IT security experts are among the most sought-after professionals in technology, with the demand and pay for certified security pros surpassing those of other IT professionals by some margin.

An increase in relevance means a higher demand.

And what does that lead to?

Higher salaries, fewer layoffs.

Professionals are thus looking for a foothold in IT Security. Because, well, it seems secure.

Are you one among those looking to get into the IT security industry?

Or are you already a part of it?

No matter where you stand in the sector, here are a few tips and some dos and don’ts.

Ways to Quickly Ruin Your Career



Number 1: Failing to Stay Ahead of the Curve

 


However, we recommend otherwise. No matter what your value is in the industry, you need to stay relevant. No relevance means no job. You cannot work with information that is outdated.

If you look around at other security practitioners, they are always reading. Why? Because they need to stay relevant. They subscribe to top blogs, stay up-to-date with the latest research, read industry magazines, and constantly update their technical skills.

Information security is an industry that moves very quickly. Exploits are discovered every minute of every day, and best practices are on a constant change. Every year, there is always something new, a new trend, a new way.

If you fail to keep ahead of the curve, and top up your skills and knowledge, it won’t be a matter of time till the industry shuts its doors on you.


Number 2: Taking No Responsibility for What Happens Inside the Firewall

 


Staff in the industry are often poorly trained in best practices of security, and software or hardware is left for trial and error, and plastering over any weaknesses. The most capable information security professionals understand that all aspects of business are incorporated in information security.

This usually means guaranteeing that all the employees are using software safely, that the developers are trained well in the best practices, the important hardware and software is kept updated, and penetration tests are completed on a regular basis, and also inculcate the thought that security is a key part of a company’s processes and not just an afterthought.


Number 3: Blaming Other People for Security Failings

 


It is part of the learning process to take responsibility of security failings. When an employee makes mistakes, it holds to be your mistake as well as theirs.  The top information security practitioners always take responsibility for the security risks or the breaches that occur, and utilize their best efforts to minimize them.
If you are one who plays the blame game, this industry is not fit for you. You are failing to understand what your responsibilities are.
 

Number 4: Speaking Only in Bits and Bytes, and Not About Business

 


Isn’t that what someone trying to ruin their career would do?

To be a successful information security professional, talking only about technical details isn’t enough. You will need to learn to talk about the business impacts and benefits of things as well. When you have meetings with senior executives or professionals who aren’t very well-versed in information security, you will need to be able to explain the situation in their language, not just yours.

Plenty of people in fields related to technology fall into this trap of speaking a language that most people cannot comprehend. This is an easy way to seem irrelevant.
 

Number 5: Talking Down to Your Peers

 


Though most of us tend to do this, it is wrong, and is definitely the easiest way to mark an end to your IT security career is looking or talking down on people who are not part of the security world. No matter how easy it is to lose yourself in that security bubble, you need to remember that talking down to people who do not understand security concepts will get you nowhere.

It is important to be clear and concise in way you talk to others, and resist that strong urge to talk down to people.

Common Mistakes to Avoid


Csoonline spoke to CISOs around the world and collected their inputs to list out mistakes that are usually made during interviews. So for new aspirants in the field of Information Security, here are some common mistakes to avoid:


Number 1: Failing to Show Yourself as a Team Player

A lot of hiring executives around the world say that personality of an employee most often trumps that of technical assets. This is true since more roles in information security interface with the rest of the business. It is crucial that the applicants be themselves – articulate and amiable. They should be able to prove that they are flexible and can work within the different areas of the organization.


Number 2: Selling Yourself as the Jack of All Trades

Boris Sverdlik, Head of Security at Oscar Insurance says, “Entry level applicants across almost all verticals of information security make the mistake of trying to be a one-size-fits-all candidate. Security is broken up across many verticals and even among those who are experienced, it's almost impossible to be well-versed in all aspects.”

Brian Martin, founder at Digital Trust, LLC says, “The most annoying candidate is the arrogant know-it-all. I don't mind arrogance when it's earned, but not in a kid who's never been tested. In cases where we've tried to work with these types, it hasn’t ended well.”

If your interest lies in various skills under the information security domain, highlight the ones that best meet the demands of the organization. Like these leaders stated, nobody likes a know it all.


Number 3: Failing at the Basics

Many CISOs like Martin Fisher, the manager of IT security at Northside Hospital, believe it to be common for potential hires to make basic blunders. He says, “On resumes, misspell HIPAA, and I’ll toss the resume. Too often encounter typos, punctuation errors, and resumes laden with information that's not relevant to the role being offered.”

Mike Kearnprincipal security architect at the US Bank, cited what job seekers don’t do when it comes to the basics of interviewing. “When I offer them an opportunity near the end of the interview to ask me anything, and I emphasize the word “anything”, the majority ask me softball kinds of questions about culture or why I like working there. Missed opportunity on their part,” he says.

Any other dos and don’ts you know of? We’d love to hear them, and so would our readers.
Comment away.

And don’t forget – get certified, and get ahead. Simplilearn offers courses in IT Security management. So get out there and stay relevant. 

Duration and Fees for Our Online Cyber Security Training

Cyber Security training programs usually last from a few weeks to several months, with fees varying depending on the program and institution

Program NameDurationFees
Professional Certificate Program in Cybersecurity

Cohort Starts: 4 Dec, 2024

20 weeks$ 3,500
Executive Certificate Program in Cybersecurity

Cohort Starts: 12 Dec, 2024

7 months$ 2,499
Caltech Cybersecurity Bootcamp

Cohort Starts: 13 Jan, 2025

6 Months$ 8,000
Cyber Security Expert Masters Program4 months$ 2,599

Learn from Industry Experts with free Masterclasses

  • Boost Your Cybersecurity Career 2X: PGP with MIT SCC Modules - Masterclass by Ron Sharon

    Cyber Security

    Boost Your Cybersecurity Career 2X: PGP with MIT SCC Modules - Masterclass by Ron Sharon

    24th May, Wednesday10:00 PM IST
  • Offensive vs. Defensive Security: Roles, Skills, and Career Paths

    Cyber Security

    Offensive vs. Defensive Security: Roles, Skills, and Career Paths

    30th Oct, Wednesday9:00 PM IST
  • Career Masterclass: Why Cybersecurity Should Be Your Career Move in 2023

    Cyber Security

    Career Masterclass: Why Cybersecurity Should Be Your Career Move in 2023

    14th Dec, Wednesday9:00 PM IST
prevNext