Why can’t I break into the field?

This is part of a continuing series I’m writing to answer some of the mentor questions I get. The first one is located here.

From time to time I get an email from a professional in the information technology industry. Either something I’ve written gets their attention, my usual irreverence sparks something within, or perhaps it is something else. They have questions, and hope I might have answers. When I respond they’re usually pretty much surprised.

The questions are something like; How did you succeed; who’d you have to kill to get where you are; what do you do about bosses that won’t let you progress; or why do you know so many people in the industry. The threads of the questions are pretty consistent. The reality of the question is something different. The question they are asking is, “I’m a technical person who knows way more than my boss about what we do but I’m not getting promoted to that level. Why?”

Here is how I’ve answered that in the past.

I too found myself locked into particular career track by hiring managers and people who couldn’t understand that I had more to give. I found a couple of things that allowed me to succeed beyond where I was locked in. I find that now people say “He’s a professor so he has no real world skills.” Even though, my entire discipline is about imparting real world skills. Even though on a daily basis within a College of Technology at an engineering school the expectation is that I keep skills that are state of the practice. So, even I get locked in on this problem of bias against technical talent in business.

 

Bias against technical talent in leadership

The best advice I can give isn’t the kind you usually get from a professor. I won’t tell you to get more education. I would tell you to become more adventuresome. Take chances. Opportunity is not found in places where stability is favored. That means that you will have to take personal and personal-financial risks to get ahead. For me it was taking an assignment working for a company in major turmoil (MCIWorldcom). That is where I broke into the upper ranks of decision makers. Being basically a director level person reporting through a couple of assistant vps, to a vp, to the CEO means I had a pretty good head start on others. In standard high-tech matrixed organization fashion I had at least 4 people who thought they were my boss, two that I took orders from, and somebody completely outside of MCIWorldcom that paid my wages. Most of my friends in the military when faced with that situation would have their heads pop. The reason I got the job running CPE remediation at MCIWorldcom was because nobody in their right mind would take it.

There is another high risk behavior that I engage in. I speak truth to power. I’ll use government as an example but it applies to business too.

Policy, procedure, doctrine, rules, and even law are malleable concepts. I am more than capable of walking into any government leaders office and telling them why any of the aforementioned barriers exist to fixing a problem. There are dozens or even hundreds of people who can give the institutional answer. I simply don’t do it when it is the wrong answer. I’ve made a reputation with leadership that if they want ground truth, reality, and a way out of some particular nasty situation I will give them that. It is then up to them to change, adapt, or overcome the inherent institutional obstacles. Now if you work in government how much does that make me a well loved co-worker? I’m not a team player, I believe in being independent, and I’m not standing around the water cooler trying to figure out the path to get ahead. How many people at the GS level want a guy sitting in a room with them that says they are all full of undigested protein and vegetable matter?

Quick story: I was asked to brief a couple of generals officers a few years back. They wanted to talk about stuff that would later become well-known news and I had helped one of the general officers work through some service related issues. When it first started out I was given 2 hours to present. The staff required my presentation a month before the meeting (on a fast-moving topic). I was then asked to cut the presentation down to an hour, then 30 minutes, and finally 15 minutes. I contacted the senior officer and told him to … well I wasn’t pleasant. Basically it wasn’t worth my time to travel from Hoosier land to no-where fantasy land for 15 minutes. He said come anyways and meet him for dinner the night before the presentation. After calming down I traveled to where the meeting was to occur. When I met him for dinner who do you think was there? The other officers and some red-faced aid de camps. We spent 2 hours over dinner hashing through some of the issues. My presentation was more about answering the questions they had from the night before.

 I’ve heard nearly the same story of various leaders in and around government. I wasn’t interested in wasting their time, but I didn’t want to waste my time either.

So, the take away. Take chances, but also be willing to say no. Be aware of your worth and what you have to offer. If somebody is willing to treat you poorly then don’t do business with them. There is risk. You can be perceived as arrogant. I am a very humble person. I call everybody sir, or ma’am, I am exceedingly polite, I tell everybody the people who have helped me out, and I hold nothing for myself. Yet, I’m steel and stone to anybody who treats me poorly. I measure my success by impact both overt and covert. Since I’m less interested in being famous I have helped other people with concepts and though not taking the credit the ideas were basically mine. Contrary to what you might expect that has actually brought me more opportunity than yelling my worth to everybody passing by. I do things like answer emails to people who I’ve never met and have no hope of every giving me anything. Yours is one of dozens of emails I’ve answered over the years.

 

Being in the wrong place at the right time can have rewards.

I could have said no to the MCIWorldcom job in 1999. It was a high risk move (as the company later dissolved) but it set me up for success. At the time I had a contingent offer from Microsoft to become a developer in Seattle. It was more money but I would have been 1 of thousands and no hope of moving up or getting my hands into things I really saw as interesting. I made several very good friends at MCWorldcom. My direct supervisor ended up being the officiant for my wedding. MCIWorldcom used my bachelors party as a company get together. So, I took the lower paying job at MCIWorldcom, with higher risk, and ended up with a really great experience. Having worked closely with many people I later ended up being one of the senior people at NCR (who was my vendor at MCIWorldcom) and working daily with CSO/CIO types in major corporations.

When I left NCR I took a job at a regional Purdue campus which was another risk. A regional campus often carries a pretty harsh teaching load, and as I found the main campus often enacts stuff that makes life on the regional campus pretty harsh. In some cases you get an interesting bone thrown to you. I had been involved with the information security (pen testing, network assessment, performance tuning and more) and I was approached by a Purdue West Lafayette faculty member with an NSA sponsored research program through my department head which resulted in a third of my credits toward a PhD being paid in total. Understand, when I was hired at Purdue Calumet it was because I had experience in deploying wireless systems.  Another semester of PhD work was paid for by DoD. Later DHS picked up and started paying for my PhD. The DHS stuff came with the requirement of a year of service. Purdue Calumet had no issue with this but later reneged on letting me take a year sabbatical working for the federal government.

Another short story: I started applying for jobs originally looking for a fellowship for one year and later a regular job when Purdue Calumet made noise about not letting me go. Because Purdue Calumet had basically required me to get a PhD I was put in a position where I didn’t have much choice. I was a tenured professor at a fairly large regional campus who owed a year of service to the federal government and they were going to get it one way or another. I had to find a year-long service position in federal government. I applied to NSA and was made an offer to work on the GNEVA team. It came in as GS12 step 0. They put in bold capitals that it was non-negotiable. They use a contractor so that was kind of funny, but I always negotiate.

It upset a few people but I said the offer was insulting and turned it down. I was taking a risk, after risk, after risk. A week later I was offered a GS15 (equivalent) position at National Defense University. I could have had the nice guaranteed work in the SCIF job on Fort Meade, but I took my time and knew my worth and ended up working at leadership levels across the breadth of the Department of Defense as a Title 10 employee. Later when I decided to leave DC I met with some interesting people associated with an agency and they offered me a GS14 position. It would have meant staying in DC and my motivation is impact not cash. I was fed up with some of the hassles of being under “control” of an agency and came back to Purdue West Lafayette. Not the regional campus. I’ve been back at Purdue 10 weeks and have had numerous speaking engagements and meetings with researchers in government, leadership, and others. The risk paid off.

 

Professional career risk is not always good and requires mitigation

Risk can backfire and you will find yourself in bad places from time to time. I’ve found though that when I bet on myself and become the architect of my own success I usually succeed. On my wall in my office is a printed out slogan, that says, “Honor, honesty, courage, courtesy, respect”. When the going is rough it is hard to live up to those ideals, but in general I try to daily. I can’t say that I’ve always been successful. Currently I’m trying to figure out how to do the grant and funding dance. I’ve got dozens of cool ideas but only so many hours in the day. So, as a professor you get grant funding to push ideas forward. I don’t take any of the grant money for personal gain (remember I’m not interested in much more than my salary) I use the grant money solely to fund grad students to work on my projects. I don’t take a summer salary.

So, that is a long way of answering part of the query on getting to the table with leadership.

What about being part of the thought leadership

On the query how do you get involved with the thought culture surrounding things like strategic cyber conflict (war, security, pick one) and that is a much shorter answer. My first suggestion is read everything. Whether you agree at this point with some authors or not, read their stuff and then read the foot notes in their writings, and the footnotes in those writings. Then write those authors with your questions. Some will answer, some will blog about it, and some will ignore you.

I don’t do a lot of “tweet up” kind of activities, but I’ve had many scholars or students of the topics I’m interested in to my home. I’m not a prolific writer. In academia that is really a sin. My 3 or 4 papers a year keep me in good standing, but I have colleagues that produce a dozen or more papers a year. I go to lots of conferences and listen to people’s views on the topics I’m interested in. I have an enormous library of books on the cyber elements of my discipline. Most of them are tabbed, highlighted, marked up, and basically less than pristine library editions. Basically, I eat, breathe, and live cyber topics. Because I don’t really care about the political science, international relations, or computer science angles and I’m more concerned with how things work and can be adapted I find myself with some utility. Most people who complain about my academic credentials or credibility are more concerned that I am interested in evidence rather than doctrine.

Do what you will the principle is pretty simple. Get involved as often as possible across as much of the spectrum as possible. For a person in Washington DC I would say if you’re not attending every Jay Healey Cyber event at the Atlantic Council you’re really missing out. The DC area has a young group of scholars who I refer to as the Strat Pack. There are seven or eight depending on the time of year in various DC universities engaged in evaluating the various questions of national strategy. There is an entire culture in the DC area looking at the depth and breadth of the cyber culture.

Be careful though. One of the Strat Pack members jumped all over me on Twitter once saying I was clueless about Joint Operations. This was both hilarious and troublesome. The funny thing was what I was trying to say in 140 characters or less was directly what TWO of the J2 staffers from the CoComms (colonels) had just told me that day on the exact topic. You know they told me at my work place where we teach joint operations. So, in saying I was wrong he was basically saying the two operational entities of the actual CoComs were wrong.

 

There are pitfalls and problems too

Consider the concept of doctrine. Anybody who quotes doctrine or policy to you as scientific logic is horribly misguided. Doctrine is nothing more than a current consideration and maybe even philosophy of how to respond to an unknown future set of events. Doctrine at best is a set of guiding principles and at it’s worst horribly flawed discourse that has no bearing in reality. Doctrine is not science.

As such when people try to use doctrine or even law as the singular principle of a domain constraint you have a significant issue on your hand. you can ignore that person and move on, or you can attempt to educate them. In the International Relations world scholars have attempted to deduce factors of success and failure based on particular nation states doctrine and politics. They often believe their answers more than their own eyes. I don’t think most of them have heard the riff, “Past performance should not be indicative of future returns.”

Though I use this as an example what it is depicting is a failure in analysis. Far too often you hear somebody say something like “That’s just semantics” or perhaps, “That’s merely academic.” What they are doing is engaging in a form of denigration. Your idea is not good enough because it is not practical is the general flavor. Other iterations of this abound. It is a form of accepted lazy thinking. Usually it is the sign of somebody who has constructed a set of beliefs or internal myths and regardless of reason or evidence will reject contrary evidence. The principle of science is to provide proof of an observable physical manifestation or theoretical underpinning of reality. Each of these paradigms having methods, strategies, or mechanisms that make them possible. If you say they should publish their position and get it accepted they usually say it is all biased against them. The interesting thing is anybody can publish in scientific journals. The process used by the best journals is usually double or even triple blind peer-reviewed. In some cases an article submitted to a peer-reviewed journal is just a number to an editor. In some cases the angst at submitting ideas is the fear of rejection and more importantly of getting incisive focused negative feedback that is harder to refute.

As an aside: I make this deal with everybody who writes me. Usually I ask them if they have an abstract or document done. If you want to write in major journals and you’ve actually written something I will work with you to make sure it is publishable and presentable. You have to abide by institutional research board guidelines and I’ll help with that. I will give you advice on methods and strategies for reporting results. You do the writing and data gathering. All I want is second author honors. I have done this for several years and nobody has taken me up on it. My original goal is I wanted to get the hacker crews publishing in ACM and IEEE journals with really good research. It would also bolster my CV a bit. I wanted to drag the DefCon and Blackhat crew up to the academic journal level. Instead I find myself sliding down the long dark tunnel to the world I crawled out of.

 

Conclusion

There really isn’t any. Some will be pissed. Some will have ah ha! moments Some will seek me out to ask more questions and even more will somewhere around paragraph four rate this to long didn’t read (TLDR). But, now I have something to point people at rather than answer the emails directly. I may add some things after this point but more importantly I hope other people have even better advice. My answers are really only good for me. That is the nature of qualitative, nay, anecdotal evidence.