Career Advice: Mind Your Skill Gaps
The career path from entry to the C-suite is rarely linear, including in the security profession. For entry-level security professionals who are eying the top job, it’s important to regularly reassess current skills, where the industry is going, and what knowledge and experience will be needed to reach the top rung of the security ladder.
Fortunately, there are many security professionals across the world who are willing to mentor and guide young professionals (YPs) in their careers. Here, Security Management asked two members from the ASIS International CSO Center what blind spots young professionals will want to address sooner rather than later.
Matt Bradley is the vice president of global security solutions at OnSolve and a member of the CSO Center. He is also part of the ASIS Greater Philadelphia Chapter. Brian Reich, CPP, is assistant vice president of corporate security and workplace safety for Kemper Family of Companies. He is also a member of the ASIS International CSO Center Board of Directors and member of the ASIS New York City Chapter.
The following conversation has been edited for clarity and brevity.
SM. What skill gaps do you see among today’s young professionals that, when addressed, could help advance or accelerate a career?
Matt Bradley. One gap I see is international experience. Many young professionals have just finished a master’s degree, but they have little work experience and almost no experience living or working in another country, language, culture, etc. International experience, if only through study abroad, broadens the perspective and helps the professional learn about problem solving outside their normal context. Almost all large companies are multinational, so the ability to understand how different cultures, languages, and corporate structures impact a global organization and C-suite decision-making will be important to advance.Another gap is understanding cybersecurity threats, as there are many connections between cyber incidents and physical security threats. The security profession will converge physical and cybersecurity, and even if it doesn’t, there are physical security implications to cyberattacks. Many young professionals are focused on developing their physical security skills, and they should add cybersecurity skills to their knowledge.
Brian Reich. When it comes to security, learning about risk and convergence, as well as insider threat models, are knowledge base points which will assist YPs in standing out and jump-starting their careers in this profession. The tenants of security have evolved over the past 10 years. More and more, the term “security” is becoming a pillar of a holistic risk mitigation program that corporations need.
SM. What skill gaps do you think security professionals higher up the ladder, even CSOs, are currently struggling with that YPs can address or assist with?
MB. Management skills are one of the biggest gaps. Security professionals often start out as individual contributors and become managers when they are already senior employees. Many companies don’t take the time to provide them management training, which is a mistake. Most of the issues I have seen among security professionals relate to a lack of management skills, not security knowledge.
Career Advice: What Young Professionals Bring to the Table
Early-career security professionals bring unique and valuable perspective to organizations, but their soft skills often outweigh their subject matter expertise. Two ASIS Young Professional leaders share advice on how to rebalance.
Diversity, equity, and inclusion (DE&I) will continue to be important topics in security as they are in the workplace. Many security professionals lack the training to assess DE&I and implement initiatives to improve DE&I in their operations. All professionals should take advantage of company-sponsored training to learn more about DE&I.
BR. In general, I believe our profession can place greater emphasis on insider threat and risk management over traditional security. All too often, security programs are still siloed and do not encompass the principles of insider threat and risk management. Young professionals with greater cyber and technical skills can add value to traditional security leaders who may not have that foundation. Together, a young professional with those skills can assist with filling in any gaps to prevent siloes and assist to help better integrate a physical security program in enterprise insider and risk management metrics and reporting.
SM. What resources are available to young professionals that can help with addressing these skill gaps? And what kinds of resources are young professionals lacking or ones they perhaps are unaware of?
MB. Most organizations have ample training available for young professionals. This training may be in the form of online training, either internally or through LinkedIn. These skills, which are independent of an individual’s role or remit, can help young professionals learn the skills necessary to get ahead. These could be skills not related to security—such as how to gain executive presence or how to gain influence in a meeting—but they are necessary for advancing in the workforce.
Tuition reimbursement plans are available with most employers, and young professionals should take advantage of these to get a master’s degree if they don’t have it. The master’s degree can be in risk management, criminal justice, or international studies. The subject is less important than the degree. This is important because I see many entry-level candidates with master’s degrees—young professionals without them will be less competitive, which may not be a problem in today’s hot job market but could be when the job market is tighter in the future. Additional education also demonstrates to the organization that the young professional is a life-long learner, making him or her a good fit not just for the current role but for future roles as well.
Conferences and external training are less frequent for young professionals, but they should make their interests known and look for creative ways to reduce the cost to the company. I have seen young professionals offer to stay with friends so they could attend the OSAC Annual Briefing, which is a great networking opportunity. Volunteering to work at your company’s booth at GSX is a good way to get access, which can then lead to training and networking opportunities.