Friday, April 27, 2012

How to Get a Cyber Security or Information Assurance Job

So, you've decided you want to start working in the security field?

Where do you start?

First, develop a plan and some career goals.  Do you want to just be a tech all your life, or do you want to eventually become a manager?  What interests you?  Do you want to know how to protect networks and computers, or do you want to analyze malware and perform penetration testing?

There are many paths available to you.  This is a brief guide on what to do and how to get the job you want.

NOTE: This is a repost of my original post at Caffeine Security.

Realize that Rome wasn't built in a day, and that your "dream job" isn't going to happen overnight.

Computer security is truly a thankless job.  You will constantly be harassed and insulted by non-security folks for making their lives more difficult.  After all, no one would ever guess that their password is their middle name, right? Why are you making them include numbers AND special characters? Do you know how hard that is to remember?

If you haven't been scared away yet, let's look at how to get started.

Get a Degree

It really helps to have a college degree.  But it doesn't have to be in Information Assurance or Cyber Security!  Other degrees which are useful:
  • Computer Science
  • Computer Engineering
  • Information Technology
  • (insert other wide-spectrum computer degree here)
You can start with just an Associates degree, or go for your Bachelors.  A Bachelors degree will qualify you for more jobs and earn higher pay, but will cost more time and money.  Note that you *can* substitute experience for a degree in some cases, but unfortunately this is rather difficult to do unless you're already well established within your field (and you wouldn't need to be reading this guide anyway).

Get a Haircut, and Get a Real Job

Now it's time to get a tech job.  For starters, this doesn't have to be security related, because technically all tech jobs are security related.  For example, I started off as a software tester.  One of the functions of my job, besides making sure the software worked, was to make sure the software was secure.

However, be warned that the job you get may help to define your entire career path.  A few examples:

  • System Administrator, Software Tester, or IT Help Desk most likely career path will transition to security compliance and analysis technical staff and management
  • Web Developer, Software Developer, or Database Developer most likely career path will transition to malware analysis technical staff and management
  • Any of the above positions could possibly transition to penetration testing or computer forensics technical staff and management
It's not impossible to change career paths mid-steam, but it's not going to be easy.

Here are some relevant resume and interview tips.

Get Certified!

It's very important to become certified in your field of expertise if you want to advance your career.  Some positions, especially Government contracting positions, will require certifications within 6 months of obtaining the position.  If you're interested in the specific requirements for Government contracting, take a look at the DoD 8570.01-M Information Assurance Workforce Improvement Program.

Security+ Certification

A good starter is the CompTIA Security+ certification.  This certification shows employers that you have a basic understanding of important security concepts.  The 90 minute exam is designed to be taken by someone with two years basic computing and networking experience.  But don't be fooled, it can be tricky.  Here are two study guides which can help:

If your networking skills are a little lacking, this guide may also help:

Cisco CCNP Certification

If networking is one of your stronger skills, you should also consider obtaining a Cisco Certified Network Professional certification.  This certification shows employers that you have in-depth knowledge for configuring and maintaining network equipment such as switches and routers.

Here is a Cisco CCNP Practice Exam to help you out:

CISSP Certification

The CISSP certification is considered the "best" certification for Cyber Security or Information Assurance professionals to obtain.  This difficult exam is best described as "a mile wide and an inch deep", covering a broad range of topics without becoming too technical.  While this certification is aimed at management types, it's definitely useful for techs as well.

Once again, here is a practice exam for your use:


Conclusion

I hope this quick guide has been useful. If you have any pointers or questions, please feel free to add comments below!

No comments:

Post a Comment