The IT security or cyber-security industry has been much in the news over recent months with high profile hacks of the networks of well-known household names such as Home Depot, Xbox and Sony in addition to hundreds of un-named banks that lost around $1 billion. The most recent news item concerned a cyber security professional who tweeted about how he might be able to hack an airline’s systems, whilst he was 35,000 feet in the air travelling to Syracuse. An indication of how seriously such careless tweets are taken was that the FBI questioned the expert concerned for several hours after he landed and United Airlines subsequently refused to allow him to travel on another journey to San Francisco.
You might not particularly want to be questioned by the FBI but the fact that the IT security industry has recently become so newsworthy suggests that a role as a cyber-security expert is much in demand.
So if you are looking for a job in this field what skills and experience should you already have or be looking to gain to improve your career prospects? Perhaps it’s your first role in this field or maybe you are leaving your current company, whatever your situation, it is vital to do all in your power to give yourself the best chance of obtaining such an exciting job. There is nothing more disheartening than sending out numerous CVs and going to plenty of interviews but never being offered the job you want. So let’s take a look at the things employers are seeking when hiring IT security professionals.
There is only one place to begin and this is with certification. You cannot expect to obtain an IT security job if you have not had any appropriate training. There are many different IT security courses for you to choose from such as:
- CRISC – Certified in Risk & Information Systems Control
- CISMP – Certificate in Information Security Management Principles
- CEH – Ethical Hacking and Countermeasures
Whether you go for something general or you want to train in a particular area such as ethical hacking make sure the certification you opt for is recognized globally and that it is held in high regard in the industry otherwise it will not provide you with a transferable qualification.
This may sound like an obvious point to some people but to others it might not be considered important; they might not even think about whether personal skills are sought by an employer and may only concentrate on gaining technical skills and experience. However, it is essential that you show your passion for your chosen industry.
Selection tutors at the top universities have to decide between numerous equally well-qualified candidates for a limited number of places; they do this by looking beyond the paper qualifications at the person and their personality, particularly their passion for their subject.
In the same way, potential employers look for distinguishing traits that single out certain candidates and make them stand out from the crowd. Therefore, you need to demonstrate that you are enthusiastic and passionate about information security, but don’t be afraid of showing your other passions as well. Employers like this quality in a person because it hints that they have the right make-up to excel professionally.
A potential employer will want to know first and foremost if you can get the job done. It is all well and good showing you have completed appropriate training and have relevant certification. But, can you put all of your knowledge into action? You need to show that you do not only understand cyber security principles and methods, but that you have previously led business driven initiatives and implemented successful projects.
If you cannot demonstrate such experience in the workplace then seek out opportunities to develop your experience with your current employer before looking for new career opportunities elsewhere. It is usually much easier to gain experience within your current role than to find a new one for which you have a limited track record. If you can show a proven track record of success then employers are going to be more inclined to hire you. No one wants to take a risk, especially when it comes to an industry as pivotal as cyber security where mistakes cannot afford to be made.
If you have recently left full time education and cannot display past experience in IT security then, do not fear, there will certainly have been experiences in your student life that you can draw on, even if they were personal projects or part of your studies. If you have an interest in information security then you will almost certainly have worked on your own computer to make it safe from attack so treat that as an experience-building event. Read more thoroughly into the subject and try out various tactics on your personal computer and devices so that you feel comfortable discussing the topic.
Operational experience in numerous IT disciplines
This is another vital factor you will need to have if you are to find a job as a cyber-security professional. A potential employer will want to know that you are capable in many areas of IT and that you have operational experience, as this will act as a necessary foundation moving forward. From networking to mainframe operations, knowledge and experience of these areas will ensure you have the capability to fully understand any complex IT related problems.
These are the four main qualities that employers will look for when they are hiring an cyber security professional. This industry is an exciting, growing field so if you have some relevant experience you can build on, or have the opportunity to take some additional IT security training with your current employer, then why not give it a go? It could open up a world of new opportunities.