I am a final year student studying B Eng (Hons) Network Technology at Middlesex University, London. I would like to pursue a career in the field of network security. Although my course does touch the area of security it doesn't provide any hands-on experience of security products -- software like firewalls, IDS, etc. When I try to look for a job in the area, most (if not all) jobs require experience in the field. Is there anything I can do to get the experience? Any certification that would help?
To my knowledge there is no formal way to get experience on security tools other than on the job. You can build your own labs, spending heaps of money because security tools and the systems to operate them are costly. Also, these tools need good-sized bandwidth, which can be very expensive, for you to analyze the data. Security University classes promote hands-on security training with security tools and instructors that are security practitioners to provide an opportunity to touch, install, analyze and build security tools into a current network infrastructure, but SU cannot provide real-world experience either. There's "bring your laptop" class training as well -- those classes are limited to what your laptop can do. (They may be less costly and more available locally.) You'll get to install (instructor led) freeware security tools like Snort (IDS) and a few Linux firewalls and more. If you're really interested in information security, sift the Web for free tools to download and play in your mini lab.
Look for a "low-pay" security or network opportunity to gain experience. In return for low pay, ask them to provide training classes (in writing) with a certification for you. Do you have Microsoft's MSCE or Cisco's security certification CCNIE? Both certifications can be done in your town at local training facilities and look good on your resume. Whatever you do, be honest about your experience and tell your future boss you're classroom trained.
Yes, the "age old" need experience to get the job -- or the job you can get does not provide a security-related opportunity -- is hard. You need to be creative. Sell yourself! Find a security-minded company that you want to work for. Tell them you're willing to do what it takes to become an information-security professional. There are many excellent companies looking for the highly-motivated individual. Plan your information security career by the opportunity you can create for yourself.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Link: Infosec Training, Careers and Events
IT Career Expert Tip: Negotiating salary -- do you dare?
IT Career Expert Tip: Leveraging recruiters
Dig Deeper on Information security certifications, training and jobs
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.