First, start researching well before your expected date of departure from your current position – as much as 24 to 36 months before. You need this time to learn everything you can about business. A significant shortfall many leaders experience when moving from the public to the private sector is not having a clear understanding of the cultural and organizational dynamics of the environment in which they hope to succeed.
A good way to start is to join security organizations, such as:
• ASIS International (formerly American Society for Industrial Security)
• ACFE (Association of Certified Fraud Examiners)
• ISC2 (International Information System Security Certification Consortium)
You can also get involved with the Security Executive Council as a community member or a Tier 1 leader. The SEC Web site and newsletters provide access to a library of security-specific resources and thought leadership that can help you learn.
You can enhance your business acumen by becoming professionally certified with credentials like a CPP (Certified Protection Professional), CFE (Certified Fraud Examiner) or CISSP (Certified Information Systems Security Professional). This is what I refer to as the academic side of a security career. It’s similar to going through a good law enforcement academy. It teaches the foundations as a starting platform for the growth that will happen on the job.
Before you branch out, you also want to find a security mentor with proven skills and operational know-how that have been honed in the business world. Finding this person, or persons, is the equivalent of having a great FTO (field training officer), supervisor and experienced "rabbi" all rolled into one.
Regarding your question about what to look out for when interviewing: Watch out for miscommunication. Security works differently in every company, and businesses don’t always know how or to what extent to describe their expectations. It’s up to you to ask for clarity. For instance, don’t just assume you know what a “security manager” does in the organization you’re considering. Ask: What does managing the security function look like and what are the business’ expectations?
Most organizations will say they want leadership; don't take that at face value. Have them give you examples of what they visualize as security leadership. Dig behind their questions and their answers to get a better sense of the direction they foresee for security across their enterprise.
To cross the business world threshold without significant preparation is akin to beginning a journey to places unknown. Decide what kind of position you are seeking, and find meaningful support before you begin to think about interviewing for opportunities.
Answer provided by J. David, Quilter, Security Executive Council Faculty Emeritus.
Editor’s Note: For an excerpt of Mr. Quilter’s book on this topic, click here.