Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

1/21/2020
07:00 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

7 Tips for Infosec Pros Considering A Lateral Career Move

Looking to switch things up but not sure how to do it? Security experts share their advice for switching career paths in the industry.
Previous
1 of 8
Next

(Image: Punsa - stock.adobe.com)

(Image: Punsa - stock.adobe.com)

Cybersecurity professionals have their pick from a diverse range of specialties within the industry, from network security to penetration testing to incident response. It's not uncommon to switch specialties over the course of a career. The question is, how do you to go about changing?

"As part of normal [career] growth, I've noticed people want to move into different areas," says (ISC)2 CIO Bruce Beam. Some people may not make the jump from offense to defense but instead switch from security operations roles to positions more focused on compliance.

A lateral career jump can be beneficial not only for security pros, but for the industry overall. The ability to move from job to job is needed because it introduces different perspectives into the workplace, says Kayne McGladrey, member of IEEE and CISO at Pensar Development.

"Right now we have an unprecedented challenge in hiring a diverse workforce in cybersecurity," he explains. Still, it's more difficult for some practitioners to make a transition because of obstacles in the hiring process. It may be easy for a Certified Ethical Hacker to apply for a job seeking the CEH, for example, but someone without that certification may be filtered out.

"Human resources, in a lot of organizations, has become a regulatory control function and inhibits hiring because of its focus on certifications," McGladrey says. This is partly why it's difficult for blue teamers to jump to the red team, a process that "looks to be an insurmountable and very difficult series of certifications," he points out.

Another challenge for infosec pros seeking a lateral career move is the lack of time spent in their desired area of expertise. If HR sees two applicants with the same skills, but one has been in the related role for two to five years, they're more likely to pick who has more experience.

"In cybersecurity we have a slightly more pronounced competition for talent, but also people change jobs more frequently in cybersecurity," McGladrey says. It's not unusual to meet a CISO who has held three different jobs in the past five years, he points out. In an industry where professionals commonly love learning and seeking new challenges, it's likely they'll also want to test new career paths.

For security practitioners who want to work in a new area of the industry but don't know how to go about doing it, McGladrey and Beam share their steps and advice. How about you? Have you made a lateral career move? What tips would you offer security pros? Feel free to share your thoughts in the Comments section below.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Pieter Danhieux
100%
0%
Pieter Danhieux,
User Rank: Author
1/22/2020 | 10:29:21 PM
Great article
Nice to see some practical tips for bridging the security skills gap!
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19325
PUBLISHED: 2020-02-17
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built...
CVE-2020-1693
PUBLISHED: 2020-02-17
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbi...
CVE-2020-1828
PUBLISHED: 2020-02-17
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. ...
CVE-2020-1857
PUBLISHED: 2020-02-17
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authent...
CVE-2020-1858
PUBLISHED: 2020-02-17
Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Att...