What would you do?

So say, your director hires a manager who doesn't have any InfoSec management level certifications i.e CISSP, CISM, etc...but you have some management level certs with extensive experience on both management and technical sides? Do you expect growth opportunity when there is no anticipation for the team to grow in size as well as no motivation from the team to go an attain these level of certs?

I'm merely trying to look at other people's perspectives in this particular situation.

Find more posts tagged with

Comments

scaredoftests

Nope, I would not expect growth opportunity. I'd start sending out resumes for jobs that appreciate your experience.

PCTechLinc

I'm with scaredoftests. You may pass out from holding your breath for too long.

COBOL_DOS_ERA

NO and NO, its time to update the resume and look for new opportunity where your value will be much appreciated.

EANx

Was the opening advertised? If so, did you apply?

ecuison

EANx said:

Was the opening advertised? If so, of did you apply?

I did, but was told that I didn't have enough "qualifications". As I stated, hired a manager with no InfoSec management certifications which at least at that point, with not only experience and certifications, education, etc....shows to me that it had nothing to do with any of the qualifications I had, but that someone with less was better for the ISO in my opinion. Also coupled with the fact there is another team member who has been on this team longer with no certs, that it wouldn't have been "fair" I suppose.

But at this point, I never had any intentions on staying after they hired this manager as I seen the writing on the wall that with no certs, no intention of certs, let alone learning anything from this manager, only shows me that the door is the only option.

DatabaseHead

Doesn't sound like he values certs or you for that particular role......

ecuison

DatabaseHead said:

Doesn't sound like he values certs or you for that particular role......

It is what it is. Throughout my career, I was told at some companies that education doesn't mean anything, others that it does, same with certs, experience, etc...which is why I covered my bases and got my degrees, got my management level certs, worked from Technician to Engineer/Architect so no one can say anything.

It's a battle that I am sure a lot of people go through. I don't take it well when people that do not have these fundamentals as standards, have the audacity to say that education and certs don't mean anything to me when they themselves don't have it because they couldn't pass or get it and can only rely on "experience" or that it's too beneath them. I've been in this field for 20 years now and still get this load of crap (ranting).

jeremywatts2005

Similar thing is happening to me. With my company now 3 yrs and almost no growth in salary and no opportunity to move forward because the team is not expanding nor will it expand and neither is any other team. Plus zero from the company for development like certs and conferences. Plus they cut our bonus in half instead of 20% it is now 10%.

Companies need to wise up and start offering career progression paths in infosec along with appropriate pay. Shoot all they do is complain about not finding a unicorn and when they find one they don't feed it. Makes no sense to me why companies are doing this. There has been drastic shifts in the market and the need to look at the staff they have invest more in them and develop succession plans for the staff who want to do more or are able to do more. It is called motivating your employees and staff through non payroll. Some companies must not have gotten the memo that the market is HOT!!!

I found out my value real fast when I turned on Linkedin and set my preferences to actively looking. I make in the 140K range just had an interview in the 200K range base salary no bonus and an hourly rate. Even a contract w benefits on W2 paying that much with the chance at perm is better than being in a dead end going nowhere job. The salary alone would help redefine my salary scale and worth to other employers. I would start to shop passively determine your market value and if there is a significant increase in salary and position I would go actively looking. Don't let yourself get stagnant in a job because it is comfortable keep the momentum going you have skills that the market wants and needs now go get your dream job that values you.

DatabaseHead

Everyone seems to have their own opinion that's for certain. Like you I have ran into all sorts of managers. The type that want X, Y, Z or no go, others who actually frown upon those... Some view education as the holy grail while others favor certifications and like your current situation, experience is 99% and everything else falls into the other 1%.

I subscribe to the phrase the whole is greater than the sum of it's parts..... Essentially review the entire package and then make a decision. I'm not binary in my way of thinking when it comes to hiring. I could take a person who just has experience and just as easily as someone who has less experience and certifications etc....

One thing is for certain, if you are being told education and or certs don't mean anything that shows a lack of empathy and emotion. Even if I think a certain degree is weak or some certification I am not going to tell the individual that...... Wow might be time to move on......

LonerVamp

Sounds like your director and the new manager won't be interested in certifications. However, I can't say whether that means they won't believe in growth and moving upwards. What sort of previous experience does the new manager have? Will they value you as you get more years of experience under your belt?

Honestly, "management certs" means nothing to me outside of an MBA. Security knowledge comes with those, but not "management" experience.

Also, "manager" has two different meanings, and there are times where if you have no experience managing actual people, a company would rather bring someone in who has experience managing people rather than train someone brand new who may or may not be ready to manage people without a lawsuit or something. But, maybe in your case, "manager" just means it is the manager of security, like Security Manager is sometimes used, or Office Manager.

That said, if you value certs and want to use those to move upward, clearly your new manager and the director won't put much weight behind them?

ecuison

LonerVamp said:

Sounds like your director and the new manager won't be interested in certifications. However, I can't say whether that means they won't believe in growth and moving upwards. What sort of previous experience does the new manager have? Will they value you as you get more years of experience under your belt?

Honestly, "management certs" means nothing to me outside of an MBA. Security knowledge comes with those, but not "management" experience.

Also, "manager" has two different meanings, and there are times where if you have no experience managing actual people, a company would rather bring someone in who has experience managing people rather than train someone brand new who may or may not be ready to manage people without a lawsuit or something. But, maybe in your case, "manager" just means it is the manager of security, like Security Manager is sometimes used, or Office Manager.

That said, if you value certs and want to use those to move upward, clearly your new manager and the director won't put much weight behind them?

This is a moot point at this point for me. I don't think there is anything can make me think otherwise based on numerous amount of feedback to even contemplate staying here if even my own efforts to advance myself have been in vein here. I agree with you in regards to the MBA part, but because that level isn't even present under my immediate management chain, I am going off of the next level down.

My take away in all of this is I motivated myself to continue to educate myself in my field of focus to cover my basis for any future opportunities. I'm not going to lie and say the manager isn't a nice guy or let alone a good manager, but with what was conveyed to me that I would learn something with this new manager (been about 2 years now), hasn't come to fruition.

With that said, my coming here with this question is to see what perspective I am not seeing where I am truely benefiting from being in my current situation.

paul78

Does that new manager have any actual infosec and management experience? And does that new manager have experience in the business industry of your employer? Did the new manager have a prior relationship with senior folks at your employer? There are so many factors, perhaps those factors were more important criteria in the hiring decision.

Different people value different things.

I won't comment on whether there's growth opportunity because I'm not familiar with the size of your employer or what industry you are in. If it's a 100 person company - there's probably limited growth opportunity - if it's a 100,000 person company, well....

Realistically, if you just don't like the outcome and you simply want a change of scenery, start to look around.

Azt7

ecuison said:

With that said, my coming here with this question is to see what perspective I am not seeing where I am truely benefiting from being in my current situation.

In my current job search, I pay special attention to who's the manager and ensure that they have either more contextual valuable experience / relevant or higher certs to be able to actually manage me.

I just can't work under somebody who knows less than I do. It makes no sense to me whatsoever.

My 2 cents

LonerVamp

ecuison said:

LonerVamp said:

Sounds like your director and the new manager won't be interested in certifications. However, I can't say whether that means they won't believe in growth and moving upwards. What sort of previous experience does the new manager have? Will they value you as you get more years of experience under your belt?

Honestly, "management certs" means nothing to me outside of an MBA. Security knowledge comes with those, but not "management" experience.

Also, "manager" has two different meanings, and there are times where if you have no experience managing actual people, a company would rather bring someone in who has experience managing people rather than train someone brand new who may or may not be ready to manage people without a lawsuit or something. But, maybe in your case, "manager" just means it is the manager of security, like Security Manager is sometimes used, or Office Manager.

That said, if you value certs and want to use those to move upward, clearly your new manager and the director won't put much weight behind them?

This is a moot point at this point for me. I don't think there is anything can make me think otherwise based on numerous amount of feedback to even contemplate staying here if even my own efforts to advance myself have been in vein here. I agree with you in regards to the MBA part, but because that level isn't even present under my immediate management chain, I am going off of the next level down.

My take away in all of this is I motivated myself to continue to educate myself in my field of focus to cover my basis for any future opportunities. I'm not going to lie and say the manager isn't a nice guy or let alone a good manager, but with what was conveyed to me that I would learn something with this new manager (been about 2 years now), hasn't come to fruition.

With that said, my coming here with this question is to see what perspective I am not seeing where I am truely benefiting from being in my current situation.

Makes sense. Also, I'm sure you learned something with those certs, which is also part of the reason to do them.

I didn't realize this new manager was already present for 2 years. :O

ecuison

LonerVamp said:

ecuison said:

LonerVamp said:

Sounds like your director and the new manager won't be interested in certifications. However, I can't say whether that means they won't believe in growth and moving upwards. What sort of previous experience does the new manager have? Will they value you as you get more years of experience under your belt?

Honestly, "management certs" means nothing to me outside of an MBA. Security knowledge comes with those, but not "management" experience.

Also, "manager" has two different meanings, and there are times where if you have no experience managing actual people, a company would rather bring someone in who has experience managing people rather than train someone brand new who may or may not be ready to manage people without a lawsuit or something. But, maybe in your case, "manager" just means it is the manager of security, like Security Manager is sometimes used, or Office Manager.

That said, if you value certs and want to use those to move upward, clearly your new manager and the director won't put much weight behind them?

This is a moot point at this point for me. I don't think there is anything can make me think otherwise based on numerous amount of feedback to even contemplate staying here if even my own efforts to advance myself have been in vein here. I agree with you in regards to the MBA part, but because that level isn't even present under my immediate management chain, I am going off of the next level down.

My take away in all of this is I motivated myself to continue to educate myself in my field of focus to cover my basis for any future opportunities. I'm not going to lie and say the manager isn't a nice guy or let alone a good manager, but with what was conveyed to me that I would learn something with this new manager (been about 2 years now), hasn't come to fruition.

With that said, my coming here with this question is to see what perspective I am not seeing where I am truely benefiting from being in my current situation.

Makes sense. Also, I'm sure you learned something with those certs, which is also part of the reason to do them.

I didn't realize this new manager was already present for 2 years. :O

I've been technical most of my career (Linux Systems Administrator) with Microsoft, RedHat and other technical certs that have long been expired. I still love the technical which shows in my home lab that has grown and carried me through those years trying to make my self relevant to survive in the world of IT/Systems Administration/Engineering, etc.., but also have InfoSec as a Mistress even though she is who I always attempt to see and please on a daily basis. Ok, enough of the euphemisms (pointing at myself). Yes, I learned a lot and it has definitely taken me in the InfoSec direction I've been eyeing for, for more than 15 years. From all that time, it's always been about the enhanced knowledge. The certs were great to remind me what I had to go through, and continue to go through to show their true value.

When I look at all of this, all I can think about is supporting my family. I still have time to grow, and I don't want to waste it if I don't have the chance to.

Bordersan

If so, did you apply?

Randy_Randerson

There was a comment made by John Strand one day while we were chatting at a SANS conference: "The only sure-fire way to get promoted is to look outward and not inward."

This really struck me because you would think that companies would not want to lose their most talented people over something trivial like a HR title or elevating responsibilities. But alas. I've seen it first hand. I've discussed at length with my boss my concerns about a manager in our realm and that his people are probably going to leave. The only comment he made to me was "Randy, the company doesn't have feelings. If they choose to leave, they'll just be replaced." Keep in mind these are guys who reverse malware all damn day. Not exactly something easy to replace. Let alone they have an IR position on that team which has been opened for close to a year now and they've downgraded the position TWICE and they still can't get anyone to bite at it.

What your situation looks like to me is exactly what I've had to deal with, they don't know how to replace your technical skillset and they know it is easier to replace a manager than it is to replace you in your current position. So they'll thumb past your resume every single time because they don't want to need to interview for two positions, when they really only want to do the one. This takes me back to John's quote I have above. I echo the sentiment of many on here before myself. The only way you'll most likely get promoted is through another company. I've accepted that fact myself that if I ever want to leave the technical world, I will begrudgingly need to venture out in order to fulfill it.

ISOman

Certs will never teach you everything experience will. And experience never gives you the same new knowledge you get when you do study for a cert.

If you have both, update your resume and get looking.