What would you do?

ecuisonecuison MemberPosts: 109Registered Members ■■■□□□□□□□
So say, your director hires a manager who doesn't have any InfoSec management level certifications i.e CISSP, CISM, etc...but you have some management level certs with extensive experience on both management and technical sides?  Do you expect growth opportunity when there is no anticipation for the team to grow in size as well as no motivation from the team to go an attain these level of certs?

I'm merely trying to look at other people's perspectives in this particular situation.
Accomplishments: B.S. - Business (Information Management) | CISSP | CCSP | TOGAF v9.2 Certified | Security + | Network +
In the Pipline: (ISC)2 HealthCare Information Security and Privacy Practitioner (HCISPP), CRISC

Comments

  • scaredoftestsscaredoftests Senior Member behind youPosts: 2,587Mod Mod
    Nope, I would not expect growth opportunity.  I'd start sending out resumes for jobs that appreciate your experience.
    Never let your fear decide your fate....
  • PCTechLincPCTechLinc Senior Member King City, CAPosts: 541Registered Members ■■■■□□□□□□
    I'm with scaredoftests.  You may pass out from holding your breath for too long.
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • promethuschowpromethuschow Member Northern VA, NYCPosts: 110Registered Members ■■■■□□□□□□
    NO and NO, its time to update the resume and look for new opportunity where your value will be much appreciated.
  • EANxEANx Posts: 914Registered Members ■■■■□□□□□□
    Was the opening advertised? If so, did you apply?
    2018: CCIE Written (R/S) (done - Jan), CCIE R/S
    After that: MBA, OSCP
  • ecuisonecuison Member Posts: 109Registered Members ■■■□□□□□□□
    EANx said: 
    Was the opening advertised? If so,  of did you apply?
    I did, but was told that I didn't have enough "qualifications".  As I stated, hired a manager with no InfoSec management certifications which at least at that point, with not only experience and certifications, education, etc....shows to me that it had nothing to do with any of the qualifications I had, but that someone with less was better for the ISO in my opinion.  Also coupled with the fact there is another team member who has been on this team longer with no certs, that it wouldn't have been "fair" I suppose.

    But at this point, I never had any intentions on staying after they hired this manager as I seen the writing on the wall that with no certs, no intention of certs, let alone learning anything from this manager, only shows me that the door is the only option.  


    Accomplishments: B.S. - Business (Information Management) | CISSP | CCSP | TOGAF v9.2 Certified | Security + | Network +
    In the Pipline: (ISC)2 HealthCare Information Security and Privacy Practitioner (HCISPP), CRISC
  • DatabaseHeadDatabaseHead Posts: 2,284Registered Members ■■■■■■■■□□
    Doesn't sound like he values certs or you for that particular role......  
  • ecuisonecuison Member Posts: 109Registered Members ■■■□□□□□□□
    Doesn't sound like he values certs or you for that particular role......  

    It is what it is.  Throughout my career, I was told at some companies that education doesn't mean anything, others that it does, same with certs, experience, etc...which is why I covered my bases and got my degrees, got my management level certs, worked from Technician to Engineer/Architect so no one can say anything.

    It's a battle that I am sure a lot of people go through.  I don't take it well when people that do not have these fundamentals as standards, have the audacity to say that education and certs don't mean anything to me when they themselves don't have it because they couldn't pass or get it and can only rely on "experience" or that it's too beneath them.  I've been in this field for 20 years now and still get this load of crap (ranting).


    Accomplishments: B.S. - Business (Information Management) | CISSP | CCSP | TOGAF v9.2 Certified | Security + | Network +
    In the Pipline: (ISC)2 HealthCare Information Security and Privacy Practitioner (HCISPP), CRISC
  • jeremywatts2005jeremywatts2005 Posts: 323Registered Members ■■■□□□□□□□
    Similar thing is happening to me. With my company now 3 yrs and almost no growth in salary and no opportunity to move forward because the team is not expanding nor will it expand and neither is any other team. Plus zero from the company for development like certs and conferences. Plus they cut our bonus in half instead of 20% it is now 10%.

    Companies need to wise up and start offering career progression paths in infosec along with appropriate pay. Shoot all they do is complain about not finding a unicorn and when they find one they don't feed it. Makes no sense to me why companies are doing this. There has been drastic shifts in the market and the need to look at the staff they have invest more in them and develop succession plans for the staff who want to do more or are able to do more. It is called motivating your employees and staff through non payroll. Some companies must not have gotten the memo that the market is HOT!!! 

    I found out my value real fast when I turned on Linkedin and set my preferences to actively looking. I make in the 140K range just had an interview in the 200K range base salary no bonus and an hourly rate. Even a contract w benefits on W2 paying that much with the chance at perm is better than being in a dead end going nowhere job. The salary alone would help redefine my salary scale and worth to other employers. I would start to shop passively determine your market value and if there is a significant increase in salary and position I would go actively looking. Don't let yourself get stagnant in a job because it is comfortable keep the momentum going you have skills that the market wants and needs now go get your dream job that values you. 
  • DatabaseHeadDatabaseHead Posts: 2,284Registered Members ■■■■■■■■□□
    edited December 5
    Everyone seems to have their own opinion that's for certain.  Like you I have ran into all sorts of managers.  The type that want X, Y, Z or no go, others who actually frown upon those...   Some view education as the holy grail while others favor certifications and like your current situation, experience is 99% and everything else falls into the other 1%.  

    I subscribe to the phrase the whole is greater than the sum of it's parts.....   Essentially review the entire package and then make a decision.   I'm not binary in my way of thinking when it comes to hiring.  I could take a person who just has experience and just as easily as someone who has less experience and certifications etc.... 

    One thing is for certain, if you are being told education and or certs don't mean anything that shows a lack of empathy and emotion.  Even if I think a certain degree is weak or some certification I am not going to tell the individual that......    Wow might be time to move on...... 
  • LonerVampLonerVamp Senior Member Posts: 218Registered Members ■■■□□□□□□□
    Sounds like your director and the new manager won't be interested in certifications. However, I can't say whether that means they won't believe in growth and moving upwards. What sort of previous experience does the new manager have? Will they value you as you get more years of experience under your belt?

    Honestly, "management certs" means nothing to me outside of an MBA. Security knowledge comes with those, but not "management" experience.

    Also, "manager" has two different meanings, and there are times where if you have no experience managing actual people, a company would rather bring someone in who has experience managing people rather than train someone brand new who may or may not be ready to manage people without a lawsuit or something. But, maybe in your case, "manager" just means it is the manager of security, like Security Manager is sometimes used, or Office Manager.

    That said, if you value certs and want to use those to move upward, clearly your new manager and the director won't put much weight behind them?

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, CISSP, OSWP, CCNA Cyber Ops, Sec+
  • ecuisonecuison Member Posts: 109Registered Members ■■■□□□□□□□
    LonerVamp said:
    Sounds like your director and the new manager won't be interested in certifications. However, I can't say whether that means they won't believe in growth and moving upwards. What sort of previous experience does the new manager have? Will they value you as you get more years of experience under your belt?

    Honestly, "management certs" means nothing to me outside of an MBA. Security knowledge comes with those, but not "management" experience.

    Also, "manager" has two different meanings, and there are times where if you have no experience managing actual people, a company would rather bring someone in who has experience managing people rather than train someone brand new who may or may not be ready to manage people without a lawsuit or something. But, maybe in your case, "manager" just means it is the manager of security, like Security Manager is sometimes used, or Office Manager.

    That said, if you value certs and want to use those to move upward, clearly your new manager and the director won't put much weight  behind them?

    This is a moot point at this point for me.  I don't think there is anything can make me think otherwise based on numerous amount of feedback to even contemplate staying here if even my own efforts to advance myself have been in vein here.  I agree with you in regards to the MBA part, but because that level isn't even present under my immediate management chain, I am going off of the next level down.  

    My take away in all of this is I motivated myself to continue to educate myself in my field of focus to cover my basis for any future opportunities.  I'm not going to lie and say the manager isn't a nice guy or let alone a good manager, but with what was conveyed to me that I would learn something with this new manager (been about 2 years now), hasn't come to fruition.

    With that said, my coming here with this question is to see what perspective I am not seeing where I am truely benefiting from being in my current situation.
    Accomplishments: B.S. - Business (Information Management) | CISSP | CCSP | TOGAF v9.2 Certified | Security + | Network +
    In the Pipline: (ISC)2 HealthCare Information Security and Privacy Practitioner (HCISPP), CRISC
  • paul78paul78 Posts: 2,797Registered Members ■■■■■■■■■■
    Does that new manager have any actual infosec and management experience? And does that new manager have experience in the business industry of your employer? Did the new manager have a prior relationship with senior folks at your employer? There are so many factors, perhaps those factors were more important criteria in the hiring decision. 

    Different people value different things.

    I won't comment on whether there's growth opportunity because I'm not familiar with the size of your employer or what industry you are in. If it's a 100 person company - there's probably limited growth opportunity - if it's a 100,000 person company, well....

    Realistically, if you just don't like the outcome and you simply want a change of scenery, start to look around.
  • Azt7Azt7 Member Posts: 76Registered Members ■■■□□□□□□□
    ecuison said:

    With that said, my coming here with this question is to see what perspective I am not seeing where I am truely benefiting from being in my current situation.
    In my current job search, I pay special attention to who's the manager and ensure that they have either more contextual valuable experience / relevant or higher certs to be able to actually manage me. 

    I just can't work under somebody who knows less than I do. It makes no sense to me whatsoever.

    My 2 cents 
    Certifications : ITIL, MCSA Office 365, MCSE Productivity, AWS CSAA, Azure Architect
    Studying for : CCSK 
    2019 : COBIT - CCSP (maybe)
    2020/2021 : TOGAF - CGEIT
  • LonerVampLonerVamp Senior Member Posts: 218Registered Members ■■■□□□□□□□
    ecuison said:
    LonerVamp said:
    Sounds like your director and the new manager won't be interested in certifications. However, I can't say whether that means they won't believe in growth and moving upwards. What sort of previous experience does the new manager have? Will they value you as you get more years of experience under your belt?

    Honestly, "management certs" means nothing to me outside of an MBA. Security knowledge comes with those, but not "management" experience.

    Also, "manager" has two different meanings, and there are times where if you have no experience managing actual people, a company would rather bring someone in who has experience managing people rather than train someone brand new who may or may not be ready to manage people without a lawsuit or something. But, maybe in your case, "manager" just means it is the manager of security, like Security Manager is sometimes used, or Office Manager.

    That said, if you value certs and want to use those to move upward, clearly your new manager and the director won't put much weight  behind them?

    This is a moot point at this point for me.  I don't think there is anything can make me think otherwise based on numerous amount of feedback to even contemplate staying here if even my own efforts to advance myself have been in vein here.  I agree with you in regards to the MBA part, but because that level isn't even present under my immediate management chain, I am going off of the next level down.  

    My take away in all of this is I motivated myself to continue to educate myself in my field of focus to cover my basis for any future opportunities.  I'm not going to lie and say the manager isn't a nice guy or let alone a good manager, but with what was conveyed to me that I would learn something with this new manager (been about 2 years now), hasn't come to fruition.

    With that said, my coming here with this question is to see what perspective I am not seeing where I am truely benefiting from being in my current situation.
    Makes sense. Also, I'm sure you learned something with those certs, which is also part of the reason to do them.

    I didn't realize this new manager was already present for 2 years.  :O

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, CISSP, OSWP, CCNA Cyber Ops, Sec+
  • ecuisonecuison Member Posts: 109Registered Members ■■■□□□□□□□
    LonerVamp said:
    ecuison said:
    LonerVamp said:
    Sounds like your director and the new manager won't be interested in certifications. However, I can't say whether that means they won't believe in growth and moving upwards. What sort of previous experience does the new manager have? Will they value you as you get more years of experience under your belt?

    Honestly, "management certs" means nothing to me outside of an MBA. Security knowledge comes with those, but not "management" experience.

    Also, "manager" has two different meanings, and there are times where if you have no experience managing actual people, a company would rather bring someone in who has experience managing people rather than train someone brand new who may or may not be ready to manage people without a lawsuit or something. But, maybe in your case, "manager" just means it is the manager of security, like Security Manager is sometimes used, or Office Manager.

    That said, if you value certs and want to use those to move upward, clearly your new manager and the director won't put much weight  behind them?

    This is a moot point at this point for me.  I don't think there is anything can make me think otherwise based on numerous amount of feedback to even contemplate staying here if even my own efforts to advance myself have been in vein here.  I agree with you in regards to the MBA part, but because that level isn't even present under my immediate management chain, I am going off of the next level down.  

    My take away in all of this is I motivated myself to continue to educate myself in my field of focus to cover my basis for any future opportunities.  I'm not going to lie and say the manager isn't a nice guy or let alone a good manager, but with what was conveyed to me that I would learn something with this new manager (been about 2 years now), hasn't come to fruition.

    With that said, my coming here with this question is to see what perspective I am not seeing where I am truely benefiting from being in my current situation.
    Makes sense. Also, I'm sure you learned something with those certs, which is also part of the reason to do them.

    I didn't realize this new manager was already present for 2 years.  :O
    I've been technical most of my career (Linux Systems Administrator) with Microsoft, RedHat and other technical certs that have long been expired.  I still love the technical which shows in my home lab that has grown and carried me through those years trying to make my self relevant to survive in the world of IT/Systems Administration/Engineering, etc.., but also have InfoSec as a Mistress even though she is who I always attempt to see and please on a daily basis.  Ok, enough of the euphemisms (pointing at myself).  Yes, I learned a lot and it has definitely taken me in the InfoSec direction I've been eyeing for, for more than 15 years.  From all that time, it's always been about the enhanced knowledge.  The certs were great to remind me what I had to go through, and continue to go through to show their true value. 

    When I look at all of this, all I can think about is supporting my family.  I still have time to grow, and I don't want to waste it if I don't have the chance to.  
    Accomplishments: B.S. - Business (Information Management) | CISSP | CCSP | TOGAF v9.2 Certified | Security + | Network +
    In the Pipline: (ISC)2 HealthCare Information Security and Privacy Practitioner (HCISPP), CRISC
Sign In or Register to comment.