For me, a job is usually never about the compensation. I’m a challenge-seeking type personality. However, if I were to explain why you’re going to pay me X, it’s unlikely you’d read the essay. This is my sales pitch: why every major corporation should be clamoring at my door to hire me. The bottom line is that wherever I go, I make measurable improvements. I bring a mission-oriented approach, a service leadership bias, and a substance-over-form mentality to almost everything in my life. I take on jobs that I like and my entire being is applied to things I do because my work, hobby, and life all revolve around the simple task of reducing the risk to assets of an organization.
Let’s be honest about a few things. I’ve been in government, academia, and industry. I’ve not only been “there,” I’ve succeeded beyond most people’s imaginings. I’ve won awards and been given bonuses. One of my former employees says I should tell people I gather accolades like my twin sons collect comic books. How many candidates can say they’ve been radically successful in multiple fields while serving substantially different constituencies? I thrive on challenge and turn that towards an organization’s success.
I’m an international-level subject matter expert on information security.
As an academic, I wasn’t just an adjunct working semester to semester (and I do respect adjuncts as I’m married to one), I was a senior professor at a major university with tenure. What was I teaching and researching? Information security and digital forensics. Some of my work informed the very construction of multiple nations ‘ cybersecurity programs. From Estonia, Sweden, Germany, and even the United States, my research was used to inform senior decision makers. I’ve traveled to Russia, China, and several other countries to help them understand various aspects of information security.
I have real-world hands-on experience.
In the industry, I worked on some of the largest information technology teams ever assembled, alongside some of the greatest professionals of my life. I worked on Y2K for a major telecom, developed an entire remote services security and operations program for one of the largest OEMs in IT, and collaborated with the security teams of every blue-chip tech company. I am lucky as I learned from the best and led some of the best.
While working for the federal government, I have led the security program of a major military command through multiple significant incidents. Through policy and directives, I established a strategic framework for reducing risk across the organization. Ask me how we stopped 90% of phishing in one project alone. I’ve been the senior intelligence officer for cyber at the third-largest agency in the government. To top it off, I testified before Congress multiple times on some of the largest incidents in the nation’s history.
I’m a subject matter expert on leadership.
I was once hired into a job as a subject matter expert, and I was a good follower. A good leader knows when to follow, but I have a proven track record of leading diverse teams. Consider I’ve taught leadership at the National War College, various military staff colleges, and even a few public universities. One of my former bosses said I was the key to their ability to lead. I never got in the way, but I made every decision for the organization better. He said I was the “BASF of leadership”. Another former boss officiated at my wedding. I’ve been the officiant at my students’ weddings. This participation in major milestones in people’s lives is an indicator of trust, enthusiasm, and leadership both up and down the organizational structure. This is integral to the next point.
I build and refine teams. I can engage in organizational engineering and accomplish more with less. Here is a key point. A former colleague said I was the most famous person nobody had met. Once he started looking for me he found me everywhere. When I left the program we were working on, he went on to get promoted, then promoted again, and finally ended up running his own organization’s information security program. Bringing technical skills to a program is great, but bringing leadership that enhances the value of every person in that program is even better. As a low-key, easy-to-get-along-with leader, and a no-nonsense type of person, I get a lot from the teams I lead.
What about building teams in a world where cyber hiring is tough? I have no issue. There is a Rolodex (an antique method of keeping contacts) that I travel with, which has hundreds of former students and colleagues with diverse information skill sets who would welcome working with me. I have NEVER had problems filling seats with great people or getting people to work for me. Given appropriate compensation and an interesting problem set, I have lots of interested people. Part of that is I’m known for doing cool stuff, and part of it is I’m known for taking care of my people.
I’ll give you real answers to real problems that help you make and save money.
So, why would you pay me a million dollars a year to run your information security practice? I possess the technical skills, academic pedigree, and leadership skills necessary for success. The military command I was a part of had CISOs at rates near Fortune 100 companies. I’ve produced threat intelligence on every major critical infrastructure segment, so I know the lay of the land. I’ve worked closely with all of the ISACs so I know the customer sets. But, the fact I can do the job is not the reason you’ll fork over a seven-digit salary.
Have you had to determine the cost of a breach? You will pay me the big bucks because the yearly return on investment for a large enough corporation will likely be 25 to 1. I will save you that much money each year and produce savings in the realm of 25 to 1 security dollars a year or more easily. Given the breadth of responsibility and the current threat environment, those skills will allow me to talk to your boards and owners about risk in a dollars, objective way. From strategic intent to tactical implementation, stopping one breach a year will save an organization that much money. Better yet, the philosophy and capabilities I bring to your problem sets at the corporate leadership level mean we’ll substantially reduce the risk to your organization while impacting business the least.
I’m a realist but not a fatalist.
Stopping bad guys from getting into networks and chasing the successful adversary is why people like me put up with long hours. This is the CIO/CISO’s great puzzle and game. I’d be an idiot if I said I’d stop all the breaches. Beware the fairy sparkle dust of wishful thinking. When they happen, I’ll save you money. If you’re large enough, I’m willing to bet you have adversaries in your network right now. There are likely unwanted guests moving laterally and snatching up data, or possibly modifying it to suit their own requirements. I bring partnerships, industry knowledge, and an understanding of compliance architectures to mitigate the brand erosion and leadership confidence risks associated with a breach. I bring the knowledge of how to implement and activate functional and accurate operating procedures so information security becomes a culture of success rather than the domain of burned-out heroes.
I’m usually humble, but now I’m looking for a job.
I suck at writing resumes. There is no ISO or RFC for writing a resume. No standard template and everybody contradicts each other. Write about only your successes, not your duties, but never speak ill of anyone. I’ve only been hired directly off my resume once. I’ve been hired numerous times without a resume. So, how do I get the word out that I’m looking? On the one hand, I’ve done a lot. On the other hand, I’ve led a lot. Nobody achieves anything significant in the world without the help of others. People help me achieve success, and I assist organizations in reducing risk to their operations and bottom line. The only question a suitable organization should be asking is When can I start.
About the Author
