In a thriving market for hiring security professionals, there has never been a better time to develop your career in the security market. Every business is and needs to be considering protecting the business and its assets, whilst at the same time ensuring it is abiding by the latest regulations and standards.
Considering making the move into security? Graham Rowe, Senior Consultant specialising in Information Security and Data Protection recruitment at Robert Walters, offers the key steps you should take to make the move.
Gain security skills within operations
To be successful in the security industry, you need to have a strong foundation. So on top of educational experience, an excellent place for you to gain skills to be successful in the security industry is within operational positions: incident, support, networking etc. Within these positions, you’ll learn how a business operates, both from a governance and technical perspective.
Experience in operations is vital for a career in security, which includes working to standards, processes and procedures, set by the law, governing bodies or your management. You’ll understand support lines, how networks are constructed and protected and how to interact with management and other departments (helping you acquire stakeholder management and communication skills) as well as gain first-hand experience of handling attacks and breaches.
Draw from your experience in your operational role
Part of making the leap from an operational engineer to security analyst is identifying the elements of your current role, which will be responsibilities in your new position in security. These may include SIEM, threat analysis, exploits, incident handling or event correlation. Drawing on this experience when applying for a security analyst job will show employers you have the baseline knowledge to develop in security. Similarly, gaining an understanding of the day-to-day-activities of a security analyst, either by working alongside a security analyst or by researching their roles and responsibilities, will allow you to identify the areas of the role where you’ll need to upskill yourself.
Embrace the security community
Attending security networking events is one of the best ways you can expand your knowledge of the security market. As well as gaining an in-depth knowledge of how Information Security (IS) functions across various businesses, you'll be able to show employers you’re aware of the current developments that are disrupting the industry. These include identity and access management, cloud, threats, social engineering, vulnerabilities, third party assurance, phishing and malware attacks.
Gaining an understanding of the day-to-day-activities of a security analyst will allow you to identify the areas of the role where you’ll need to upskill yourself.
From a career perspective, you'll be able to find out the variety of positions available in the market (compliance, cyber, IT, information, risk, architect, audit, manager, consultant, CISO, director…) and speak directly with security professionals, at all levels.
Robert Walters hosts a bi-monthly Information Security Meetup, held in Manchester, which attracts IS and Data Protection (DP) professionals from analyst to director from across the North. Attended by businesses from across the region, the meetup allows professionals to learn and share best practice, network and hear from an expert panel, including industry experts, IS & DP leaders, vendors and product specialists.
Keep up to date with the latest threats
Keeping tabs on the cyber security industry will show prospective employers you're aware of how the industry needs to respond to the latest threats. Bookmark useful cyber security websites and read IT and security magazines, news sites or blogs to broaden your knowledge. The Register is a leading global online tech publication, which I always recommend to prospective security candidates.
Take on a security certification
There are numerous certifications out there provided by many different bodies which cover diverse areas of security and it can be difficult to decide the one which is most suitable for you early on in your security career. If you decided to go on to specialise in an area such as PCI DSS, you may choose to pursue a specific certification. However, to increase your exposure to more roles earlier in your career, I’d advise you to keep your options open for as long as possible and choose to specialise further down the line. This means pursuing broad, baseline qualifications will be the most useful for you, when starting out in security. The following are the ones you should focus on as a new entrant to the field:
Security+ is a global qualification, which validates the baseline skills you need to perform core security functions and pursue an IT security career. Suitable for professionals in the networking space, such as networking engineers, the certification will provide you with hands-on practical skills, exposing you to a variety of issues in security within the networking arena. This will equip you with the practical skillset to move from networking into security.
To give your security career the momentum it needs to quickly progress in the field, ISO 27001 will supply you with a comprehensive overview of governance and the skillset to protect a company. As the industry leading qualification, it’s an international accreditation which is highly sought after by employers in the industry.
So, your now in security…where next?
To receive expert advice about developing your career in security, please contact Graham Rowe at email@example.com or +44 (0)161 214 7428.