In a few weeks I will be attending The Chubb Institute in Jersey City, N.J. for a course of study in Network Security. I'm basically a few signatures away from attending this IT school. Even though I am getting mixed reviews about Chubb, I really try my best to focus on what my needs are.
My questions to you are as follows: What should I look for in regards to
network security? Are companies hiring freshly graduated students from these
IT schools or are the hiring individuals with experience in the field? How can I prepare myself to land a job in network security or gain the experience needed to advance?
As somebody who has written numerous textbooks for Course Technology (for whom Chubb was a long-time customer) I had the chance to visit some of their facilities and talk to some students about three years ago. Although the institution is geared toward "quick production" of technical staff, its programs do offer good information, decently equipped labs, and usually also include good instructors. Hopefully, this means your own experience will be both postivie and educational.
When it comes to picking network security training vendors, the time-honored methods include trolling message groups to look for spontaneous comments and reviews, talking to recent participants/graduates from such programs to learn more about their experiences (preferably from the same classes you'll be attending, same instructors, etc.), and asking for a money-back guarantee if you start the training and find it's not to your liking or doesn't meet your needs.
As to hiring of freshy graduated students, indeed you can find some cases where these things happen, but seldom do such graduates start work full-time in information security (unless they have prior work experience and knowledge in that field). Most such people start in help desk, tech support, or junior/entry-level IT jobs as network technicians, junior system or network administrators, and so forth. But with security part of all such jobs nowadays, your training should stand you in good stead.
As to preparing yourself to get a job in network security, once you land your first position you should do everything you can to learn and practice security on the job, join a professional infosec organization like ISSA, volunteer your services to charities or schools that need security help and do everything you can to up your experience level and learning in this area. I'd also urge you to consider getting Security+ certified, and then moving into the SANS GIAC cert program, or working toward the CISSP credential www.isc2.org.
Over time, you should be able to slowly, but surely work yourself into a
full-time information security position.
This was first published in September 2004