Career Path Coaching?

PattonArchPattonArch Registered Users Posts: 3 ■■■□□□□□□□
in Professional Development
Has anyone here used the services of a career coach for their career path in InfoSec?

I've been in the InfoSec world for well over a decade, and am at a crossroads as to where to go from here. I enjoy the work I do, and have been fortunate to have years of experience in a variety of security roles - analyst, auditor, policy & compliance, risk mgmt, encryption, engineering, architecture, etc etc. I have some of the industry certs that are considered foundational: CISSP-ISSAP, some SANS stuff, etc. So I have some options, but currently am so busy with work and life, its hard to keep abreast of trends to understand where I should be focusing to get where I want to go.

I've never used a career coach, but would welcome any recommendations on a service that would know InfoSec well enough to assist. Thoughts?
· Share on FacebookShare on Twitter

Comments

  • roninkaironinkai Senior Member San AntonioMember Posts: 307 ■■■■□□□□□□
    edited January 2020
    This is something I've been considering starting, simply because I get asked questions related to this all the time. But I would start with, what do you want to do?
    (ie: what is the end goal, CISO?, or Red Team Lead, etc). That would help map out a path. For myself, I'm looking at a cyber architect role, and once I identified the role, it was pretty easy to back fill the path with courses, certs, experience that I would need to obtain. 

    Things that are hot right now that might spark some ideas:

    Cyber DevOps (DevSecOps) / Automation
    Blockchain Technology (lots of new job demand / very few people who have this background)
    Cyber resiliency / survivability

    Do you want to stay technical, or move more towards the policy/compliance/management side? 

    I'm not (yet) an infosec coach, but again, I get asked all the time, so I end up giving advice based on my own experiences. Ive been in the field over 20 years.
    If you come across such a service, I'd be interested in seeing what they're about.
    浪人 MSISA:WGU
    ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
    2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
    · Share on FacebookShare on Twitter
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIAdmin Posts: 527 Admin
    I haven't really been on either side of a formal career coaching engagement, but I'd be more than happy to hear more about where you're at and where you want to go, and make some suggestions from there! 
    Community Manager at Infosec!
    Who we are | What we do
    · Share on FacebookShare on Twitter
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    I've been around a while as well, and have helped others. Typically, the first question is looking inward at what you want. What makes you happy? What do you want to be doing? What do you want to be making financially? This often starts with, "Do you want to stay technical or no?"

    And then starting to evaluate options from there. And ideas on how to get to those goals. Maybe some milestones, and then dots to connect to those milestones.

    Sometimes it's useful to look at where you've been or what you already know. What is next for someone typically on the road you've been on? What is next for other people who possess the skills you have? What are your strengths, and what positions look for people with those strengths?

    For on-going trends, I've found it helpful to be part of local infosec groups, if you have any. Either informal-ish groups or even more formal ones like ISSA. Even taking the time from your busy work and life schedule to make sure you get to a nearby BSides convention will help. Or hard set aside time to even peruse the speakers (or the talks when they come out!) from major cons like RSA, Defcon, BlackHat. For spending some more time, you could adopt a few habits and subscriptions...of which I honestly cannot recommend any, but what I'm talking about is taking time to read CISO Magazine or the Harvard Business Review or some other industry/management/business zines and outlets. Again, not suggesting any of those, but just trying to illustrate that level of being "plugged-in." You can often get more there than most podcasts which waste your time.
    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
    · Share on FacebookShare on Twitter
  • PattonArchPattonArch Registered Users Posts: 3 ■■■□□□□□□□
    Thanks for the responses and the generous offers, guys.

    I've been in the Architecture & Engineering space for a couple years now, and really enjoy it and would like to stay here. In particular I'd like to be able to keep my skill sets here current and portable. Working full time+ and raising kids has severely limited the time I have available to go through training & research, so I'm keen to focus on the emerging trends / technologies that will keep me relevant. I've typically been a "big picture" person, i.e. I work better with technical concepts and how things fit together, rather than remembering all the wonderful minutia of how those technologies fit together. I can most certainly do that detail work, but its not what I enjoy.

    LonerVamp, I think your questions hit the nail on the head - those are the kinds of questions I need help answering. I'll definitely take some of the methods you offered into my game plan.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.