Get Hired in Security Today
Essay by review • January 6, 2011 • Essay • 1,983 Words (8 Pages) • 1,295 Views
o, you want to get a job in Information Technology Security, eh?
If you're reading this, you've probably contemplated a course of study in security, or you're fresh out of school and trying to crack the proverbial job market nut. Neither are very easy.
Fear not, because I have put together a quick guide to get you on the right track and into the security job that you've been dreaming about since the first time you saw a password prompt.
This Is your Life
Let's get this out of the way nice and early. Your dream job may or may not require you to hold a security clearance. There are varying levels of security clearances, but by far the most popular requirement that I've seen is that you either have to have or be eligible for a "TS/SBI" which translates to "Top Secret, with a Special Background Investigation".
[Edit: This apparently has been superceded by the TS/SCI and in some cases a SSBI {see comments below}, and will be referred to as TS/SCI for the rest of this article.]
What does a TS/SCI mean to you?
1) This means that an investigating agency is charged with researching your background, and you can be sure that they are going to drag out your dirty laundry, take pictures, show the pictures to your family and friends and get to the bottom of anything that looks "suspicious".
2) Your criminal history is going to be under a microscope. Every traffic ticket, every drunk and disorderly charge, every ticket you've ever received for being drunk and naked outside of a bar will be scrutinized.
3) Your relationships with friends, family, and business associates will be reviewed. If your current lover happens to moonlight as a CPA for the mob, or helps Osama build bombs in a warehouse down the street, you're screwed.
4) Your credit and banking history will be pulled and reviewed by Very Smart People[tm] who can spot potential danger signs of irresponsible behavior like large cash deposits and withdrawals, being late on your Visa card for three years, and failure to pay parking tickets in front of the local CompUSA.
5) If you can, get the government to pay for your TS/SCI while you are a federal employee - this will cost you nothing. Otherwise, your future employer may have to pay for this clearance and it'll cost them one pretty penny. One hiring manager told me that he was going to pass on hiring a very skilled individual and hire a lesser skilled person because "the lesser skilled person already had clearance, and that was going to save us almost ten grand".
Summary: Keep your nose clean, bring a tissue along to clean the noses of those in your 'circle of friends', and ask Uncle Sam to pay the doctor to verify that your nose is clean.
Civilian or Government Job?
If you're fresh out of school or just 'starting over', I highly recommend that you consider a job with the government for the following reasons:
1) Supply and demand. The government has so many open positions with intelligence, military and law enforcement agencies thanks to the war on terrorism that they'll practically kiss you when you walk in the door.
2) See previous section on security clearance attainment.
3) The pay isn't great, but it's not bad either when combined with other benefits from government service like a pension, insurance, travel expenses, and educational benefits.
4) Civilian companies love to snatch up former government employees for their experience in the field, experience with the government red tape, security clearances, contacts, etc.
5) If you're a younger person (in your twenties), I couldn't stress this route enough. This is the route that I went, and the experience was invaluable.
If you're just out of the military, federal service, graduate school, or have recently attained your bartending license, then you'll want to check out opportunities in the civilian world. You'll want to concentrate on the following markets:
1) Financial: banking, underwriting, insurance, or anything to do with credit or money. Why? Federal regulations have placed relatively strict guidelines on these institutions like SOX, HIPAA, etc. that mandate security and privacy practices. Most of these companies want to find someone that they can hire and 'drop into the slot' to 'fix the problem'. They tend to pay quite well, and the work can be quite challenging.
2) Local law enforcement: computer forensics jobs are cropping up everywhere as state and other local agencies start opening up their own labs to decrease turn around time on evidence processing.
3) Consulting firms: These can be tricky. Consulting firms need to literally 'sell' you to clients for projects, so they typically are going to want to see at least a bachelor's degree, one or two industry certifications and at least five years of some type of experience that they can spin in a proposal.
4) Corporate Data Security: you'll find these departments in larger organizations (usually 500+ people) that are dedicated to doing nothing but securing systems, networks, data, etc. If you don't have the experience on paper when applying, consider doing a year of service in the organization's help desk. While on the help desk, build a relationship with the data security folks so they know that you're sharp, knowledgeable and hard working. Take advantage of break periods to talk to them about prominent security issues. Show them what you've been working on. Drop small hints that you'd like the opportunity to work more closely with them. This works the majority of the time. The few times that I have seen it fail have been because of personality quirks.
Education
Education requirements vary greatly between the various jobs in information security.
1) Consider a minimum of an Associate's degree before applying. A bachelor's degree is ideal, and I'd consider a Master's degree or a Doctorate degree only if you plan on doing research or holding a rather high (and boring) management position. The bachelor's degree is the best bang for the buck from my experience.
2) Lifelong learning looks good to an employer, especially one that deals with a topic like
...
...