Problem solve Get help with specific problems with your technologies, process and projects.

Getting your career in infrastructure security started

Security management expert Mike Rothman offers advice on how to move up or get involved in the infrastructure security job market.

I have six years of IT experience working with Microsoft servers. I am very interested in IT infrastructure security. Where should I start? I am a MCSA.
The foundation of knowledge that you have on Microsoft servers will be somewhat helpful as you start moving toward a security role. You do need a broader background in areas like network operations and desktop support. So you'll need to bone up on your networking skills and learn about defenses such as firewalls, VPNs and network intrusion prevention systems (NIPS).

You may already know a bit about these product categories via your work in the data center, but understanding the...

network attack vectors and, most importantly, the way to isolate and remediate exposures and attacks, is a bit different. There are really two ways to get this kind of understanding.

First, you can learn in the school of hard knocks. That means you basically ask for a transfer to your company's security team and start at the bottom. You'll likely be configuring firewalls and NIPS boxes, troubleshooting VPN issues, and maybe even looking over some log data to try to spot an attack and defend against it.

The other way is to go take some training courses. I suggest reading a lot (some of SearchSecurity.com's Security Schools can certainly help provide an understanding of the vernacular) and also look into formal training, like that offered by organizations such as SANS and Security University. These courses offer a good base in introductory topics, which will start your journey with the right foundation.

I also suggest specializing fairly early in your education. A base of knowledge is essential, but then focusing on something like data center or server security could be a good choice, given your background already. There are hot topics like virtualization security that will require specialized knowledge in the future, and you are well-positioned to serve that need.

Other areas of potential specialization could include SOA security or Web application security, depending on what those Microsoft servers you were managing are actually doing.

For more information:

This was last published in December 2007

Dig Deeper on Information security certifications, training and jobs

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.