 |
|
| Information Security Tips: |
|
|
|
INFORMATION SECURITY CAREER ADVISOR
An information security career: What does it take?
K K Mookhey
01.13.2010
Rating: --- (out of 5)
The field of information security is exciting, challenging and very
dynamic. For a young IT professional it offers a wide array of
opportunities to grow. In this article, I'll try to explore some of the
avenues that an aspirant can consider, as well as the background skills
and training required to excel in this field.
For a fresher
Like in any other field, your challenges are greater as a fresher, when
it comes to an information security career. But the beauty of
information security is that it offers you numerous options to conduct
independent research. If you can demonstrate to a potential employer
that you have done some original research, scripted tools or utilities,
write a blog on the subject, or have done freelance projects, your
chances of landing a job dramatically increase.
As an employer, I receive dozens of resumes every day, and what makes
the special ones stand out is the spark of passion and self-motivation
that is evident from the work a person has done, even though he may not
have received any remuneration for it. For example, I hired a guy
simply because he demonstrated immense passion for the field and listed
solving the Rubik's Cube as one of his hobbies.
For someone starting out in this field, it is advisable to keep your
mind open, and not restrict yourself to any specific domain. But as you
go ahead, you can either become a generalist information security
expert, or specialize in the following:
1. Computer forensics – Learn forensic investigation tools and
techniques to investigate cyber crimes and financial crimes.
2. IT security auditor – Focus on auditing capabilities. As part
of this, you must explore platforms like mainframes, SAP, and core
banking platforms as your areas of expertise.
3. Application security specialist – Specialize in areas like
secure coding, security testing tools and techniques, secure design of
web applications, and threat modeling.
4. Compliance specialist – Focus on helping organizations comply
to standards and regulations such as ISO 27001, PCI DSS, HIPAA, FDA and
Sarbanes-Oxley.
5. Security solutions architect – Specialize in secure network
architecture, security solutions procurement and deployment, and
hardening of infrastructure.
6. Security trainer – Focus on spreading knowledge about
information security, and create awareness at all levels.
7. Cyber law expert – Combine knowledge of the Indian IT Act
2008 with IT knowledge and forensics know-how.
Information security careers for mid-level IT professionals
A mid-level IT professional such as a systems administrator or network
administrator who wants to make the jump into information security can
do so by getting himself properly trained or certified. Typical job
opportunities exist as security administrators, security auditors, and
even as security consultants.
Certifications and training sessions that an IT professional may go in
for can be either the CISA
(Certified Information Systems Auditor) or the CISSP (Certified Information Systems Security
Professional). In case you
don't meet the requirements for either of these certifications, you can
go in for training that covers subjects such as ISO 27001, business
continuity, and ethical hacking. Your target should be either the role
of a Chief Information Security Officer (CISO) or a senior security
consultant.
Senior professionals and information security careers
The information security industry offers career opportunities for all
levels of professionals. As an experienced IT professional, you could
look at acquiring a bunch of certifications such as the CISA or the
CISSP along with PMP (Project Management Professional) and ABCP/CBCP
(Business Continuity Planning). Your past experience and knowledge in
IT can help you get a quick launch into the role of a CISO or a senior
security consultant.
This also brings me to the point where I'd like to discuss some of the
skills or traits I like to see in security professionals. So in
addition to strong communication skills and analytical abilities, the
following are key success criteria:
1. High level of passion - Security changes on an almost daily
basis – there are new tools, attack vectors, and vulnerabilities being
discovered almost hourly. A security professional can remain ahead of
the game only by constantly updating himself, and this requires a high
amount of passion for the field.
|
|
|
|
|
A security professional should not only be well-versed with a wide range of technologies, but also be reasonably acquainted with the basics of psychology, economics, finance, and physical security.
|
|
|
|
|
|
|
|
|
|
2. Creativity - Be it a penetration test or developing an
automated way to carry out a particular activity, a high level of
creativity is a must in every aspect of a security professional's job.
Thinking out of the box is an almost daily activity for a security
professional.
3. A never-say-die attitude - Security issues are typically
complex, and often there are no easy solutions. Quite often, the
situations are also very high-pressure – the client's been hacked, or
someone inside leaked out critical internal data, or systems have to be
hardened before going live. A seasoned security professional knows that
there is a solution on the other side of every problem. And he is
willing to do what it takes to be as resourceful in finding the right
solution.
4. Grasp of a wide range of subjects - Security is not just
about policies and procedures or buffer overflows or SQL injection.
Most security issues stem from, and can be resolved, by human
intervention. A security professional should not only be well-versed
with a wide range of technologies, but should also be reasonably
acquainted with the basics of psychology, economics, finance, and
physical security.
About the author: K K Mookhey is the founder and principal consultant of NII Consulting, which provides services in IT audits, risk management, compliance and computer forensics.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.IN.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
|
|
|
| TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of . |
|
| |
All Rights Reserved, , TechTarget |
|
|
|
|
|
