Chapter One
Finding, Interviewing for, and Getting the Job
So, you want a job in the field of Information Security. Do you have what it takes? Do you know what you want out of a job? How do you find the best job for you and your career? Later in the book, we review critical IT Security related topics, but in this chapter, we discuss what you want out of a job and how to find it.
Finding the perfect balance between your potential employer''s needs and your own can be somewhat challenging. We discuss how to employ several different methods for locating a job. We also discuss how to compare two or more salary offers so that you can make the best decision with the information available to you. If you are lucky enough to have multiple offers to consider, you will want to review the entire compensation package when comparing opportunities.
Qualifications
A significant number of employers consider a Computer Science or Engineering degree the ideal qualification. However, a surprising number of employers will consider relevant past experience as a substitution for a degree. Just a few short years ago, you couldn''t find a university that had developed an appropriate Information Security and Assurance curriculum from which one could obtain a degree. As a result, individuals with diverse academic backgrounds and the interest and ability to grasp technical information have become strong contenders in the field of Information Security. In my experience over the past 12 years, I''ve been surprised to see English majors working as Network Security Engineers and business majors working in Technology Manufacturing who have demonstrated incredible prowess in analytical thinking and problem-solving skills.
With that said, you will never see a job posting for an IT Security professional requiring a degree in art, history, or English. Are folks with these types of degrees capable of doing the job? Absolutely! Countless, highly skilled security practitioners are overlooked simply because they do not have the proverbial Computer Science or Engineering degree. Employers are beginning to catch on and, as a result, they are considering alternative ways of gauging aptitude and analytical thinking abilities. You may be asked to take a series of personality or aptitude tests (or both). If you''re pursuing a government job or a contracting position with the government that requires high security clearance, you will most certainly be required to take such tests.
The most important traits required to succeed in the IT Security field are the desire and ability to learn new technologies, a good head on your shoulders, and, most important, a new way of thinking. For those of you not yet familiar with this new way of thinking, this book introduces it to you in both subtle and not-so-subtle ways. For example, your preeminent Computer Science (CS) or Engineering graduate probably did not learn the concepts of least privilege, implicit deny/explicit permit, and defense in depth. These core concepts are not included in a traditional CS or Engineering curriculum. Therefore, the erudite professional will assimilate these core values on the job and in training.
Pursuing a Degree
If you are just getting started on your undergraduate or graduate degree and you know that IT Security is the field for you, then one of the National Security Agency''s (NSA) designated national Centers of Academic Excellence in Information Assurance Education (CAEIAE) may be worth considering. Out of the 3,500-plus higher-education institutions in the United States, only 75 (at last count) offer the Information Assurance curriculum adopted and evaluated by the NSA. These schools offer undergraduate and graduate-level programs in IA. For more information, Google "CAEIAE."
If you plan to pursue a job with the U.S. federal government, a degree from a regionally accredited college or university is almost certainly a requirement. The National Board of Education recognizes only six regional accrediting agencies. Regardless of whether you are pursuing a job with the federal government, having a degree from a regionally accredited college or university is the best investment for your money. Google "Regional Accreditation" and make sure that your school is accredited by one of the regional accrediting agencies, as shown in the following list:
New England Association of Schools and Colleges (NEASC) North Central Association of Schools and Colleges (NCA) Middle States Association of Schools and Colleges (MSA) Southern Association of Schools and Colleges (SACS) Western Association of Schools and Colleges (WASC) Northwest Association of Schools and Colleges (NWCCU)
If your school is not listed for your respective region, you may want to consider transferring to an accredited school. Keep in mind that most, if not all, regionally accredited schools recognize transfer credits only from other regionally accredited schools, providing yet another reason that you should stay away from unaccredited schools.
The Perfect Job
What is the perfect job? Have you put serious thought into what you want? We hope that you are considering more than just the salary. Later in this chapter, we discuss an in-depth method of comparing two or more offers so that you can make the best decision.
As with any successfully implemented IT project, you must start with requirements. Consider finding your next job to be a small-scale, high-priority project. Employ a methodical and analytical approach during your search and you will be surprised at the results.
Grab a piece of paper or use your favorite spreadsheet program to start your analysis. Although doing so may be hard, ignore the money for now. Let''s talk about the intangibles. Putting a quantitative value on a number of these benefits can be difficult, but they can make a drastic difference in your health and happiness at work.
The Intangible Benefits
Each of the following benefits has a qualitative value. These types of benefits will increase your work and life balance and make the job something to look forward to each day. Look for as many of these types of benefits as possible and be sure to keep in mind the following as you assess the importance of each one.
Employee First: In the past 12 years, we have interviewed with only one company that asserted its commitment to the employee''s happiness and well-being as its number one core value. It is unfortunate that most organizations care only about the final product, service, or good. If employers simply understood that happy employees are productive employees, we might have some more exciting places to work. Ask your potential hiring manager about his or her commitment to the employee. Employee-focused reputations: Many companies achieve notable status for the employee-focused work environments they have fostered. Check out Google "Top Tech 50" for a list of top-rated technology companies and see whether your prospective new company is on the list. A great place to find a company is from the 100 Best Companies for working mothers. Check it out at www.workingmother.com. Both Forbes and Fortune maintain top companies lists also. Work-life balance: Many companies have evolved in their philosophies where work-life balance is concerned. Companies that used to drive their employees toward "burn-out" under the guise of increased productivity are abandoning those practices in favor of encouraging more balanced work habits from their employees. The end result? Increased productivity and employee loyalty under a more sustainable and fulfilling work environment. Comp time: How does the company compensate for overtime? Will you have to work late nights and weekends to implement new projects? How often? It is quite common for most large companies to implement technology changes very late in the evenings, on weekends, or both. Although the position you are applying for might not pay by the hour, many companies compensate for the additional work employees are putting in on evenings or weekends by granting "comp time" (additional time off). Try to understand where the employer stands with respect to compensation for overtime. Be aware that the position may offer comp time or a larger salary to compensate - and both, if you''re lucky! Telecommuting: Telecommuting just might be one of the best benefits a company could offer because of the following advantages: It reduces stress on the employee from the daily grind of commuting. It reduces your auto insurance costs and general wear and tear on your vehicle. It drastically reduces your fuel costs. Employees can work free of workplace distractions and are generally happier as a result.
The telecommuting benefit can add up to thousands of dollars in annual savings; however, some employers are still adjusting to this new trend. Translation: They are stuck in the 1980s. Unfortunately, quite a few micro-managers survived the twentieth century and feel that they cannot effectively micro-manage you if you are sitting at home in your skivvies. Plenty of companies are huge proponents of this benefit, however, because it is a win-win scenario for both the employee and the company. The company no longer has to pay hundreds and hundreds of dollars per square foot for office space when you can do the exact same job in the comfort of your own home. In the past few years, the federal, state, and local governments have begun to recognize the benefits of telecommuting, such as reduced wear and tear on roadways and alleviation of traffic congestion. As a result, they have started offering tax incentives to companies that allow employees to work from home.
Flexible scheduling: Have you taken on the role of a being a twenty-first century parent, student, or gamer? If so, this benefit is huge. Perhaps you have to take the kids to school on Monday and Wednesday, and pick up the little rascals on Tuesday and Thursday. Maybe you need an extra hour in the morning to study for certifications or classes. You may just want time for late-night instance runs with your World of Warcraft guild. If you can find an employer with flexible scheduling, you can have a much more fulfilling work and life balance.
Job-site benefits: Although companies may seem to be offering more and more on-site incentives to their employees out of generosity, in reality, an employee who is offered on-site conveniences not only is a happy employee but also one with a diminished need to leave the office to take care of personal responsibilities. Make sure that you determine which on-site benefits are truly important to your work environment and which ones are "cool" but trivial benefits whose merits are, at most, bragging rights to your friends. Does the company have a gym or a small workout area? Does it hold on-site fitness classes? If the company does not offer an on-site gym, does it offer discounts at local gyms in your area? Does it reimburse you up to a certain amount (typically, 50 percent of the monthly fees)? Do they have on-site health care services at little or no cost to the employee? For families with kids, does the company offer company-sponsored (off-site is good; on-site is better) child care? Does it have a cafeteria that serves hot food? Is it edible? Is the food free? As much as we like our candy bars and Mountain Dew, vending machines do not count. Does the company have an open refrigerator of free health drinks, which will load you up with vitamin C and other nutrients? Does it have ping pong tables, air hockey, or other fun activities?
Can you bring your kids to work? Every day? How about your dog? Does the company have ample free parking, or does the employee have to absorb a portion of the parking fees because of the company''s location in a high-rent district? Perhaps the company offers reimbursement for mass transit. Is it an exciting place to work; is the place drab or fab? Is your office in the basement with gray, damp, musty walls or on an upper floor with a window and a great view? Discounts and memberships: My current company offers club membership to the big warehouse stores. It also offers 15 percent to 20 percent discounts at many of the retailers where we buy products. The savings can add up quickly. Banking: Does the company have an ATM or on-site bank? Does it offer membership to credit unions or other cost savings types of banks? These institutions can save you time, gas, and money. Others: There are many other unique and exciting benefits a company can offer. These companies will be proud to speak about their culture, so be sure to ask!
The Tangible Benefits
The following list of benefits have a quantitative value, meaning that you can place a dollar sign by each of these benefits when you include them in your analysis of the various job offers you have to consider.
Paid Time Off (PTO): Synonymous with vacation, balance days (sometimes called "floating holidays"), and sick time clumped together. Many employers now prefer to give employees a block of personal time that can be used for any purpose. If you have children, sick days will be one of your more important benefits to consider. No, we aren''t talking about time off for yourself; you will have to go to work when you are sick. You will have to save every possible sick day for the loving little tots who call you Mommy or Daddy. If you are contracting with your employer, you probably do not get any benefits other than an abnormally higher paycheck. If you are contracting, make certain that you calculate the cost of three to four weeks of PTO and health insurance before you quote an hourly rate to an employer. Health insurance: Make sure that you compare each of the major plans; specifically, you need to compare what is and what is not covered. One company may offer $5,000 more in salary than another but also may require you to absorb that much or more in out-of-pocket health care costs. If you have a family or are expecting or planning for a new family member, reviewing the health insurance is critical. Is your current doctor in the company network? Will you have to find a new doctor? It can be a real drag when the whole family has to find a new primary care physician.
Understand the difference between a PPO (Preferred Provider Organization) and an HMO (Health Maintenance Organization). For PPOs, the out-of-pocket costs are extremely varied, which might be challenging if you are trying to predict how much to deduct from your check each month if you are using a Flexible Spending Plan. With a traditional PPO, you typically pay a $10-$20 copay and then a percentage of the cost of the "provider-negotiated" rate for the visit (which can range from 0-30 percent) up to a yearly maximum out-of-pocket expense. The benefit, however, is that you may see any doctor or specialist of your choosing without having to make an appointment first with a primary-care physician for a referral. On the other hand, HMO plans typically cover 100 percent of your out-of-pocket costs at a lower monthly rate than do comparable PPO plans. The catch there is that you are typically prohibited from seeing any other doctor without a referral from your primary-care physician. If you forget to get a referral from your primary-care physician for a visit to the specialist, you may have to pay all the costs yourself.
(Continues...)
Excerpted from IT Security Interviews Exposedby Chris Butler Russ Rogers Mason Ferratt Greg Miles Ed Fuller Chris Hurley Rob Cameron Brian Kirouac Copyright © 2007 by Chris Butler . Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
