Editor’s note: ISACA Now recently moderated a conversation among a trio of millennials to discuss topics including professional development, networking, certification and how their generation differs from others when it comes to career priorities and workplace dynamics. The first portion of the conversation can be read here. The following is the second installment of the two-part conversation – edited for length and clarity – between Ashley Spangler, CISA, CISM, CRISC, SunTrust Banks, Inc., AVP Information Security; Leigh Ann Montgomery, CISA, Solutions Architect, and Mick Gomm, CISA, GWEB, PMP, Sr. Information Security Engineer and Board Member, ISACA Utah Chapter.
ISACA Now: Are there any perceptions or stigmas of millennials in the workforce that you think are unfair?
AS: I don’t think I’ve had anything in a negative light, but it’s almost like I can see the difference of how some other individuals who might be a peer to me are treated if they have certifications versus individuals who don’t have certifications. And it’s not necessarily negative, but I think it is solidifying the value that you’re bringing to the table. I think Mick used the word ‘clout.’ I had an instance where I had a manager who I think technically is a Gen Xer but a borderline Baby Boomer in age, and when we were having a 1-on-1 conversation about my career and my next promotion, the question was ‘Well, you’ve only been in your role about a year and a half or two years, why don’t you just stay in that role longer and really get to know what you’re doing?’ I don’t mean this in a bragging way, but I think there’s still some old-school thought that you have to put a certain amount of years into a job to master that position, or the monotonous day-to-day that you do in that position should be acceptable. I think one thing that I’ve experienced is there’s a little bit of a struggle when you challenge that generation’s way of thinking.
MG: I’ve definitely had that experience, too. One stigma is that millennials are impatient – we want to get to that next step, whatever that is, if it’s on a technical or management track. That’s because I think we have a better understanding of technology in general, especially in this space, and there’s a belief that we’re maybe a bit impatient about our career progression.
LAM: I think within the [Dallas-Ft. Worth] area, our local chapter has really great penetration into universities and colleges, and really makes a point to get out there and even go through different classes on manners and etiquette over the business table and stuff like that. We’ve learned how to do business in the business world but also how to impart our own values in ways that we think as millennials onto whatever topic that we’re covering. And I think that’s been really interesting to know how to embrace those challenges and not necessarily have to change your ways to match a previous generation. It’s just like Ashley said, we like to go about things at kind of a quicker pace, and I think lots of research has shown we want to change careers even a few times, whereas before that might not have been the natural pace of what people normally do. I think it’s neat to fit into the work environment that is already established and to try to make our mark on it as well.
ISACA Now: What are some other types of professional development opportunities that are important to you?
AS: Being a part of two different [ISACA chapter] boards of directors, I think it’s so interesting. I mean, I network all the time, and it’s not necessarily looking for that next person who might help me get another job. I’m more interested in everyone’s journey and how they get to where they are because there’s truly not a one-way path. Everyone’s path is different, which is intriguing to me and provides me insight on how I can potentially maneuver through my career personally. I think I take a passion in that because I really fell into information security. Both of my degrees are in accounting and information systems, and I had actually applied for a financial auditor position, but I was the fourth person in line, and they were only hiring three people, so they liked that I had an information systems degree, and they were like ‘Hey, why don’t you come join our team?’ I was like ‘I don’t know anything about what you’re doing.’ So, similar to what Leigh Ann had mentioned, I know the Nashville chapter, we had six local universities, and I was a part of building that ISACA local chapter academic program, and I made it a point when I would present to those universities to explain that it’s not just about being a developer or a programmer or a help-desk analyst. I tried to broaden their horizons on the different career options we have in our industry because truthfully curriculum is not up to speed to explain all of these different avenues and facets of our industry. I felt like even when I was in school, and that was only six years ago, there were only a few options, and the reality is that is not true. I mean, who knew about information security architect positions. I didn’t learn about that in college.
LAM: To tack onto that thought, it’s amazing being part of that ISACA community and seeing all the different career types – even just through CISA, all of the different ways people can use it. I think that’s probably why I was drawn to that CISA in the first place over the CISM or any of the others – you could really see security professionals, audit professionals, governance and risk and compliance professionals, a whole bunch of different facets with ultimately the same baseline. I think that’s why the networking events that we do, the college events, are really important, because you get to see all the different ways it can be used in all of these different areas. It’s really neat.
ISACA Now: There’s a notion out there that young people are especially resistant to the idea of the rat race, showing up at an office day in and day out. Obviously you all are committed, serious professionals, but how do you feel about incorporating your career into your overall lifestyles?
MG: At least for me in information security, I think the work-life balance is fantastic. I get a ton of autonomy of how I balance my workload and where I do it and everything. I’ll tell you, Leigh Ann, I actually grew up in the [Dallas-Ft. Worth] area, my parents live in Mansfield, so I am headed home in a couple weeks, and my company actually has an office in Arlington. I’m just going to work there for about a month while I’m down there, so I can avoid taking a lot of PTO by getting work done remotely. It’s an increasing trend that you’re able to work from home or another site. That’s something I try to tell people who are trying to get into information security or are wondering about career planning and work-life balance.
LAM: I actually work from home 100 percent of the time other than the travel expectations. It’s really great, I think, given that the work-life separation is the threshold of my office door. I know that like many millennials I really throw myself at work. I probably spend more time than necessary, but I know my company definitely backs me up and gives me a lot of options and time off. I feel like we’re really flexible where I work, and I really appreciate that. It really helps me get my work done in a comfortable way.
AS: It also depends on your industry. Working in consulting, they really had to sell you on what their version of work-life balance is. We had a lot of fun. We had a lot of parties and big events, and we got to travel to some really cool places. There are a lot of benefits they really had to tack on above and beyond what you probably get at a typical 8 to 5 kind of organization or industry, like financial services. So, I think it’s a difference in the roles that I’ve been in, and in consulting it was ‘We’re not here to count your eyeballs,’ you can work from wherever you want, just give us quality deliverables, which being fresh out of college, that was very nice. I really took a lot of pride in having that opportunity because I knew a lot of people I went to college don’t get to work from home, so I really appreciated if I had a doctor’s appointment at 9 a.m., I would just work an extra hour in the evening or make it up on the weekend. In the role that I’m in currently, we get certain days of the week that we can work remotely, so it’s not as free as the last job that I had but we still have freedom to work remotely. Kind of like what Leigh Ann and Mick said, it’s nice to be able to have those options so you can plan for things that don’t necessarily fit in an 8 to 5 time slot.
ISACA Now: Anything else that any of you would like to add?
LAM: I’ve probably said it a million times, but I’m very serious about it, is getting young people involved in local ISACA chapters. It’s important. I think all three of us probably benefited from that experience. It’s a neat way to give back to a larger organization that helped you get certified, helped you to network to find jobs and meet other individuals that you might lean on for one-off conversations or one-off problems in your normal day-to-day work. Beyond the certification, it’s really a community that we’ve all gained together.
[ISACA Now Blog]