There are many stories when personal ambitions did not allow IT workers to advance and develop further in their specialty.
Such stories are well known to information security directors. Here you can recall a seemingly excellent employee who often told others how smart he was and deserved a much higher salary. Another time, I remember an employee who did exactly what was required, but no more. None of them got very far, as their bosses finally got tired of the moral resistance and decided to break up with them professionally, writes the CSO publication.
These are just a few ways to hurt your career, say CIOs, career coaches, and executive consultants. Some actions, such as illegal access to computer systems, are obviously misdemeanors, while many others will simply harm any promotion through the ranks.
Ignoring blatantly unethical and illegal behavior (which professionals should already be aware of in order not to do so), here are 12 common traits that security managers say will keep you from advancing your career in cybersecurity, and how you can avoid such a fate.
Other experts agree with him. "Security is a profession where there are many standards, rules, and frameworks, but too often we try to implement them blindly, in terms of standards, instead of trying to implement them in the business context," adds Russ Kirby, director of information security at ForgeRock, a software developer.
"If the security staff had a better relationship or listened better, they could understand the problem, find a middle ground, and realize that the roadmap for the app would allow passwords of any length to be used for a year," Kirby says. "But the unwavering, tough stance they took meant that they should be avoided, and they are missing out on opportunities that they might otherwise have taken advantage of."
She trained one young employee who, according to the managers, had potential, but whose arrogance held him back. "He sighed heavily when people didn't understand what he was talking about. He was very quick to get critical and always said negative things about others, so even though his technical skills were good, he gave the impression of someone who couldn't be trusted," Stewart said, adding that people often asked to work with other employees who "didn't make them feel stupid."
She noted that smartness - even the most magnificent - helps only up to a certain point. "Many people believe that their high technical skills will help them take their rightful place. This is simply not true. This only happens in some cases. Steve Jobs could have gotten away with it, but he was an exception, " Stewart said.
"They may not know how to speak out or disagree with a boss or colleague, even if they can shed some light that might solve the problem or reduce the risk," she says. Time and experience can help them gain confidence, but some may be better off if they find a mentor or coach who can guide and encourage them.
Moreover, she said, colleagues will want to avoid team members with such repulsive behavior, preventing them from participating in key projects that can help them get ahead. "You really need the ability to control your emotions," she adds. "A higher level of emotion is absolutely acceptable when you're celebrating, but not acceptable when you're dealing with problems."
"People will ignore what you say if you only talk about technical things. Your career won't get any further, and you'll have to deal with the underlying problems that you cause because no one listens to you," says Stanger.
As a result, security personnel need to create more opportunities for themselves. It suggests that you let your colleagues know that you are interested in communicating: contact them and ask questions, acknowledge the success of others, and schedule meetings to learn from others. "You absolutely have to do this if you want to have an impact outside of your [department]," says Rusch.
"Security professionals often fall into the trap of focusing too much on technical skills and not enough on social skills, such as writing texts and creating presentations. Cybersecurity is about communicating solutions to problems, communicating threats and risks, and mitigating those threats and risks. What's the use of technological advancements if you can't communicate their results or value to the right stakeholders, whether customers or management, " says Will Mendes, managing director of operations at CyZen, a consulting firm.
"I look at their career growth and I know that if they have stayed at a certain level for a long time, maybe there is a reason for this. This is a red flag, " says Carder of LogRhythm. According to him, employees should grow professionally, learn additional skills, take on new tasks and expand their knowledge. "I'm looking for security professionals who see that they have room to grow," he adds.
"Many security experts tend to hold a strictly polar view of the world-black and white: here's a vulnerability, here's how someone might exploit it, and here's why we need to fix it now. They can't see beyond that line. They don't see whether a vulnerability is also a risk. So they need to think more broadly about vulnerabilities. They need to learn how to live with risk in order to understand that this is not quite all, " Kor said.
CEOs and boards of directors need security managers who can work with them to develop a vision for the future, as well as understand how security delivers that vision, where it can really help shape it, and where it can even become a hallmark. Security professionals are promoted who can think along these lines rather than present a 12-month schedule of security plans.
Author: Mary K. Pratt
Such stories are well known to information security directors. Here you can recall a seemingly excellent employee who often told others how smart he was and deserved a much higher salary. Another time, I remember an employee who did exactly what was required, but no more. None of them got very far, as their bosses finally got tired of the moral resistance and decided to break up with them professionally, writes the CSO publication.
These are just a few ways to hurt your career, say CIOs, career coaches, and executive consultants. Some actions, such as illegal access to computer systems, are obviously misdemeanors, while many others will simply harm any promotion through the ranks.
Ignoring blatantly unethical and illegal behavior (which professionals should already be aware of in order not to do so), here are 12 common traits that security managers say will keep you from advancing your career in cybersecurity, and how you can avoid such a fate.
Trust in security is the ultimate goal
"The biggest problem I have encountered is people working in the security industry who believe that security is the most important thing. This is exactly what they think, and they don't understand how they should contribute to business development," says James Carder, head of security at LogRhythm, a security technology company. Instead, he noted, they need to collaborate with their colleagues in the business unit to understand their goals, and then be an assistant rather than a hindrance.Other experts agree with him. "Security is a profession where there are many standards, rules, and frameworks, but too often we try to implement them blindly, in terms of standards, instead of trying to implement them in the business context," adds Russ Kirby, director of information security at ForgeRock, a software developer.
Getting stuck in place
Similarly, Kirby has seen security professionals become so focused on their goals that they alienate other departments in companies that might otherwise work together to find a solution. He pointed out one scenario in which security officials wanted to change the minimum length of an app's password from 8 characters to more than 20 characters. The IT development team declined, explaining that they could move to 12 characters, but something more in terms of changes would require significant time and money. The security staff refused to back down from their demands and thus created bad karma by getting a bad reputation after the incident."If the security staff had a better relationship or listened better, they could understand the problem, find a middle ground, and realize that the roadmap for the app would allow passwords of any length to be used for a year," Kirby says. "But the unwavering, tough stance they took meant that they should be avoided, and they are missing out on opportunities that they might otherwise have taken advantage of."
Act like you're the smartest
There is no doubt that security areas attract a lot of brilliant minds. But no one should believe that they are the smartest-they definitely shouldn't do that. However, Liese Stewart, project manager of the Center for Individual and Organizational Performance at the professional services company EisnerAmper, says this is a common problem.She trained one young employee who, according to the managers, had potential, but whose arrogance held him back. "He sighed heavily when people didn't understand what he was talking about. He was very quick to get critical and always said negative things about others, so even though his technical skills were good, he gave the impression of someone who couldn't be trusted," Stewart said, adding that people often asked to work with other employees who "didn't make them feel stupid."
She noted that smartness - even the most magnificent - helps only up to a certain point. "Many people believe that their high technical skills will help them take their rightful place. This is simply not true. This only happens in some cases. Steve Jobs could have gotten away with it, but he was an exception, " Stewart said.
Being too timid
On the other hand, Kathy Cassarly, associate director of career Development Services at Carnegie Mellon University's Heinz College, says she has noticed that some security personnel-especially new ones - lack the confidence needed to move up the corporate ladder. "They think that they are not good enough, that they are not talented enough," she says, adding that such employees may refuse to participate in new projects or apply for promotions because of their self - doubt."They may not know how to speak out or disagree with a boss or colleague, even if they can shed some light that might solve the problem or reduce the risk," she says. Time and experience can help them gain confidence, but some may be better off if they find a mentor or coach who can guide and encourage them.
Loss of composure
Nowadays, the working microclimate is often under intense pressure, and security services often experience additional stress, which arises from the fact that they are constantly being targeted by information threats. "Everyone feels it," Stewart says. But no one is helped by the moment when you dig into the problem with your head. "The one who shouts only aggravates the problem, which damages the reputation and career," she said, adding that colleagues will only be able to see this as emotional immaturity.Moreover, she said, colleagues will want to avoid team members with such repulsive behavior, preventing them from participating in key projects that can help them get ahead. "You really need the ability to control your emotions," she adds. "A higher level of emotion is absolutely acceptable when you're celebrating, but not acceptable when you're dealing with problems."
Talk only about technology
James Stanger, chief technical advocate for CompTIA, a trade association for training and certification, recalls how during one of his first presentations to the board, he switched to technical conversations, and then saw the eyes of his listeners grow dim. This is a typical beginner's mistake, which he was able to quickly get rid of by switching to a more understandable business language. Many, however, don't know or try to switch from technical conversations to business conversations, says Stanger, which keeps them away from boardrooms and management."People will ignore what you say if you only talk about technical things. Your career won't get any further, and you'll have to deal with the underlying problems that you cause because no one listens to you," says Stanger.
Stick to Yourself
Professionals in each field sometimes develop by helping others do their jobs, becoming reliable partners with their colleagues, and building relationships within the company. Some people find it easy to connect with others, while other roles require collaboration that helps strengthen those connections in the workplace. However, security in many organizations does not often fall into these categories, although building relationships is just as important for successful security programs and individual career growth, says Kimberly Rusch, founder of All - Star Executive Coaching.As a result, security personnel need to create more opportunities for themselves. It suggests that you let your colleagues know that you are interested in communicating: contact them and ask questions, acknowledge the success of others, and schedule meetings to learn from others. "You absolutely have to do this if you want to have an impact outside of your [department]," says Rusch.
Inability to develop other skills
Security professionals value their technical skills and certifications, and rightly so, but they need to understand how they fit into their organization's overall technology stack, its goals, its understanding of security threats, and its resilience to risks. Moreover, security professionals must rely on this understanding as they move up the corporate ladder to succeed at this higher level. However, many fail to develop this broader portfolio of business, management, and leadership skills."Security professionals often fall into the trap of focusing too much on technical skills and not enough on social skills, such as writing texts and creating presentations. Cybersecurity is about communicating solutions to problems, communicating threats and risks, and mitigating those threats and risks. What's the use of technological advancements if you can't communicate their results or value to the right stakeholders, whether customers or management, " says Will Mendes, managing director of operations at CyZen, a consulting firm.
Stay put
One of the interviewed specialists noted that he often met employees who had been working in their position for quite a long time. But this is not always a bad thing, but it raises questions about whether people have reached the professional ceiling at this place."I look at their career growth and I know that if they have stayed at a certain level for a long time, maybe there is a reason for this. This is a red flag, " says Carder of LogRhythm. According to him, employees should grow professionally, learn additional skills, take on new tasks and expand their knowledge. "I'm looking for security professionals who see that they have room to grow," he adds.
Stay safe
Jenai Marinkovic, CTO and Director of information security at Tiro Security and a cybersecurity expert at ISACA, a professional association dedicated to IT management, once received a harsh message from a mentor: she told her that she couldn't understand the business perspective, so she couldn't communicate and collaborate effectively with business teams. The mentor advised Marinkovic to get some experience outside of the security service in order to broaden her horizons. So Marinkovich landed several CTO positions at startups, where she learned to be a more effective business leader; eventually, she worked for three years in roles outside of security. "I wouldn't be where I am today if I didn't do this," she says.Mistake vulnerabilities for risks
Many security professionals view their team's priorities and tasks from the perspective of cybersecurity threats, identifying vulnerabilities that need to be addressed, rather than looking at them from a more nuanced, risk-focused business perspective, says Lisa Kohr, Senior director of security at Zendesk. It is based on her own experience, as she once blamed colleagues who approved changes via email. Then her boss stepped in and reminded her that the real risk was not getting approved, not how exactly the process was going."Many security experts tend to hold a strictly polar view of the world-black and white: here's a vulnerability, here's how someone might exploit it, and here's why we need to fix it now. They can't see beyond that line. They don't see whether a vulnerability is also a risk. So they need to think more broadly about vulnerabilities. They need to learn how to live with risk in order to understand that this is not quite all, " Kor said.
A tactical approach, but not a strategic one
Marinkovic said that most of the security personnel she knows are more likely to think tactically, working on linear plans to solve problems and meet needs. "We make tactical plans, which we call strategic," she says, explaining that this approach can undermine both the long-term needs of the organization and hinder professional career growth.CEOs and boards of directors need security managers who can work with them to develop a vision for the future, as well as understand how security delivers that vision, where it can really help shape it, and where it can even become a hallmark. Security professionals are promoted who can think along these lines rather than present a 12-month schedule of security plans.
Author: Mary K. Pratt
