Today’s job market has seen a dramatic growth in the information security arena and emphasis on the importance of personal and technical security. For example, identify theft, web attacks and information leakage, such as WikiLeaks and NASA have garnered international attention. These incidents have fueled the job market demands for more information security professionals. Potential candidates at various skill levels are now seeking and pursing advancement in their career path as it relates to information security. However, because many candidates do not adequately assess their existing skill-set, they jump directly into training and pursuing certifications. Don’t get me wrong, training and pursuing certifications help, but a self-assessment should be incorporated into the first step of determining your fit into the information security field.
We all have a unique skill-set as it relates to our career path, allowing us to perform effectively and efficiently in our current job roles. However, the question that is often asked is, “How do I leverage the existing skills I have and apply them to information security?” There are some examples below, but first things first—this is a critical
PUBLIC SERVICE ANNOUNCEMENT
“Information security is NOT only TECHNICAL but uses technology to achieve certain goals.”
Okay, here are the examples of how you can add value to any organization’s information security program:
Security guard can use his/her knowledge of physical security and training to detect unauthorized personnel in a restricted area. This would add value to any organization’s security program. The addition of the technological side of security would make this individual more marketable and should be the next step forward. Nevertheless, the security guard skill-set will add value to the improvement of the physical security by detecting, remediating and reducing the likelihood of security breaches.
Law student should be well-versed in local, state and federal regulations. Therefore, the Federal Information Security Management Act of 2002 (FISMA), National Institute of Standards and Technology (NIST), etc. should be easy to understand in regards to information security. A law student will be able to take on many roles within the information security program of an organization and add tremendous value to areas, such as policies and procedure and legal/compliance. For example, he/she can help protect the organization by writing, reviewing or approving legal security language within the organization’s “warning banner” (i.e. the legal lingo that you see when you log into your system) to protect against unauthorized access. Guidance from senior legal personnel will also be required but ultimately, a law student plays a critical role in the information security program.
Helpdesk support is normally the first line of defense for insider threat to detect anomalies within an organization by its end-users. This role helps the organization detect and respond to intrusion early as well as reduce the likelihood and impact of malicious entities by reporting abnormal activity to the incident response team for further investigation. The transition from helpdesk support to IT security professional can be an easy transition since the technical baseline knowledge is already acquired. Further security-specific training must be acquired and fostered in order to be an effective IT security professional that supports the organization’s information security program.
Based on the examples provided, when considering the transition from your current role to information security, make sure your first step is a self-assessment of your existing skills as they relates to information security. This should help you to secure a clear career path in information security.