One of the most common questions readers ask me is how they can break into an IT security job. Normally they already have a job in IT, but they have a special interest in security and want a career in it. They are usually frustrated because,like any job seekers, they realize that without the necessary experience it's tougher to get a good paying job doing what they would love to do.
Here's what I always reply.
First, you need to decide what to specialize in. The computer security field is huge and covers dozens of disciplines, including firewalls, IDS, SIEM, security assessment, host hardening, and patching. You can make a decent living doing almost any of these things. If you have a special affinity for any of these, it'll go a long way toward helping you enjoy your career, which usually translates into better job performance and compensation.
A personal lesson learned
Years ago, driven solely by salary potential, I took a job with a CPA firm after passing the CPA exam. As it turned out, I hated accounting and definitely did not fit into the world of suits. That year was hell. Not only was I a horrible CPA (I literally did not finish one job assigned to me), but I was a glaringly bad fit for my coworkers and the firm. I asked too many questions, didn't do enough research on my own, and generally had a miserable time.
One day the partners invited me to a meeting in the boardroom scheduled for the next morning. An invitation to meet the partners in the boardroom meant one of two things: You were in trouble, or you were going to get accolades -- and I had done nothing to deserve praise. The morning arrived, and I felt like I was waiting outside the principal's office in high school.
Just before the meeting, one of the partners asked if I could help with an emergency situation. One of the other partners had accidentally deleted a Lotus 1-2-3 spreadsheet that was needed to secure a client's $5 million bank loan. I showed up with all my tools (Norton Disk Doctor, PC Tools, and so on), recovered the file, and was cheered and celebrated. It was a defining moment. I realized I was in the wrong profession.
The next day I quit my accounting job and embarked on a career in computer security. I've barely had a bad day since.
Do I need a college degree?
Lots of readers ask me if they need a college degree to get hired in IT security, and if so, what they should get their degree in.
Sign up for Computerworld eNewsletters.