1. Introduction
Allan Hoffman
- To advance in a tech career, pick a specialty.
- Information security is one niche to explore.
- Be proactive; create your own opportunities.
Within the world of IT careers, specialisation is often essential for advancement. This fact is clear to anyone who scans the job listings. Companies seeking Java programmers, for instance, often want job candidates who have other expertise, such as Web database connectivity or wireless protocols know-how. To move ahead, sooner or later you've got to start thinking specialisation. If you develop a skill that's in demand, you'll be able to command a higher salary and a slew of job offers.
2. Information Security Resources
Computer Security Institute: A membership organisation for security professionals, providing education on security issues and advocating the importance of protecting information assets. The group sponsors seminars on encryption, intrusion management, firewalls and other security-related topics.
Computer Security Resource Center: From the Computer Security Division of the National Institute of Standards and Technology, this spot has information about a variety of computer security issues, research and products.
INFOSYSSEC: A comprehensive resource for information system security professionals with headlines about hacker attacks, certification and security-related links.
The Information Systems Security Association: A nonprofit, international organisation for information security professionals and practitioners. This group provides education forums, publications and meetings for professional growth.
Secureroot Computer Security Resource: A portal focusing on security issues with news, security advisories and links to sites in categories such as anarchy, anonymity, cracking, encryption, hackers and OS security.
The options for specialisation are seemingly endless, but here's one to consider: information security, also called computer security. Security know-how isn't just for £150-an-hour consultants, It's for everyone -- from the programmers designing e-commerce systems to the site administrators assuring infiltrations don't wreak havoc on a company's network. No matter what your job title, you can likely develop a specialisation in security.
According to Tom Linde, Web evangelist for the IT talent agency Aquent, companies often seek security knowledge for a simple reason: "They've been hacked or they know someone who's been hacked."
3. Specialising in Security
Gaining expertise in security is likely to require a distinctly proactive effort on your part. Sure, you may luck out and find yourself on a security-related project, but that's not the only way to develop expertise. "Nobody's going to drop this in your lap," Linde says. "You're going to have to seek it out on your own." Consider these routes to security specialisation:
Self-Styled Security Guru
Well, guru may be an exaggeration, but lots of organisations or teams have one person who knows more about the security issues behind a technology than anyone else. You can make it your goal to become that person. How? If you work with a software development package, for instance, this may mean learning about its security implementations and capabilities. "Once you gain that expertise," says Linde, "knowledge of it and how it works will give you a leg up in generic discussions of anything you're building."
Educational Programs
Organisations for security professionals, such as the Computer Security Institute and the Information Systems Security Association, offer programs for IT professionals interested in information security. The Computer Security Institute, for instance, offers Introduction to Computer and Network Security, a course for people new to the field.
Certification
As in other areas of IT, certification is one way to demonstrate expertise. The International Information Systems Security Certification Consortium offers a respected certification, the Certified Information Systems Security Professional (CISSP), for security pros. The exam tests professionals in 10 areas of knowledge, including access control, cryptography, application program security, computer architecture and physical security.
Visit Monster's Technology Forum
