How to Become More Marketable in IT Security

There are certainly plenty of opportunities for IT security professionals nowadays. They can get well-paid jobs that offer loads of advancement opportunity, as long as they’re motivated and have a deep interest in security.

CybersecuritySo what should you do to better position yourself?

The Right Experience

First, you should make sure that your technology experiences put you in contact with a wide assortment of IT and development teams. You don’t want to be a coder in a cubicle corner. The more interaction you have with various teams and working styles, the more well-rounded a security analyst you will be.

Second, you should have plenty of familiarity with security regulations and compliance legislation. Many job postings mention this as a selling point in your evaluation, and many security positions often involve assembling compliance reports and understanding the regulations that your business needs to follow. As more legislation is passed by both the federal and state governments concerning IT security, this is a sure bet. Take the time to bone up here.

Next, you should be experienced in translating technical data into business impacts. The more you can be the interface between the coders and product managers, the more strategic you will be and the more opportunities will be available.

Experience as a systems administrator is also helpful. Many job openings include this as a prerequisite. Your hands-on knowledge of how to set up and run servers is important because it shows real-world grounding in the daily needs of an IT operation, such as making backups, integrating applications across servers and setting up networking infrastructure. Never minimize this kind of experience, and remember: When you have an opportunity to learn more, you become more valuable and marketable.


Can you write and communicate well? The best analysts can, and the more fluid and compelling your writing, the more often your boss will notice what you’re doing and act on your recommendations. If you’re weak in the written word, figure out something that you can write about regularly on the outside (a blog comes to mind) to get more experience. The best writers are like Chicago voters: They write early and write often.


Consider getting your Certified Information Systems Security Professional (CISSP). This demonstrates the basic common knowledge that is needed for many job openings. If you aren’t sure whether you need to study up on the different security domains, start here, where you can download an outline and find links to exam prep materials and other resources.

Obviously there are many ways to approach a career in IT security, and these are just some suggestions to maximize your chances of getting a better job. In the comments below, feel free to share your own personal circumstances that have helped or hurt your career choices along the way.


  1. BY Faisal says:


    I am very much interested in security, recently passed Security+ with flying colors and am preparing for CISSP, but most of my experiences are of academic in nature, i was looking for a security role since last 8 months but when a get a call from HRs they turn me down just because of my experiences …… i was trying to get certified to make my self marketable in this field but …….but now my anxiety levels are touching the roof……any ideas suggestions .

    • BY DDPenn says:

      Do what the article says. Go into server admin or get broad IT experience. That’s what I did, and with 6 years general IT experience, I made it to IT Security.

      • BY Faisal says:

        @ DDPENN: thanks dude, i even tried that but not succeed in getting a role till now, as i said i was working in academics and taught at tertiary level for over 5 years, but that does not seem attractive to hiring managers, well i also hold a masters. From the experience over last couple of months i conclude either i am living in fantasies or the hiring mangers are too harsh at me.

  2. BY Djesu says:

    I am a cissp. I also analyse and design systems, sql server experience of more than 10 years. I don’t have networking certifications. What can I do to be more employable?

  3. BY Elizabeth says:

    I have worked in IT Security for the past 10 years. I have encountered many Security people from a variety of backgrounds so there is no clear path. I knew one who said he did not trust any security person who did not start their career at a help desk (OTOH, I thought he was a jerk).
    If you have just an academic background with no real world experience, see if you can get even a part time student job at the university. Also take the beginning level security related certifications since some automatic resume screeners will key in on these. But do not take higher level certifications until you have the real world experience to back them up.

    Look at for the types of jobs you are looking for. Then look at their requirements. Put the same “buzz words” in the job posting into your resume. Also network through chapter meetings of ISSA or ISACA or AFCEA (where you can learn about other opportunities in IA like PCI). Then consider volunteering for high school STEM events – and take the time to meet other volunteers who may be engineers in the local area – and may know of opportunities.

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>