How to Land a Cybersecurity Job
Cybersecurity jobs are plentiful, from government, financial services and utilities to manufacturing and retail. But what skills do IT professionals need to qualify for these high-paying jobs?
Thu, May 03, 2012
Network World — Cybersecurity jobs are plentiful, from government, financial services and utilities to manufacturing and retail. But what skills do IT professionals need to qualify for these high-paying jobs?
We asked the experts and came up with this list of five tips for landing a top-notch cybersecurity job:
1. Get certified.
Security-related certifications are a prerequisite for most commercial cybersecurity jobs and all defense-related IT security jobs. These credentials range from basic CompTIA Security+ to the gold standard ISC2 Certified Information Systems Security Professional (CISSP).
"There are a lot of security certifications that are very well accepted and are extremely beneficial to the individual," says Jacob Braun, president and COO of Waka Digital Media, a Boston-based IT security consultancy. "They demonstrate a body of knowledge and experience...Some of those certifications are more than written exams. They have some practical components, which are an additional hurdle to achieve."
"I like to see the CISSP," says Dave Frymier, Unisys CISO. "Somebody who has the CISSP has passed a pretty comprehensive test and is likely to share terminology with you so you can make sure you are both talking about the same things."
Verizon, which compiles an authoritative annual report on security breaches, recommends having IT security staff pass a course such as GIAC Incident Handler so they know how to properly respond to a breach.
"A lot of organizations lack personnel on hand who know what to do in the event of a data breach," says Bryan Sartin, director of Verizon's Research Investigation Solution Knowledge (RISK) team. "They need to know how to freeze the environment, how to move toward incident containment, and how to maintain crime scene integrity."
2. Join the military or the feds.
Most companies prefer to hire cybersecurity experts with experience in the U.S. military or law enforcement agencies.
"It's not a requirement, but it helps," Braun says. "Often times, you'll find an individual who is coming from the military or a federal government agency who has received a variety of cybersecurity training that is not yet attainable in the commercial realm."
"Military experience is good to see," Frymier says. "In fact, the security director that we hired last year is ex-military intelligence. The ability to use these [security information and event management] systems and track down persistent threats are skills more closely aligned with the intelligence community than with the IT community."