Moving to Protiviti from Another InfoSec Consulting Firm
Moving to Protiviti from Another InfoSec Consulting Firm
Is your current firm limiting you to only a small part of InfoSec consulting?
Many infosec consulting firms are too small to have a wide array of projects, or too large so that people have to stay in their specialty. While it can be good to specialize, over-specialization can limit your career and offer less opportunities in the future. Would Kali be as useful if it just had nmap on it? Would an MMO be fun if it just had one zone?
With Protiviti, you can sample infosec’s various delicacies, including:
- Pen testing and vuln assessments (network + app, social engineering)
- Incident response/forensics/reverse engineering
- Technology-specific security reviews (e.g., SQL Server security, mobile device security)
- PCI/ISO/HIPAA/Privacy work (gaps, remediation assistance, assessments)
- Security Operations Center projects (tuning SIEMs, temporary analyst positions)
- Security strategy/governance
…and that’s not just opportunity as in we list those projects on our websites, and companies could buy them. That’s opportunity as in we actually have projects in all the above areas on a regular basis. We also do many projects in coordination with our broader IT Consulting and Internal Audit divisions, so you could have the opportunity to work on something interesting but tangentially related to security if you wanted to (e.g., an Active Directory optimization project or a e-PHI audit).
Other key benefits vs. your current firm might include:
- Talking to Deciders. Are you interested in getting more into the business side of things some day? We don’t do just tech security projects like some other infosec consulting firms do. Many of our projects are at the strategy level, helping customers make better business decisions. Our reports and recommendations are often read by C-level executives and Boards of Directors through our close relationship with Internal Audit at many firms.
- Faster Leveling. Feeling like you will be stuck at your current level for years? Many other infosec consulting firms are too small to offer fast career advancement (you are either a junior, senior, or director), or too large and bureaucratic (e.g., your boss is your boss until they leave). Protiviti is the right size --- large enough to have space for people to grow quickly, and small enough to have careers for growth across the board.
- Brakes on a Plane. Stuck on a plane more than you would like? Most other infosec consulting firms have “national” practices, meaning consultants are expected to travel almost 100% of the time. Protiviti has local offices in most major US cities, and an emphasis on serving local clients, resulting in less time wasted traveling.
What We Look For
While each position has slightly different experience and skills required, there is one thing we look for that doesn’t change: a passion for information security and technology. Skills can be taught, experience gained, but we have found the underlying curiosity, drive, and long-term commitment to information security and technology is the most important factor contributing to an infosec professional’s success.
People show their deep interest in information security and technology in many ways, but here are some of the things we look for:
- You actively participate in the information security/IT community, whether on IRC, twitter, or at conferences.
- You’ve paid your way to infosec conferences that weren’t work-sponsored.
- Your interest in security/IT doesn’t stop when your work day is over; it is a hobby for you as well as a job.
- You’ve contributed to open source projects, whether security related or not.
- Your curiosity started early --- before you could work you built computers, reverse-engineered household appliances, wrote programs.
- You examined websites, programs, and devices for security flaws, even when you weren’t paid to (all legally, of course).
In short, we look for true hackers, in the non-media-sensationalized meaning of the word.
Protiviti has a number of levels, and position descriptions can vary depending on the group.
In general, though, open positions fall into these categories:
- Consultants, Senior Consultants, and Managers – There are two levels within the Consultant and Senior Consultant categories, for a total of five levels (including Managers). These positions are heavily involved in project execution, with the Managers having some oversight responsibilities (especially in the labs).
- Senior Managers and Associate Directors – These positions are still very involved in project execution for complex projects, and have a supervisory role in less complicated projects. There is a stronger emphasis on business development at these levels as well, and there is increased involvement in proposal and statement of work creation.
Positions beyond the above include Directors and Managing Directors, which have increased management and business development responsibilities.
Who You'll Work With
In internal surveys, most employees list types of work and career advancement as key reasons they joined, and the people as the top reason they are staying. Protiviti’s infosec practice tends to attract people that are smart without being arrogant, hard-working without sacrificing hobbies/families, and demanding of excellence without being unfair. As a result, from managers to top leadership, Protiviti’s infosec practice is a solid group of people to work with.
Our infosec practice is comprised of people from all types of career backgrounds, including:
- Networking and Systems Administration
- Software Development
- In-House Information Security
- Internal Audit
- Other Infosec Consulting Firms
- Security Software/Hardware Vendors
- The Big 4
- Defense Contractors
- Military Service
As a result of the various backgrounds on our InfoSec teams, when questions go out on our internal lists, or people need an SME in a particular area, it is rare that no one has an answer.