Kevin Beaver, an information security consultant with Atlanta, Ga.-based Principle Logic, LLC, says the industry has shifted so much in the last several years that even the way people perceive success has changed. Today, it's no longer all about the technology. It's just as much about using IT to create customer loyalty and to out-wit competitors.
Today, the successful IT professional also is a savvy business person.
''It used to be more about what protocols you know, what firewalls are you expert on, what encryption algorithms do you understand,'' Beaver, who will be speaking at the RSA Conference in San Jose this week, told Datamation. ''Now the bigger focus is on IT governance and the business side of security. That's where the value is.
''And it's obviously affecting how people set their goals, how they sell security to upper management, and the continuing education that they receive,'' he adds.
With IT professionals increasingly being expected to join business teams and work on business projects, knowing the technology is becoming a smaller and smaller part of the job. Beaver says it's a mistake to focus solely on the technology, and it's a mistake that can drag down a security career.
''I think the successful security professional will focus more on the career side than on the technical side,'' says Beaver. ''Technology is just a small component of the career now. It's more about the business side of things -- risk management; policies; being able to tie business goals and security goals together; having metrics to make sure that security projects are successful in terms of what the business needs.''
Beavers offers up a set of tips to the IT professional looking to build a strong career. Some of the elements to success are:
But the big question is how do IT professionals find the time to bone up on relationship building and communication skills when they have countless fires to put out on the network.
Beaver says the trick is to simply carve the time into your schedule, whether it's scheduling a lunch meeting with a business-savvy mentor or taking a class on the weekends. If it's tough to find the time to do it, simply worker harder at making the time.
''They're just fighting fires and catching every ball that's thrown their way,'' says Beaver. ''They should be spending a certain amount of time working on soft skills. It needs to be done continuously. Listen to audio books, go to training. Do something weekly or quarterly. Take some time off to do it, or study before or after work. I know that's the kind of stuff that has helped me.''
''You could be managing policies, performing audits and being a forensics investigator,'' he adds. ''I see a lot of people trying to become experts in every area related to security and it's not really possible. It's such a complex field and it has too many areas to specialize in. You can't be everything to everybody. Pick one area and focus on it, whether it be audits or forensics.''
But how do you make sure that what you specialize in isn't about to become antiquated? How do you make sure you're not specializing yourself right out of a job?
Planning. Beaver says it all comes down to planning ahead.
''Know corporate security policies, contracts and service-level agreements,'' Beaver says. ''The risk is that you're either left behind, or you're not going to know what your competitors, your coworkers and your peers are learning. Upper management will see them as more effective. You need to be able to offer business value.
''And if you don't know the legal side, you could be putting yourself or your organization at risk,'' he adds. ''If you're retaining data incorrectly or monitoring employees incorrectly, you're putting a lot at risk.''
Overall, Beaver recommends that people think long-term. While someone may be very focused and efficient when it comes to dealing with daily crises, they're not doing any favors for their careers.
''If you focus solely on putting out fires, you're going to get burned out,'' he notes. ''Your skill sets are going to become stale because you're only focusing on the stuff that's already in place and you're not exploring new technologies and new methodologies. Look up and see what else is going on.''