If you ever go into management in the infosec field (or really any field) get ready for a huge shift in mindset.
Finishing the Exploring Information Security podcasts was a great decision for me. I would love to still be doing it, however, it’s just not valuable for me as a manager right now. I am no longer thinking about the latest happenings in infosec. I am still paying attention to what’s going. It’s just that my performance is largely reliant on the people that report to me. That means managing workloads, removing blockers, providing feedback, making decisions, and metrics.
It’s been a shift for me, even though I knew it was coming. I have to delegate or else I get to caught in the day-to-day operations. It’s not efficient for me as a manager. I’ve seen others get promoted into management and struggle. Largely because they still wanted to do the technical things and get paid as a manager. That’s just not possible based on the role. I’ve always wanted to go into management. I find the challenge in how do I get the most of the people that report to me. How do you make someone as productive as possible.
Oh, it’s also about politics. If you can’t, “play” the political game you will struggle as a manager. To get things done as security professionals requires building relationships with other departments. We in security have a big stick. Using that stick to get things done has the effect of making people not like you. Instead I like to build relationships using the techniques of social engineering. It’s much more effective and people tend to like you afterwards.
A resource that helped me prepare for a management role is Manager Tools. It’s a great tool for figuring out how to be an effective management. They’ve been around for several years with lots of topics to dive into. Even if you’re not interested in management they have the Career Tools podcast, which focuses on career advice. There’s resume, interviewing, how to ask for a raise, and much more. The hosts are very direct and to the points, which will rub some people the wrong way. They have data to back up their recommendations, though. I can confirm that using their techniques has helped me shift into management and become a better professional. The most beneficial being how to write a resume and interviewing.
Prior to listening to the Career Tools podcast, I struggled writing resumes and interview. This despite going to seminars and reading books on how to do both. At one point it took me 15 months to find a new opportunity. After listening to the podcast I increased my job offers dramatically and eventually found my current opportunity that I hope to retire from.
I’m hoping to document my experiences in future blog posts. While I’m not as focused on the technical infosec things, maybe I can contribute from the career advice of things.
this blog post first appear on Exploring Information Security