在你职业生涯的早期,你并不总是有导师. And few folks starting out in a new field have a cadre of mentors who can provide critical career advice. (忠告: Develop a cadre of mentors!)
全球ISACA澳门赌场官方下载拥有丰富的知识和职业智慧. I tapped into that gold mine for this column. I reached out to the global ISACA community via LinkedIn and asked them to share their hard-won career advice to help early-career professionals succeed.
What an outpouring of emails and conversations! Analyzing the input, 10 major themes emerged. This article is organized by these themes, 用名言和故事来说明集体智慧.
What follows is a treasure trove of priceless career advice – for early-career professionals, 对于所有人! 这件作品是ISACA澳门赌场官方下载慷慨的巨大见证. Many, many thanks to all of you who contributed.
以下是10个主题:
- Career essential: Communication skills and soft skills (Mentioned again and again!)
- “One of the most important aspects of any cybersecurity career is the ability to explain technical concepts in a non-technical way. 学会在网络安全风险和商业价值之间进行转换.” - 经理,网络安全
- “学会说话. Carrying conversations in both the virtual and in-person world can lead to successes in the battlefields of audit, IT, 和网络. Things get solved in this world not in your intro meeting or the closing sessions or walkthroughs. It happens in the one-off conversations directly with someone when you have follow-up questions. 取下缩放背景,展示一些你是谁的见解.” - 网络安全主管
- “Bottomline upfront: Know your audience. And If you are speaking to an executive, 不要让你提供的信息过于繁琐.” - Manager, Cyber Risk and Compliance
- “Learn how to disagree with people so they don’t come back wanting to put a target on your forehead. 给人不讨人喜欢的印象会很快毁掉澳门赌场官方下载. 你的目标是说服他们接受支持你立场的事实. Make sure your facts are 100 percent accurate!” - IT风险高级经理
- “Everyone hired has the skill set and knowledge to do the job but what separates people are the soft skills. Learn to read non-verbals; develop a sense of humor; time and stress management; and hone your ability to speak and write clearly. You may have the best ideas but if you're unable to communicate effectively, it's essentially wasted.” - GRC高级经理
- Deepen your business and cultural knowledge
- “Work to understand the business. This will help with understanding business processes that are not always that visible and not easy to learn quickly. 然后, when you are working on a specific audit, your understanding of the details of the business will help you craft the right audit questions.”
- Global Head of 它的审计 - “Recognize your auditees and internal clients as being SMEs and don’t be afraid to follow up with questions. 征求反馈意见,尤其是在有争议的审计期间. Put yourself in their shoes. Build relationships early and maintain them. 如果你有一段关系,就更容易得到你需要的信息.” - Manager, IT Compliance and Risk Management
- “Cultural contexts are important. 问问题的时候要考虑文化背景. For example, ‘Are you responsible for X?“负责任的概念各不相同, 而你如何询问并获得理解可能需要不同的方法, depending on the country and culture.” - IT审计总监
- “在你站在被审核方面前之前,做好审核准备. 准备工作至关重要. 这表明你关心并与客户建立了信任. Use both external and internal resources. 谷歌一下这个话题. Get a basic foundational knowledge. 使用ISACA网站. Within the organization, ask about prior engagements that have involved the area. 利用公司内部网调查你计划审核的领域.” - Senior Manager, Internal 它的审计
- Get comfortable with gray
“IT审计、IT风险、网络安全并非非黑即白. There are a lot of gray areas. Understand that and put it in proper context. How do you learn to understand the gray areas? 向他人学习. Sit in meetings with senior auditors and learn how they negotiate risk and compliance. Take in all the lessons and observations. 看到和理解灰色的能力来自经验.” - Senior Director, IT audit
“I see feedback as a way to add value quickly. 在早期, someone told me that documenting my project and performance review conversations with my management was how you can take some control of your narrative.
我是这样做的. The first step is to send an email to your manager documenting the conversation. Ask if you have understood everything correctly. This gives your manager a chance to comment. Next, plan a second meeting 3-6 months out. 问问自己,我过得怎么样? Is there anything I need to change? 如果你在某方面做得不好,你可以制定一个改进计划.
“At the end of your project, 记录结果, 你学到了什么?, training and development ideas, 以及你想参与的项目类型的建议, and send that to your manager for review. With all this documented, neither you nor your manager are starting in on the review process from scratch, and you have a bit more control over the feedback because you have helped guide the process.” - 经理,网络安全
- 用不同的经验、专业知识和认证来建立澳门赌场官方下载
- “尝试在多个网络安全领域积累经验. Choose one or two and get advanced experience. After you decide on the one you like, look for projects and connect with people in that area. 在这一点上,你可以获得硕士学位或开始你的认证之路. Do not specialize too early in your career.” - Manager, Information 治理
- “大多数公认的证书都需要工作经验和考试, but there are others with fewer requirements. Get the ones that you have experience with as soon as possible because they will boost your career, 宣传你的名字, 并帮助你在学习时更好地理解概念.” - IT GRC经理
- “在开始澳门赌场官方下载时,要对各种机会和项目持开放态度, 一定要考虑到这些经历的长期好处. 你可能会得到一些听起来不那么令人兴奋的经历, but they will give you high visibility, 学习新技能, or look good on your resume. I started in consulting and accepted a few projects with big companies that everyone knows and it still helps me today when I am interviewing.” - Senior Manager, Cyber Security
- “Don't be afraid of a lateral move. 我从IT审计经理变成了网络安全经理. 有些人认为我已经安于现状,而另一些人则看到了潜力. We all want to move upward in our careers. 然而, 有时候,这些横向调动可以让你积累证书, get back to IT/cyber basics, and grow overall in your career potential.” - 网络安全主管
- “Stay current with happenings in your company and business unit, industry and your function. 这将有助于你在快节奏的商业环境中保持相关性. Belonging to professional organizations such as ISACA is a great way to help keep abreast.” - 全球审计 & 服从领导
- “找一位导师. It’s critical to have an advocate on your side. Do this by identifying someone who shares your passion or your developmental goals (e.g.(为了提高你的演讲技巧,找一个好的演讲者). Build a relationship with them first. 然后 ask if they would be open to mentoring you.” - Senior Manager, Information Security
- “每次我有机会做一个新项目,我都会欣然接受. There were some scary moments. 当我从私营部门的第一份工作跳槽到四大时,我感到很害怕. I had done a little bit of UAT testing, but that is not the same as an IT audit. You take the leap, not always with confidence! 我们最大的卖点之一就是我们所做的一切, we are going to be confident in, but often we succeed because we are scared.” - Senior Compliance Specialist
- “The early-career professionals who don’t do as well are those that are passive – the ones who sit and wait for you to tell them what to do. 如果你想学习、成长并脱颖而出,你必须付出努力. 例如, if you are put on an IT audit that is going to do vulnerability scans of Unix servers, and you haven’t done that before, 去找一门课程, 培训课程. 不要等待你的审计主管或经理把信息交给你.” - Global IT审计总监
- “I have often had early-career folks say to me, ‘I did everything you asked me to do, why didn’t I get a 5-star review?“问题是, 照我们说的做, 不带任何额外的东西也不能给你赢得5星的评价.” - Director, Internal Audit
尽早讨论你的职业抱负和目标. I made the mistake of not doing this, 虽然我的经历很充实, 在晋升和加薪方面并不好. It is important to have those candid discussions with leadership and your immediate manager. 将你的目标纳入你的绩效和个人发展计划. Make sure your goals are clear and measurable. And, have regular touchpoints for assessment.” - Senior Manager, Financial and 它的审计
- “技术无处不在, so it is important to network and build strong relationships across various cross-functional teams such as Development, Operations and 澳门赌场官方下载 Architecture. Be engaged in their activities. For example, attend lunch & learn sessions and awareness conferences.” - Integrated Audit Senior Manager
- “让自己走出去. Interact with different stakeholders. That’s one of the key advantages you get from being in IT audit 和网络security, 对领导的可见度——尤其是作为审计师. 要乐于利用这些机会和关系. One way I did that was to schedule a follow-up meeting to thank them for providing insights. 建立关系. 在路上, I might reach out to that leader, and let them know that I was interested in a specific area that was in their wheelhouse. Could we have a short meeting to discuss this? 我想听听他们的建议. 但是你绝对不想让人觉得你在利用这个人.” - 资讯科技审计总监
- “永远记住,你永远代表着你的公司, whether during work hours or during off hours. Hold yourself to a high standard. Your company has a Code of Ethics; read it so you can always uphold expected standards of conduct what dealing with everyone – other employees, 客户, 供应商.” - Senior Finance/Audit/服从领导
- “What hill do you want to die on? There were times when I was asked to do some unethical stuff, and that was a hill to die on. 其他人则不然,回想起来,我意识到自己反抗得太多了. Know what your values are!” - IT合规主管
“很多刚开始工作的人都试图延长工作时间, 承担更多的工作, 对任何要求说“是”, not take all the allowed vacation, 把更多的时间花在办公室而不是其他事情上. 从长远来看,这些为了在工作中表现出色而做出的牺牲并不重要. I guarantee you that a raise 3 percent higher than your peers early in your career won’t matter long term if your personal health and happiness are impacted.” - Senior 经理,网络安全
来自IT审计、IT风险和网络安全领导者的最后一些精华
- Mistakes (generally) are not career-ending. 你活着就是在学习——不要因错误而气馁.
- The best auditors are not necessarily the ones who are the most technical but the ones who read the crowd.
- 任何超出你舒适区的事情都意味着你在成长. 接受不适.
- Working hard is not good enough. You are in charge of your own career. Promote yourself and your accomplishments.
- 你的话就是你的契约.
A closing thought: This piece was just the tip of the iceberg in terms of the excellent career advice that is available in the ISACA community – a community that is ready to share and to help others, particularly early-career professionals. Your local chapter is a fantastic place to ask for technical help and input on your career. 你也可以参加ISACA的在线讨论. 最后, ISACA events and conferences offer excellent opportunities to meet fellow professionals in settings that foster comfortable networking and sharing. 都在那里. 是大胆的. 大胆尝试吧. 这是值得的!