In part one of this series, I posited that additional integrity on a resume, as well as in interview situations, can benefit the entire information security profession by highlighting the specific disciplines in our industry. This, in turn, could serve to stop the perception of a cyber skills-gap by driving awareness that the InfoSec field is broader than the general approach that many employers try to use to fill a position. Many of the executives in this new InfoSec world have been promoted to their new executive position based on a long track-record of technical knowledge and hands-on experience. This is simply because, up until recently, there have been no formal university-based InfoSec degrees that a person can pursue toward becoming an InfoSec executive. Of course, there are many excellent training courses for InfoSec offered by some outstanding organizations, such as SANS, and there are many certification paths, as well, but the C-Level jobs do not require many of those core skills. Organizations traditionally promote individual contributors or line-workers who they know and trust into these nascent positions. This is excellent in so many ways. The organization gets someone they know who can perform the task, and the person gets to graduate to a new level of responsibility and stature. However, this, too, is not without its perils. One of the most difficult aspects of moving from the front-lines to the management suite is the ability to give up the days of being a “mechanic.” Most folks who came up through the security admin ranks have a hard time stepping away from their old hands-on duties. Remember that if your organization has moved you away from the hands-on tasks, they did so because they recognize that you can serve a better function. Chances are that you not only have excellent technical abilities but also demonstrated those important “soft-skills” (a particularly odious term) that are highly coveted in higher positions in many organizations. You probably have a positive attitude, good listening skills, a collaborative approach and the ability to envision something greater than the product of your single task. This is where you have to hone all of those leadership skills to build a team that can make your organization thrive. You just won’t have time to configure a firewall anymore or to chase down the source of a small traffic burst. That is what your team will do. Your promotion also opens the door for someone new to fill the open position in the organization. (Remember, there is no skills-gap.) Your new focus is supporting and managing your team and working towards the bigger picture of the organization. Do not fear that you will “lose the common touch.” That ability is practically encoded in your DNA from your history. Think of it this way: would you expect to find Elon Musk performing an oil change? I am sure that he could dust off a few mental cobwebs and remember all the steps to do that, but would that benefit anyone in a broader sense? The beauty of the InfoSec field is that it is growing, becoming more finely defined every day. Don’t let the façade of a skills-gap deter you from your focus to be the best in your particular area of expertise. When you are promoted beyond your initial success level, embrace the new job with the same vigor and passion that first brought you to this industry. That is the only way that the InfoSec profession will graduate to a higher form and purpose and the skills-gap rhetoric will subside.
