The Security Innovation Europe Blog

5 Ways to Ruin an Information Security Career

Posted by Alan Pearson on Oct 23, 2014

Work in information security?

Or want to work in information security in the future? 

There’s a lot to be learned, and it takes time. You never stop, and that means you’ll make mistakes.

Some mistakes are forgiveable, but others can damage your career. 

In today’s post I share five ways to quickly ruin an information security career.

1) Fail to Stay Ahead of The Curve

Information security practitioners always need to be reading. They subscribe to top blogs (like these 40), read industry magazines, keep ahead of the latest research, continually update their technical skills and keep on the look-out for industry developments.

Few industries move as fast as information security. New exploits are discovered every minute, and best practices change repeatedly in the course of just a year. 

If you’re not keeping ahead of the curve and topping up your knowledge/skills, you won’t last long.

2) Take No Responsibility for Inside The Firewall

A key sign of an ineffective information security professional is not taking any responsibility for what takes place inside the firewall. Staff are poorly trained in security best practices, and hardware/software is left to try and plaster over any weaknesses. 

Top information security practitioners understand that information security incorporates all aspects of the business. That means ensuring employees are using software safely, developers are well trained in security best practices, key software and hardware is kept updated, regular penetration tests are completed and that security is thought of as a key part of company processes, rather than an afterthought. 

3) Blame Other People for Security Failings

One way to cut your career short is to never take responsibility for security failings. When an employee makes a mistake, that’s your failure as much as theirs. Clearly, that employee was not setup to succeed. It’s not just their fault, but the processes within the organisation, and potentially their training. 

Top information security practitioners take responsibility for every breach or security risk, and use their best efforts to minimise them. If you’re always playing the blame game, then you’re failing to understand your responsibilities. 

4) Speaking Bits and Bytes, Not Business

If you want to succeed as an information security practitioner, you need to get used to talking about business impacts and benefits, rather than the technical details. When you go into a meeting with senior executives or people who aren’t well versed in information security, you need to be able to explain yourself in terms they’ll understand. 

Too many technically minded people fall into a trap of speaking in a language that the people they work with just don’t understand. An easy way to be seen as irrelevant.

5) Talk Down to Others

An easy way to mark a sudden end to your information security career is to talk down to people outside of the security world. It’s easy to lose yourself in the security bubble, and talk down to people that don’t understand security concepts as well as yourself. 

Be clear and concise when you talk to others you work with, and resist the urge to talk down at people or point out stupid mistakes. Offer constructive criticism — don’t just pick apart your colleagues’ suggested solutions. how to roll out and effective application security training program

start improving your application security (free whitepaper)

Popular Posts

Wait!

Was this article useful? Sign-up and we'll send you one like it every Monday.


No, I don't need to know more about security

© Copyright 2014 Security Innovation Europe Ltd. All rights reserved. A company registered in England & Wales. Registration number: 8321696.