What is the best path for a student of information technology or related field that wishes to start a career in Information Security?
I am graduating soon, and want to work in Information Security.
What certifications, if any, are required/appropriate?
Should I get programming work experience before attempting to move into Information Security?
Is there any other advice that you can give that might help me break into the field? #cyber-security #information-security #cybersecurity
To go in an Information Security career, the first thing that you should do is to have atleast a bachelors degree from computer science or engineering. You should build a strong base and understand the basics of various components in computer science. There are certain university who provide some courses in cryptography, computer networks, network security. A professor or an academic advisor can better guide you on building a career in information security once you enroll in an university.
Research on various university which offers some info security programs before enrolling in one.
There are various Cisco certified courses like CCNA, CCNP etc. some of which focus on Computer Network and few courses are focussed on security as well. You can take a look at various Cisco courses here
Another certification to consider is the Offensive Security Certified Professional (OSCP).
Definitely alot harder than most.
Best of luck!
Since information security can, in itself follow many paths, I would explore the different paths and see what catches your attention. Look at SANS Institute for samples of these paths. Also pursue the Security+ Certification to get you started. Pursue both your degree AND certifications. Look into internships that give you exposure to BOTH the technical side and business side of security.
Jim recommends the following next steps:
There are many paths to careers in Infosec, in my case I went back to school at 39 years old for Network Security Mgt from a 2 year college. Was the best decision I've ever made and have no regrets. I started off as a Unix support then pivoted into security performing vulnerability scans on servers. One path to consider is to work for a security vendor in their technical support group. This path you learn the appliance's plus meet and work with people in the field while growing your skills.
Intership: If your school offers an intership this is a great way into the field. Usually if a company is offering cyber in their intership they would also be hiring them as well.
Certificates: look for entry cyber certificates such as Certified Ethical Hacker (CEH), Security+ or Systems Security Certified Practitioner (SSCP).
Self learn: Continue learning and integrate these skills in your everyday life. Make Linux your everyday Operating System, code small jobs in Python, become familiar with github and test some popular cyber apps.
Apply for a job at a security company! There is a huge shortage of people working in information security and companies are constantly hiring! RSA Conference is the biggest security conference worldwide and all information security companies are there. So just go to the 2018 conference site and look at the exhibitor list, find some security companies you like and then go to the company web site and start applying!
All the aforementioned will give you a baseline information security overview which can further translate to entry level roles in big4 type technology advisory firms and analyst type roles within certain companies who need to fill InfoSec GRC type roles. These types of roles will give you broad perspective of the various confidentiality, integrity and availability type controls an organization needs to meet on an ongoing basis and thus further help provide and overview of various information security and engineering domains across the company.