Presentation on theme: "1 Presented by Mark D’Ermes Director of Recruiting Wednesday May 16 th, 2012 Managing Your InfoSec Career An Employers Perspective This document is confidential."— Presentation transcript:
1 Presented by Mark D’Ermes Director of Recruiting Wednesday May 16 th, 2012 Managing Your InfoSec Career An Employers Perspective This document is confidential and is intended solely for the use and information of the client to whom it is addressed.
2Filename/RPS Number Today’s presentation will focus on managing your career in Information Security: Marketability Best Practices Today’s presentation will focus on managing your career in Information Security: Marketability Best Practices At Booz Allen, Information Security is central to the services we offer across federal and commercial markets We deliver a Dynamic Defense methodology to our government and commercial clients, providing Threat Vector Intelligence, Rapid Response, Pre-emptive Response and Integration Remediation capabilities across the markets. Our clients utilize Booz Allen solutions to construct a holistic program of cybersecurity for their entities and businesses
3 Certified Information Systems Security Professional (CISSP) Certification and Accreditation Professional (CAP CM) Systems Security Certified Practitioner (SSCP) Certified Secured Software Lifecycle Professional (CSSLP) Certified Ethical Hacker (CEH) CERT Certified Computer Security Incident Handler (CSIH) Certified Protection Professional (CPP) Information Systems Security Architecture Professional (ISSAP) Information Systems Security Management Professional (ISSMP) Information Systems Security Engineering Professional (ISSEP) High MarketabilityMedium Marketability Global Information Assurance Certification (GIAC) GIAC Security Essentials Certification (GSEC) Security Certified Network Architect (SCNA) Security Certified Network Professional (SCNP) Computer Hacking Forensic Investigator (CHFI) Certified Wireless Security Professional (CWSP) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC) Medium Marketability CompTIA Security + Cisco Certified Network Associate (CCNA) Cisco Certified Network Professional (CCNP) Cisco Certified Security Professional (CCSP) Neutral Marketability Certified Business Continuity Planner (CBCP) Master Business Continuity Planner (MBCP) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) high low Talent supply Demand While our view of the InfoSec talent market is not THE MARKET, it offers a broad view of marketability that can provide context
4Filename/RPS Number Certifications Functional Experience Other Differentiators Leadership Client management Problem solving Security clearances Domain expertise Relevant education Use these criteria to evaluate your own marketability Don’t overlook other differentiators! Beyond certifications, employers assess candidates based on their functional knowledge skills and abilities, then factor in key differentiators
5Filename/RPS Number Begin your process with an objective self assessment to optimize your present level of marketability while developing your pathway for moving forward Skills become obsolete in a hurry - Have you stayed current in your functional area of expertise? Have realistic expectations about what you bring to the table – How unique is your skill set? Learning fast is a valuable skill that enhances marketability, particularly in the commercial market. Have you factored that into the way you present yourself? Stay current on the threat level of sophistication and origin. Research and read the most current info available and speak on it. In terms of communicating your expertise, focus on accomplishments, be able to say “these are the things I’ve done in the last five years” “Functional must be fungible” to take skills across functional arenas.
6Filename/RPS Number When it comes to career management, maintain a broad perspective and avoid common pitfalls in order to maximize your marketability.
7 Focused education is the key driver toward an effective skill set that fulfills the requirements of the industry’s leading edge The ideal list on which to base your foundation or elevate your cadre of personal InfoSec credentials A master’s degree in any of these concentrations would be an added plus, especially for individuals targeting mid to upper level management positions Degree relevance varies with business’ expectations: Government – labor standards Consulting – overall qualifications Leadership – taking leadership roles The InfoSec Institutes top 5 most requested training courses: Ethical Hacking 5-day Course with CEH and CPT exams Advanced Ethical Hacking 5-day Course with CEPT exam CISSP Boot Camp 6-day Course with optional CISSP exam CCNA/CCENT/CCDA/CCNA Security 7-day Course with these 4 exams Security+ Boot Camp 5-day Course with Security+ exam Top Bachelors degrees in the industry: Computer science MIS Cyber security Often-times certifications are more important than degrees
8Filename/RPS Number Best Practices for the active job seeker For the active job seeker Leverage your mentors and talent communicators Be aware that research shows that it takes over 20 sent resumes to any job, not only your optimum choice Your personal and professional network is your best friend Career changers, have a strategy to change your path while maintaining income level. Be ready for difficult choices Resume Tips: Focus accomplishments, not responsibilities Accountability is key, “I was accountable for…” Quantify the impact of your accomplishments Interview Tips – make a strong statement “This is what is found when I got there” “This is what I did” “These were the results”
9Filename/RPS Number Always maintain a dynamic networking strategy utilizing all available avenues in order to take advantage of the best available opportunity Professional Associations Internal Talent Communities Search Firms Educational Channels Industry Activities
10Filename/RPS Number Staying current, as InfoSec skills quickly become obsolete A good mentor can help with focus once a certification is completed; help coach on the best way to apply the knowledge Research where to get certifications from reputable companies – some companies issue certifications using outdated information, not worth the paper its printed on in the real world. Talk to big companies to see who they respect. Make sure you have applied your certification in a real life situation and be able to discuss “what you found, what you did, and what were the results.” Be able to “walk the walk,” not just “talk the talk.” Application is critical…a certification is like a degree…it validates that you have the knowledge, not necessarily that you know how to apply or use the knowledge. Credentials alone are not enough…important to have as a cost of entry. Experience is king in demonstrating competency. Key Takeaways