Business SecurityI’m beginning this post talking about “professional” career paths in infosec. That’s a bit unfair to the brilliant professionals working in the technical side, and if you are technically minded and reading this, please don’t be offended. There is nothing unprofessional about engineering, coding, hacking, or anything else tech-centric. I am mere labelling this ‘professional business’ because it’s the side-stuff that makes your technology profitable.

The business-security career path is replete with smart, technical, and charismatic people. There is a lot of room for overlap, so techies looking to get more business experience or move towards senior leadership will tend to move towards the business-side later in their careers.

I moved from architecture to technical consulting, which sounds technical but is definitely in the business-tech function.

I am going to focus on two job-families for beginners (so I am going to ignore SOC management, because you will need to work in a SOC as an analyst for a period of time before you can apply to be a SOC manager): Sales/Pre-sales and Product management.

Those are not exhaustive, obviously. Those also ignore support functions, such as project management in security, programme management in security, deal architecture, bid support, operational team leadership, information assurance, legal, et cetera. In the future I may ask colleagues in those fields to fill out this gap in this reading, but for the time I’ll explore two ideas and let you know, now, that the business world is vast and there is a lot you can end up working in.

Sales / Pre-sales

Technical ConsultingThis is an easy field to talk about. I am currently working as a technical consultant in a pre-sales function. This sounds like a lot of blabbering words, but it’s entirely logical and focused. When a sales team, who aren’t necessarily into infosec, identify a customer that might be interested in some cyber security capability, they bring that customer to me and my team. We work with the customer and the customers’ request for information to understand what the customer really needs.

We then design a technical solution and support the sales teams during the sales process. If a customer buys from us, then I help with the post-sale workshops, technical use case definitions, and even sometimes lead a team during transition.

The skills required for a sales/pre-sales role are a strong combination of technical and business. We must be able to help customers understand their needs, so listening, communication, and empathy are required, but likewise we must be able to understand cyber security technology, how different use cases solve different problems, and how to build and implement a solution at cost and time.

Joining this field is exciting, because we work with a lot of different companies, people, and problems, and no two days are the same, yet we also get to work with technology.

If you are into a consulting lifestyle and don’t mind working with security, technology, and people, this is a good path.

Some research on pre-sales technical consulting:

Product Management

Product and platform managers are excellent jobs for new graduates looking to join cyber security but not interested/skilled in technology. Product managers help support the sales and technical teams by turning applications, platforms, and services into understandable and consumable offerings.

Product managers help sales teams by building sales enablement and marketing collateral. They help technical teams by negotiating deals with vendors and suppliers. They help the business by being the glue that enables the smart techies to sell the technology, bringing in revenue, and supporting the business.

If you have a business mind and genuinely like technology, but aren’t technically skilled or would rather deal with the people part of security business, moving into products would be an excellent start.

Some research on product management