How to Land an IT Security Job: Frequently Asked Questions
Interested in a job as an IT security specialist? With more and more companies depending on online, database and network applications to store proprietary information and handle customer interaction, professionals who can ensure protection are in very high demand. Here are answers to a few common questions about landing a job in the field.
What does an IT security specialist do?
There are many different specializations with the IT security industry. A general security expert is knowledgeable in things like network intrusion detection, routers, patch management, anti-virus software, and firewalls. But this is very generalist knowledge.
Application security experts develop secure software, so that when firewalls, anti-virus software and other general security measures fail, the program is still safe from hackers and viruses.
Compliance auditors generally make sure the system’s internal parameters satisfy industry and regulatory requirements related to security.
Penetration testers are usually hired to hack the system to determine the weak spots in its security measures, and this field requires extensive knowledge of all facets of IT security—including network, application, and system configuration. These jobs tend to be considered “glamorous,” and have high rates of competition—so many IT security specialists get their start in other areas.
What education and qualifications do I need to become an IT security specialist?
When the field was new, many employers hired based on possession of certain skills—but today formal education is becoming more of a requirement. An online bachelor’s degree is necessary for some jobs; others, even in entry-level positions, may require an online master’s in Information Security. In addition, you’ll probably be expected to have IT certifications such as CISSP, CISA, Microsoft Security (MCITP), and others. Different jobs may require different certifications, however. If you want to go into application security, for example, it can be useful to have a Microsoft MCPD or Sun SCJP certification.
In addition to an education and appropriate certifications, you’ll need at least a year’s experience in another IT position to qualify. You’ll need to have a strong understanding of the systems you’re planning to protect. Many IT security specialists get their start in software engineering, network engineering, IT consulting, or systems administration. While you’re there, volunteer to take on as many security-related tasks as possible. This will prepare you to make the leap into a full-time IT security job.
There are plenty of security consulting firms always looking for qualified applicants to work full-time on client cases. However, most large companies, government organizations and nonprofits have to keep their IT systems secure—and many hire in-house professionals. Any organization or company large enough to hire full-time IT staff is likely to need security professionals, regardless of industry.
Where can I find job opportunities?
Companies looking for IT professionals expect their candidates to be comfortable searching online, so that’s where you should begin your search. In addition to general job boards like Monster, CareerBuilder and HotJobs, check out specialized job boards including the International Systems Security Certification Consortium site, where employers post looking for candidates.
Some companies post opportunities on their websites; check out some of your favorite IT security consulting firms to see if there’s any relevant information on their Careers page. In addition, old-fashioned networking will work wonders—make sure you let your friends and colleagues know you’re looking for a job in information security.
What kind of pay can I expect?
Pay can range from $40 an hour for security auditors to over $100,000 a year for experienced security experts who can head up a firm’s information security. According to the Bureau of Labor Statistics, IT managers in a wide range of specializations make an average of $101,580 per year.
Information Security is a broad field by nature—hackers look for the weak points in any system, and those weak points can be in a wide variety of places. To succeed in the field, you’ll have to demonstrate a broad knowledge of IT systems and have either the certifications or the experience to back it up. With one of these two things, you should be able to land a position in Information Security.
More About Starting Your Career
- Stick With Your Job or Earn a Degree? Questions to Ask
- Six Things You Can Do With a Ph.D. (Instead of Becoming a Professor)
- Changing Careers? How to Navigate a Smooth Transition
- Don't Have a Passion? How to Tell If a Career is Right For You
- How to De-Militarize Your Resume
- Didn't Major in Education? No Problem. How to Become a Teacher Anyway
- How to Build Your Professional Network in an Online Classroom
- What Can You Do With a Degree in Public Administration?