Do You Still Want to be a Fireman?

June 8, 2015

This is part of a series of posts on Future Proofing Your Security Job.

When we were young kids, we had this vision of what we wanted to be when we grew up. A fireman is a classic example. When we got our first job, we also had a vision of where we thought we’d go. Then there is the awful interview question, “Where do you want to be in 5 years?”

Dan Manley, a former co-worker from KPMG and now Director of Information Security at Allstate, reached out after reading the blog post on my jobs that no longer exist. He thinks there are a series of jobs we all wanted earlier in our careers that we’ve left behind.

When I graduated college, I thought that I didn’t want to be a developer. So I went into network and system administration. Funny, today my job is to help developers’ secure their code. For Dan, he thought PKI and encryption was the direction is he was going to take. While he never followed that path, today he finally owns that discipline at Allstate.

Dan finds that many people he talks to about their career aspirations want to be CISOs. I wonder in 5 years how many will still want to a CISO? (And really, who wants to be a CISO anyway?)

It’s important to have aspirations. Something that drives you to improve and head you in a particular career direction. The security career is so fast moving that what seems interesting today is replaced by a tool a few years from now. Even the role of the CISO has evolved over the last few years as breaches have dominated the news. What looks like a job you want today may be completely different by the time you’re ready to fill it.

What to do?

The final post in this series is called Future Proofing Your Security Career and it’s about thinking through your own desires in a security career along with the constantly changing security landscape.

There is one thing you can do today to avoid the problem above. Expand your knowledge beyond your current skillset. Expand it beyond security. Learn as much as you can so you’re a more diverse professional.

How I Ended Up Speaking at Blackhat

A long time ago, I spoke at Blackhat on VoIP Phishing. I was working at JPMorgan Chase and I sat next to a PBX Administrator. We would chat about problems he was having with their Avaya phone system. I was giving him a hard time that an open-source PBX could out maneuver his expensive Avaya system. To prove my point, at night I setup an Asterisk PBX system and built out all of the capabilities he configured for JPMC.

Did it have anything to do with security? No. But through the process, I found the basis of my presentation. Now that I understood the underlying platform, I could easily figure out vulnerabilities to the system.

Since then, my VoIP background has helped me on countless occasions both specifically to security as well as in general.

Go Learn Something

Go learn something. Anything really. Three things will happen:

  1. Just like my blackhat example, it will tie back to security somehow.
  2. Like countless other things I’ve learned, you will find yourself in the room when the information will be critical to know. You will be multiple times more valuable for understanding it.
  3. You’ll find a new direction for your career. Career pivots are interesting. (That’s why I built my podcast they way I did.) Maybe it’s a change of industry or a change completely.

And most importantly, you’ll begin to figure out what you really want to be when you grow up.

This is one of my 9 Ways to Grow Your Security Career.