Career Advice Tuesday – “Graduating To The InfoSec Workforce”
October 26, 2010
Dear Lee and Mike,
Hello, I recently graduated with a M.S. degree in Security Management/Information Security. My major interest and research in grad school was in Insider Threat Countermeasures. I am in a non IT position (security administration- regulatory compliance) with my current organization and would like to make a career change to Information Security.
It would please me greatly if I may someday possess the minimum qualifications in the field of Information Security in order to use a recruiting firm such as yours. My graduate course work was broad and covered literally every aspect of Information Security. Additionally, I recently completed a SANS Institute training course/conference and am now studying to take the GSEC certification exam. Consequently, I feel that I need to also concentrate on learning a specific technical skill.
Am I on the right track? If so, can you please recommend which technical skill set/sets organizations are actively seeking and where can someone go to get this training?
Dear Recent Grad:
First let us say that you are definitely on the right track and you are thinking correctly. You have made a conscious decision to gain advanced education in information security and are progressing towards the achievement of a well respected industry certification. All of the above items will enable you to create an external brand of “information security professional.” This is a very good start.
You do bring up the fact that you are lacking in experience and are trying to determine the best way to supplement your educational background with practical knowledge. Have no fear, you are like many others who are attempting to address this career issue – and although there are no “magic bullets” to solve your problem – we can offer the following suggestions.
1) Finish Your Certification - There are many organizations that will hire you based exclusively on the achievement of a technical certification. Although, many of these firms are just looking to “repackage” your skills to fill a contracted need – an opportunity to work for a year or two in this type of environment can provide you with the technical experience that you are searching for.
2) Apply for positions with the government – It is pretty well documented that there exists a big need for “Cyber Security” professionals in the government. The credentials that you have developed and the commitment that you have demonstrated should make you an ideal candidate for an entry level position. If you take this route, continue to take advantage of all fo the technical training that they will give to you, and further develop your skills.
3) Explore professional consulting – Many of the Big 4 or large systems integrators have needs for information security professionals. Granted you may not have the technical experience, but you may possess some skills that other information security professionals do not have – resulting from your advanced education (which these organizations value). You may be able to leverage some of your non-technical skills, to find projects and opportunities that will enable you to be exposed to more technical work, and more technical co-workers.
Whatever you decide, it is important to remain flexible. This may mean that you will have to relocate (on your own), travel, or accept less money. Keep the larger picture in focus, and understand that your first position should serve as a springboard to your future.
Hope that this helps you and others in the same situation.
Lee and Mike