Mastering Security to Build Your Career
It is clear that information system security technology has advanced far faster than the number of people who are knowledgeable to apply it. The need for men and women skilled in information system security is opening new career opportunities. Employers are seeking professionals who can minimize loss, financial risk and liability caused by security breach and human error surrounding security procedures.
If this were the late 1990s, the boom times for IT employment, I might counsel you to research the hottest security certifications and earn them. I’d make that recommendation with a high degree of certainty that there would be numerous job offers waiting. I’m not making the “hot certifications” recommendation today.
Certifications are extremely important in all areas of IT and will remain so. Employers are demanding more today, however, and they are getting it. They are looking for well-rounded professionals who are certified and educated and who have appropriate experience.
Not only has the hiring environment changed since the boom times, but also our sense of security about our jobs. Layoffs due to downsizing can come abruptly at any moment. Jobs in IT may not be sure things or entirely stable over the long haul. It seems that we are increasingly being asked to fall back on our own resources and take greater charge of our careers and livelihood.
The changed realities of the job market were driven home during 2001 and 2002 as Capella University developed an information security specialization for its Master of Science in Information Technology degree (www.capella.edu/infosec). As team members talked with security subject-matter experts, security organizations and employers representing many different industries, a picture emerged of what a person needs to do to master information system security and build a long-term career in IT.
The Three Pillars of Success
Employers today want employees and consultants to offer proof of their mastery of security knowledge, so certification is the first of the three pillars needed to build a successful long-term career. They will also want to know that the security expert can effectively communicate, has knowledge of the social sciences, understands business processes and has been taught the fundamentals of project management. Therefore, the second career pillar is education—earning an associate’s, bachelor’s or master’s degree. And third, employers look for workplace accomplishments to ensure that the applicant functions effectively as a member of a technical team and has workplace skills that lead to results. The third career pillar is relevant experience verified by credible references. No one starts out with all three foundations. Instead, look at these career pillars as achievable long-term goals designed to be the building blocks of your career.
Understanding operating system, network and Internet theory and practice is essential for a career in information system security. To gain this knowledge, research the following introductory certifications: Certiport’s Internet and Computing Core Certification (IC3) and CompTIA A+, Network+ and i-Net+. For the next step up—foundation-level certifications—research and evaluate CompTIA Server+, Cisco Certified Network Associate (CCNA) and Professional (CCNP), Microsoft Certified Systems Administrator (MCSA) and Engineer (MCSE) and Certified Novell Associate (CNA) and Engineer (CNE). If you are interested in Linux, research the CompTIA Linux+, the Linux Professional Institute’s (LPI’s) Level 1 and 2 certifications and the challenging offerings from Red Hat. Earn a combination of these certifications and you will have laid a foundation for what will come later in security.
If you have two or more years of experience in network administration, consider the CompTIA Security+ certification for the technical basics and a preparation for earning advanced security certifications. Today these include, among others, (ISC)2’s Systems Security Certified Practitioner (SSCP), the Cisco Certified Security Professional (CCSP) and the Check Point Certified Security Administrator (CCSA) and Expert (CCSE).
Ultimately, you will want to earn the (ISC)2 Certified Information Systems Security Practitioner (CISSP) certification, which is considered by the industry to be the keystone security certificate for security managers.
In his Certification Magazine article, “Certification, Salaries and the IT Market” (December 2002), Gary Gabelhouse writes, “All those things considered, the vendor whose certificants are paid the most is (ISC)2. The average (ISC)2 certificant brings home a hefty $83,333 each year.”
A growing number of educational institutions will accept certifications for academic credit when combined with professional experience. This follows the realization that the training and academic communities complement one another and that it is in the learner’s best interest for these communities to cooperate. Many educational institutions will also, with appropriate confirmation, award credit for life experience and continuing education courses.
If you already have an associate’s degree or certifications or have earned some college credits, you may be closer to a bachelor’s degree than you think. If you have a bachelor’s degree and certification, for example a CISSP, a master’s degree in IT may be as close as 12 months away.
What courses should you take to build the education pillar of a career in security? First of all, you should consider strengthening your written and verbal communication skills by taking classes in writing, literature and speech. For security, you should also focus on courses in business, law, ethics, basic math and the social sciences, including psychology and sociology. Courses in these areas will help prepare you for a wide scope of career responsibilities.
A successful career in information system security means moving up in the organization and working with management at all levels. You will also be working with peers from other departments and disciplines. If you set your sights on being a consultant, you will work with clients who demand more than technical confidence. Written and verbal communication skills and a comprehensive educational experience are going to help ensure you are comfortable, confident and successful in all of these interactions.
Furthermore, as a specialist in security, you will need to understand the psychology of attackers and hackers as well as the motivators required to change people’s perceptions of security. You will need to understand business processes and how IT supports these processes in terms of improving both productivity and security. You will be asked to remain current on federal and state regulations for information confidentiality. There are ethical issues surrounding security that you must not only be aware of, but also factor into your work. You will be responsible for planning and implementing projects.
Look for a community college or university that will provide a technical background in networking and IT security. Courses that prepare you for certification exams are a plus because you can build both the education and the certification pillars of a security career at the same time.
Based on Capella University research, if you already have a bachelor’s degree and have foundation-level networking experience, you should take these courses for more advanced work in security:
- Enterprise system and application development
- Project management for technology professionals
- System development theory and practice
- System usability analysis and design
- Enterprise application testing
- Enterprise system security
- Legal considerations in information technology
- Ethical considerations in techn