EXPERT RESPONSE
One of the requirements of a CISSP certification is to have four years of practical experience as a full-time security professional, so it'll be a while before you are eligible to get the certification.
In the meantime, I think you should concentrate on the fundamentals of computer systems design, programming and other foundational aspects of modern IT. If you don't understand how applications are built, how Web sites are deployed and how networks operate, it will be very hard for you to learn how to protect them. Many younger folks want to jump into the cool aspects of network and systems protection without first having fully understood the fundamentals of computer science. And without more specifics on the IT program you completed, I can't comment on its value.
In terms of majors, anything related to computer science and/or engineering will give you the background you need to study information security. I studied operations research and industrial engineering in college, and although that isn't exactly applicable to information security now, it gave me enough fundamentals to be able to learn what I needed to know.
You also may want to consider interning or getting a part-time job with the IT department at your school. Secondary education networks are perhaps one of the hardest to secure due to the open nature of academic research and the fact that it's politically incorrect to tell students they can't do things. So if you cut your teeth in that kind of environment, you'll be well prepared for what the "real" world has to offer and you'll get that CISSP certificate before you know it.
For more information:
In this SearchSecurity.com Q&A, discover which security certifications, such as CISSP and CISA, comply with specific objectives.
Contributor Peter H. Gregory explains how CISSP training can help information security practitioners succeed in compliance related situations.
|
