| Topic Name: |
Starting out in IT Security |
| Message Name: |
IT Industry |
| Date Posted: |
08/05/2002 |
| In Reply To: |
Before you take the plunge into information security, here are a couple of things to consider (this coming from someone who has been in the security field for 15+ years):
- it is a great place to make an entrance into IT. Few other career paths are in as short supply as security.
- consider the entrance costs. Security is not something that employers will generally train you to learn on the job. Get a CISSP, or a specialized skill in firewell, VPN, routing, O/S, etc. security prior to asking an employer for more depth and breadth training. Since their assets are on the line, you will not really be given a chance for much OJT.
- Security pays very well, once you have established yourself as competent. Even security adminstrators may earn significantly more than their counterparts in the same IT shop.
- Consider the downstream limitations of security. If security is what you know, then the pyramid for really choice jobs gets sharp. Very sharp. The top 50 or so security officers in the country make good coin. The top 1,000 or so CIO's in the country make good coin. At some point, you will have to decide if the security life is sufficient for your needs and lifestyle. If so, great. If not, then you need a transition strategy to the operational side of the house. This is not an easy transition, but feasible none the less.
Wish you well. |
| Message: |
SecurityDude hits some things right on the head. Security does pay well, and if you're remotely good, you can find a decent job. However, I have one dissention, and a couple of other thoughts as well.
I don't know that someone can realistically enter into IT in security. I don't care how bright you are, if you've never actually *done* it, I don't know that I want you protecting my network. Not that you can't do it, but without any IT experience it will be tough (in my opinion) to get a security gig, even if you have managed to pass something like CISSP (which, by the way, is a good security cert to have).
For people with no formal IT experience, find a job in IT. Somewhere. Anywhere. Doing anything IT. Two reasons: One, you get IT experience. (It's a lot easier to convince someone you know what you're doing when you have exp. and certs as opposed to just certs). Two, the things you DO need to learn for proper security management will be a lot easier to grasp if you're in the field, dealing with the terminology and technology on a daily basis.
In terms of other certs... Microsoft MCSE's are abundant in a lot of areas. This glut has backed off some, since W2k tests are more difficult than NT ones were. Still, the MCSE says that you know some decent networking concepts. Cisco certs are always good, and a UNIX cert, like Sun's SCSA/SCNA are good to have too.
I guess my point is, security is a good field, and it's good information to know. But it's also not beginner stuff, and you need a good base of computer/networking knowledge to build from.
I wish you luck. I have been in IT nearly ten years, and it's a good field. Lots of opportunity if you know where to look, and an endless stream of things to learn if you want to learn them. If you like a challenge, IT is where it's at.
|
|
