American Sentinel UniversityAmerican Sentinel UniversityCareer Webinar SeriesCareer Webinar Series
An IT Security Career PathAn IT Security Career Path
““This year and next year, bar none, security is This year and next year, bar none, security is thethe smart place to be in IT. – David Foote”smart place to be in IT. – David Foote”
Presented by Paul Capicik
[email protected] Jan 2010
OverviewOverview
IT Security PathsIT Security Paths What is needed to What is needed to
start or restart at IT start or restart at IT careercareer
Job OutlookJob Outlook
The Security Career PathThe Security Career Path
IT in GeneralIT in General SystemsSystems ApplicationsApplications SecuritySecurity
Security in particularSecurity in particular Risk ManagementRisk Management Fraud & ForensicsFraud & Forensics Application SecurityApplication Security Others Others
Skills, Aptitudes & Skills, Aptitudes & Competencies Competencies
Application Security Application Security Biometrics Biometrics Data Leak Prevention Data Leak Prevention Disk and File Level Encryption Disk and File Level Encryption
Solutions Solutions Ethical Hacking Ethical Hacking Forensic Analysis Forensic Analysis Governance, Compliance & Governance, Compliance &
Audit Audit Identity & Access Management Identity & Access Management Incident Handling & Analysis Incident Handling & Analysis Intrusion Detection and Intrusion Detection and
Prevention Prevention
Litigation Support (e-discovery) Litigation Support (e-discovery) Network Security Network Security Penetration Testing Penetration Testing Regulatory Compliance & Audit Regulatory Compliance & Audit Secure Code Development Secure Code Development Security Architecture Security Architecture Smart cards, Disposable Smart cards, Disposable
Passwords, Tokens Passwords, Tokens Threat/ Vulnerability Threat/ Vulnerability
Assessment Management Assessment Management VOIP Security VOIP Security Web Content FiltersWeb Content Filters
2010 Top 20
What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security
AcademicsAcademics CertificationsCertifications ExperienceExperience Continuous advancementContinuous advancement
What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security
AcademicsAcademics College degrees provide the needed foundation College degrees provide the needed foundation Broad BackgroundBroad Background
CertificationsCertifications ExperienceExperience Continuous advancementContinuous advancement
What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security
AcademicsAcademics CertificationsCertifications
Certs provide the focused, specific training Certs provide the focused, specific training Includes basics, specific, and more complex Includes basics, specific, and more complex
and/or advancing knowledge-base and skillsand/or advancing knowledge-base and skills ExperienceExperience Continuous advancementContinuous advancement
Top 10 Security Certifications Top 10 Security Certifications for 2010for 2010
CISSP - Certified Information Systems Security Professional
CISM - Certified Information Security Manager GIAC - The Global Information Assurance Certification CSFA - CyberSecurity Forensic Analyst CEH - Certified Ethical Hacker CBCP - Certified Business Continuity Professional CPP - Certified Protection Professional CCE - Certified Computer Examiner Vendor Certifications
What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security
AcademicsAcademics CertificationsCertifications ExperienceExperience
No substituteNo substitute Get all hands-on you can getGet all hands-on you can get Read related materials, listen to podcasts, attend Read related materials, listen to podcasts, attend
conferencesconferences Delve into periphery areasDelve into periphery areas
Continuous advancementContinuous advancement
What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security
AcademicsAcademics CertificationsCertifications ExperienceExperience Continuous advancementContinuous advancement
““Biggest obstacles to new skills & training – too much work”Biggest obstacles to new skills & training – too much work” Applies to all 3 preparedness areasApplies to all 3 preparedness areas Required to remain relevant, advance, and migrate to other Required to remain relevant, advance, and migrate to other
areasareas Many employers continue to fund IT security education & Many employers continue to fund IT security education &
trainingtraining Know business & end-user goals & requirementsKnow business & end-user goals & requirements
Job OutlookJob Outlook PastPast
IT has been one of the top 2 stable career IT has been one of the top 2 stable career fields, Security newest of the 3 areasfields, Security newest of the 3 areas
In 2003 recession, IT unemployment same as In 2003 recession, IT unemployment same as the overall rate – 5.6% the overall rate – 5.6%
CurrentCurrent FutureFuture
Job OutlookJob Outlook PastPast CurrentCurrent
IT still a top career field, IT still a top career field, Security show signs of best IT Security show signs of best IT categorycategory
Current recession – overall unemployment rate over 10%, IT Current recession – overall unemployment rate over 10%, IT reached only 5.2%reached only 5.2%
IT hiring in general is flat yet, but IT hiring in general is flat yet, but security hiring is on the risesecurity hiring is on the rise Why IT is lower than general unemploymentWhy IT is lower than general unemployment
Economy now more dependent on ITEconomy now more dependent on IT Employers need to keep systems running & their businesses Employers need to keep systems running & their businesses
functioning.functioning. Why security hiring in specific is on the rise – the Why security hiring in specific is on the rise – the increasing increasing
threat to business survivalthreat to business survival CSIO coming onto scene – new advancement opportunitiesCSIO coming onto scene – new advancement opportunities
FutureFuture
Job OutlookJob Outlook PastPast CurrentCurrent Future Future (per BLS reports and industry surveys)(per BLS reports and industry surveys)
IT in general remains a promising career fieldIT in general remains a promising career field IT security is projected to be the most promisingIT security is projected to be the most promising
Field will continue to broadenField will continue to broaden Expanding on the technologist front and in the executive roleExpanding on the technologist front and in the executive role CSO/CISO importance on the increaseCSO/CISO importance on the increase
Steve Katz, the worlds first CISO recently said this about IT Security: " … it is an opportunity that will take you from entry level to some very challenging, very high-paying professions in very large enterprises. “
Webinar take-aways Webinar take-aways
Motivation for an exciting, promising careerMotivation for an exciting, promising career Know what you need to do to remain relevantKnow what you need to do to remain relevant Know where you need to look to keep currentKnow where you need to look to keep current Don’t dwell on the challenges Don’t dwell on the challenges – – focus on the opportunitiesfocus on the opportunities
American Sentinel UniversityAmerican Sentinel UniversityCareer Webinar SeriesCareer Webinar Series
Q & AQ & AAmericansentinel.edu/militaryAmericansentinel.edu/military
ReferencesReferences Information Security Career Predictions - David Foote on What's Hot and Why; Information Security Career Predictions - David Foote on What's Hot and Why; Tom Field, Editorial Director, Tom Field, Editorial Director,
January 14, 2010, January 14, 2010, http://www.govinfosecurity.com/articles.php?art_id=2072
Recession Rocks IT Profession; Information Technology Unemployment Rate Soars to 5.2% in 2009; Recession Rocks IT Profession; Information Technology Unemployment Rate Soars to 5.2% in 2009; Eric Eric Chabrow, Managing Editor; Chabrow, Managing Editor; January 12, 2010, January 12, 2010, http://www.govinfosecurity.com/articles.php?art_id=2066&search_keyword=recession+rocks+IT&search_method=exact
Information Security Career Trends: New Priorities Call for New Skills; SMG Information Security Media Group; Decemeber 2009, http://www.bankinfosecurity.com/handbooks.php?hb_id=11
Top 10 Certifications for 2010; CISSP, CISM Are Most Sought by Professionals; Top 10 Certifications for 2010; CISSP, CISM Are Most Sought by Professionals; Upasana Gupta, Upasana Gupta, Contributing Editor; Contributing Editor; December 22, 2009, December 22, 2009, http://www.govinfosecurity.com/articles.php?art_id=2025 http://www.govinfosecurity.com/articles.php?art_id=2025
Information Security Career Trends: Barbara Massa of McAfee; Information Security Career Trends: Barbara Massa of McAfee; Tom Field, Editorial Director; Tom Field, Editorial Director; December 22, December 22, 2009, 2009, http://www.govinfosecurity.com/articles.php?art_id=2006&search_keyword=Information+Security+Career+Trends&search_method=exact
Learn & Earn: Balancing the Demands of Work, School; IT Security Professionals Offer Tips for Managing Learn & Earn: Balancing the Demands of Work, School; IT Security Professionals Offer Tips for Managing Jobs, Education; Jobs, Education; Upasana Gupta, Contributing Editor Upasana Gupta, Contributing Editor January 6, 2010, January 6, 2010, http://www.govinfosecurity.com/articles.php?art_id=2046
Cisco Security Report: Malware, Social Media are Top Risks; Social Media New Venue for Attacks; Cisco Security Report: Malware, Social Media are Top Risks; Social Media New Venue for Attacks; Tom Tom Field, Editorial Director; Field, Editorial Director; January 12, 2010January 12, 2010, http://www.govinfosecurity.com/articles.php?, http://www.govinfosecurity.com/articles.php?art_id=2049&search_keyword=Cisco+Security+Report%3A+&search_method=exact art_id=2049&search_keyword=Cisco+Security+Report%3A+&search_method=exact
Government Info Security Blog - 2010: A Good Time to Start an Information Security Career; Government Info Security Blog - 2010: A Good Time to Start an Information Security Career; January 8, January 8, 2010 - Tom Field, 2010 - Tom Field, http://blogs.bankinfosecurity.com/posts.php?postID=411 http://blogs.bankinfosecurity.com/posts.php?postID=411
"If I Were Starting My Career Today ..." - Interview with Steve Katz, "If I Were Starting My Career Today ..." - Interview with Steve Katz, June 8, 2009June 8, 2009,, http://www.govinfosecurity.com/articles.php?http://www.govinfosecurity.com/articles.php?art_id=1526&search_keyword=If+I+were+starting+my+career+today&search_method=exact art_id=1526&search_keyword=If+I+were+starting+my+career+today&search_method=exact