The majority of the people I worked with in my early years started their careers in IT without any specialist computer training. Effectively everybody was an apprentice.
The great thing about a career in information security is that the barriers to entry can be low. Skills can be self-taught and it has often attracted candidates from a range of disciplines. Recruiting people from other specialist areas is a common way to build strength in a team as they bring new viewpoints, experiences and in-depth knowledge of different industries, technologies and applications which can be applied to problem solving.
However, while a formal degree in computer science is not an absolute necessity, it is increasingly a major factor in hiring new staff. In my early career there were only a few pioneering computer science or IT related courses on offer at universities and colleges, this is no longer the case.
Today a degree or master’s is the dominant route to employment, however, there is real potential for problems. Knowledge exchange has always been crucial for information security and danger arises when a team with a base of narrow knowledge or experience approaches a problem.
The industry, universities and students themselves need to be doing all they can to keep a breadth of knowledge and experience in the industry. IT apprenticeships perhaps should be considered to provide structured on-the-job training.
Information security can be a long, exciting and rewarding career but it isn’t a normal 9-5. Anyone hoping to make a mark in this arena will need to be passionate about IT security, as it takes a great deal of time and effort to stay current and understand the never ending stream of new technologies and updates.
My advice to graduates for securing a role in information security would be:
- Build your credentials in a related IT role before applying for an information security job. There are countless areas in IT, and gaining experience in any area is useful, as you will learn about particular technologies and applications, how they are secured and how they can be penetrated. The working knowledge of specific areas of IT can be invaluable to an information security team.
- Avoid specialising too soon. Build up a broad base of experience
- Demonstrate business nouse, increasingly IT roles are not just about understanding technology and how to manage it, but about showing the value technology can add to a business or organisation and understanding the priorities that drive non-IT professionals.
- Information security is a job that can’t entirely be taught, demonstrating the practical application of textbook theories is a must. Try to get as much practical experience as possible.
- Commit to lifelong learning and change. Information security and the need to constantly respond to new threats and understand new technologies and applications means learning does not stop at graduation.
- Keep aware of new technologies, and new applications for emerging technologies and above all keep aware of the change threat landscape.
Find out more about Assuria.