How to Become an IT Security Professional

How to Become an IT Security Professional

A few steps to help you become an IT Security Professional.A few steps to help you become an IT Security Professional.Many IT professionals yearn to add the moniker “Security” to their job description. This article provides the steps to get you there.

Security professionals like to joke that the CBS hit show Person of Interest is actually a reality show.That show, about a Homeland Security ubertool that synthesizes and correlates video camera and personal information, is not something that security professionals work with … yet. 

But many IT professionals yearn to add the moniker “Security” to their job description because security seems to be growing at a faster pace than general IT, this specialty commands a higher salary than general IT, and besides, it’s cool to say  “I hack for a living.”

Why certify? 

The least important reason, but most practical justification for the trouble, is to get by the HR gatekeeper.More importantly, certification could round out your knowledge base, serve as an introduction to a new area, or serve as a differentiator between you and the next applicant, even if for an entry-level job.  If you have privileged access to a DoD information system, DoDD 8570 requires that contractors, employees, and others personnel performing IAT (Information Assurance Technical) and IAM (Information Assurance Managerial) duties, and other security roles, be certified. 

The new chart of baseline certifications may be found here.

The “big” certification, as in popular, is the CISSP, but that’s not because it’s the hardest, nor the most comprehensive, nor does it possess the lowest pass rate.  More likely, the popularity is that it is a certification non-technical professionals can pass, and because it has the largest user base of any higher level security certification. HR feels comfortable making it a requirement for most security titles.

It is very broad, and some SANS instructors are fond of saying “it’s a mile wide and an inch deep.”  Nevertheless, the CISSP curriculum gives test takers a good introduction to most facets of security, as well as a common vocabulary. 

Other highly valued certifications include those offered from SANS GIAC– they have some general security certifications, now seen in many job requests, such as GSEC (most similar to CISSP in terms of general IT security, but less broad and much more focused), as well as specialty certifications in areas like Pen testing (penetration testing), wireless security, firewalls, forensics, auditing, etc., as well as management.  

ISACA offers four certifications, CISA, CISM, CGEIT, and CRISC, but either of the first two listed are most popular, and frequently asked for in security job descriptions, just behind CISSP. 

More information on security certifications may be found here and here. Remember that Security+ certification is entry-level, and the prices or requirements for some of these certifications has changed since the articles' publication.

Douglas Mechaber, from a former life as a molecular biologist to his current occupation as a security architect, Doug has worked in everything from healthcare to utilities.  He currently tries to foster a security culture for a mid-sized municipality.  In his spare time, Doug teaches Scuba, is active in OWASP, ISSA, and ISACA, and is a member of a local USCG Auxiliary flotilla.

See here for all of his Tom's IT Pro articles.

(Shutterstock image credit: Cloud Data Folder)

Check Out These IT Career & Security Articles

InfoSec Recruiting Secrets

Slideshow: Nine Free Security Tools for Site Owners

Government Subsidized InfoSec Degrees

Defcon 20: NFC Hacking, DIY Drones and Big Brother

Part 2 - Defcon 20: Shodan, Cracking the Cloud and Microsoft's VPN

Don't Panic in Quest for IT Knowledge and Skills

Swimming with Sharks in the IT Fish Tank

The Best Value for Your IT Training Dollars