Author: Brian McHenry / Source: Information Security Buzz
A lot has been written about the explosion in information or cyber security jobs now and in the coming years. For the infosec analyst role alone, he Bureau of Labor Statistics predicts 18% growth through 2024, much higher than average. The median pay in 2016 was also near six figures. Thanks to high profile DDoS attacks and data breaches, I no longer have to explain what a security architect does to family, friends, and acquaintances. More often, the questions I get are about how to get into the information security field, due to the immense number and quality of opportunities available now and for the foreseeable future.
Personally speaking, my career started in the late 90s in desktop support. At that time, I had previously dismissed a job in computers because I wasn’t very good at or interested in programming or coding. Aside from computer science (CS) degrees, the other college programs available were in management information systems (MIS). Neither of those traditional degree programs directly prepare a person for a career in information technology (IT), much less information security. Only in the last decade have degree programs focused on hard skills in network engineering and cyber security become prevalent.
Even with a degree, there is still no replacement for hands-on experience. Troubleshooting operating infrastructures, implementing new architectures, and re-engineering old ones. There are elements of the infosec practice that can only be gained from seeing what happens in practice. How will users and adversaries alike compromise systems? What are the realistic remedies and practical responses? Some certification programs like CISSP, OSCP, and CEH seek to validate information security skills and knowledge. However, these certifications are not intended to replace foundational skills in application development, network engineering, and systems administration.
Information security is a discipline borne of an understanding of other disciplines and where their vulnerabilities lie. Perhaps…
Click here to read more