Sometimes people ask me for career advice related to information security in general and, more specifically, digital forensics and incident response. I’ve written a few articles on this topic, as did many other respected professionals. Below are pointers to some of these tips.
Digital forensics in general:
Specific to malware analysis:
Broader IT and information security career tips:
I’m sure I missed many other excellent articles with practical career tips for digital forensics and related fields. If you’d like to recommend your favorite references, kindly leave a comment.
Update: This position has been filled.
I’m looking for a software engineering manager to join my team at NCR in Dallas, TX. The person leads the efforts to develop and maintain software that addresses our customers’ information technology needs. To accomplish this, the manager motivates team members and oversees their activities in the context of Agile-inspired development practices.
Some of the required skills and proficiency levels include:
Are you such a person or do you know someone like this?
I published a new cheat sheet, this one offering practical tips for finding and getting the right job in Information Technology, with a slant towards information security. You can view the contents on the web or print them as a 1-page PDF file.
This cheat sheet covers the following topics:
If you have comments or tips related to getting the right IT job, please leave a comment or drop me a note.
It’s unusual for information security professionals to work in a group that directly generates revenue instead of being a cost center. Many find working within a cost center hard, in part because when it is time to cut costs, infosec budgets are among the first to go. Product management provides an opportunity for infosec pros to work in a profit center for a change. (There are others, such as consulting and sales.)
From my perspective, the primary goal of product management is to define product capabilities and drive product adoption. Sometimes this view on product management is called product development.
In the world of information security, a product might be a hardware gadget, such as a network tap, a piece of software such as an anti-malware tool, or a service, such as a managed security offering. Sometimes it is a combination of these categories.
Here are the type of tasks a product manager might be asked to perform to support the objectives outlined above:
Although people tend to rely too much much on a resume during an IT job search, having a strong resume is still necessary for many job applications and candidates. In my mind, the goal of a resume is primarily to get past the initial screening, which is often conducted by an HR representative or a recruiter.
A good resume allows the candidate to reach the hiring manager and start deeply engaging in the discussions related to the position. This means that having a strong resume is important, but it is just one of many ways in which the candidate will need to demonstrate that he or she is a good match for the job.
The most common mistake I’ve seen on resumes is the candidate merely listing the tasks he or she performed at an earlier job. However, this listing doesn’t stand out. Make sure that every bullet point on your resume answers the question “So What?” That means including not only the text that describes what you were working on, but actually stating what you accomplished. The goal is to have the reader read the accomplishments and exclaim, “Wow! I want this person to do the same for me!”
I encourage people to think beyond the resume when they look for jobs. The standard resume format is designed to make the candidate much like everyone else in the field. On the other hand, if your reputation precedes you, or if you establish rapport with the hiring managers—perhaps even before there is even a job opening—you’ll be ahead of your competition for the position.
Also, consider the extent to which the position you’re pursuing contributes towards your career growth. Make sure that your resume and subsequent conversations make this clear to the hiring manager and other decision makers. When deciding upon your goals, think outside the standard career path that takes engineers towards management. Some individuals might be happier and achieve more professional laurels if they dig deep into one or more technological areas, rather than giving up their technical skills to manage people.
Lee Kushner and I will be presenting a talk about different perspectives on InfoSec hiring and recruiting at the B-Sides San Francisco conference in February 2012. Stop by if this interests you. Also, along these lines, I’m looking to hire a strong software development manager in Dallas; know anyone?
As you might know, I am leading a growing division at Radiant Systems (now part of NCR Corporation) that provides managed security and related services to small and midsize businesses. I’m looking to hire a manager in Dallas, TX, with experience in supervising a team that delivers IT services.
This is an excellent time to join the team, as you’ll have the opportunity to shape the future of our service offering. If you have the necessary expertise and want to know more about the position, please get in touch with me. If you know of a good candidate, please let that person know about the position.
Update: The position has been filled.
Understanding how you might enter a new field or grow in your current position involves understanding the options and the career paths of other people in the industry. Taking the time to connect with and talk to your peers and the individuals you look up to can help with this. To gain another perspective on the career landscape, explore the resumes of people in your industry.
You can find people’s resumes by searching Google and also get similar data by looking at LinkedIn profile. An easier way of mining lots of relevant resumes might be the new resume-searching feature of Indeed. This is the only major job search site I know that lets you do this for free and without having to register as an employer.
One of the nice features of the site is its auto-complete capability, which helps you identify title variations for a given keyword. The site also lets you limit searches to a particular geography.
You can also look at resumes of people working in a particular company by using the “anycompany:” tag in the search box, such as “anycompany:IBM”. This can be especially helpful if you are planning to seek a job at that company.
I suggest looking for resumes of your peers to get a sense for how your experience compares to them. The most useful aspect of reviewing resumes, though, might be to look at people who are more experienced in the field of your choosing. This way you can get a sense for what awaits you, what type of experience you need to gain and what types of companies and positions you might consider applying for.
Hand-picked related posts:
The field of digital forensics and incident response (DFIR) is attracting a lot attention among information security professionals and law enforcement officers seeking to progress in their careers. One of the challenges of entering this field is that employers often limit their recruitment efforts to experienced forensicators. What can people seeking to get into this industry do?
It seems that organizations rarely want to invest into growing the skills of a beginner forensics or IR analyst. As the result, individuals seeking to get into DFIR should look for opportunities to pick up relevant skills as part of their current job responsibilities. Some ideas and examples:
The idea is to obtain some baseline DFIR knowledge by building upon what you already know. Look for ways to do this in the context of your current job responsibilities without undermining your commitments to your employer. Supplement the research and experimentation you can do at work with studying and exploring on your own time. Read books on the relevant topics, keep up with DFIR blogs and take formal training if your budget allows. Participate in online forms and informal meet-ups. Talk to people who currently work in DFIR.
Once you learn a bit about DFIR through informal exploration, reading and studying, start looking for a job—in your organization or elsewhere—that can provide you with experiences and mentoring in the aspect of digital forensics and interest response that interests you. Don’t forget to incorporate what you’ve learned about DFIR into your resume, of course.
There are many ways to enter a given field, and everyone’s approach might be different. What are your tips for people interested in getting into DFIR? What has worked for you?
Update: For a perspective on this topic from Harlan Carvey, see his Getting Started post.
Hand-picked related posts:
Just so you know, I teach the malware analysis course at SANS Institute.
Change is exciting and a bit scary. I’ve recently joined an amazing team at Radiant Systems (now part of NCR) to grow a service that can support and safeguard IT infrastructure of small and midsized businesses. My initial focus is on helping companies in retail and hospitality industries.
From a security perspective, smaller businesses cannot afford the managed services designed for enterprise environments. Yet, they are plagued by IT-related issues ranging from operational outages to malware infections. Though high-profile breaches of large firms often dominate the headlines, security issues at the numerous small and midsize companies take a tremendous toll on our society. My hope is that my colleagues and I improve the situation.
I will miss working with my old team. And I am looking forward to getting to know and accomplishing great things with my new colleagues.
P.S. This change will not affect my involvement in the personal projects I pursue, such as teaching at SANS Institute or maintaining the Reverse-Engineering Malware course.