Of course I don't mean stupid chances with major risks for minor possible gains, like jumping over canyons in a motorcycle, mouthing off to the gang of bikers at the bar, or voting for <insert personal least favorite political candidate here>.

But, don't be afraid to take any risks at all. Even in the security business, they don't try to eliminate it all, just reduce it to an acceptable level. Life without any risks at all, is so dull and constrained as to be not worth living. As I've said many times before, the freedom to succeed is meaningless without the freedom to fail.

So, what risks have I taken recently?

I mentioned last time (more than a month ago, sorry!) that I was being laid off. (BTW, the "four weeks" was ultimately nine.) I interviewed with a small defense contractor, who ultimately said they wanted to make me an offer. As I was in the midst of talks with Google, I told them that I didn't want to give anyone else a firm yes or no, until I had one from Google. This incurred the risk that Google would take so long to say no, that the contractor would have filled the spot with someone else.

(By that time, MITRE had already said no, at least for the Lead Infosec Engineer slot a friend had put me in for. The door is still open for more appropriate slots in software engineering. Unisys and BAH have been "on again, off again".)

As it turns out, Google did indeed say no. (After five rounds of interviews, including flying me out to California!) And, I had heard shortly before then, that the contractor had indeed filled the spot.

So, I took a risk, and lost. Would I do it again? Heck yeah! Don't get me wrong, the offer the contractor would have made, would not have been something to turn down lightly. But a shot at working for Google, even more so.

Meanwhile, there are often things you can do to mitigate a risk. For instance, you can buy insurance. (Okay, technically, that's what the security business calls transferring a risk rather than mitigating it, but let's not get picky.)

So how did I mitigate this risk? I kept the search going throughout the whole ordeal. How's that working out? I just heard from Google on Wednesday. Meanwhile, several additional companies are interested in me. For those interested in the details, they include ComScore, General Dynamics, AOL, and ThinkGeek (which is very close to home). Also, some friends of mine are putting in my resume at Microsoft (despite my mainly Mac and Linux leanings), and my cousin is putting it in at Apple.

So, it's going to work out okay one way or another. Who knows, the next offer might even be better than the little contractor... though it will be hard to measure up to Google.

Your turn! What risks have you taken lately, that you think most people would have been afraid to take? How did you mitigate, transfer, or otherwise deal with the risk? How did it turn out?

Hi Dave,

I discovered this link through CapM and have been browsing for a while. How is your job situation now? Also, why won't you take CISSP?

Good luck,

Victoria