finding anything exciting. I made two changes to my LinkedIn profile and everything changed. First, I opted for a Premium account. That allows you to push your application to the top of the pile (which is huge). Second, following the example of what I was seeing among HR professionals, I put, ", CISSP" after my last name. I went from getting 1-2 callbacks a week to 3-6 blind calls or emails a day.
Because you've had a long pause in your career, take a look at consulting firms. They'll probably pay you less than what you're worth, but they're a jumping-off point. You'll be out of there in a year or less if you're less than thrilled.
Finally, take a look at getting certified in AWS and/or Azure. A lot of companies are looking for ways to integrate with the cloud in a secure way. Having a skillset that meets their future needs is more impressive than knowing their technology stack today.
Good luck!
John
Hello. Good to hear you are on the mend and your health is returning. Always a good start. I am currently in a job/position I am not happy with and am looking for a new job/position somewhere else. As much as people advertise they want security people, alot of them don't really understand what it is a CISSP is capable of. And, they also don't udnerstand what we can bring to a company. And as such, alot of them just know acronyms or words and place a low price tag on the position they want you to fill as well. As was mentioned by John previously, using a premium account on LInkedIn has helped somewhat, along with having the CISSP after my last name. The number of views on my profile weekly is astounding, and yet, very few actual job offers. I have applied to many postiions, and am willing to move, but it does not seem to come to fruition. Most do not pursue or even respond when you approach them. For a field that is greatly needed, most don't really seem to want to hire. Especially those with good credentials. Just keep looking and try doing consult work or even freelance work on your own. It's tough, even with such a wide open field. Good luck.
Hi Clara,
Happy to hear you are better but not happy to hear about such a low-life employer.
I was in an re-employment situation and was freaking out abit due to the lack of response and seemingly no interest in security professionals. I am now happily employed and there were two things I learned:
1 I think it was John who said this in a previous reply, Linkedin Premium!! and a re-vamping of my profile. There are good instructions in the Premium space to fine-tune profiles.
2 Timing. Timing timing timing. I did my departure from my previous employer and my timing was horrible. Did not know this at the time, but between March and June, there was pretty much nothing happening. It's either not early or late in the year for any major changes to happen at companies. Fiscal periods hit usually August or December time-frame. This means that yoru best hit-rate is right after this time when new HCs are announced etc. You want to get in the discussion just before to be ready when the time comes.
As I was about to book a ticket and change countries, I was suddenly in a situation where I had 5 offers in my hand! Not all security, mind you. Four of them were. Not ideal either, as now you really need to figure out where you would be going with it.
Just keep hunting. The right position will present itself.
Echoing others, glad that your health has improved.
In addition to the advice you've already received here, I'd recommend getting active in your local groups; ISC2, ISACA, InfraGard, BSides, etc. There are great networking connections and a chance to interact with folks that can be more memorable than just a resume.
Good Luck!
Clara, I'm glad you are feeling better.
Please consider subscribing with an employment agency first, like Kelly Services. As is not the best option, it will help you getting in the footstep of desired workplace. You have to consider all spectrum covered by CISSP especially domains you have experience in.
Good luck!
Hi Clara,
Our health is Number 1 assett. Glad you are back.
Before you focus on your next career, consider the second most important that is related to #1 - our mental health. When we do job search, our motivation and spirit can be high one minute and down to despair the next. It's important we do things and engage with people to keep our spirit up, to be positive, confident and be resilient.
I would divide my strategy in 3 domains.
First - the Digital Domain.
If you can afford it, join LinkedIn Premium, its not cheap. I joined on a month to month basis. I used it to connect to anyone (only if I have good justification and only via messaging), research the companies and used Lynda (many courses related to Cybersecurity).
I attended some "Virtual Cyber Recruitement Fairs" - a good one early this year by SANS.
You are doing the right thing by joining this community for example.
Second - the Physical Domain
I joined the local ISC2, ISSA, PMI etc ... and attended their local chapter meetings. The purpose is to meet people, learn and if possible, add value, contribute. Sometimes, writing a meaningful or a thank you notes to colleagues or friends. Picking up a phone and asked an ex colleague how he/she changed to her recent role help.
Third - Life Domain
I did meditation, go for long walk, bicycle, meet with friends for coffee, drive to a new places/cities to change the environment.
In my case, I had a recomendation to a leader of a small cyber company and worked for them for a few weeks working on a big bid. Then in the same week, I had 2 job offers. Two of them in different industries. The first one was via recommendtion from my friend and neighbor. The second one, I just walked in my local university recruitement fair, spoke to companies that I was interested in. I had no connection with my current employer prior to my work.
Get out there, show up, be positive, be confident and add values. You'll make a great career move.
All the best!
I was out of industry for about 10 years and teaching online instead for personal reasons. It was tough to get back into industry after that long a period and found I just about had to start over again. Once I demonstrated I still knew what I was doing I didn't stay at the bottom long however. Don't be afraid to re-start at an entry level job if needed. Another stumbling block I hit was the distance I was willing to commute. Being willing to move anywhere will also significantly increase opportunities. If you have an InfoSec community where you are that can help as well. ISSA, ISC2, ISACA, ASIS, and others have local chapters in various communities that are a great place to network.
Hang in there, it can be overcome.
Clara,
First, like the others I want to say that I am happy to hear that you are doing better and that you are ready to reenter the work force.
The others who have replied have offered some great ideas. I am departing from those ideas to ask you have you considered working for either a local, state or Federal government agency?
I work for the Department of Defense (DoD) and I will be taking a job next month that requires the incumbent to have or earn their CISSP within 6 months of starting. The DoD is one of the leading agencies that relies on certifications. If you can relocate for a job then looking at government positions might be a way to get back to work. You might be surprised what may be available where you are.
The Federal job website is www.usajobs.gov and in the keyword search use 2210 which is the information technology specialist series of jobs. It can take a while for an agency to work through the hiring process, so don’t expect a quick process like you get with private employers.
Good Luck!
-Doug