An informative new blog post from InfoWorld contributor Roger Grimes sought yesterday to offer advice to prospective workers on how to enter the world of IT security and get a job in the industry.
For starters, Grimes advised would-be IT security job seekers to decide on an area of specialization before pushing forward, due to the overarching nature of computer security in general. “The computer security field is huge and covers dozens of disciplines, including firewalls, IDS, SIEM, security assessment, host hardening, and patching,” he wrote. “You can make a decent living doing almost any of these things. If you have a special affinity for any of these, it’ll go a long way toward helping you enjoy your career, which usually translates into better job performance and compensation.” Grimes also related his own unpleasant experience taking a job for an accounting firm right after he passed his CPA exam, only to realize that he “hated” accounting and didn’t want to work in a world of corporate “suits.” At the tail-end of a harsh year working for the company, a year where he asked too many questions, didn’t do his research, and was generally unhappy with being a CPA, Grimes helped a co-worker recover a Lotus 1-2-3 spreadsheet that was accidentally deleted, earning respect from the company’s partners, and spurring him on to get started on his new career in IT security. “The next day I quit my accounting job and embarked on a career in computer security,” wrote Grimes. “I’ve barely had a bad day since.”
One frequently-asked question IT security job seekers often ask about is whether they would need a related degree if they want to work in the industry, or a college degree, for that matter. According to Grimes, some companies do prioritize job candidates who have college degrees, but most companies prioritize experience in the field over having any kind of college dregree. However, having a degree would help, no matter what course one has taken, as pointed out by Grimes. “For most hirers, a degree signals that the candidate was able to set a goal and achieve it,” he said. “By the same token, an advanced degree will trump a four-year degree.”
Talking about certifications, this is where Grimes’ blog post got interesting, as he talked about which certifications would be most helpful to prospective IT security job seekers, and which ones wouldn’t. Regarding those that he likes, Grimes suggested any of the ISACA certifications, including the Certified Information Systems Auditor cert, EC-Council certifications, and especially the SANS certifications, even if the latter type tends to come at a premium. Grimes believes that SANS certs would be most beneficial for those who are “going to be in charge of particular hardware and software.”
The same fundamental concepts in job seeking would still apply for IT security job seekers, as Grimes concluded by saying prospective employees should “prepare like (they’re) going to war”, meaning, do their homework and learn all that they could about the company they are applying for, starting from its history, right down to its main competitors and the broader computer security industry. Grimes also suggested that job seekers tailor-fit their resumes for each job they’re applying for and, arguably more importantly, do what they could to show to the interviewer how much they want the job, no matter that they may possibly be less qualified or less experienced than other potential candidates.