12 mistakes that ruin your security professional career

Mary K. Pratt | TUBE

There are many such stories. He is a smart person, but there is a co-worker who can’t move forward and hesitate or panic. CISOs also know these people. There was an outstanding employee that a CISO remembers. This employee loved to let others know how smart he was and if he deserved better treatment. Another CISO remembered a talented employee who only handled exactly what they asked for and did nothing more. Both haven’t worked very long. In the end, the boss judged that there were too many moral flaws and sent it out.
ⓒ Jaredd Craig (CC0)

These are just two examples of how CISOs and career management professionals talk about how to ruin a career. Some actions, such as illegal access to computer systems, are overwhelmingly obvious reasons for dismissal, but countless other reasons just block the possibility of getting promoted.

Obviously unethical and illegal behavior is not covered here. This is a fact that any expert knows. It also introduces the 12 common nature of problems that security leaders say can block your cybersecurity career and how to avoid that fate.

We believe security is our end goal

“The biggest problem I’ve seen is thinking that security is everything and the end goal,” said James Karder, CSO at security technology company LogRhythm. “I do not know that I have to make business possible because I work with this attitude.” These people need to know that they need to collaborate with their business associates to understand the company’s goals and to help them, not interfere with the company’s goals.
“Security is something that has a lot of standards, regulations, and frameworks, but it’s often a crappy implementation,” said Rus Kirby, CISO at software company ForgeRock. “We are trying to implement them in terms of standards, not business context.”

Invite isolation

Likewise, Kirby points out that security professionals are so focused on their own purposes that they otherwise alienate themselves from other departments they would like to work with in search of solutions. Kirby cited the security team trying to change the password length of an application from 8 to 20 characters. The IT application team objected, saying what they would do with 12 characters, but changing beyond that would take too much time and money. The security team has earned a reputation for bad relationships and irrationality by doing things without stepping back from the original requirements.

“If the security team had a better relationship, or if they had heard the story better, they would have identified the problem, made a compromise, and the roadmap of the application would have revealed that no matter how long passwords can be applied within a year,” Kirby said. “But their resolute and very strict attitude gave the impression that the security team was something to avoid, otherwise they missed many of the opportunities they could have as a security team.”

Pretend to be too handsome

There is no doubt that the security field attracts a lot of talented people. But no one thinks there are smart people in the security field alone, and you shouldn’t behave like that. It’s a common problem, says Lize Stewart, performance executive at professional services firm EisnerAmper. Stewart taught young employees that pride can be a problem as long as they have the potential. The employee sighed when people didn’t understand what he was saying. He immediately criticized and mainly used negative words, and although he was a highly skilled employee, he became someone he would not trust. Stuart stressed that the people who work with him shouldn’t make others feel stupid.

Stewart says there are limits to being smart. “A lot of people think that technical competence will give you a promotion, but it is not. Such cases are very rare. “I don’t know if Steve Jobs was so successful, but Jobs is very exceptional.”

Too timid

On the other hand, some security officers, especially new employees, lack confidence. Katie Cassali, Director of Career Services at Carnegie Mellon University, said, “He thinks he’s not good enough and doesn’t have enough talent,” he said. “You don’t believe in yourself and you may not be able to volunteer for important projects or apply for promotion.”

“These people don’t know how to speak up or disagree with their boss or coworker. “You can solve problems or mitigate risks, but you can’t.” He also advised that time and experience will help confidence, but if you have a mentor to encourage you, it will be much better.

Unable to control emotions

Most of the work life these days is stressful, but security teams have the added burden of being an endless target of external threats. Everyone feels that it is a security team. But a colleague who is completely ruined by feelings of hopelessness does not help. Stuart pointed out that “a person who screams and complains this way is likely to ruin their reputation and career.” Because you will be considered emotionally immature.

In addition, people who do this are reluctant to be part of a team, so they are more likely to be unable to participate in core projects that benefit their careers. “You must have the ability to control your emotions,” Stuart added. “When you feel good, you can accept it even if your emotions are high, but when dealing with troublesome problems, it is difficult to accept.”

Only talk about technology

CompTIA’s Chief Technology Evangelist James Steinzer remembers when he talked about technology in his first board announcement. And I remember the scene where the director’s eyes were closed. It’s a beginner’s mistake, and Steiner got out of the crisis by quickly switching to more business-related terms. However, many security professionals don’t know or try to turn technology stories into business languages ​​like this. Steinzer added that this prevents him from being promoted to the board, to top management, or even to manager.

“When you say technical things, you ignore the person’s story. “Because your career doesn’t improve, and no one listens to you, you have to deal with the low-level issues you raise.”

Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!