Posts tagged career

Security Trends and Your Career Plans


The future of information security is intertwined with the evolution of IT at large and the associated business and consumer trends. It’s worth taking the time to understand these dynamics to define a path for your professional development. How is the industry evolving and what role will you play?

Key Security Trends

Rich Mogull’s write-up on infosec trends offers an excellent framework for peeking 7-10 years into the future. Rich highlights key factors related to: hypersegregation, operationalization of security, incident response, software-defined security, active defense and closing the action loop. Read his article to understand these trends, then come back to consider how they might affect and inform your career development plans.

I won’t get into every trend that Rich described, but I’d like to share my thoughts on how some of these factors offer professional development opportunities for information security and IT professionals. Operationalization of security might be a good place to start.

IT Operations Professionals

As Rich points out, today infosec personnel “still performs many rote tasks that don’t actually require security expertise.” He predicts that security teams will divest themselves “of many responsibilities for network security and monitoring, identity and access management,” etc.

If you’re an IT operations professional who has no interest in specializing in security, you can expand your expertise so that you can take on some of the tasks performed by security personnel today. This might be a natural expansion of what you’re doing already. Moreover, consider what skills you need to possess to automate as many of these responsibilities as possible, allowing your organization to lower costs and improve quality of IT operations and helping you maintain your own sanity.

Information Security Professionals

If you’re an infosec person looking to grow in this field, consider what responsibilities will remain with security professionals. A security person might lack some of the expertise of his operations-focused IT colleagues, but presumably he is better at understanding security. This includes the knowledge of attack and defense tactics, the dynamics of incident response, security architecture and patterns, etc. These are some of the areas where you should focus your professional development efforts.

How to design and validate security of a network where every node is segregated from each other? How to assist the organization in living through a security incident cycle that could span days, but sometimes spans years? How to oversee and validate safeguards when most aspects of the IT infrastructure and applications have been virtualized and could be accessed via an API? What deception tactics could be employed to deter, slow down and detect intruders?

These are some of the questions, grounded in Rich’s trends, that infosec professionals should be able to answer, as they consider how to best contribute to their organization’s success in the future.

Asking the Right Questions

Do your best to project the future of industry trends. Based on these, consider what questions an employer might need answered 3, 7, 10 years from now. You might not know the answers to these questions yet, but the questions can guide you in drafting a professional development plan that will be right for you.

Lenny Zeltser

Digital Forensics and InfoSec Career Advice From Across the Web


Sometimes people ask me for career advice related to information security in general and, more specifically, digital forensics and incident response. I’ve written a few articles on this topic, as did many other respected professionals. Below are pointers to some of these tips.

Digital forensics in general:

Specific to malware analysis:

Broader IT and information security career tips:

I’m sure I missed many other excellent articles with practical career tips for digital forensics and related fields. If you’d like to recommend your favorite references, kindly leave a comment.

Lenny Zeltser

Hiring a Software Engineering Manager in Dallas, TX


Update: This position has been filled.

I’m looking for a software engineering manager to join my team at NCR in Dallas, TX. The person leads the efforts to develop and maintain software that addresses our customers’ information technology needs. To accomplish this, the manager motivates team members and oversees their activities in the context of Agile-inspired development practices.

Some of the required skills and proficiency levels include:

  • Experience managing a software engineering team
  • Past experience developing applications using C, C++, C#/.NET or Java
  • Experience in overseeing the development of mission-critical software projects from design to completion
  • A cultural fit that allows the person and the team to have fun and be productive

Are you such a person or do you know someone like this?

Lenny Zeltser

Tips for Getting the Right IT Job - New Cheat Sheet


I published a new cheat sheet, this one offering practical tips for finding and getting the right job in Information Technology, with a slant towards information security. You can view the contents on the web or print them as a 1-page PDF file.

This cheat sheet covers the following topics:

  • What to do before you start looking for a job
  • How to use social networking as an ongoing part of your career
  • Steps towards finding the IT position worth pursuing
  • Advice on crafting and polishing your resume
  • Tips for negotiating a favorable compensation package

If you have comments or tips related to getting the right IT job, please leave a comment or drop me a note.

Lenny Zeltser

What Does a Security Product Manager Do?


It’s unusual for information security professionals to work in a group that directly generates revenue instead of being a cost center. Many find working within a cost center hard, in part because when it is time to cut costs, infosec budgets are among the first to go. Product management provides an opportunity for infosec pros to work in a profit center for a change. (There are others, such as consulting and sales.)

From my perspective, the primary goal of product management is to define product capabilities and drive product adoption. Sometimes this view on product management is called product development.

  • Defining product capabilities entails working closely with customers to understand and anticipate their needs. It also requires understanding the company’s strengths and weaknesses related to the market as well as the competitive landscape.
  • Driving product adoption involves those steps that help the product find its way to its consumers. This usually requires the need to understand the company’s channel and partnerships, unless the product is sold directly. It also involves regular customer interactions and some aspects of marketing.

In the world of information security, a product might be a hardware gadget, such as a network tap, a piece of software such as an anti-malware tool, or a service, such as a managed security offering. Sometimes it is a combination of these categories.

Here are the type of tasks a product manager might be asked to perform to support the objectives outlined above:

  • Define a strategy for the product’s evolution to support business and customer needs.
  • Create specifications, prioritize requirements and maintain a roadmap of the features being developed.
  • Manage the process of making the product available to customers.
  • Act as a subject matter expert for the product’s capabilities in pre and post-sales discussions.
  • Collaborate with the engineering team building the product to clarify requirements and specifications.

Lenny Zeltser

At the BSides San Francisco conference I presented with Lee Kushner on the techniques for finding a good job in information security and on hiring strong candidates for an infosec position. Anthony Freed from Infosec Island recorded this 6-minute video with me at the event.

The Role of a Resume in an IT Job Search

Although people tend to rely too much much on a resume during an IT job search, having a strong resume is still necessary for many job applications and candidates. In my mind, the goal of a resume is primarily to get past the initial screening, which is often conducted by an HR representative or a recruiter.

A good resume allows the candidate to reach the hiring manager and start deeply engaging in the discussions related to the position. This means that having a strong resume is important, but it is just one of many ways in which the candidate will need to demonstrate that he or she is a good match for the job.

The most common mistake I’ve seen on resumes is the candidate merely listing the tasks he or she performed at an earlier job. However, this listing doesn’t stand out. Make sure that every bullet point on your resume answers the question “So What?” That means including not only the text that describes what you were working on, but actually stating what you accomplished. The goal is to have the reader read the accomplishments and exclaim, “Wow! I want this person to do the same for me!”

I encourage people to think beyond the resume when they look for jobs. The standard resume format is designed to make the candidate much like everyone else in the field. On the other hand, if your reputation precedes you, or if you establish rapport with the hiring managers—perhaps even before there is even a job opening—you’ll be ahead of your competition for the position.

Also, consider the extent to which the position you’re pursuing contributes towards your career growth. Make sure that your resume and subsequent conversations make this clear to the hiring manager and other decision makers. When deciding upon your goals, think outside the standard career path that takes engineers towards management. Some individuals might be happier and achieve more professional laurels if they dig deep into one or more technological areas, rather than giving up their technical skills to manage people.

Lee Kushner and I will be presenting a talk about different perspectives on InfoSec hiring and recruiting at the B-Sides San Francisco conference in February 2012. Stop by if this interests you. Also, along these lines, I’m looking to hire a strong software development manager in Dallas; know anyone?


Lenny Zeltser

I’m Hiring a Manager for My IT Services Team in Dallas, TX

As you might know, I am leading a growing division at Radiant Systems (now part of NCR Corporation) that provides managed security and related services to small and midsize businesses. I’m looking to hire a manager in Dallas, TX, with experience in supervising a team that delivers IT services.

This is an excellent time to join the team, as you’ll have the opportunity to shape the future of our service offering. If you have the necessary expertise and want to know more about the position, please get in touch with me. If you know of a good candidate, please let that person know about the position.

Update: The position has been filled.

Lenny Zeltser

Review Resumes to Understand Your Career Options

Understanding how you might enter a new field or grow in your current position involves understanding the options and the career paths of other people in the industry. Taking the time to connect with and talk to your peers and the individuals you look up to can help with this. To gain another perspective on the career landscape, explore the resumes of people in your industry.

You can find people’s resumes by searching Google and also get similar data by looking at LinkedIn profile. An easier way of mining lots of relevant resumes might be the new resume-searching feature of Indeed. This is the only major job search site I know that lets you do this for free and without having to register as an employer.

One of the nice features of the site is its auto-complete capability, which helps you identify title variations for a given keyword. The site also lets you limit searches to a particular geography.

You can also look at resumes of people working in a particular company by using the “anycompany:” tag in the search box, such as “anycompany:IBM”. This can be especially helpful if you are planning to seek a job at that company.

I suggest looking for resumes of your peers to get a sense for how your experience compares to them. The most useful aspect of reviewing resumes, though, might be to look at people who are more experienced in the field of your choosing. This way you can get a sense for what awaits you, what type of experience you need to gain and what types of companies and positions you might consider applying for.

Hand-picked related posts:

Lenny Zeltser

How to Get into Digital Forensics or Security Incident Response

The field of digital forensics and incident response (DFIR) is attracting a lot attention among information security professionals and law enforcement officers seeking to progress in their careers. One of the challenges of entering this field is that employers often limit their recruitment efforts to experienced forensicators. What can people seeking to get into this industry do?

It seems that organizations rarely want to invest into growing the skills of a beginner forensics or IR analyst. As the result, individuals seeking to get into DFIR should look for opportunities to pick up relevant skills as part of their current job responsibilities. Some ideas and examples:

  • If you have system administration duties, start getting to know the steps and tools used to investigate suspected security incidents. Gradually incorporate these utilities into your toolkit. Examine logs for security events. If you encounter a suspicious executable, begin experimenting with it in a malware analysis lab from a behavior-monitoring perspective.
  • If you have a network administrator role, become familiar with the essential aspects of network intrusion detection. Use the network troubleshooting tools you already know, but dig deeper into the traffic to identify potentially malicious patterns. Play with network forensics puzzles.
  • If you have a programming background, get to know assembly. Pick up a free disassembler and debugger and begin exploring benign programs using these tools. Identify interesting code sections and spend time understanding their inner-workings. When you feel comfortable, start looking at malicious executables.
  • If you’ve been performing file system and related forensics tasks, start incorporating additional utilities into the toolkit you use to examine the evidence you already feel comfortable collecting. Look at the artifacts you didn’t consider earlier. Research their meaning and ask questions about what you find.

The idea is to obtain some baseline DFIR knowledge by building upon what you already know. Look for ways to do this in the context of your current job responsibilities without undermining your commitments to your employer. Supplement the research and experimentation you can do at work with studying and exploring on your own time. Read books on the relevant topics, keep up with DFIR blogs and take formal training if your budget allows. Participate in online forms and informal meet-ups. Talk to people who currently work in DFIR.

Once you learn a bit about DFIR through informal exploration, reading and studying, start looking for a job—in your organization or elsewhere—that can provide you with experiences and mentoring in the aspect of digital forensics and interest response that interests you. Don’t forget to incorporate what you’ve learned about DFIR into your resume, of course.

There are many ways to enter a given field, and everyone’s approach might be different. What are your tips for people interested in getting into DFIR? What has worked for you?

Update: For a perspective on this topic from Harlan Carvey, see his Getting Started post.

Hand-picked related posts:

Just so you know, I teach the malware analysis course at SANS Institute.

Lenny Zeltser