To make things even more interesting for those looking to pursue a career in information security, the InformationWeek 2013 Salary Survey reports that 63% of IT security staffers are satisfied or very satisfied with all aspects of their jobs, while nearly two-thirds of IT security managers are similarly content. The demand for security pros is booming, so much so that the gender gap has nearly closed when it comes to pay.
Employment in the occupational group that includes information security analysts is projected to grow 22 percent from 2010 to 2020, faster than the average for all occupations, according to Eric Presley, CTO at CareerBuilder.
So, let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Most employers will definitely appreciate your formal education and certificates. "Being certified and part of a professional organization demonstrates that the individual is actively involved in keeping up to date with current developments in their chosen profession. Certification is proof that a candidate takes his or her professional development seriously and invests time and effort in furthering their skills and career," according to Allan Boardman, International VP of ISACA.
It's important to remember that the infosec industry differs from others in one very important aspect - the value placed on self-learning and improvement. While it's impossible to work as a doctor or lawyer without a degree, I know of many IT security professionals that are mostly self-taught, hold important positions and are respected in the community.
Remember that regardless of your educational background and shiny certifications, most companies will probably thoroughly test your knowledge for the job you're applying for. This is why those that excel in this industry are also those that are deeply passionate about their field of expertise and continually educate themselves. They never stop learning and adapting to the threat landscape.
There are plenty of online resources you can use to network with other IT security aficionados. I would advise engaging on Twitter, updating your LinkedIn profile, keeping up with the latest news and participating in online forums.
If you're good with code, you can always contribute to an open source project. It's the perfect way to grow your network and you'll be able to put something tangible on your resume. Let's not forget some quality open source tools have been acquired and given a spotlight.
Allan Boardman comments: "I highly recommend joining a professional association such as ISACA because the community of professionals and training opportunities will help the candidate do both. Soft skills are key because you can’t just have technical skills if you want to succeed—you need to be a well-rounded professional with great communication skills and business savvy."
It's also recommended to lift your head from the monitor once in a while and engage with others in real-life. The world is full of information security conferences of all sizes that offer not only lectures but also hands-on workshops that can hone your skills. They are the perfect way to put a face to that Twitter handle and get to know people on a personal level.
Like any industry, information security is all about people and recommendations. You get more opportunities if people know who you are.
If you follow IT security news, you'll see a lot of buzzwords being thrown around, but you're probably wondering what jobs are actually in demand vs. what company PR departments are spinning as the most important topic of the day.
Allan Boardman comments: "Security professionals need to be knowledgeable about the main threats and issues related to key current technology trends such as cloud services, social media, and consumerization of IT, including BYOD. They also need to be well-versed in data privacy and data protection, particularly if they are in financial services or healthcare. It is highly desirable to have strong technical skills, including security architecture and forensics skills. Given the big data phenomena, data mining and business analytics skills are also very desirable. Knowledge of protecting and securing SCADA systems for manufacturing and infrastructure are also important."
I also wanted to hear the perspective of CareerBuilder, a well-known online job site. Eric Presley told me: "Information security analyst positions are the most common job title you’ll find, but relatedly, there’s a large need for network architects and engineers with experience in managing security protocols. There’s also a big push to digitize medical records in an efficient, compliant manner, and as a result, we’re seeing increased demand for IT security professionals with experience in the health care space."
When searching for a job you can use a job board, ask your contacts on LinkedIn for help, but you can also use a headhunter. Wils Bell, President of SecurityHeadhunter.com offers some advice to Help Net Security readers: "The vast majority of security talent is NOT visiting job boards, thus they never see the posted job. This is why so many cyber security jobs go unfilled for months, if filled at all. My search assignments always include direct “cold call” recruiting, recruiting in my vast network of passive job seekers and of course a full search of my database when identifying potential security talent."
"Another benefit of a security headhunter search, over a job board ad, is potential security talented professionals are thoroughly and properly screened against the client job specs, and the company culture, location, salary and so forth before a client presentation takes place. This process sure beats job board results," added Bell.
There's also another important thing to remember about job hunting. You may be happy in your current position at the moment, but you never know what might happen in the future. Bell advises on building a relationship with a headhunter even if you're not looking for a change. You never know what great career advancing opportunity might come across his desk in a year.