It is important to realize that there are a lot of specialties within the security field. There are management positions, testers, auditors, policy writers, even physical security guards. Many people may not know exactly which aspect they are interested in, but should start to think about this. You may also find that there are some roles that are just not for you. For example, social engineering and physical penetration tests require a high confidence level and ability to stay cool in unpredictable situations. I can assure you that this is not for everyone.
Depending on your topic of interest there are many different things you can do to help get ahead in the game. The first step that covers everyone is to start getting involved in the security community. I can’t even count the number of security conferences “cons” that occur all throughout the world each year. It is true what they say that a lot of a career is about who you know. Getting out and involved is a great way to start getting to meet other people in the industry. Many people work for companies that are looking to hire and getting out in front of them is a big benefit.
In addition to conferences to meet people face to face, participating in open source projects or creating resources the community can benefit from are also great to see. Companies like to see individuals that are passionate about what they are doing. Open source projects and other resource can also show off your relatable skills.
Many people ask about education. Do I need a degree? What certifications do I need? In most cases, the more education and certifications you have, the more it is helpful. This doesn’t mean that you do need a large formal education as there are many industry professionals with minimal formal education. In fact there are many people on both sides of the fence that are pro certifications, or against certifications. Desire and ability to learn new things quickly are huge traits for security professionals. Like any other technology career, things are moving at a very fast pace and you are constantly updating your skills. Your ability to show flexibility with the job also is something hiring managers are looking for.
Expect to accept an entry level position if you don’t bring a lot of experience. Just because you may have been a rock star in a different role, it is like entering a whole new career path. Switching from a developer role or administrative role to a security role may not equal out (pay wise). But it can be a foot in the door to a career that not only pays well, but can also be very enjoyable.
James Jardine is a Principal Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at james@secureideas.com, @jardinesoftware on twitter, or visit the Secure Ideas – Professionally Evil site for services provided.