I'm a student with some practical experience, and I'd like to become an information security expert. Where should I start?
Great question! Information security is a fantastic career choice. It's one of the hottest fields in information technology and shows great potential for future growth. I know quite a few infosec folks and have yet to come across anyone who has been unemployed for more than a few weeks.
There are two critical factors to landing your first job in information security: education and experience. On the education front, consider a technical degree program. Most security professionals come out of computer science and MIS programs. It's really important to have a solid, well-rounded IT background. Fields you should specifically explore in your studies include networking, databases and application development.
On the experience front, you're faced with the classic conundrum: you can't get experience without a job but you can't get a job without experience. My advice? Knock on doors until you can find some opportunity to get some hands-on security experience. Many large firms offer summer internship programs and seek out students interested in information security careers. What about finding a part-time job with the information security department at your college? They're often in need of extra help. Alternatively, you might be able to find volunteer opportunities to help local nonprofits in securing their systems. Any of these would make great resume fodder.
Good luck with your search!
- The SearchSecurity editorial team (aka The Security Squad) recently discussed how the poor economy will affect security pros.
- Get more sharp career advice from SearchSecurity.com's Information Security Careers, Training and Certifications Resource Center.
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Mike Chapple
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading