Sometime ago I posted a question on LinkedIn and an article here about the benefits of being graduated in Infosec. The topic generated almost a hundred replies, and the discussion quickly changed to “How to start an Information Security Career?”
In a 2009 ranking of the 50 best jobs in America, the information technology sector accounted for 17 slots. Of these, information security jobs enjoyed some of the highest job growth, seeing a 27% increase in jobs over the past ten years, which should not be surprising since security threats and consequently stricter regulations are emerging all the time, all over the world. An information security career basically involves protecting one of the most valuable assets of a company or organization: Its information. The threats are countless: from malware to hackers, and unhappy employees to natural disasters. The career requires fine skills and can be very lucrative, with the top IT security professionals able to command big paychecks.
One good thing about an information security career is that the barriers to entry are fairly low, since the skills can be self-taught. However, while a formal degree in computer science is not an absolute necessity, having one may prove to be a major factor in a firm’s decision to hire you. Many potential employers will also ask you for a professional certification in information systems security. But nowadays, the main obstacle to get into the Security field is experience. To be considered for any Information Security Job most companies will want several years of experience (around five is preferred). This might sound a bit like the chicken and the egg problem: how to have experience if you can’t get the job, and vice versa? As I said before, you just need to plan.
Fortunately, there are alternative ways you can start your information security career:
- One is to establish your credentials in a related information technology career before applying for information security jobs. For example, you can begin as a network administrator, gaining experience in how to secure networks as well as how they can be penetrated, before moving on to become an information security engineer. That’s exactly how I started my career around 14 years ago.