Friday, June 4, 2010

Guest Blog: Michelle Klinger "And when exactly am I supposed to find time for that?"

Today, our guest blogger is Michelle Klinger. Michelle has spent the last 5 years as a security assessor for Fortune 500 companies. She has joined the InfoSec Mentors program as a way to increase her technical skills and gain a better understanding of the industry.

As I begin to pursue my information security career in earnest I have come to the conclusion that in order to truly succeed in this industry, it requires an inordinate amount of time and energy be devoted to the trade. Now I know what you are saying... DUH! I suppose to be successful in any career one must devote endless amounts of time. I obviously recognize that hard work is required to succeed but I am more curious about the info sec community specifically and how you deal with these pressures.

I use Twitter specifically to connect, interact, and network with the info sec community, and I’ve been lucky enough to make some good friends with what Andrew Hay calls “D List” security professionals. But as I read my tweet stream I am struck by all of the activities these D list, successful, security professionals engage in: giving talks; blogs (both writing and reading); attending conferences; “real job”; side projects; reading security articles; podcasts (both recording and listening to); and attending local security meet-ups. When do you sleep?! I want to know what the secret is for being able to maintain this level of devotion. Does one need to be single? Is it absolutely necessary to have an understanding spouse? Or have you just resigned yourself to the fact that people are going to be disappointed and pissed off that you never have time for them?

Now I’ve committed to taking this seriously to learn as much as I can….I’ve subscribed to various podcasts & blogs; I’ve participated on a few Bsides panels at BSidesSF and even gave my own talk at BSidesBos, wrote my first blog, attended several conferences, co-planning BSidesDFW (shameless plug), and even signed up for InfoSecMentors. And so as I begin to come to the realization that there are not enough hours in the day, I turn to the experts for advice on what I should expect or watch out for? At the very least send me that dohicky thing that is able to make time stand still...

In addition to finding the balance between the daily grind and the extracurriculars, you can find Michelle Klinger working on her latest side project, Security B-Sides DFW.

This B-Sides is an unconference event held in Dallas-Fort Worth on Saturday, November 6, 2010. The committee is still looking for sponsors, and the Call For Speakers is still open.

To show support, tweet "#BSidesDFW November 6, 2010: Don't Mess with Security!"
Michelle Klinger

1 comment:

  1. Hi Michelle,

    Nice blog post, I certainly remember feeling the same way when I started "full time" in information security about 5 years ago.

    I have learned that whilst the time commitment required doesn't ever drop (in fact it seems to continue to rise for me!) it can be managed more efficiently. The time commitment started to feel overwhelming for me until I realised that no one will ever be an expert in all areas of information security, if you try to do this you will burn out and fail.

    I also decided to really focus my time on those activities that provide the most value to me:

    1) My real job
    2) Social media (blogs and twitter)
    3) "Studying" (reading articles, listening to podcasts etc)
    4) Local application security community
    5) Side/personal development projects

    I purposely haven't put conferences on that because I find that most conferences provide little value to me. This can be either from having the same old speakers giving the same old talks or just plain old vendor pitches. I will be attending 5 conferences in 2010: BSides LV, BlackHat, DEF CON, Hack Eire and OWASP Ireland.

    As for how I maintain this level of devotion, well I just love what I do. I know it sounds a bit corny but I really do love information security and working in this field feels more like a hobby than a job sometimes!

    David (@securityninja)