Networking

While at the conference or training course, be sure to get a copy of the list of participants, which is normally available.

Using the list of participants, you should make it a point to identify and seek out those who work in the government agency or business that you would like to target for employment. For example, some ISSOs like to work in the banking and finance business, others in manufacturing, some in aerospace, and some in accounting firms.

During the breaks, find these people. It won't be that difficult: Everyone is given a badge to wear that normally contains his or her name and the business or government agency that he or she works for. Also, conference lunch tables are often identified by type of business. Go through the crowds, find the person, introduce yourself, and ask your questions. You will find that you may not be the only one puzzled by a new technology or how to apply InfoSec to a particular system configuration.

Many attendees are strangers on the first day of these events but become professional friends by the time the conference ends. Then it is a matter of continuous networking (keeping in touch by e-mail, fax, or telephone) and discussing what is going on in the profession, in industry, or whatever.

A word of caution: If you find someone who is not interested in discussing InfoSec with you or wants you to pay for providing that information to you (yes, it does happen on occasion), don't feel bad. Don't be embarrassed or discouraged. Go find others more professional. Like any other profession, the ISSO profession has some un-professionals.

During each session, sit with someone you have not met before and learn what he or she does, what company he or she works for, etc. With each break and at each luncheon or dinner, try to meet someone new. Remember your objective is to meet people who will share InfoSec information with you, people whom you can contact at a later date to find out about job opportunities, how to fix a particular problem, etc.

When you attend these conferences, training sessions, and association meetings, be sure to bring plenty of business cards, and don't be shy. Ask people for their cards. If you don't have a card, get some printed, even if you only have your name, home address, telephone number, fax number, and e-mail address on it. Often you can get 500 business cards for as little as $30 or print your own, professionally! A small investment when you consider that the person with your card may some day call you and tell you of a great new ISSO position in some company—one that was made for you.

If you hand out your card and someone asks you what you do, be honest. If you are unemployed, employed in a non-ISSO position, or a student, just say so. Tell the person you really enjoy the ISSO profession and are trying very hard to get started in it. You may be surprised at the response and how people will try to help you.

One of the greatest benefits of conferences, and attending chapter meetings of InfoSec-related associations, is the opportunity to network with those in the profession. This is the best way to find out what the ISSOs in government agencies and businesses are doing in the InfoSec arena. They are also some of the best sources of information as to what ISSO positions are open at which company or government agency.

You must remember that few of the ISSO positions are advertised in the newspapers. Those that are advertised are usually because the company did not want to hire an employment firm to find a person to fill the position, or because the position called for $100,000 worth of experience but they wanted to pay $25,000.

If you are new to the ISSO profession, you may have to apply for such a position and hope that although you don't have all the experience and education they desire, you're the best candidate that has applied for the position. There is nothing wrong with "buying in" to the position by accepting the lower salary. It's a start, and once you have two or three years of experience, you have a better opportunity to get a better ISSO position and command a higher salary. Who knows, your company may give you a counteroffer if you have done a great job for them.

Another great tool for networking is the Internet. By obtaining the names and e-mail addresses of people you meet at conferences, association meetings, etc., you can begin a dialogue with those in the profession.