Wednesday, January 15, 2014

Finding work as an IT Security Specialist

Image credit:  Photobucket
IT Security is a great career.  IT Security practitioners spend their day in a variety of areas that can range from performing penetration tests, configuring or managing security equipment (such as firewalls) to responding to cyber threats.  Nearly every industry needs security professionals to protect their infrastructure.  How does someone interested in the profession break into the field? I talked to a few friends and did some research on the internet to see how people have gotten their foot in the door:

Every person I talked to recommended that you start with a college degree.  Many colleges and universities offer college degrees in Cybersecurity.  This won't guarantee that you will get your dream job in IT Security after graduation... but it might.  A few schools that offer Cybersecurity programs include:   Bellevue University offers both a bachelor and masters (classroom and online) and the  University of Maryland University College (UMUC) offers a bachelor and masters (classroom and online).  The National Security Agency (NSA) and DHS have teamed up to promote security by naming academic institutions that meet curriculum standards.  Institutions that meet the standards (including Bellevue and UMUC's program) comply with the NSS and DHS standards. Check to see if the academic institution you're interested in utilizing is recognized as being part of the National Centers of Academic Excellence.

Read a book!  There are numerous books available that will expose you to information.  A few recommendations include:
The Web Application Hacker’s Handbook
Social Engineering:  The Art of Human Hacking  
CISSP (Shon Harris)

Download software and learn how to use it on your home network.  The Nessus scanner is a free tool you can download and run on your home network to learn about penetration testing.  Kali Linux is an operating system available at no cost to learn how to perform penetration testing.  The website provides a link to documentation and forums to learn how to use the tool.

Attend a conference.  SANS is an organization that offers training and seminars for individuals with a variety of levels of experience.   SANS offers some resources at no cost.

Attend a security conference.  Conferences are held all over the world and provide information and access to professionals and companies that might hire you.  Here is a link focusing on Cybersecurity conferences in the United States.

Get certified!  The CISSP certification is the gold standard in IT Security.  Check out ISC(2)'s website.  You will find information on the kinds of information you need to know, take a practice test and learn about the requirements to get certified.  ISC(2) has an Associate of ISC(2) program for individuals that do not have the experience required for the CISSP.   

No comments:

Post a Comment