Motorola’s Security Organization tells of Success
If you want to work for Motorola Inc., you have to know about more than the latest in cell phone technology. With more than 68,000 employees to support, and products and services in categories such as audio, cable broadband networks, voice and data networking to name just a few, the global communications leader requires that prospective IT candidates be able to integrate a combination of legacy technologies, back-end databases, network environmental components as well as new elements such as Web-based services, service-oriented architectures and mobility elements in a way that achieves the expected performance or requirements as defined by the business, and that’s not all.
You need technical expertise, knowledge about other areas of IT as well as business acumen in order to fulfill the purpose of Motorola’s IT department, which is to deliver solutions that meet the company’s business requirements. To do that on time and on budget, employees must meet or exceed customer expectations. This puts a premium on the development of both project and program management skills, and it brings what are often considered soft skills into prominent position for IT professionals looking to sign on and existing employees looking to move up, said William C. Boni, CISM, corporate vice president and corporate information security officer, Motorola.
Motorola’s IT job roles and responsibilities run the spectrum of job families including network operations, systems administration, architecture strategy, database environments and new technologies such as Web-based and mobility elements. Security has become a key part of the organization’s ability to manage its various other IT environments, and Boni is responsible for the company’s overall program to protect critical digital proprietary information, intellectual property and trade secrets.
If you want to get a job in security but don’t have a security background, start in another department. Motorola often recruits from within to take advantage of foundational skills in one or more technologies such as 802.11 Wireless expertise, database or systems administration or network operations. “Within the security organization that I lead, typically most of our staff have been recruited from within Motorola’s IT and engineering organizations,” Boni said. “We take that foundational skill set, and we add tailored training and certifications that map to specific functional job requirements within this security organization. So they may, for example, go after a certified disaster recovery certification if that’s going to be their role within the security team. Or they may obtain certification in forensics if they’re going to be supporting our investigative and legal support team. The idea is to tailor the training to fill out the gaps in what the person brought to us from their prior experience with the specific knowledge that will make them most effective within the role they’ll occupy in the security organization.”
Motorola values experience. The company often selects IT candidates with a variety of backgrounds and skill sets who are at different points in their careers, and then trains them on particular elements of policy and process, effectively laying the new information on top of their existing knowledge. “I’ve got some folks who had 20 years of experience before they came into the security organization,” Boni said. “They were designing mobile data terminals within one of the business units for police and law enforcement operations, so they had a vast amount of engineering knowledge and experience and varied technical and engineering backgrounds that they had access to. In other cases, you’ll have a person who perhaps was a systems administrator who had an understanding of a particular platform, Windows or UNIX, Solaris and so forth. In that case, it’s a multi-track of policy issues, process training as well as additional technology training. Maybe it’s understanding specific anti-virus mechanisms that we utilize or intrusion detection or prevention, firewall technology. It’s tailored by individuals, but in the broad range of the kinds of skills that a security disaster or privacy practitioner would require to be successful making a contribution to Motorola.”
Training also is customized for Motorola’s non-security IT professionals. “It’s a pretty dynamic world we’re living in, so even those that have a great deal of expertise in foundation technologies, they have to go back to school to get up to speed on Web services and how that impacts their ability to design and deliver new solutions to the business,” Boni said. “All of us are having to skill up and increase our understanding of mobility and networking. Motorola’s solutions for our customers require us to be knowledgeable about what we have to support as we develop those capabilities for internal use as well.”
Boni said that on-the-job training is another part of the Motorola learning toolkit, one that managers use to round out or add capabilities to their teams. “Certainly in our security organization, a significant amount of the real skill comes from doing the work almost in an apprenticeship-like mode working under leaders that have a decade or more of knowledge and experience in the security, disaster or privacy field. (IT professionals) have a chance to work within projects and assignments that will give them a chance to learn and transform that knowledge and therefore make them more effective in their primary role.”
For those who wish to pursue learning and development opportunities outside the programs the company offers, Motorola will subsidize employee learning as well as certification costs, provided the certifications are within an approved security program. Someone pursuing a certification or training outside their job responsibilities wouldn’t be approved. But typically at the managerial discretion of the directors, core certifications such as CISSP, CISA and CISM are compensated and reimbursed. This holds true for other areas of IT as well. “Within the networking organization and the user-support areas and so forth, having access to people that have been trained and certified is beneficial and therefore encouraged,” Boni said.
Motorola has developed a set of career tracks or job families that its IT professionals can pursue, and these are periodically updated as the company drives toward greater commonality. This commonality offers the organization greater leverage and standardization, and it gives employees a clear sense of their options at any point in their career. “They can move up a particular track such as staff specialist to subject-matter expert, or an architect could move into the managerial families at some point in your career if you enjoy leveraging your background by working through people as opposed to being a hands-on practitioner yourself,” Boni said.
Although Motorola values both education and background and looks for the right balance of technical skill, experience and training, certifications can tip the scales in a prospective candidate’s favor. “I put the certification in the mode of being an indication of continuing attention or continued commitment to the career field or area of expertise,” Boni said. “If someone has 10 years of experience in various IT related roles, they started off with an undergraduate degree in business administration, MIS kind of experience but then systems administration, database administration and in the course of that managed to acquire a certification in network security like Security+ and now they’re applying for a security role on my team, obviously I take that as an indication that they have background and they have interest and aptitude. We give that favorable consideration compared to someone that has a limited amount of experience focused in a functional area, no additional certifications or experience that’s relevant to our specific job needs.