Have you considered a career in security? Mike Westmacott MBCS CITP says the time is right.

It’s never been a better time for cyber crime. Not only are the number of computer users worldwide increasing, but the different devices they have are too, and best of all they’re becoming more complacent about the information they provide about themselves.

Some large and progressive organisations may be gathering their wits, but many more aren’t, and if just one important member of staff manages to open up the wrong email.

It may seem sensationalist to say this, but we might be running the risk of allowing cybercriminals to gain an advantage over the professional IT community. In order to understand if this statement may be correct we need to consider a number of factors.

Computer usage is increasing, for both social and business areas, and it will continue to do so. This naturally leads to an increase in the ways in which we as individuals and the organisations we work for may be attacked.

Not only do the numerous gadgets and systems that we have increase the technical attack surface we expose, but we also our personal attack surface increases as we place ever more information about ourselves onto the internet.

In order to beat, and by beat I mean stay consistently ahead of a moving opponent, the criminals, organisations, and states that pose a threat to us we must not just develop technical solutions, but work to improve our capability in all areas of information security.

The National Cyber Security Programme that will inject £650 million into information security over the next four years recognises just that and should ensure that the sector develops at the rate it needs it.

A significant proportion of the funds will go towards training and education, highlighting that both professional and public education is a key objective of the programme. This boost means that the information security industry in the UK will be able to continue to expand and the demand for practitioners that are highly skilled and, more importantly, those that are starting their career in the sector will become even stronger than it currently is.

The roles that are available to anyone wishing to work in the information security industry are highly varied. Many of the primary roles do require expertise in some area of IT, but at the same time the increasing number of businesses directly involved means that there are also typical back office and business support positions as well.

The role for you?

For anyone who is interested in pursuing such a career there is a simple process to determine what type of role would be suitable, which also applies to other careers.

The Young Professionals Information Security Group (YPISG) will, over the coming year, be providing online resources that will allow professionals (whilst the name of the group specifies its primary audience, the YPISG provides information and runs events to cater for anyone looking to start or enhance an information security career) to perform this type of analysis themselves. It will draw on resources such as SFIAplus and will provide a skills matrix and a mapping to different types of jobs.

The objective of this exercise is to determine the type of role that best suits an individual’s personality and experience, and a great way to gather this information is to meet security professionals.

There are four specialist groups in BCS that have a focus on security and together they ran over 20 events last year. Together with branch events and those that are run by other members groups there are plenty of opportunities across the country to ask questions and to talk to peers about the best ways to create a career plan.

Once a suitable role has been identified, that fulfills an individual’s requirements in terms of skills match, the amount of responsibility and development potential, it is necessary to work on a training plan. Different roles will have different entry level requirements - and it may be that businesses will demand a minimum security related certification, regardless of academic awards and business experience.

Penetration testing, for example, generally requires either the CREST Register Tester (CRT) or Tiger Qualified Security Team Member (QSTM) exam to have been passed. Both of these exams can be studied for at home as there is a plethora of free resources available on the internet that provide training systems on how to practice and develop the necessary skills.

Penetration testing is a specific area of information security and it may be that a foundation course such as BCS’ Certificate in Information Security Management Principles is more suitable to learn the core skills required. Study for this may take place through an accredited training provider or through self study; a review of the syllabus should be sufficient to determine readiness for the exam.

Preparing yourself

The goal of preparing oneself for a career change is two-fold. It allows one to determine readiness for different roles and to determine appropriate training options.

The other factor is that it demonstrates a desire to succeed in a particular career. Most employers will, when faced with two candidates who are, on paper, academically and experientially similar, favour the one who can clearly demonstrate self determination and the ambition to make their own career succeed.

More businesses are also offering internships and internal training programmes that are helping to develop the practitioners of the future. In essence it is the desire to succeed in a career that will allow one to develop that career, and the greater one’s belief in learning and potential, the greater one’s ability to convince, and ultimately deliver, others of one’s ability to achieve that success.

This approach to a advancing a career is not restricted to information security and can be applied to both young and experienced professionals alike.

The key point for both applicants and recruiters alike is that experience does not have to be the deciding factor. The ability for an individual to learn and develop, and more importantly their own desire to do so, and to construct a career is as relevant, if not more so.

If you’re looking for an exciting role in an area of IT that is expanding, take a look at the careers that are available  then take the time to demonstrate that you’re capable of making that career a reality. The person best placed to do this is...you.

Key points

  • Determine the roles available, and the skills and qualities those roles require.
  • Gauge your own skills and qualities, by both self assessment and by meeting as many people in those roles.
  • Decide on the type of role that would fulfil your needs. Consider the amount and type of technical, consultancy and administrative work that suits you best.
  • Find out what the minimum skill set and certifications are required. Read IT job advertisement  boards, speak to recruitment agents and network with peers.