Henry Dalziel | Information Security Careers | February 6, 2014
You are reading this because you are clearly interested in a career in information security, and for that you should congratulate yourself.
Security within the IT industry, and this is without dispute, remains huge and is going to increase over the next decade. Concise Courses had the honor of being at SC Congress in Chicago where we heard, first-hand, from our friend and security expert Richard Stiennon that the IT security sector is expected to grow 16-fold over this coming decade! We challenge you to suggest a bigger sector that offers such growth! If you can, then please drop a comment below!
However, although there is massive demand for information security professionals, there is actually a shortage of qualified and experienced individuals to fill the available and much needed roles. That might seem odd especially because there are plenty of people working in IT but in reality there are actually not that many ‘truly’ experienced professionals that can show genuine understanding of all the different types of threats and how to defend (and remediate) against them. Whilst CEO’s can literally get anyway with possessing solid management and leadership skills, the CISO or CSO is wholly dependent on having empirical IT security skills and knowledge – my point is, that there is no BS when you are a CISO or CSO.
Here’s the great news: security professional’s salaries are often much higher than those in other IT sectors, but if you are just starting out in this space, how do you get started? How do you break into security?
Education and training: a must for those wanting to start their career in IT Security
For those starting their careers and trying to get into the IT security space the task can seem quite daunting and we get a lot of enquiries from candidates through our live chat or just by email asking whether studying for a certification is beneficial. We are clearly biased because we do offer various training programs, (and we are not at all ashamed to say that!) but we are of the opinion that yes – absolutely, certification and indeed all courses and training programs are a good thing. How can anyone have a bad word against an individual wanting to better themselves?
Here’s the rub: you must constantly learn new skills in IT Security. Period. The days of just learning one skill and ‘doing it well’ left us a long time ago. The advanced persistent threats that we face are exponential and the war against cyber criminals is not only relentless but it is one that is becoming ever more creative and cyber criminals are smart people, never underestimate just how smart they are.
However, in terms of starting your career in security and breaking in to the industry we suggest that you study CompTIA’s Security+ We recommend this course because CompTIA is a highly respected (neutral) vendor and the certification will demonstrate your aptitude in being able to understand important security concepts whilst being able to firm up your organization’s security posture. Our self-study course is unbelievably affordable, you can see the course features here.
(Just as a side note and to tie-in a couple of the points above, i.e. learning new skills and the benefits of obtaining an IT security certification – once you have a designation from an organization such as CompTIA you must renew your membership and certification by pursuing ‘Continuing Education’ (also referred to as Continuing Professional Education). The good news on that front is that Concise Courses offers plenty of free continuing education courses, and that, is another great reason to place your faith in us when it comes to security training!
Another hot tip to break into IT Security: start a part-time consultancy gig!
Seriously, this is a hot tip and one we have told to dozens of students that are struggling to get their first IT security job. For example, say that you work in an admin/ help desk support role but you have a strong interest and desire to work in security. You need experience right? Well, why not help and volunteer to firm up the security of your friends or family friends businesses? No one needs to know that they are ‘friends’ rather – let future employers believe that you touted yourself (and your consultancy) as the ‘local IT security authority’.
So, rather than give a long list of items to check off – we have kept this discussion simple. If you are completely new to security and are keen to break into the sector then our advice is twofold: firstly, get a certification to satisfy HR departments and hiring mangers, and secondly, get the necessary experience by offering to firm up local businesses networks and systems (no one needs to know that you did it for free!).
Let us know your thoughts, we’d be especially grateful to any veterans out there that might be able to share with us how they got their first break in security.