Simple tips for getting a job in #infosec

With the global financial crisis many people have been looking for stability. I on the other hand have worked mainly as a contractor in the past four years so have had a great deal of experience in finding new roles. Many roles have been really interesting and rewarding, generally lasting between 6 months and 1.5 years. I have been lucky enough to only ever have a maximum of two weeks between roles. These are some practical tips and lessons learnt for finding a job in security that have worked for me. 

Top 3 reasons why fighting small battles is losing us the war

Are you sure you are a security guy? A friend and colleague working in anti-fraud has asked me a number of times on a recent project. The answer is no I am not. Not your typical one anyway. I think sometimes I am more of a business guy trapped in the body of a work prevention officer. I care about viability, the bottom line and time to market. I spam people with the latest developments in the industry. I am also a tech geek trapped in the body of InfoSec guy. I think web sockets, noSQL, node.js, coffee script is cool; not worry immediately about security hazards they bring. I believe most things that benefit the business can be done securely enough to mitigate the risks to a level the business would accept. For these reasons, I have become increasingly frustrated with the InfoSec industry and security in large companies in general. If we stopped crying wolf at the small stuff, there is a better chance we could have some real influence on the big issues.

Apple bringing secure email to the masses with iOS 5

One of my worst ever projects was implementing PGP email encryption. Considering I have only worked in large financial services companies, that is saying something. I have reflected on the lessons learnt from this project before, but I felt that PGP was fundamentally flawed. When Apple iOS 5 was unveiled, there was a small feature that no one talked about. It was hidden among the sparkling jewels of notifications, free messaging and just works synchronization. That feature was S/MIME email encryption support. Now S/MIME is not new, however Apple is uniquely positioned with their ecosystem and user-centric design to solve the fundamental problems and bring secure email to the masses.

Written for security.blogoverflow.com