Jobs within IT security are hot at the moment and recently a number of people asked me what it takes to move to a role within this sector. For some people, IT security is a world of hackers and data leakage. For others, it’s a vital part of any organisation. So, what can you do to improve your skillset in this area?
Have a solid background in IT networking
IT networking and security is a bit of a chicken and egg, which comes first? Should you build the network first and then secure it, or should you have an IT security plan in place before a single cable is laid? Either way, you must have a good understanding of networks in general.
Anyone planning a career in IT security should be well prepared for interview questions which are aimed at network engineering candidates. Network engineers should be able to draw out a network diagram; IT security professionals need to be able to do this and describe how it could be secured.
If you don’t have access to switches and firewalls, there are a number of ways you can build your own network at home. Make use of technologies like virtual desktops and free network simulation applications like GNS3. If you can get access to a cheap PC with two network cards, you can easily install your own firewall for test purposes.
Be familiar with IT security qualifications and standards
You don’t need to be working in IT security to get a qualification in it. There are many programs out there to choose from. The CISSP qualification is one of the most recognized at the moment. Whatever one you choose, make sure the training covers:
- Access control systems
- Applications and systems development
- Business continuity planning
- Cryptography
- Law, investigation and ethics
- Operations security
- Physical security
- Security architectures
- Security management practices
- Telecommunications, network and Internet security
A lot of security roles come about because of compliance needs. This can include standards like PCI DSS and HIPAA. While there are no formal qualifications for a lot of these standards, you can still find a lot of documentation out there to help get you started.
Know what to do when things go wrong
Another key attribute of anyone involved with IT security is the ability to correctly deal with situations as they arise. No matter what systems and controls are in place, incidents will happen. This could be anything from a lost BYOD device to a major breach at the network perimeter. You should be familiar with incident response plans and what tools you need to keep a network secure.
Participate in the IT security community
For the most part, folks that work in IT security are a friendly bunch and there are a number of ways you can interact with them. Try searching for blog articles or discussions on social networking sites like Twitter and LinkedIn.
Watch out for network or IT security trade shows in your area. These can be great events for meeting people and learning about new technologies.
Do you work in IT security? If so what tips would you give someone looking to move to this sector? Comments welcome.