A little over a year ago, we wrote a column focused on pandemic-induced challenges to in-person engagement to advance your security career. Conference and meeting attendance had gone to zero, and security professionals had to find creative ways to maintain visibility and source information other than at live events. That has remained the case across the past 13 months, and a good deal of networking activity moved online into forums and on boards.
Most security practitioners now know there are positive ways to develop and maintain your professional reputation, even if they are done virtually. They include meaningful engagement in professional groups and authorship that demonstrates your depth of knowledge. You can initiate research on industry-relevant topics or volunteer to serve on or chair study committees.
These activities, even if done only online, still provide an opportunity for the security community to learn about you. They can also be effective in bringing you to the attention of potential hiring managers who may be starting recruitment for someone like you.
However, where you choose to engage matters, as does the substance of what you are sharing and the content of your questions. Your goal is to positively impact your career, not lampoon it.
There has been an increase in questions and comments posted into security community boards and groups that do not take possible ramifications into consideration, career or otherwise. How you phrase a question to crowd-source your information can have unintended consequences that impact your reputation and brand. Unlike one-on-one conversations, everyone in the group can potentially learn what you don’t know or where your employer’s security vulnerabilities are.
We regularly see questions like the ones below that typically include the writer’s name, company and contact details:
“I am the Director of Global Security for XYZ corporation, and I have been asked to write a policy on conducting investigations. Does anyone have an example they can send me?”
“Does anyone know of a professional, reputable security company in XYZ location?”
“Can anyone advise on best practice?”
“I have been tasked with upgrading a corporate security policy for a large organization. Can someone share a current manual for my review?”
“Does anyone have suggestions on how to convince senior management to support a security program?”
“We are seeking to replace our company-wide access system, which keeps crashing. Does anyone have recommendations?”
Engagement with peers and benchmarking to assist research can be very helpful and effective. However, telegraphing in open forums or on social media that you may not be up to the role you are currently in may not be an effective approach.
Further, most organizations consider their work products to be protected and for internal consumption. Publicly asking for others’ materials may not be a wise choice. Generic requests for assistance also may not provide you with the most effective and relevant advice or materials, which you will then have to vet for reliability, quality and effectiveness.
Consider what information you are putting out for public consumption, how it might be used and by whom. Then be prepared to evaluate the expertise and/or motivations of the individual(s) responding.
Lastly, consider what this might look like to a recruiter or a potential hiring manager. If your resume or CV paints a picture of you as an accomplished security professional, posting questions that highlight your lack of knowledge or foresight does not support that position.