Moving to Protiviti from an In-House InfoSec Job
Moving to Protiviti from an In-House InfoSec Job
Feeling like you’re stagnating in your current in-house job?
Often when you go in-house in infosec, you are tasked with a particular domain area and set of tasks, and will be expected to do those tasks for years. Over time, the lack of variety and new challenges can keep you from growing and the excitement that got you into infosec vanishes.
Infosec consulting at Protiviti can offer you many ways to level up:
- New challenges as you tackle problems or issues companies can’t or don’t want to solve themselves.
- Interesting and diverse projects, from pen testing to security strategy, that will keep your days moving quickly on engaging work.
- A view of infosec across different environments through projects across multiple companies and industries.
- A generous training budget to help you learn new areas of infosec and obtain new certifications.
Other key benefits vs. your current firm might include:
- Infosec == The Business. Do you feel like your firm views security as a necessary cost vs. a benefit? While security might be important to your company, it may never be as important as revenue-generating business units. Security might even be seen as a barrier to growth. At Protiviti, you are in the “plus” column, and will notice the difference.
- The Benjamins. Are you making as much as you want to be making? In your existing firm, your compensation may be limited as your value is harder to quantify. At Protiviti, your salary includes a fair base, and a very generous bonus that scales according to your performance. In addition, year-over-year raises are significantly higher than what you would receive in an in-house role, so you could be making significantly more in just a few years of consulting.
- Faster Leveling. Does your boss need to be promoted before you can advance? At Protiviti, your promotion is based on your achievements, and there is no artificial ceiling to growth. You don’t need to “pay your dues”, either. If you are performing above your level, years at Protiviti is not a limiting factor.
What We Look For
While each position has slightly different experience and skills required, there is one thing we look for that doesn’t change: a passion for information security and technology. Skills can be taught, experience gained, but we have found the underlying curiosity, drive, and long-term commitment to information security and technology is the most important factor contributing to an infosec professional’s success.
People show their deep interest in information security and technology in many ways, but here are some of the things we look for:
- You actively participate in the information security/IT community, whether on IRC, twitter, or at conferences.
- You’ve paid your way to infosec conferences that weren’t work-sponsored.
- Your interest in security/IT doesn’t stop when your work day is over; it is a hobby for you as well as a job.
- You’ve contributed to open source projects, whether security related or not.
- Your curiosity started early --- before you could work you built computers, reverse-engineered household appliances, wrote programs.
- You examined websites, programs, and devices for security flaws, even when you weren’t paid to (all legally, of course).
In short, we look for true hackers, in the non-media-sensationalized meaning of the word.
Protiviti has a number of levels, and position descriptions can vary depending on the group.
In general, though, open positions fall into these categories:
- Consultants, Senior Consultants, and Managers – There are two levels within the Consultant and Senior Consultant categories, for a total of five levels (including Managers). These positions are heavily involved in project execution, with the Managers having some oversight responsibilities (especially in the labs).
- Senior Managers and Associate Directors – These positions are still very involved in project execution for complex projects, and have a supervisory role in less complicated projects. There is a stronger emphasis on business development at these levels as well, and there is increased involvement in proposal and statement of work creation.
Positions beyond the above include Directors and Managing Directors, which have increased management and business development responsibilities.
Who You'll Work With
In internal surveys, most employees list types of work and career advancement as key reasons they joined, and the people as the top reason they are staying. Protiviti’s infosec practice tends to attract people that are smart without being arrogant, hard-working without sacrificing hobbies/families, and demanding of excellence without being unfair. As a result, from managers to top leadership, Protiviti’s infosec practice is a solid group of people to work with.
Our infosec practice is comprised of people from all types of career backgrounds, including:
- Networking and Systems Administration
- Software Development
- In-House Information Security
- Internal Audit
- Other Infosec Consulting Firms
- Security Software/Hardware Vendors
- The Big 4
- Defense Contractors
- Military Service
As a result of the various backgrounds on our InfoSec teams, when questions go out on our internal lists, or people need an SME in a particular area, it is rare that no one has an answer.