How to Start Your Information Security Career?

Sometime ago I posted a question on LinkedIn and an article here about the benefits of being graduated in Infosec. The topic generated almost a hundred replies, and the discussion quickly changed to “How to start an Information Security Career?”

After a bit of researching on the topic and talks to successful professionals, I was able to put together some interesting facts:

In a 2009 ranking of the 50 best jobs in America, the information technology sector accounted for 17 slots. Of these, information security jobs enjoyed some of the highest job growth, seeing a 27% increase in jobs over the past ten years, which should not be surprising since security threats and consequently stricter regulations are emerging all the time, all over the world. An information security career basically involves protecting one of the most valuable assets of a company or organization: Its information. The threats are countless: from malware to hackers, and unhappy employees to natural disasters. The career requires fine skills and can be very lucrative, with the top IT security professionals able to command big paychecks.

One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan.

Fortunately, there are alternative ways you can start your information security career:

  • One is to establish your credentials in a related information technology career before applying for information security jobs. For example, you can begin as a network administrator, gaining experience in how to secure networks as well as how they can be penetrated, before moving on to become an information security engineer. That’s exactly how I started my career around 14 years ago.
  • You can also begin actively networking by joining a local chapter of a computer security association such as the Information Systems Security Association and by participating in activities such as forums and conferences. Many of these organizations also promote study groups to help members earn their security certification. This will bring up another dilemma frequently discussed among Infosec Professionals: Will a certificate grant me a job? My personal answer to that one is no, but the trick I learnt was:  If you absorb the information studied to achieve the certification rather than just memorizing it for the test,  you get a head start when pursuing the first Information Security job and demonstrates that you’re a self-learner and proactive professional, two qualities very appreciated by organizations nowadays.
  • Another way to begin an information security career is to start your own security consulting firm. This is the route many former self taught hackers/crackers have taken after they’ve established that they have the skill set to do computer security. Even being convicted of a crime is not a bar (sometimes it even boosts your career ;-) ) to getting an information security job , since many of those who have served jail time have successfully gone straight and rehabilitated themselves, going on to become successful security consultants. Free-lance IT security professionals, in particular, should expect to see job growth, since many companies are trimming down their IT costs by outsourcing their computer security needs.

Once you’ve established that you have the qualifications for an information security career, you can begin looking for positions online (My Infosec Job is here for you! :) ). In my case, being an Information Security Professional with experience plus certifications opened some doors abroad, and that’s definitely achievable if you plan. If you don’t want to relocate, you may be able to find jobs locally by networking through your contacts in the security association that you have joined.

I would appreciate to hear your comments and experiences in the topic!

Good luck!

Adriano Dias Leite

PS: Although using the words “Information Security”, the same rules apply when searching for IT Security, Compliance and Risk Management jobs.

Spread the word:
  • Digg
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Add to favorites
  • LinkedIn
  • MSN Reporter
  • MySpace
  • NewsVine
  • StumbleUpon
  • Technorati
  • Yahoo! Bookmarks

28 comments to How to Start Your Information Security Career?

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>