Five Tips for Winning a Job in IT Security
If you are serious about attaining a job in IT security, then you should go after it knowing that you are preparing for a career, not simply a job. The career mindset forces candidates to consider a broad range of critical issues, rather than look for a quick fix.
In today’s job market, employers look closest at candidates who offer a well-rounded package of traits and accomplishments for security positions. This package includes aptitude, education, certification, experience, professional affiliations, references and integrity. Here are five tips for preparing a foundation of qualifications that will help you become the right person to help an organization achieve its IT security objectives.
Build the Fundamentals
Most IT security professionals share a set of fundamental traits, aptitudes, skills and experience. The first tip for winning that job in security is to build your capabilities in these fundamental areas. Without question, success in IT security depends on mastering networking concepts. Therefore, do your utmost to be able to demonstrate to employers that you have network training, certification and experience. Capitalize on your background in order to maximize job opportunities.
Those who are successful in IT security are also critical thinkers—problem-solvers who have strong analytical skills. Security professionals excel at written and verbal communications, and have strong basic math skills. Become familiar with business management concepts. Effective security professionals are able to make the business case for investments in security technology, training and certification.
Above all, security professionals are trustworthy and ethical. You can’t wear honesty on your sleeve, but you can earn the trust of the colleagues and supervisors who might later write your references.
Learn About the Principal Certifications
IT security has a long history as a specialized niche. Professional and business organizations have developed respected vendor-neutral certifications that focus on validating a professional’s mastery of the practice of IT security. These certifications can target a specialty, such as auditing, as well as general practices. As demand for security technology has increased, hardware and software providers have developed certifications specific to their product lines. It is vitally important to determine who these vendor-neutral and vendor-specific certifications are aimed at, and how they can aid a professional at various stages of a career. This will help narrow the list of certifications that are right for you.
Insert Yourself in the Profession
Begin following developments within prominent security professional organizations. This effort will help you get familiar with current issues and the vocabulary of security. Start with the Information Systems Security Association (www.issa.org) and the Information Systems Audit and Control Association (www.isaca.org). Become a member of one or more associations.
A number of respected print and electronic sources cover security. Find several that interest you and become a regular reader. Strike up acquaintances with security professionals. Not only will these veterans help you develop a deeper sense of the practice of IT security, but you will also build an early job-identification network that can serve as an insider’s guide to opportunities.
Evaluate the Security Environment
Use networking, research and informational interviews to determine, in general terms, what employers are looking for in your local area. Are these prospective employers standardized on one or two product lines, or are they multi-vendor operations? Which certifications keep cropping up in conversations and why? What types of education and experience are mentioned most frequently? Where is the biggest need in terms of senior versus junior staff? Would security be a subset of a job function? Based on the local environment, fill in any holes that you identify in your education, training, certification and experience.
Tell a Compelling Story
It is incumbent on the professional to package his or her security capabilities into a compelling story told through cover letters, resume, references, professional affiliations and concise communication during interviews. This is where verbal and written skills, as well as insights into the security profession, can really pay off. Employers aim to hire the best person for the job. Your preparation for a career in security requires you to be that person, but it is up to you to communicate that in a convincing way.
Kris Madura managed the development of the CompTIA Security+ certification. For more information, visit www.comptia.org.