Careers in information security can be hard to break into. Employers want to see you have experience, but to get experience, you need a job. You need to know how to get into information security in a way that actually works and makes you employable, knowledgeable and the best person for the position.
What is Information Security?
Information security, also known as cyber security, applies to safeguarding confidential, digital information while ensuring it's available to its intended user. It's a fine-line art between accessibility and security. That's a tall order for people who manage secure information. Over the years, a standardized protocol has emerged: confidentiality, integrity and availability (known in the industry by the acronym "CIA"). Information security professionals work to protect an organization's information and keep it confidential. They also make sure a system has integrity, so there's no way the information can be hacked or breached. At the same time, they work to ensure that information is as available and accessible to authorized users as possible. Just as much work goes into security as does planning for a possible breach, and that's high on the agenda for most companies today as they seek to protect both themselves and customers.
How to Get into Information Security
It's helpful to think about it as an industry where roles are, in a sense, divided into three categories: Those who create security, such as security software developers or cryptologists; those who maintain it, like security administrators; and those who test it, such as breach testers. While security administrators work to keep unauthorized users, or malware out, breach testers and vulnerability assessors earn their living troubleshooting weak spots by hacking--or attempting to hack--a system. While there's no direct path into these positions, there are good steps to take.
1. Earn an IT Degree
Whether focusing in security, architecture, development, administration or management, an information security degree can familiarize you with the industry and open the door to resources and references you wouldn't otherwise have. But first take a look at popular job boards, starting with LinkedIn, to see what kind of experience and background employers are seeking. What are the most common roles they need to fill? How many years of experience do they require? Do this research before spending money and time on an education that doesn't fit employer needs. Once you have your degree, consider cyber security certifications you might pursue as well.
2. Join IT Security Groups
There's a few main, international organizations you can get involved in that have local chapters. It's a great way to learn more about what's happening in the industry, network with people who work in the field and helpful to list on your resume when job seeking. Information Security Systems Association (ISSA), is one of the first you should join. ISSA has chapters in most major cities throughout North America and around the world. You can attend chapter meetings to get to know professionals in your area. American Society for Industrial Security (ASIS) is another well-known professional organization. If you're a student, they provide a discounted membership for part of the year, too. Make sure to join LinkedIn groups, too; the main one to know about is Information Security Community. This group is private, so your request must be reviewed by an administrator first. But if you're seeking a pathway into the information security field, it might prove a good resource.
3. Start in IT or Administrative Jobs
Administrative jobs and entry-level IT jobs, such as system administrator roles, are good forays into IT security positions. These roles provide direct experience with company security systems and are good starting points to work your way into IT security positions. Working closely with your company's IT manager and seeking out mentorship in the department will help you gain knowledge and experience in a way that transitioning between different industries won't.
4. Create a Portfolio
One of the best ways to make the jump is to go the extra mile in creating a portfolio for employers to review. Show how you'd solve a possible security challenge for an organization through a case study, or show a system you'd create. Making that effort will help you stand out in your job search. The old adage "show, don't tell," goes a long way when you're trying to stand out among a host of candidates.
Interested in more career-related articles? Read our Career Development blog.