Well for quite some time I’ve been thinking about whether to attend the Advices on security career
The other day I recieved an email asking for advices on how to enter the ICT-security business from, to me, a complete stranger. I enjoy giving advices, and this person was very polite.
So I gave some thoughts:
First, consider your background, and your area of interest.
Say you have a programmer background, and like to continue, I would suggest secure programming, code auditing or even software architecture with focus on security.
If your background is within network and administration, then network security is a given. Also secure network architecture, network monitoring, and perhaps even security system administration might be your thing. Not to mention volnurability assessment and control.
If you are more into legal stuff, then compliance may be for you. And compliance is an area that seems to grow every year, with new regulations, standards and breeches arriving one after the other. The best (worst) is that noone can really tell when someone is compliant, the regulations are way too complex. Just consider the recent PCI breeches, where the companies where certified PCI complient!
These are only a few areas that pops into mind.
To get "in", I would suggest as a minimum a bachelor in computer science (whatever it is called in your country), and with focus on security. Adding a master wont hurt, especially if focused on your security area of interest. I would strongly suggest spending the recession on education if you can.
To get in to the industry, you may choose consulting (always openings for great ppl), locating a corporation that hires engineers, or find a vendor that need an addition to their sales team (sales is the ticket to vendors...).
Good luck! The time is rigth to move forward with your interest in security.
If not now - when?
---- edit: fixed the missing linebreaks ----
|
Good Information
Physical is important
Mark,
thank you very much for your comment! I hope you do not mind that I deleted the double post.
I believe that the different areas of security will converge. The main carrier will be (is in many areas already) be ICT. As in your own example, CCTV is transferred to IP. This will go on, and include alarm systems, access systems, control systems - you name it. Just consider SCADA. This is not a trend, it is a new paradigm.
I see a (security) world that is interconnected, and where ICT is the main carrier.
The future only holds the truth. And I am really looking forward to the security world, but it will also create a huge number of challenges.
Physical Security Systems involving IP and IT skills
Kai, you talk about software, network security and then security system administration. Do you see physical security systems (traditionally the field of electricians and such) increasingly involving more IT-type skills?
One example that comes to mind is security cameras. If you check out this demo of Megapixel IP CCTV and how they improve on standard analogue you see that there's not much time left until IP CCTV takes over completely. But IP means networks and the related issues. Eventually you are talking about network setup and security to a certain extent. It's a bit like VoIP replacing standard phone systems. What do you think, will IT-type skills be essential in the physical security system workplace as well?
Sure! Won't say no to a beer or five:)
Lame excuse...
Hi Andreas :)
I have nothing but a lame excuse - I run low on spare time, and the ISACA would be spare time for me (at least when I am not requested to speak). So I spent the time with my son instead :)
And - there is always drinks in Oslo, so next time you got time, let us have a beer!
Hi Kai! Why weren't you
Post new comment