Establishing a Career Path in Information Security
Question: I have completed my degree in IT. I want to pursue a career in information security. Which path should I follow? I have done Java. Should I go for the Cisco Certified Network Associate (CCNA) or directly for a Certified Ethical Hacker (CEH) course? Is there any other better option?
Information security is a specialized area of IT, and even within that there are different areas to concentrate on.
You’ve stated that you’ve done your degree in IT. I’m assuming that this is general IT and that you have no real-world IT experience. You mentioned Java, so you have some programming experience. But you also mentioned the CCNA (networking) and the CEH (one of the certs that “white hackers” would gain). Both of these certs and your degree can assist with the areas within the specialization, but these alone will not get you very far. Unless you are one of the lucky ones to either get straight in through a graduate training program or apprenticeship, you’re going to have to work your way in.
I’ll break it down into different points:
Expand your knowledge. Don’t just do your job to the letter of your contract, wishing to move on up to bigger and better things. Show initiative. Ask to shadow someone from the IT security department, ask if you can take on more responsibility, volunteer, etc. Practice, practice, practice. Set up a home lab and practice what you learned at work.
Certify and qualify. Certify at your level and with what you do. When you first get into IT, work toward the CompTIA Security+. Forget about the higher-level security certs like the Certified Information Systems Security Professional (CISSP) for now until you actually work in the information security field. If you don’t work with Cisco kit, don’t go for the CCNA. You’ll only have to renew your certification in three years’ time before you actually touch the equipment, let alone configure it. In some countries and jobs, you do not need a degree for IT, but in others a degree is desirable or even essential. So don’t go for unnecessary qualifications.
Network. No, I’m not talking about a LAN or a WAN, but people. You can network with people via professional associations, clubs, and college alumni groups or even online via Facebook or LinkedIn. You never know when you’ll make a connection who will assist you in furthering your career.
Gain credentials. Slightly different from professional certificates and academic qualifications, I’m talking about professional registrations — different from being a member of a professional body — like the Information and Communications Technology Technician (ICTTech), Incorporated Engineer (IEng), Chartered Engineers (CEng), Certified Information Technology Professional (CITP), etc. These types of credentials can’t be brain dumped, so it shows that you meet a certain level of qualification.
Keep yourself clean and clear. Depending on the job, position, company and country, the organization that you apply to can pull up some or all of your history — including criminal, credit and banking.