This year’s Information Security Summit, themed “Finding a Better Way”, was filled with lots of great information surrounding topics such as the Internet of Things, endpoint strategies, legality and compliance, career connections, and more. Over the course of my involvement in the infosec world, I’ve enjoyed going to various conferences and events, because - whether it’s during the presentations or even through brief conversations - I’m always able to pick up something new. But enough about me, the reason for this blog post is to hopefully give a few suggestions to the students who are starting to (<insert amazing idiom here/>) get their feet wet in the IT / infosec ocean.
Student appreciation at the Information Security Summit
Quick Note: I wanted to quickly give the founding fathers of the Summit, Glenn Brzuziewski (Hurricane Labs) and Gary Sheehan (ASMGi), a shoutout for creating a conference that has become such a great community and awareness-building tool for our IT/infosec professionals, educators, students, nonprofits, organizations, and others.
This blog post was inspired by one of the sessions I attended, which was a student-only discussion driven by both Glenn and Gary. The session was a very open discussion about career exploration, networking strategies, and other ways students can take their curiosity to the next level.
After having been there and hearing such good advice, I decided to take the information I gathered and put it into a networking tips and tricks type thing. So, here we go.
#1 Use listening to your advantage
Always keep an ear open for new trends, industry language, and the various topics being discussed. There’s only so much you can gain from the media (these days too many journalists overhype their stories or don’t fully understanding the things they’re writing about). That’s why at conferences, like the Information Security Summit, you can really take advantage of the direct face-to-face connections. It’s not all the time you’re going to have such easy access to individuals of all different positions and coming from such a wide variety of companies.
The insights you can gain from talking and listening to those who are experiencing it firsthand and who understand the intricacies of what’s going on is invaluable. Also, being able to ask questions, listen, and respond to what you’ve heard is only going to take your networking skills to the next level.
#2 Learn more to ask better questions
Knowing what questions to ask during any type of networking conversation can be a challenge, and even more so with something as complex as IT/infosec. So, where can you start? It’s no secret that the vast majority of us use our devices for a lot of dumb stuff… but here’s the exciting thing - you (yes, you, it’s in your hands) have the power to take a few minutes out of your day and wield this magnificent tool to transcend the all-consuming world of Snapchat.
By using the technologies you have at your disposal and reading about the various vulnerabilities and attacks going on, you’ll be able to see what’s going on, what has happened in the past, and you can start forming that bigger picture view and possibly even start to see where things are going.
(Note: Being aware of what’s going on in the IT/infosec news and asking the pros for their take on it, as well as having the confidence to share your perspective on it, are all major pluses in the networking world).
Here are a few questions you can store away in the back of your mind when chatting up industry pros:
- What do you like best about what you do?
- How did you get involved in the IT/infosec industry?
- What challenge is your company’s product/solution solving?
- How niche or broad would you say your organization’s solution is?
- Knowing there’s a skills gap in IT/security, does your company look at recruiting and retaining talent as a priority? And are you currently hiring for any positions?
- What other industry conferences do you attend or groups are you involved with?
- What are some of your go-to resources for getting guidance in this field?
- What advice would you give me if I wanted to be successful in your line of work?
Keep in mind as well that people, and companies, like when you know a little about them. So, if there’s one you’re interested in specifically, do your homework.
#3 Practice recognizing other perspectives and “framing”
IT/infosec pros are all too familiar with statements like, “Uh yeah, I couldn’t get this project done because the business people didn’t understand…” Even though this is an issue the community is trying to work on, the tension between business and technology is still pervasive.
Information technology and security is complex. Business isn’t necessarily going to understand what’s going on under the technical “hood”, and maybe sometimes they don’t need to, but they will want to understand how it’s going to impact them in the end.
It’s all about how you “frame” your position, which means explaining it in a way that fits into their picture of what’s important to them. ROI can be a good example where framing would come in handy. There’s often a disconnect between the tech/security team presenting their reasons for why something is so important versus the business on the other side of things saying, “Okay, but where does this fall into play when it comes to ROI and the dollar signs.” (Maybe not in such blunt terms, but you get the idea).
During the summit session, I was happy to hear some of the students talk about the intermingling of both technology and business-related courses that they’re taking. Having that awareness and being able to see the perspectives of both sides, as well as actually working with both, is important as our community continues to bridge that gap.
Seeing security as a functioning part of the bigger picture and knowing how your initiatives fit into both your world and the business world will only help the organization progress as a whole.
#4 Understand that people like real people
Fortunately, here at Hurricane Labs we’re all about keeping things real, not being afraid of opinions, doing what works best with the quirky personalities we have around here, and generally having a “no black box” mentality - both internally and with our clients. It seems, at least from what I’ve seen, that across our industry there is an openness and acceptance that’s awesome for all types of people and interests.
Just be honest and upfront. Don’t put yourself in a box or feel like you have to put on some fake front. You’re going to find the right area of interest and you’re going to find a company culture that works with who you are.
If you’re very new in the industry, let the pros know you’re exploring your options - whether you’re simply educating yourself on their product/solution, keeping an eye out to utilize the skills you’re gathering in order to work for their company someday, etc. People like honesty; people like real people. As we’re working on ways to better information-share and improve our field as a whole, it takes more people being straightforward, being real, and learning from one another.
#5 Figure out what makes sense to you and run with it
Now is your time to explore, so take advantage of it. There are so many ways companies are coming up with solutions for the tons of issues we have zooming around out there. Find what makes sense to you and in area that you’re truly passionate about. There are no parameters around infosec, especially with the emergence of IoT, so your options are limitless.
Figure out what you want to accomplish, set goals, find a place you can do that, and run with it.
Hope this helps!
I’m hopeful you’ll take some of my tips and put them to use when you’re at your next conference. Even if it’s just taking that first small step in approaching a vendor and asking them a couple questions. You’ll be surprised by how much that first step can accomplish. It’s also great that our community has a lot of free groups and events. Take advantage and learn as much as you can.