This is part 1 of a 2 part article on choosing an Information Security career. The second installment can be read here.
At one point early in our lives we were asked; “What do you intend to do when you grow up”. I remember so well that almost everyone in my Grade 2 class wanted to be a medical doctor. However, life being so dynamic we all ended up following different career lines. I do not remember at any point along the way people or career advisers talking to me or others about a career in information/computer security. Maybe that’s the reason why security is not part of the curriculum for computer science studies (At degree or Diploma level) …..If it’s ever mentioned, it’s always just in passing. Times have changed and the need for security professionals is increasing each day as the threat landscape and security risk keep changing at a faster pace.
Like any career, there is always an entry point which can either be from a network, software, operations, or architecture security. Formulating your career plan is the cornerstone of a successful career, what it is you really want to do (baseline) and achieve (goal), determining intermediate milestones, planning in reverse and what educational courses/certifications you would want to do.
It has been proven that those with a career plan are more likely to have increased job satisfaction. So before going anywhere, always know that effective information security career planning has a measurable impact on your success. Like any successful engagement, career planning should be based on a solid methodology that will provide you with the best chance of achieving success.
Where do I start?
First, it doesn’t matter whether you are a programmer, systems admin/analyst, network engineer etc. The initial step is to plan and then to get the appropriate skills. Knowledge combined with practical hands on experience is a necessity for infosec professionals….There are no short cuts. Though a base qualification in Computer studies is required (Diploma or Degree), anyone can have a great security career. The best info sec professionals I have met in my time do not have a diploma or degree in computer sciences; they are trained engineers, mathematicians, physicists etc.
So no limits, just start by taking either an entry level certification. These will give you a basic level understanding of the area of your speciality. Examples include A+, Security+, CCNA, MCTS, and Linux+. Once you amass sufficient work experience and knowledge then one can endeavour to get more specialised vendor or vendor neutral certifications. I will highlight a few examples, without following any order:
Some Vendor Certifications: Cisco, Checkpoint, F5, Juniper, Microsoft, Red Hat, Symantec, Nortel, Sun (Now Oracle), IBM etc…
Some Vendor Neutral Certifications: Certified Information Systems Security Professional, Sherwood Applied Business Security Architecture, Certified Information Security Manager, Certified Information Systems Auditor, Security Certified Program, Certified Ethical Hacker, Global Information Assurance Certification, Project Management Professional, Federal IT Security Professional, Qualified Security Assessor, Certified in the Governance of Enterprise IT …..Omg the list is endless.
Share
Home
4 comments
its good to practise security, since nowadays things are changing almost on daily basis.
i agree with techzim…..Move around with a linux box and i can guarantee you that all the email,ftp servers in zim have a username root wen accessesd via SSH or http and cisco routers are usually set to admin …..and see how u can narrow down to just cracking the pasword which myt be the name of the netwek engineer’s wife/girlfrend….
Yes servers of the Unix flavor all have username root, but saying that they are all accessible via ssh and http tells me you are very new to infosec and pen testing. Example, I run a FreeBSD Unix server at home for mail, proxy and as a VoIP PBX and it DOES NOT allow ssh to the root account by default. This means every time you need to make a system wide change remotely you need to run Sudo with permissions that have been previously set.. And as for cracking passwords, that is under the assumption that the admin has left unlimited auth retries. Building a secure Network is hard and hacking it is even harder. The way you make it sounds so easy has me thinking you must have just gotten hold of a fresh copy of BackTrack and are in awe of all the tools available with not a clue on how to use them!