4 Tips: How To Land An IT Security Job - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Team Building & Staffing
09:15 AM
Connect Directly

4 Tips: How To Land An IT Security Job

IT security pro salaries continue to rise. Here's one security expert's advice on how to break into the field.

10 CIOs: Career Decisions I'd Do Over
10 CIOs: Career Decisions I'd Do Over
(click image for larger view and for slideshow)
Enter the keywords "IT security" into the search field on the popular job board site Monster.com and 1,000-plus job postings will quickly populate the page. Enforcing security policies, outwitting hackers, preventing data breaches, snuffing out cyber threats--enterprises need all the security help that they can get. And IT security pros earned a median pay bump of $7,000 this year, according to InformationWeek's most recent salary survey.

The recession has not dampened the will of cyber crooks. According to Symantec's 2011 Cost of Data Breach Study, conducted by the Ponemon Institute, the cost associated with a breach was $194 per record in 2011, amounting to a total of $5.5 million dollars.

In fact, as more and more mobile devices find their way into corporate offices, security threats are only becoming more complex. And that's broadening the job definition of a cyber-sleuth to include everything from protecting sensitive data to establishing incident response procedures.

So how can an IT professional with general experience become a seasoned security specialist? Just ask Brian Duckering. Once "a go-to guy for general IT," Duckering is now senior manager of Symantec's security endpoint management and mobility group. While it can take as long as 10 years to make it to the position of chief security officer, Duckering said that even his diverse background in mechanical engineering and robotics design is proof that hard work and perseverance can help you carve out a career niche in IT security.

[ Get expert guidance on Microsoft Windows 8. InformationWeek's Windows 8 Super Guide rounds up the key news, analysis, and reviews that you need. ]

Duckering offers these quick tips for working your way from a general-purpose IT shop to the head of cyber security.

1. Consider Certification

According to a recent Foote Partners' report, the market value of IT security certifications increased during the recession, even as the value of other IT certifications decreased. So what certifications are worth having?

Certified Information Systems Auditor, GIAC Secure Software Programmer--JAVA, and GIAC Secure Software Programmer--.NET are only a few pieces of paper that can help you get through the door. But Duckering warned that the value of certification can vary from year to year. "Certifications are constantly evolving," he says. "The certifications that are going to be really important in the coming year or two may not even exist yet." For this reason, Duckering recommends that aspiring IT security personnel select their certification programs carefully, and never depend on a particular certification to help them land a job.

2. Go Back To School

Like it or not, MBAs aren't just for wannabe investment bankers. Rather, Duckering said an understanding of business principles can help round out an IT professional's understanding of today's security issues. An MBA in information systems, for example, can teach future security executives about data communications and systems analysis, as well as the impact security breaches can have in the areas of finance, marketing, and accounting.

3. Delve Into Mobile

Mobile's impact on security is knowledge an aspiring chief security officer simply can't do without. In fact, according to Symantec's 2012 State of Mobility survey, respondents rated mobility as the highest security risk in IT. What's more, businesses of all sizes are experiencing a variety of damages from security breaches. The average business globally lost $247,000 over the past year from these damages.

As a result, Duckering said it's critical that IT professionals "understand how apps on mobile devices work and how they communicate. If you don't understand that, it's going to be almost impossible to protect against breaches. But rather than simply studying the correlation between mobile apps and security breaches, Duckering recommends "writing some apps. When you write an app, you're sending information to the backend server--that's the best way to understand the implications of a security breach. You have to go through the process of protocols and SSLs and writing an app, which really forces you to think about security."

4. Mingle

Sometimes the quickest way to learn about what it takes to become a security professional is simply to spend time with one. "Find a friend who's an IT security professional. Go to developer conferences. Get in with security people," recommends Duckering. "Ask them how they're making sure their data is secure. Pester them with questions."

Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Flash Poll