Sometime ago I posted a question on LinkedIn and an article here about the benefits of being graduated in Infosec. The topic generated almost a hundred replies, and the discussion quickly changed to “How to start an Information Security Career?”
After a bit of researching on the topic and talks to successful professionals, I was able to put together some interesting facts:
In a 2009 ranking of the 50 best jobs in America, the information technology sector accounted for 17 slots. Of these, information security jobs enjoyed some of the highest job growth, seeing a 27% increase in jobs over the past ten years, which should not be surprising since security threats and consequently stricter regulations are emerging all the time, all over the world. An information security career basically involves protecting one of the most valuable assets of a company or organization: Its information. The threats are countless: from malware to hackers, and unhappy employees to natural disasters. The career requires fine skills and can be very lucrative, with the top IT security professionals able to command big paychecks.
One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan.
Fortunately, there are alternative ways you can start your information security career:
- One is to establish your credentials in a related information technology career before applying for information security jobs. For example, you can begin as a network administrator, gaining experience in how to secure networks as well as how they can be penetrated, before moving on to become an information security engineer. That’s exactly how I started my career around 14 years ago.
- You can also begin actively networking by joining a local chapter of a computer security association such as the Information Systems Security Association and by participating in activities such as forums and conferences. Many of these organizations also promote study groups to help members earn their security certification. This will bring up another dilemma frequently discussed among Infosec Professionals: Will a certificate grant me a job? My personal answer to that one is no, but the trick I learnt was: If you absorb the information studied to achieve the certification rather than just memorizing it for the test, you get a head start when pursuing the first Information Security job and demonstrates that you’re a self-learner and proactive professional, two qualities very appreciated by organizations nowadays.
- Another way to begin an information security career is to start your own security consulting firm. This is the route many former self taught hackers/crackers have taken after they’ve established that they have the skill set to do computer security. Even being convicted of a crime is not a bar (sometimes it even boosts your career
) to getting an information security job , since many of those who have served jail time have successfully gone straight and rehabilitated themselves, going on to become successful security consultants. Free-lance IT security professionals, in particular, should expect to see job growth, since many companies are trimming down their IT costs by outsourcing their computer security needs.
Once you’ve established that you have the qualifications for an information security career, you can begin looking for positions online (My Infosec Job is here for you! 
). In my case, being an Information Security Professional with experience plus certifications opened some doors abroad, and that’s definitely achievable if you plan. If you don’t want to relocate, you may be able to find jobs locally by networking through your contacts in the security association that you have joined.
I would appreciate to hear your comments and experiences in the topic!
Good luck!
Adriano Dias Leite
PS: Although using the words “Information Security”, the same rules apply when searching for IT Security, Compliance and Risk Management jobs.
[...] article is also useful if you’re considering to start your Information Security career or looking for some career [...]
[...] article is also useful if youâre considering to start your Information Security career or looking for some career [...]
[...] article is also useful if you’re considering to start your Information Security career or looking for some career [...]
[...] article is also useful if youâre considering to start your Information Security career or looking for some career [...]
[...] article is also useful if youâre considering to start your Information Security career or looking for some career [...]
[...] article is also useful if you’re considering to start your Information Security career or looking for some career [...]
[...] article is also useful if youâre considering to start your Information Security career or looking for some career [...]
[...] article is also useful if you’re considering to start your Information Security career or looking for some career [...]
[...] article is also useful if you’re considering to start your Information Security career or looking for some career [...]
[...] article is also useful if you’re considering to start your Information Security career or looking for some career [...]
[...] article is also useful if youâre considering to start your Information Security career or looking for some career [...]
[...] article is also useful if youâre considering to start your Information Security career or looking for some career [...]
[...] article is also useful if you’re considering to start your Information Security career or looking for some career [...]
HI
I have done ccna,ceh,rhce certifications and i find it very difficult to get in to information security side like penetration tester or as an ethical hacker.I also have around 2 yrs of technical support experience in virus and spyware support. can anyone guide or help me to find jobs in penetration testing …..
pls help…
thanks in advance
[...] (regardless whether you are a senior professional going for your first managerial role or just starting your Infosec career), and my plan is to update it on a regular basis with further questions I’ll be asked and also [...]
[...] article is also useful if you’re considering to start your Information Security career or looking for some career [...]
[...] article is also useful if youâ??re considering to start your Information Security career or looking for some career [...]
Many are the post i have read but this is a piece i could imagine my self been talked to,Good piece,keep the good work going.God bless
[...] postsThe 10 Coolest Information Security CareersHow to Start Your Information Security Career?7 Things Every Security Professional Should KnowInformation Security Career Tips by a Guru: [...]
[...] article is also useful if youâre considering to start your Information Security career or looking for some career [...]
[...] the bits or bytes, or the controls required by a given framework by heart. Being successful in your Information Security career requires you to have a deep understanding of the business needs (and how to enable, not disrupt [...]
I have become a fan of your posts now. Personally, I have taken up a job as a Pre-sales executive with a leading IT Security company in India and was thinking whether I have made the right decision as I have a non-technical background ( B.Com ) and MBA ( HR and Marketing, but I came across one of your articles and all the doubts in my mind have settled forever. Also it helped me realize the different aspects of my job and what my employer would be expecting from me.
Thanks for all the help.
Regards,
Mukesh Sharma
[...] article is also useful if you’re considering to start your Information Security career or looking for some career [...]
[...] the rest here: How to Start Your Information Security Career — My Information … Share and [...]
[...] How to Start Your Information Security Career — My Information … Share and [...]
I have seen some crappy posts but this one really impresses me. Good work!
Social comments and analytics for this post…
This post was mentioned on Twitter by MyInfosecJob: How to Start Your Information Security Career http://bit.ly/a9UXaL...
Excellent article Adriano. You’re really doing a great job with this site. It’s becoming more interesting every day.
Regards,